Skip to main content

Flowable 3.12.x Release Notes

Initial release 3.12.0, July 28, 2022


The Flowable product comprises:

  • Flowable Work, a process and case management platform with an out-of-the-box user interface.
  • Flowable Engage, built on top of Flowable Work, adding conversations and external connectivity to WeChat, Whatsapp and others.
  • Flowable Design, a modeling environment to create BPMN, CMMN, DMN, Form and other model types that run in Platform/Work/Engage.
  • Flowable Control, an administration tool that can be used to manage the Flowable Platform / Work / Engage environments.
  • Flowable Inspect, a debugging and test component that can be used with Flowable Work and Engage.

These products are built on top of the Flowable Open Source project which can be found at Github.


The Flowable Open Source project also has extensive documentation available which can be found at


Flowable Work

  • Added support in the custom work component for app views in addition to the already existing case views. Users can now navigate to the custom app view and from a case data table to the existing custom case view.

  • Added support in the custom case view to use top navigation instead of left navigation.

  • Added support for scripts in the service registry models. In this was a script can be invoked from a process or case with clearly defined input and output parameters.

  • Added support for a Flowable scripting utility API when using scripts in the supported places. More information about the scripting API options can be found in the backend scripting section of the documentation.

  • Added support for service registry models to define (error) output parameters based on the full response body, HTTP status code and HTTP headers. This can for example be used for handling errors when executing a service registry task in BPMN and determine the next step based on this information.

  • Added support for reading and writing header properties in the event registry.

  • Added support for mapping the full payload of an event to a single variable in the process or case instance.

  • Improved Kafka support in the event registry with configuration options for partitioning, dead letter and retry topics.

  • Improved the housekeeping support to use deletes in bulk for the configured batch size. For example, for a batch size of 100, 100 process instances will be deleted with one query instead of 100 queries. This improvement is done for every delete query including tasks, action instances, form instances etc. In addition, the option to do housekeeping using parallel jobs has been removed, because it could potentially lead to an unresponsive Work application because the database is too busy. Therefore the only and default option is sequential housekeeping jobs.

  • The housekeeping of historic data in ES has also been improved to do bulk deletes instead of individual deletes of instances.

  • Added support for nested variables in variable expressions like ${var:get(} or ${var:get(}.

  • Added form events to the form model to support handling before and after form load and value change events. This is a new possibility to implement form logic with frontend expressions in addition to expression buttons.

  • Added support for Amazon AWS S3 and Azure Blob Storage to store the content items.

  • Added support for a JSON type for a data object.

  • Added support to show root case level comments and documents on a task level instead of task specific comments and documents.

  • Added support for default tenant apps to be shared with all other tenant users.

  • Added a checkbox group component similar to a radio button group component. The value binding will create an array of the selected values of the checkbox group component.

  • Added a split button component to combine multiple buttons visually in one button field with a dropdown to show all button options.

  • Added support for PUT / POST HTTP methods for a REST button in the form engine.

  • Added an option to configure an outcome dialog that references a form model. The outcome dialog will be shown after clicking on an outcome button.

  • Improved file / attachment form component to show the file upload feedback on a file level instead of on a component level. When a specific file upload failed the feedback will be shown for the thumbnail of the specific file.

  • Added support for the file / attachment form component to cancel an upload.

  • Added support in REST API and Control to get information about the amount of unique users accessing Flowable Work in a given period. This information can be used for the user based licensing.

  • Added support for user event listeners and manual activation to customize the icon for the button in the case model.

  • Added business status to the form payload in addition to the business key of a process / case instance data.

  • Added an option to configure the filters shown for the work item in the navigation panel, similar to the flexible filters that are possible for the contacts navigation item.

  • Improved support in the allowed and blocked input mapping configuration of a user task to use nested variable names.

  • Added a maximum amount of days when a case instance can be reopened with the reactivation feature when it was completed.

  • Added support to only allow file uploads (in forms and with the documents tab and app) from a defined list of suffixes and optionally also mimetypes with the flowable.content.allowed-file-upload-suffixes and flowable.content.allowed-file-upload-media-types properties. The values are expected to be all lower case and comma separated and the suffix expects a value like pdf,png,docx.

  • Added support for async leave in addition to the already existing async option on activities in BPMN and CMMN. When async leave is enabled, a job will be created to leave the current activity asynchronously.

  • Added support for logout in SSO environments. When logging out the SSO provider will be called to perform a logout.

  • Added support for assigning member groups from the user definition to the current user. This can be disabled by using setting the property to false

  • Switched to Logback (the default for Spring Boot) for the out-of-the-box applications instead of Log4j.

  • Added support for Java 17.

  • Added support for Elasticsearch 8.x.

  • Added support for OpenSearch in addition to Elasticsearch.

  • Upgraded the H2 driver to version 2.x for users of the H2 database because of critical security issues with version 1.x. The upgrade to H2 2.x is not backwards compatible with version 1.x, so existing data will not be available in the 2.x version. If you have an existing H2 database and want to keep the data, the 2.x H2 driver can be replaced with a H2 1.x version.

Flowable Engage

  • Added support for the WhatsApp adapter to handle a number change event.

  • Added support in conversations to have multiple external accounts. Until this version this was limited to just one external account.

Flowable Design

  • Added support for checkbox group, split buttons and outcome dialogs to the form model editor.

  • Added support for headers and a full payload option for event models.

  • Fixed issue with the multilanguage fields disappearing for the process, case and form models when switching to a Work model type like action models.

  • Added an constraint in the application logic and on a database level to prevent duplicate username values for users.

  • Added support to enable CSRF in Flowable Design.

Flowable Control

  • Added support for bulk actions to for example re-run multiple deadletter jobs or terminate multiple case or process instances.

  • Added support for fine grained access control to define per user which functionality like managing reindexing and delete deployments is allowed for a user.

  • Added an option in Control to enable audit logging. This will store all actions performed via Control in an audit table.

  • Added support for different Flowable Work configurations with and without ES and metrics enabled. This prevents reports from not showing any data because ES is disabled.

  • Added option to download license information including the user and node count, that can be shared for determining the license cost.

  • Added support to enable CSRF in Flowable Control.

Flowable Inspect

  • Added support to send an event to the event registry.

  • Added support to trigger an event listener in a case or process instance with an event payload.

Upgrade information

  • The default H2 dependency that is provided with the Flowable apps is upgraded to version 2.1.x because there are a lot of reported vulnerabilities in the 1.x version of H2. This has no impact when running with another DB than H2 or the in-memory H2. When there is an existing H2 database file there is no upgrade supported by H2 to move from a version 1.x database file to a 2.x database file version. If it's required that the H2 1.x database file is still used with the 3.12 version of the Flowable apps the H2 driver file should be replaced with a 1.x version. This can be copied from the 3.11 or earlier version for example.

  • If you are using HTTP Basic authentication. You are going to need to add /**/flowable-frontend-configuration in your ant matchers that permit all. i.e. this path needs to be treated the same as /**/*.js or /**/index.html

  • A content security policy can be enabled with the and properties. The first property can be used to define the content security policy. The second property can be used to instruct if an error in the content security policy should cause the application to fail. With a value of false the application will only report on the errors found and not fail. With the change of adding the content security policy, the embedded script in the index.html file was removed and replaced with a call to a Flowable REST service to get the environment properties.

Spring Boot

  • Base Spring Boot version should be upgraded to at least 2.7.2 up to the latest 2.7 version.


  • The React version should be upgraded to at least 16 up to the latest 17 version.

Pentest report

  • A new pentest has been performed on Flowable Work and the results are available via your Flowable account manager or contact person.

Database changes

  • Added LOCK_TIME_ and LOCK_OWNER_ columns to the ACT_RU_EVENT_SUBSCR table to support locking an event subscription for the unique instance handling in the event registry.

  • Added TYPE_ and IMPLEMENTATION_ columns to the FLW_CHANNEL_DEFINITION table to store additional information for a channel definition.

  • A new index ACT_IDX_HI_PRO_SUPER_PROCINST has been added to the ACT_HI_PROCINST table for the SUPER_PROCESS_INSTANCE_ID_ column to improve querying on sub process instances.

  • A new index ACT_IDX_HI_CASE_INST_END has been added to the ACT_CMMN_HI_CASE_INST table for the END_TIME_ column to improve querying on historic case instances ordering by end time.

  • A new ICON_ column has been added to the FLW_ACTION_INSTANCE table to support configuring an icon for an action on a process / case model level.

  • A new index has been added for the scope id and type in the FLW_ACTION_INSTANCE table (ACT_IDX_SCOPE_ID_TYPE) and FLW_HI_ACTION_INSTANCE table (ACT_HI_IDX_SCOPE_ID_TYPE).

  • A new index IDX_RENDITION_CONTENTID has been added to the FLW_CO_RENDITION_ITEM table to improve querying for renditions with a content item id.

  • A new index IDX_METADATA_CONTENTID has been added to the FLW_CO_METADATA table to improve querying for meta data with a content item id.

Open Source Artifacts Dependency Compatibility

Releases of Flowable Design, Work and Engage use versions of the open source Flowable dependencies that have not yet been published publicly on the Maven Central repository. These 'bugfix releases' can be retrieved by customers using the customer Flowable Maven repository credentials.

These versions contain fixes and have been QA'ed with the 3.12.0 release. It's advised to upgrade your open source dependencies to the 'compatible' version mentioned below (and mentioned in the subsequent Service Packs section)

Open source dependency version:

Service Packs


  • Fixed issues with frontend customizations with custom.js and custom.css and endpoint configuration.
  • Fixed issue with impersonation not working.
  • Fixed issue with validation messages in content model forms.
  • Added option to ignore the check of permissions when performing CRUD actions on database backed data objects.

Open source dependency version:


  • Fixed issue with starting cases and process instances using an event registry start event when the unique validation is enabled.
  • Added a permission check for entity link endpoints.
  • When querying a content item by id the entity cache is now checked as well.
  • The service output path property is available again, this was hidden due to a bug.
  • Added an option to include the custom.css and custom.js content inline in the index file ( and for Flowable Design and to provide a custom application title (
  • Added logic to prevent the model properties export in Flowable Design failing with values larger than 32k characters.

Open source dependency version:


  • Fixed issue with multi instance sub processes using async and exclusive false and failing to complete.
  • Fixed issue with the save button being enabled on a form when uploading a required document which is taking a while to upload.
  • Fixed issue with reindexing data object instance variables that can not be retrieved anymore.
  • Fixed issue where entry criterion conditions were not evaluated correctly on a JBoss application server due to the usage of Woodstox.
  • Fixed issue when using Flowable Orchestrate / Core to retrieve start forms for a process or case over the REST API.
  • Fixed issues with using an outdated version of the form engine for previews in Flowable Design. This is now using the 3.12.x form engine version.
  • Disallowed access to additional java logic in the Freemarker template preview in Flowable Design to prevent user exploits and security issues.
  • Fixed issue with importing a page model in an app in Flowable Design.
  • Fixed issue where the "is release" option was not getting reset after it was checked and published.

Open source dependency version:


  • Fixed issue with updating the JSON fields of a data object.
  • Fixed issue with an ElasticSearch index job creating a deadletter job after 100 retries have failed.
  • Fixed issue with the custom app view routing.
  • Fixed client side filtering in data tables to filter out null or undefined values.
  • Fixed issue with executing a native query for historic decision executions in the DMN engine.
  • Added support for multiple event registry start events in a BPMN model.
  • Fixed issue with triggering a signal, message or timer event in Flowable Inspect.
  • Fixed issue with showing a 'null' value when evaluating an expression in Flowable Inspect.
  • Fixed issue with using the mouse to select the cursor position when evaluating an expression in Flowable Inspect.
  • Fixed performance issue when comparing revisions in Flowable Design when there are a lot of model versions.
  • Fixed issue with admin authority check for the license upload.
  • Fixed memory issue with loading a large form model in Flowable Design.

Open source dependency version:


  • Fixed issue with the event registry channels getting unregistered by the change detection manager.
  • Fixed issue where errors where not communicated back in the custom case view.
  • Added support and documentation for configuring an access token for IMAP when using inbound email channel models.
  • Fixed issue with event listeners in a repeatable stage.
  • The user language can now also be configured and used when using OAuth based authentication.
  • Fixed issue with script tasks not being shown correctly in the diagram view of a case instance in Flowable Work.
  • Fixed issue in Flowable Engage with showing the correct user status when a user appears online.
  • Fixed variable value view in Flowable Control for JSON type variables.
  • Fixed issue in Flowable Design when exporting an app in a multi tenant setup.
  • Fixed issue with the shared output mapping in a service registry model not getting updated with changed fields from the data object model.
  • Fixed issue with creating a service registry model from a data object when using a non default tenant in a multi tenancy setup.
  • Fixed issue with radio buttons losing state when switching between tabs.
  • The page size of a data table is now locally stored, so that when navigating back the previous page size is still used.
  • Fixed issue with the vanilla Forms Javascript package.
  • Upgraded to Spring Boot 2.7.6.

Open source dependency version:


  • Fixed issue with housekeeping for a parent case or process instance with more than 50k sub instances.
  • Fixed issue with Fontawesome pro dependency in the Flowable Forms React module.
  • Upgraded to Spring Boot 2.7.7.

Open source dependency version:


  • Fixed issue with a completed case instance in the case view.
  • Fixed issue with showing a completed case page task element in the case view.
  • Fixed issue in the service registry task with endpoints that return a 204 no content response.
  • Fixed issue with the number of content item, meta data and rendition queries that are executed with a large number of attachments and attachment fields in a form model.
  • Fixed issue with byte array entries not getting deleted for timer jobs when deleted in bulk.
  • Fixed issue with updating the reference id and type for a case instance.
  • Fixed issue with esm modules being referenced in the React form engine bundle.
  • Added support for legacy outcome button definitions using false instead of {{false}} for the visibility value and using save for the value of the outcome button. This can be enabled with the flowable.form.enable-legacy-outcome-visibility=true property.
  • Upgraded to Spring Boot version 2.7.8.

Open source dependency version:


  • Fixed issue with a completed case instance in the custom case view.
  • Fixed issue with the conversation header that was changed incorrectly when a new message came in while the conversation list was filtered by search text.
  • Fixed issue with being unable to update a scope id and type on a content item.
  • Added support for REST, expression and action buttons in an expandable panel of a data table.
  • Fixed issue with page number not being editable for a data table with pagination enabled.
  • Fixed issue with clearing a date field in a form that no FE error is occurring anymore.
  • Fixed issue with <br> content being shown in a data table.

Open source dependency version: