Flowable 3.13.x Release Notes

Initial release 3.13.0, December 21, 2022

Introduction

The Flowable product comprises:

• Flowable Work, a process and case management platform with an out-of-the-box user interface.
• Flowable Engage, built on top of Flowable Work, adding conversations and external connectivity to WeChat, Whatsapp and others.
• Flowable Design, a modeling environment to create BPMN, CMMN, DMN, Form and other model types that run in Platform/Work/Engage.
• Flowable Control, an administration tool that can be used to manage the Flowable Platform / Work / Engage environments.
• Flowable Inspect, a debugging and test component that can be used with Flowable Work and Engage.

These products are built on top of the Flowable Open Source project which can be found at Github.

Documentation

• Documentation home

• The Flowable Engage User Guide

• The Flowable Work User Guide

The Flowable Open Source project also has extensive documentation available which can be found at https://www.flowable.com/open-source/docs/oss-introduction.

Highlights

Flowable Work

• Added export button to csv files for data tables. The export will contain the columns and data that are visible and available in the data table. The export option can be enabled in the form model editor in Flowable Design.

• Added support for using scripts for the Action bot logic in addition to Java logic.

• Added support for defining default date and number formats for date and number fields in the form engine using the flowable.platform.default-date-format and flowable.platform.default-number-format application properties. When no date format is defined for a date field in the form model, the application property date format will be used.

• Operations using REST data objects will now throw a BPMN Error if the returned status case is not successful (where status code is >= 300). The error code is the operation key concatenated with the status code (e.g. for an operation name findByName that returns 400 the error code will be findByName400). The only exception when no error is thrown is for the default findById operation when the status code is 404 (Not Found).

• Added support for throwing a BPMN error event in an execution and task listener.

• Added support to define an include / exclude list of variables for indexing to Elasticsearch, to be able to control the amount of variables that are stored in indices.

• When using the option "Execute parallel in same transaction" for HTTP tasks with a high number of concurrent threads there was a possibility that the execution got blocked, this is resolved by using a dedicated task executor for the execution of the parallel HTTP tasks.

• Added support for including content models that are deployed to the default tenant in the content model selection of an attachment component in the form engine.

• Added support for using access tokens with IMAP in the event registry inbound email channel. This is done with an util function that allows you to get an access token for a configured Spring Security Client Registration. i.e. using ${flwAuthTokenUtils.getAccessToken('mail-server')}. So this can used also in other places where there is a requirement for using an access token.

• Added support for getting and setting variables using flw.getInput and flw.getOutput functions that can be used in scripts.

• Added support for interacting with JSON objects using a flw.json api that can be used in scripts.

• Added support for throwing a BPMN error event in a script using the flw.bpmn.throwError api.

• Added support for storing the BPMN error code in a variable name.

• Added support for using expressions and script logic for HTTP request and response handlers.

• The reports app shows all the latest case and process definitions for a user that has reporting permissions, instead of only the definitions for which the user is allowed to start a new case or process instance.

• Added support for defining headers for the HTTP call of the REST button in the form engine.

• Added support to disable the favorite button for data tables when the favorite option is enabled on a Work application level.

• Added support for selecting all rows in a data table when multiple selection is enabled.

• Added support for pasting files in the attachment component of the form engine.

• Added support for using Fontawesome icons on buttons.

• Added support for sending AWS SNS messages with the event registry.

• Added support to include meta data values in a content item query.

• The form validation indicator and message is now also shown on panels that are not collapsible in the form engine.

• The features app is disabled by default and can be enabled with the flowable.frontend.features.labs application property.

• For labels, accordions, attachment fields and the HTML rich text editor the payload bindings are automatically sanitized so no manual flw.sanitizeHtml expression is needed anymore. Other form fields don't allow to inject HTML values directly.

• Added support for determining the user definition based on OAuth 2.0 groups.

• Added support to create a PDF rendition for csv files.

• Added Oracle 21, MSSQL 2019, Postgres 13 and 14 and MySQL 8 support.

Flowable Engage

• Updated the emoji support to the latest 14.0 specification.

• Updated support for Whatsapp to include changes of v2.45.

Flowable Design

• Added an option in the action model editor to define script logic instead of choosing a bot key.

• Added an option in the case and process model editor to define an include / exclude list of variables to be stored in Elasticsearch.

• Added support for configuring headers for a REST button in the form editor.

• Added support for enabling an export button for a data table in the form editor.

• Added support to disable the favorite button for a data table in the form editor.

• Added support for defining a Fontawesome icon name for buttons in the form editor.

Flowable Control

• Added support to manage master data in Control, it's now possible to add, update and delete master data.

• Added support to have an overview of the housekeeping jobs and provide an ability to delete them when the user has the permission to do this.

• Added support to suspend and activate process instances.

• For process instances the execution list and details are now also shown in the details view. On the execution detail level the local variables for the execution are shown.

• For case instances the plan item instance list and details are now also shown in the details view. On the plan item instance detail level the local variables for the plan item instance are shown.

• The search on case instance, process instance and task names is made case-insensitive.

Flowable Inspect

• Added support to add breakpoints to repeatable plan items in a case instance.

• Skip definitions are now preserved when deploying a new process definition version.

• Filter selections are remembered when switching tabs in the Inspect view.

Upgrade information

• Flowable Orchestrate requires a valid license from version 3.13 when using the Spring Boot starters. A new application has been added to make using the Orchestrate REST api as easy as possible. This is more or less a copy from the open source REST application including the Core REST API. You can request a license file through your customer success manager or sales contact if you don't have a license file for Flowable Orchestrate yet.

• The FlowableWebSecurityConfigurerAdapter has been deprecated in favor of using a custom org.springframework.security.web.SecurityFilterChain to configure HttpSecurity. The reason for the deprecation is the fact that Spring Security itself has deprecated the WebSecurityConfigurerAdapter which we were using. In order to see how to migrate have a look at the old way of configuring and new approach.

  Old Configuration:

  @Order(10)
  @Configuration(proxyBeanMethods = false)
  public class SecurityConfiguration extends FlowableWebSecurityConfigurerAdapter {
  
      @Override
      protected void configure(HttpSecurity http) throws Exception {
          super.configure(http);
          // Custom configuration
      }
  
      @Override
      protected void configureSwitchUser(SwitchUserConfigurer<HttpSecurity> switchUserConfigurer) {
          super.configureSwitchUser(switchUserConfigurer);
          // Custom configuration
      }
  }

  New Configuration:

  @Configuration(proxyBeanMethods = false)
  public class SecurityConfiguration {
  
      @Bean
      @Order(10)
      public SecurityFilterChain defaultSecurity(HttpSecurity http, ObjectProvider<FlowableHttpSecurityCustomizer> customizers) throws Exception {
          for (FlowableHttpSecurityCustomizer customizer : customizers.orderedStream().collect(Collectors.toList())) {
              customizer.customize(http);
          }
          // Custom configuration
  
          return http.build();
      }
  
      @Bean
      public FlowableSwitchUserConfigurerCustomizer customSwitchUserConfigurerCustomizer() {
          return configurer -> {
              // Custom configuration
          };
      }
  }

  Have a look at Spring Security without the WebSecurityConfigurerAdapter for more information on how to adapt your other existing security configurations, such as for example a custom SecurityActuatorConfiguration class.

  Moreover, the FlowableWebSecurityConfigurerAdapter was also configuring LDAP authentication when the flowable.platform.idm.service-type property was set to ldap. In order to allow for more flexible security setups, this is no longer the default behavior. Spring Security will use LdapAuthenticationProvider for performing authentications when the FlowableLdapAuthenticationProviderFactory bean is exposed, so you will simply need to provide it under the adequate conditions for your project. For example, if you want to keep coupling LDAP authentication with LDAP IDM service, you need to add the following to your security configuration:

  @Bean
  @ConditionalOnProperty(prefix = "flowable.platform.idm", name = "service-type", havingValue = "ldap")
  public FlowableLdapAuthenticationProviderFactory ldapAuthenticationProvider() {
      return new FlowableLdapAuthenticationProviderFactory();
  }

  Finally, if your main security configuration class is still extending WebSecurityConfigurerAdapter rather than FlowableWebSecurityConfigurerAdapter, compare the default product security presets (now in DefaultFlowableHttpSecurityCustomizer) with your custom configuration, and adapt as needed. You can find fully working current examples in the application security documentation and in the OAuth2 Developer Guide.

• ScriptingEngines and related code in OSS package org.flowable.common.engine.impl.scripting has been changed to take a VariableContainer instead of the broad interface VariableScope. Because of this, implementers of the ResolverFactory need to change the method signature to take a VariableContainer as an argument instead. If you are facing compile errors in overridden methods, related to VariableScope, it can be changed to VariableContainer.

• The Spring Boot starters don't automatically add a dependency to the ElasticSearch Micrometer anymore. If the Elasticsearch Micrometer is needed in a Flowable project then the dependency needs to be added manually in the Flowable Work project:

  <dependency>
     <groupId>io.micrometer</groupId>
     <artifactId>micrometer-registry-elastic</artifactId>
  </dependency>

  In addition, when you have indexing disabled, you need to configure micrometer to connect to the appropriate elasticsearch instance (this includes the host configuration management.metrics.export.elastic.host).

  Note that the Micrometer dependency is needed to feed the data to the Flowable Control dashboards showing information about CPU / memory usage, jobs execution etc. So without the Micrometer dependency these dashboards won't be available in Flowable Control.

• Until this version, the license check was mainly performed on a REST API level, meaning that when executing unit / integration tests on a CI / CD environment using only the Java API, there was no requirement to have a Flowable license installed on the CI / CD environment. Since version 3.13 Flowable is also performing license checks on a Java API level when starting a case or process instance. This means that a valid Flowable license file is now also needed on a CI / CD environment when starting case and process instances in unit and integration tests.

• When using the Flowable Helm Charts the Elasticsearch deployment is now disabled by default. To enable the Elasticsearch deployment elasticsearch.enabled must be set explicitly to true. It still can be used with an external Elasticsearch without setting elasticsearch.enabled to false, therefore the appropriate Elasticsearch configuration is required.

Spring Boot

• Base Spring Boot version should be upgraded to at least 2.7.6 up to the latest 2.7 version.

React

• The React version should be upgraded to at least 16 up to the latest 17 version.

Pentest report

• A new pentest has been performed on Flowable Work and the results are available via your Flowable account manager or contact person.

Database changes

• Added a new table FLW_LIC_INSTANCE_COUNT to store information about the number of case / process instances started.

• Added a new index FLW_IDX_CO_DEF_UNIQ on the content definition table FLW_CO_DEFINITION for the columns KEY_, VERSION_ and TENANT_ID_.

Open Source Artifacts Dependency Compatibility

Releases of Flowable Design, Work and Engage use versions of the open source Flowable dependencies that have not yet been published publicly on the Maven Central repository. These 'bugfix releases' can be retrieved by customers using the customer Flowable Maven repository credentials.

These versions contain fixes and have been QA'ed with the 3.13.0 release. It's advised to upgrade your open source dependencies to the 'compatible' version mentioned below (and mentioned in the subsequent Service Packs section)

Open source dependency version: 6.8.0.14

Service Packs

3.13.1

• Fixed issue with JSON Array objects when using the server side validation option and completing a user / human task.
• Fixed issue with the number of content item, meta data and rendition queries that are executed with a large amount of attachments and attachment fields in a form model.
• Fixed issue with querying case instances with reference id and type values.
• Fixed issue with a completed case instance in the custom case view.
• Fixed issue with the license dependency for the Flowable Orchestrate REST API.
• Added support for batch case instance migration API.
• Fixed issue with the empty sub process tab in Control.
• Improved support for the work views component (app and case view) to be used multiple times in the same view, for example in different tabs.
• Fixed issue with failed uploads in the form attachment component on Windows.
• Improved flw.getDataObjectInstance function to return the data object on the first invocation of the function call.
• Fixed issue with a wrong types definition in the package.json file of the React forms engine package.
• Upgraded to Spring Boot version 2.7.8.

Open source dependency version: 6.8.0.17

3.13.2

• Added support for stopping housekeeping runs in Flowable Control and via the REST API.
• Added support for stopping timer cycle jobs for process and case instances via the REST API.
• Fixed issue with repetition not taken into account when reactivating a case instance.
• Fixed issue with showing a completed case page task page in the case view.
• Added support for using expressions in the candidate user and groups configuration of a case page task.
• Fixed issue in the service registry task with endpoints that return a 204 no content response.
• Fixed issue with arrays in the root of a service registry response getting repeated.
• Added option to disable weekends for the date field in the form engine and in Flowable Design.
• Fixed issue with the work form not getting reloaded after clicking an action button in the case view.
• Fixed issue with fontawesome icon not appearing on an action button.
• Improved interaction with the data table filter menu, users can now close it when clicking outside of the data table.
• Fixed issue with esm modules being referenced in the React form engine bundle.
• Updated the Alpine Linux version and Java 11 runtime version for the Docker images.

Open source dependency version: 6.8.0.19

3.13.3

• Improved standalone work view component (app and case view) to allow for support using multiple instances in a tab UI showing multiple app pages and case instances.
• Fixed issue with server side validation not working properly with JSON arrays and required checking.
• Fixed issue with byte array entries not getting deleted for timer jobs when deleted in bulk.
• Added support for selecting multiple rows in a data table using shift+click.
• Added support for legacy outcome button definitions using false instead of {{false}} for the visibility value and using save for the value of the outcome button. This can be enabled with the flowable.form.enable-legacy-outcome-visibility=true property.
• Upgraded to Spring Boot version 2.7.8.

Open source dependency version: 6.8.0.20

3.13.4

• Improved support of the standalone work view component (app and case view) with the navigation when completing a task.
• Fixed issue with a JSON array not being able to store in a JSON field of a data object.
• Fixed issue with <p> being shown in the start form description.
• Upgraded to Spring Boot version 2.7.9.

Open source dependency version: 6.8.0.20

3.13.5

• Improved the query lookup for historic entity links as part of the housekeeping logic.
• Fixed issue with content model forms in an action form not working.
• Fixed issue with record key not being able to reset to a null value.
• Added support for using a dynamic Kafka message key.
• Added basic support for non-string outgoing messages with Kafka by not requiring a string value but using object instead.
• Fixed issue with result variables not working for script tasks in a BPMN model.
• Fixed issues in standalone case view with outcome buttons and not exposed tasks.
• Fixed issue with page number not being editable for a data table with pagination enabled.
• Fixed issue with <br> content being shown in a data table.

Open source dependency version: 6.8.0.21

3.13.6

• Improved history job lookup query to not use an order by create time.

Open source dependency version: 6.8.0.21

3.13.7

• Fixed issue with the conversation header that was changed incorrectly when a new message came in while the conversation list was filtered by search text.
• Added support for opening modals for read-only forms.
• Added support for cancelling file uploads for the attachments field in forms.
• Fixed issue with rich text form field value which occurred when using ignored expressions and then triggering the expression evaluation multiple times.
• Fixed potential memory issue when creating renditions for content items.
• Fixed export of child models when the "include child references" option was unchecked for the deployable export in Flowable Design.
• Fixed issue with a plan model extension element not being put in the model json when importing a case model with a custom palette.
• Fixed issue with variable event listeners using "Create and Update" not being triggered.
• Fixed input and output streams that were not getting closed properly when creating an app deployment in Flowable Design.
• Enabled security on the server configs REST endpoints in Flowable Control.

Open source dependency version: 6.8.0.23

3.13.8

• Fixed issue with query parameters not being passed with a multi select with a data object datasource.
• Fixed issue with downloading a content item / file attachment in the standalone custom case view component.
• Fixed issue with task complete navigation back to the case instance view in the standalone custom case view component.
• Added support to use target _blank value for a link in a text display in a form to open a link in a new window.
• Improved checkbox group to be able to set a selected value using an expression button.
• Fixed issue with non blocking sub case instances not showing in the Flowable Work UI because they are not indexed in Elasticsearch.
• Fixed issue where case instances can not be terminated when there are sub process instances.
• Fixed issue with using multi instance on a case task in a BPMN model in the BPMN engine.
• Fixed issue with the migration of case instances with sentry part instances and changing between event deferred and on event for sentries.
• Fixed issue with tenant id check when accessing document definitions.
• Fixed issue with potential XSS issue in Flowable Design with execution listeners.
• Improved logic to make sure that the delete all app artefacts and versions action in Flowable Control works correctly when an expression evaluation fails.

Open source dependency version: 6.8.0.25

3.13.9

• Added support to the data table export for FE logic changing the data shown in the data table. The data table content as shown in the UI is now also exported to the csv file.
• When cancelling a file upload for an attachment field in a form, the file is now removed immediately.
• Added id to if part on a sentry when exporting a CMMN model.
• Fixed issue with case page internal link navigation to another custom case instance view.
• Fixed issue where the claim button is not shown when initially loading a task view.
• Fixed issue with clearing a date field in a form that no FE error is occurring anymore.

Open source dependency version: 6.8.0.26

3.13.10

• Fixed issue with a form on value change event that was triggered before the payload change was applied. Now the payload change is applied before the on value change event is executed.
• Added support for REST, expression and action buttons in an expandable panel of a data table.
• Fixed issue with a conversation view not getting refreshed when a websocket connection is reconnected. If no reconnect is possible, a message is shown to refresh the conversation view.
• Upgraded to Spring Boot 2.7.13.

Open source dependency version: 6.8.0.26

3.13.11

• Fixed issue with multiple start events in process models with an event registry start event being used as the start event when manually starting a new process instance.
• Fixed issue with event listener being triggered when it is in an unavailable state.
• Added option to map plan item ids between different case model versions for case migration. This is generally is not needed, but when migrating case models created with Flowable Design before 3.8 this could be useful.
• Fixed issue with getting content items in an action start form payload due to rendition and meta data values not being initialised.
• Improved support for custom database prefixes in Mybatis mapping files and Flowable license module.
• Improved form resource delete handling.
• Fixed issue with date filter for case instances in Flowable Control
• Upgraded to Spring Boot 2.7.15.

Open source dependency version: 6.8.0.29

3.13.12

• Fixed issue with tasks of a sub case model appearing in the custom case view after the case instance is completed.
• Fixed issue with optimistic lock exceptions and NPE while running a parallel multi instance HTTP task.
• Fixed issue with scopeId and scopeType that could not be updated with the content item REST API.
• Fixed issue with the handling of missing values not working in template models.
• Fixed issue with migrating a case model including a variable event listener in Flowable Control.
• Fixed issue with a decision service not working with a collection type in a decision table used as input for another decision table.
• Fixed issue with task id search not working in Flowable Control.
• Fixed error when using flowable.control.app.security.oauth2.post-logout-redirect-url and flowable.security.oauth2.post-logout-redirect-url properties together.
• Fixed issue with not being able to delete an attachment from a form after saving the form and refreshing the view.
• Fixed issue with a custom validation of an expression button not appearing in the validation panel.
• Upgraded to Spring Boot 2.7.17.

Open source dependency version: 6.8.0.31

3.13.13

• Added support for WhatsApp Cloud API with the WhatsApp adapter, including a health check API and support for defining multiple cloud app secrets.
• Fixed issue with event subscriptions using multiple correlation parameters not working with event listeners mapping different correlation parameters.
• Added automatic refresh to user accounts view to support async adding of accounts via a case or process.
• Added support for placeholder in a rich text field.
• Fixed issue with a custom validation on a radio form field not getting triggered immediately.
• Fixed issue in Angular Design with restoring a historical model version.
• Fixed issue in Angular Design that prevented the usage of quotes in a description text of an app or model.
• Fixed issue with the page model export from the app model overview which resulted in a wrongly exported form json in Angular Design.

Open source dependency version: 6.8.0.33