Security vulnerabilities
Introduction
Flowable is using Spring Boot as a base layer for its platform and therefore each major Flowable version has a specific Spring Boot major version it depends on. Moving to a newer Spring Boot major version in a minor or fix release of Flowable is not possible due to possible required changes to the application because of Spring Boot changes. Therefore it is possible that to fix a certain security vulnerability an upgrade to a newer Flowable major version is needed to get it resolved. In this page an overview is provided for each major Flowable version on which Spring Boot version it depends an if that version is still in support by the Spring team and if it's recommended to upgrade to a newer Flowable major version.
Flowable version overview
Please use the following table as a reference to check for support versions.
| Flowable version | Spring Boot version | Known security vulnerabilities |
|---|---|---|
| 3.17.x | 3.3.x | No known issues |
| 3.16.x | 3.3.x | No known issues |
| 3.15.x | 3.1.x | Spring Boot 3.1.x is out of support, advised to upgrade to at least 3.16.x |
| 3.14.x | 2.7.x | Spring Boot 2.7.x is out of support, advised to upgrade to at least 3.16.x |
| 3.13.x | 2.7.x | Spring Boot 2.7.x is out of support, advised to upgrade to at least 3.16.x |
| 3.12.x | 2.7.x | Spring Boot 2.7.x is out of support, advised to upgrade to at least 3.16.x |
| 3.11.x | 2.6.x | Spring Boot 2.6.x is out of support, advised to upgrade to at least 3.16.x |
| 3.10.x | 2.5.x | Spring Boot 2.5.x is out of support, advised to upgrade to at least 3.16.x |
This overview provides a guidance for upgrading to a Flowable major version with current Spring Boot support. To make sure no security vulnerabilities exist in the Flowable Platform it's advised to follow this guidance.