Flowable 6.3.0 release

Author: Tijs Rademakers

Flowable 6.3.0 has turned out to be a big release with many new features (and even more fixes). Many thanks to all the community contributors that participated in the release and a special shout-out to Pascal Schumacher, Zach Visagie, Robert Hafner, Christophe Deneux and Seif El Deen Khaled

Where to get it:

• Download link: https://flowable.org/downloads.html

• Maven (or other): update your dependencies to version 6.3.0

The source code can be found on Github: https://github.com/flowable/flowable-engine/tree/flowable-6.3.0

Highlights

Note: Flowable now requires JDK 8 as a minimum version!

GENERAL

The Spring Boot starters have all been updated to version 2.0. There are now starters available for each engine (BPMN, CMMN and DMN).

Check the completely revised documentation for more details!

• Support and fixes for running various modules on JDK 9 (the engines themselves already ran on JDK 9)

• Updated all 3rd-party libraries to latest versions

• The REST app can now be configured to use privileges, instead of all users being able to make REST calls.

BPMN

• Performance enhancements with great results. Read all about it here: https://www.flowable.com/blog/flowable-6-3-0-performance-benchmark/

• Dynamic task and subprocess injection into running process instances is now fully supported and out of experimental state

• Allow the configuration of history on individual process definitions, overriding the engine default setting

• Introduce the ‘triggerable‘ service task: a service task that provides configurable service calls that are executed externally and call the engine when done. The implementation is guaranteed to be correct with regards to the transactional behavior of the engine.

• Support for a transaction-lifecycle based event listener

• Support for ‘sameDeployment’ when looking up the called process definition for a call activity

• HTTP task: support for storing response variables transiently

• Multi instance: support for Iterable when resolving a collection (e.g. ArrayNode)

CMMN

• REST API support for all CMMN services and operations

• Support for asynchronous service tasks

• Support for manual activation rules and enabling/manually starting plan items through the runtime service

• Support for required rule

• Support for autocomplete

• Support for completion neutral

• A Script task type has been added

• Support for User event listeners

• Support for viewing and managing CMMN data in the Admin app

DMN

• Support for collection expressions, such as IN and NOT IN

• Improved decision table editor user experience to make it easier to add JUEL expressions in specific rules

• Support for viewing and managing decision executions in the Admin app

APPS

• All apps have been rewritten to use Spring Boot 2.0. All apps now use one property file for configuration. Please check the documentation, as many new configuration options are available (with backwards compatibility for old properties).

• Support for expressions in the options fields, including dropdown, radio and hyperlink fields

• Support for a password fields in the form editor and runtime

• Multi–tenancy support in the Modeler by defining the active tenant in the Modeler property file

Upgrade notes

Package changes: to remove duplicate code, some more logic has been added to the common modules, such as flowable-engine-common and flowable-common-rest. For example, the scripting engine has been moved to the flowable-engine-common module so it can be used by both the BPMN and the CMMN engine. If you are using Flowable internal classes then it is possible that some package changes to the common modules are required. Most of this should be automatically handled by your IDE.

Flowable app configuration properties: all Flowable apps (IDM, Modeler, Task, Admin and REST) now read their configuration from the flowable-app.properties file, which is included in each WAR file in the META-INF/flowable–app folder. Consequently, a single, shared flowable-app.properties can be placed on the classpath for all apps. All property files (e.g. db.properties for the REST app) are still read and work in a backwards-compatible way.

Rest API authentication: the default way user credentials are authenticated and verified when calling the Flowable REST API has changed. A user now needs to have the access-rest-api privilege (before, any valid credentials could be used). An admin user can be given this privilege by setting the flowable.rest.app.admin.user-id and flowable.rest.app.admin.password properties in the flowable-app.properties file. On start-up, the admin user will be created if it doesn’t exist, or it will be given the access-rest-api privilege. This admin user can then give other users this privilege using the Flowable IDM app or through a REST call (doing an HTTP post to privileges/{privilegeId}/users with the userId in the body).

Shared H2 database: by default, all Flowable apps (IDM, Modeler, Task, Admin and REST) are configured to use an in-memory H2 database that is persisted in the user home folder, which is shared between all apps by default. Previously, each app had its own in-memory H2 database.

Security warning on first login: due to upgrading to the latest Spring Security dependencies for handling the authentication for all the Flowable apps, users can get a “cookie theft exception” when accessing the apps with a cookie from a previous version that is still present in the browser. The reason for this is that Spring Security has changed the way cookie tokens are hashed. A hard refresh or relogin fixes this by generating a new cookie. If you don’t want to force your users to do this, you can delete all rows from the ACT_ID_TOKEN database table. This will invalidate all old cookies and all users will have to login again.