github flowable/flowable-engine flowable-6.3.0
Flowable 6.3.0 release
on GitHub

Release Notes - Flowable - 6.3.0

Flowable 6.3.0 has turned out to be a big release with many new features (and even more fixes). Many thanks to all the community contributers that participated in the release
and a special shout-out to Pascal Schumacher, Zach Visagie, Robert Hafner, Christophe Deneux and Seif El Deen Khaled


Note: Flowable now requires JDK 8 as a minimum version!


The Spring Boot starters have all been updated to version 2.0. There are now starters available for each engine (BPMN, CMMN and DMN).
Check the completely revised documentation for more details!

  • Support and fixes for running various modules on JDK 9 (the engines themselves already ran on JDK 9)
  • Updated all 3rd-party libraries to latest versions
  • The REST app can now be configured to use privileges, instead of all users being able to make REST calls.


  • Performance enhancements with great results. Read all about it here:
  • Dynamic task and subprocess injection into running process instances is now fully supported and out of experimental state
  • Allow the configuration of history on individual process definitions, overriding the engine default setting
  • Introduce the ‘triggerable’ service task: a service task that provides configurable service calls that are executed externally and call the engine when done. The implementation is guaranteed to be correct with regards to the transactional behavior of the engine.
  • Support for a transaction-lifecycle based event listener
  • Support for ‘sameDeployment’ when looking up the called process definition for a call activity
  • HTTP task: support for storing response variables transiently
  • Multi instance: support for Iterable when resolving a collection (e.g. ArrayNode)


  • REST API support for all CMMN services and operations
  • Support for asynchronous service tasks
  • Support for manual activation rules and enabling/manually starting plan items through the runtime service
  • Support for required rule
  • Support for autocomplete
  • Support for completion neutral
  • A Script task type has been added
  • Support for User event listeners
  • Support for viewing and managing CMMN date in the Admin app


  • Support for collection expressions, such as IN and NOT IN
  • Improved decision table editor user experience to make it easier to add JUEL expressions in specific rules
  • Support for viewing and managing decision executions in the Admin app


  • All apps have been rewritten to use Spring Boot 2.0. All apps now use one property file for configuration. Please check the documentation, as many new configuration options are available (with backwards compatibility for old properties).
  • Support for expressions in the options fields, including dropdown, radio and hyperlink fields
  • Support for a password fields in the form editor and runtime
  • Multi-tenancy support in the Modeler by defining the active tenant in the Modeler property file

Upgrade notes

To remove duplicate code, some more logic has been added to the common modules, such as flowable-engine-common and flowable-common-rest. For example, the scripting engine has been moved to the flowable-engine-common module so it can be used by both the BPMN and the CMMN engine.
If you are using Flowable internal classes then it is possible that some package changes to the common modules are required. Most of this should be automatically handled by your IDE.

All Flowable apps (IDM, Modeler, Task, Admin and REST) now read their configuration from the file, which is included in each WAR file in the META-INF/flowable-app folder.
Consequently, a single, shared can be placed on the classpath for all apps.
All property files (e.g. for the REST app) are still read and work in a backwards-compatible way.

The default way user credentials are authenticated and verified when calling the Flowable REST API has changed. A user now needs to have the access-rest-api privilege (before, any valid credentials could be used). An admin user can be given this privilege by setting the and properties in the file. On start-up, the admin user will be created if it doesn’t exist, or it will be given the access-rest-api privilege. This admin user can then give other users this privilige using the Flowable IDM app or through a REST call (doing an HTTP post to privileges/{privilegeId}/users with the userId in the body).

By default, all Flowable apps (IDM, Modeler, Task, Admin and REST) are configured to use an in-memory H2 database that is persisted in the user home folder, which is shared between all apps by default. Previously, each app had its own in-memory H2 database.

Due to upgrading to the latest Spring Security dependencies for handling the authentication for all the Flowable apps, users can get a “cookie theft exception” when accessing the apps with a cookie from a previous version that is still present in the browser.
The reason for this is that Spring Security has changed the way cookie tokens are hashed. A hard refresh or relogin fixes this by generating a new cookie. If you don’t want to force your users to do this, you can delete all rows from the ACT_ID_TOKEN database table. This will invalidate all old cookies and all users will have to login again.

2 years ago