The second alpha release of Camunda BPM 7.10 is here and the highlights are:

  • Cascading History Cleanup based on process hierarchy
  • Notable security fixes
  • Start process list changes in Tasklist
  • Modify single process asynchronously
  • More supported environments – PostgreSQL 10.4 and MariaDB 10.3
  • 18 Bug Fixes

You can Download Camunda for free (click on Preview Release) or Run it with Docker.

If you are interested, you can see the complete release notes

and the list of known issues.

If you want to dig in deeper, you can find the source code on GitHub.

Cascading History Cleanup based on process hierarchy

Scene: Lets have a process definition called “Nesting doll” which includes a call activity. Furthermore, this call activity includes it’s own call activity, and so on, like a nesting doll.
A “Nesting doll” process is started, and some of the (child) call activities are completed. Several days pass and the process still hasn’t been completed. We open up Cockpit and decide to look into the historical data… and it’s gone. What happened? Well, the call activity had a history time to live (TTL) value defined which expired before the containing process was finished, so it was removed by the History Cleanup job.

We solved this historical inconsistency problem through the implementation of a Hierarchical History Cleanup mechanism. By introducing a root-descendant structure together with a removal time property for each historic process instance, we ensured that no descendant historic process instances are removed by the history cleanup job before the root one .

Notable Security fixes

CSRF Prevention Filter

With the CSRF Prevention Filter the Webapps are even more secure. The CSRF filter is enabled by default, validating each modifying request performed through the webapps. The filter implements a (per-session) Synchronization Token method for CSRF validation with an optional Same Origin with Standard Headers verification.

If you would like to enable the additional Same Origin with Standard Headers verification, the targetOrigin init-parameter should be set to the application expected deployment domain in the web.xml file of your application.
(See the sample configuration in the docs).

Whitelist patterns for User, Group and Tenant IDs

Another security fix is resource whitelisting. From now on User, Group and Tenant IDs can be matched against a Whitelist Pattern to determine if the provided ID is acceptable or not. The default (global) Regular Expression pattern to match against is “[a-zA-Z0-9]+|camunda-admin” (7.10+) i.e. any combination of alphanumeric values or ‘camunda-admin’.

It’s possible to modify the pattern to suit your needs by setting the process engine configuration property generalResourceWhitelistPattern with a new pattern. Standard Java Regular Expression syntax can be used. For example, to accept any character, the following property value can be used:

<property name="generalResourceWhitelistPattern" value=".+"/>

The definition of different patterns for User, Group and Tenant IDs is possible by using the appropriate configuration property:

<property name="userResourceWhitelistPattern" value="[a-zA-Z0-9-]+" />
<property name="groupResourceWhitelistPattern" value="[a-zA-Z]+" />
<property name="tenantResourceWhitelistPattern" value=".+" />

Note that if a certain pattern isn’t defined (ex. the tenant whitelist pattern), the general pattern will be used, either the default one ("[a-zA-Z0-9]+|camunda-admin") or one defined in the configuration file.

“Start process” list changes in Tasklist

In the previous alpha we introduced a new query option “startable” for process definitions. In this alpha, the process definitions list provided through the Start process feature in Tasklist respects this query option and displays only the “startable” process definitions.
In addition, the user needs the following permissions to see a process definition in this list, and of course, to start one:

  • CREATE permission for all Process instances
  • CREATE_INSTANCE and READ permissions on the Process Definition level

Modify Single process asynchronously

The latest feature in Cockpit is the asynchronous modification of a single process instance. Open Cockpit and navigate to the Runtime view of the desired process instance. Choose which modification to perform. The Asynchronous check box is in the Review modification window.

Asynchronous check box in the confirm modification window

Once submitted by clicking “Proceed”, a new job will be created and executed asynchronously.

Take a Sneak Peek at What Is Next

We are already eagerly busy preparing for the next alpha release, which is scheduled for end of August.

Among other things, we are working on the following topics, which are planned to be released in one of the next alpha releases:

  • Latest WildFly version is supported
  • bpmn-js plugins are available in Cockpit

And there is more to come! Take a look at the roadmap for the bigger list of planned features.

Your Feedback Is Highly Appreciated!

With every release we constantly strive to improve Camunda BPM. To make this possible, we rely on your feedback.
Feel free to share your ideas and suggestions with us.

You can contact us by writing a post in the forum.

  • Monitoring Camunda Platform 7 with Prometheus

    Monitoring is an essential facet of running applications in a production system. Through this process, organizations collect and analyze data, and determine if a program is performing as expected within set boundaries. When combined with alerting, monitoring allows for detecting unexpected system behavior to mitigate exceptional situations as fast as possible. Furthermore, tracking the performance of a system enables organizations to improve those aspects that have the biggest impact with higher priority. One essential aspect of monitoring is the list of key metrics you want to observe. There are different categories of statistics that can be of interest here. To observe the defined metrics, there are plenty of application monitoring tools on the market today. They differ in many aspects...

    Read more
  • Securing Camunda 8 self-managed cluster and applications...

    Directory services are an effective way to manage an organization’s users, groups, printers, devices, and more. Most organizations accomplish this using Active Directory, Apache Directory, Oracle Internet Directory, or other similar tools. Recently I worked with a customer who wanted to see how he could secure the Camunda 8 Platform and process applications with such a directory. Their requirements consisted of: Allowing Directory users to access Camunda applications (Tasklist, Operate, Optimize) Accessing secured Tasklist & Operate APIs from our custom project Securing the custom project In this article, I’ll briefly explain the 3 easy steps taken to fulfill their requirements which include: Federate users from the Directory service into Keycloak Declare an application in Identity to access Camunda APIs Configure...

    Read more
  • Accelerate Connectivity with Camunda Platform 8.1

    We’re thrilled to announce Camunda Platform 8.1, the latest release of our process orchestration solution. This new version introduces features that accelerate connectivity to the many different systems and technologies that are required for true digital transformation, including: Create custom Connectors with our Integration Framework to accelerate connectivity New out-of-the-box Connectors for popular services Enhancements to Camunda Modeler that improve productivity Hot backups and official support for Amazon EKS and Red Hat OpenShift Plus, several upgrades requested by Camunda Platform 7 customers Organizations across all industries rely on complex technology stacks to adapt and enhance their operations in response to market dynamics, new disruptive companies, and increasing consumer expectations. Your technology stack likely includes everything from cutting-edge technologies to legacy...

    Read more

Ready to get started?

Still have questions?