Camunda Team Blog

Camunda 7.10.0-alpha2 Released

Written by Nikola Koevski on , under Execution category.

The second alpha release of Camunda BPM 7.10 is here and the highlights are:

  • Cascading History Cleanup based on process hierarchy
  • Notable security fixes
  • Start process list changes in Tasklist
  • Modify single process asynchronously
  • More supported environments - PostgreSQL 10.4 and MariaDB 10.3
  • 18 Bug Fixes

You can Download Camunda for free (click on Preview Release) or Run it with Docker.

If you are interested, you can see the complete release notes

and the list of known issues.

If you want to dig in deeper, you can find the source code on GitHub.

Cascading History Cleanup based on process hierarchy

Scene: Lets have a process definition called “Nesting doll” which includes a call activity. Furthermore, this call activity includes it’s own call activity, and so on, like a nesting doll. A “Nesting doll” process is started, and some of the (child) call activities are completed. Several days pass and the process still hasn’t been completed. We open up Cockpit and decide to look into the historical data… and it’s gone. What happened? Well, the call activity had a history time to live (TTL) value defined which expired before the containing process was finished, so it was removed by the History Cleanup job.

We solved this historical inconsistency problem through the implementation of a Hierarchical History Cleanup mechanism. By introducing a root-descendant structure together with a removal time property for each historic process instance, we ensured that no descendant historic process instances are removed by the history cleanup job before the root one .

Notable Security fixes

CSRF Prevention Filter

With the CSRF Prevention Filter the Webapps are even more secure. The CSRF filter is enabled by default, validating each modifying request performed through the webapps. The filter implements a (per-session) Synchronization Token method for CSRF validation with an optional Same Origin with Standard Headers verification.

If you would like to enable the additional Same Origin with Standard Headers verification, the targetOrigin init-parameter should be set to the application expected deployment domain in the web.xml file of your application. (See the sample configuration in the docs).

Whitelist patterns for User, Group and Tenant IDs

Another security fix is resource whitelisting. From now on User, Group and Tenant IDs can be matched against a Whitelist Pattern to determine if the provided ID is acceptable or not. The default (global) Regular Expression pattern to match against is “[a-zA-Z0-9]+|camunda-admin” (7.10+) i.e. any combination of alphanumeric values or ‘camunda-admin’.

It’s possible to modify the pattern to suit your needs by setting the process engine configuartion propery generalResourceWhitelistPattern with a new pattern. Standard Java Regular Expression syntax can be used. For example, to accept any character, the following property value can be used:

<property name="generalResourceWhitelistPattern" value=".+"/>

The definition of different patterns for User, Group and Tenant IDs is possible by using the appropriate configuration propery:

<property name="userResourceWhitelistPattern" value="[a-zA-Z0-9-]+" />
<property name="groupResourceWhitelistPattern" value="[a-zA-Z]+" />
<property name="tenantResourceWhitelistPattern" value=".+" />

Note that if a certain pattern isn’t defined (ex. the tenant whitelist pattern), the general pattern will be used, either the default one ("[a-zA-Z0-9]+|camunda-admin") or one defined in the configuration file.

“Start process” list changes in Tasklist

In the previous alpha we introduced a new query option “startable” for process definitions. In this alpha, the process definitions list provided through the Start process feature in Tasklist respects this query option and displays only the “startable” process definitions. In addition, the user needs the following permissions to see a process definition in this list, and of course, to start one:

  • CREATE permission for all Process instances
  • CREATE_INSTANCE and READ permissions on the Process Definition level

Modify Single process asynchronously

The latest feature in Cockpit is the asynchronous modification of a single process instance. Open Cockpit and navigate to the Runtime view of the desired process instance. Choose which modification to perform. The Asynchronous check box is in the Review modification window.

Once submitted by clicking “Proceed”, a new job will be created and executed asynchronously.

Take a Sneak Peek at What Is Next

We are already eagerly busy preparing for the next alpha release, which is scheduled for end of August.

Among other things, we are working on the following topics, which are planned to be released in one of the next alpha releases:

  • Latest Wildfly version is supported
  • bpmn-js plugins are available in Cockpit

And there is more to come! Take a look at the roadmap for the bigger list of planned features.

Your Feedback Is Highly Appreciated!

With every release we constantly strive to improve Camunda BPM. To make this possible, we rely on your feedback. Feel free to share your ideas and suggestions with us.

You can contact us by writing a post in the forum.