Camunda Team Blog

Camunda BPM 7.12.0 Released

Written by Camunda BPM Team on , under Execution category.

We are excited to announce that Camunda BPM Platform 7.12.0 is now available.

The release includes many new capabilities. Here are some of the highlights:

You can download Camunda 7.12.0 for free or run it with Docker.

Also included in the release:

You can read all about these releases in the dedicated blog post.

For a complete list of the changes, please check out the release notes and the list of known issues. And for patched security vulnerabilities, see our security notices.

If you want to dig deeper, you can find the source code on GitHub.

Enhanced BPMN Execution

Camunda BPM 7.12.0 includes significant improvements around BPMN process execution.

You can model all the features mentioned below with the version 3.5.0 of Camunda Modeler.

Trigger BPMN Errors and Escalations from User Tasks

In some cases, a human task worker cannot complete an assigned task – for instance, because an unforeseen error occurs, or a decision needs to be escalated.

Starting in 7.12, it’s possible to trigger BPMN Error and Escalation events from user tasks via the Java or REST APIs.

The sample process shown below has an Error event, as well as an Escalation Boundary event, attached to the user task “Review annual report”:

The following example shows how to trigger a BPMN Error via REST API:

POST /task/482g036/bpmnError

{
  "errorCode": "invalid-data-error",
  "errorMessage": "The data provided for the report is invalid.",
  "variables": {
      "reportId" : {
        "value" : "PLR-233",
        "type": "String"
      }
  }
}

The REST API request triggers an Error for the user task 482g036 with the code invalid-data-error, a message and passes a variable reportId.

You can read more here:

Time-triggered Listeners for User Tasks

For a manual task, it is sometimes necessary to automatically trigger certain actions after a specific amount of time (e.g. for escalation, reassignment, email notifications, etc.).

Starting in 7.12, the Workflow Engine can execute Time-triggered Listeners for user tasks in your processes.

For example, the following process contains a Time-triggered Listener for the user task “Pick Items”:

The Time-triggered Listener will call the task Listener Class com.example.ReassignListener after one hour.

You can configure the Listener in Camunda Modeler as follows:

You can read more here:

Update Listeners for User Tasks

Properties of a manual task may change over time. To react accordingly to changes, it may make sense to trigger specific actions automatically. For instance, to notify an assigned task worker when a due date is set or updated.

This release features Update Listeners for user tasks.

The following process contains an Update Listener for the user task “Check invoice”:

The Update Listener calls the Task Listener class com.example.NotifyAssigneeListener as soon as the task is updated.

You can configure the Listener in Camunda Modeler as follows:

You can read more here:

Additional BPMN Execution Features

Improved Operations

This release introduces powerful features to improve operations such as annotating operation logs with comments or contextual logging for processes.

Annotate Operation Logs with Comments

Operation logs are helpful for auditing manual operations. However, the logged technical information might be not enough to understand the specific reason that an operator performed a specific operation.

Camunda BPM 7.12.0 makes it possible to annotate logs with a comment to put the operation in the correct business context and make later auditing easier.

In Cockpit and Admin, it’s possible to annotate the logs of an already performed operation with a comment:

Additionally, when modifying a process instance, you can directly add a comment:

You can read more here:

Contextual Logging for Processes

When it comes to debugging, it’s key to link logs of the workflow engine to the context in which the respective process execution took place. For instance, when an exception occurs in a Java delegate, it can be very helpful to trace it back to the affected process instance.

This release leverages the Mapped Diagnostic Context (MDC) technique of SLF4J to link logs to the respective process execution context. To make use of this new feature, you need to add the context placeholder %X to the logging pattern.

Here’s what the configuration will look like when using the Logback implementation:

<configuration>
  <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
    <encoder>
      <pattern>
        %d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} {%X} - %msg%n
      </pattern>
    </encoder>
  </appender>

  ...

</configuration>

The configuration shown above produces the following log output:

08:12:05.212 [camundaTaskExecutor-3] WARN org.camunda.bpm.engine.jobexecutor {activityId=bill-customer, processDefinitionId=billing-process:1:216698df, processInstanceId=298e7511} - ENGINE-14006 Exception while executing job 33c54b1a:
java.lang.RuntimeException: Invocation of billing service failed!
  at com[…]BillingService.lambda$performBilling$0(BillingService.java:29)
  at org.camunda[…]JavaDelegateInvocation.invoke(JavaDelegateInvocation.java:40)
  …

With the help of the log output, we can easily see that the exception occurred while executing the instance 298e7511 from the process definition billing-process:1:216698df inside the activity bill-customer.

You can read more here:

Additional Operations Features

Stronger Security

We continuously strive to improve the security of Camunda BPM.

Protection against Malicious Variable Values

The Workflow Engine allows the exchange of structured process data from untrusted sources in the form of JSON and XML.

The deserialization of JSON and XML data from untrusted sources is prone to exploitation. When the provided data is malicious, arbitrary code can be executed inside the Java Virtual Machine (JVM).

Camunda BPM 7.12.0 includes an all-new security mechanism to prevent the Workflow Engine from deserializing malicious JSON and XML data.

By default, common Java types like list or map structures are whitelisted. When a malicious JSON or XML variable value with a non-whitelisted Java type is stored, the Workflow Engine rejects the variable value from being deserialized. You can extend the whitelist with your custom Java types.

You can read more here:

Additional Security Features

Additional Supported Environments

Camunda BPM 7.12.0 introduces support for new environments:

  • Support for Java 13
  • Ready-to-use Docker Images that are based on OpenJDK 11 (LTS)
  • Support for WildFly Application Server 17 and 18

You can read more here:

Retired Environments

Camunda BPM 7.12.0 discontinues support for older versions of legacy application servers and database systems. Additionally, Java 7 is no longer supported.

Dropping support of legacy environments enables us to support new technologies and provide a secure product. For more details, please read about the Changes in Supported Environments.

And Much More

There are many smaller features and bug fixes in the release that are not included in this blog post. The full release notes provide the details.

Register for the Webinar

If you’re not already registered, be sure to secure a spot at the free release webinars, which are offered in German and English.

Your Feedback Matters!

With every release, we strive to improve Camunda BPM. This is only possible with your feedback! Feel free to share your ideas and suggestions with us.

You can contact us via the Camunda user forum.