Release notes

Bonita 2022.2 is available for download.

New available values

Bonita process monitoring now with embedded bpmn-visualization library

Bonitasoft launched the open source project Process Analytics two years ago in response to the market need to perform BPMN process monitoring using BPMN standards. The deliverable of this project is called the bpmn-visualization library. You can find a nice array of examples of what it can do in its demo web site, and you can even contribute to this initiative in its Github repository.
Till Bonita 2022.2, another library has been used to display process execution data for administrators at both process and case levels. This library had some limitations and was not easy to improve with new features.
Hence, integrating the bpmn-visualization library to Bonita, was a very natural choice.

The new values are available for Bonita Subscription Editions starting with the Efficiency edition.

  • Bonita Administration application users will get a faster and more robust view on the process execution data (thanks to the library and new REST APIs)

  • As the bpmn-visualization library evolves, more interactivity and information for a better monitoring capacity will be provided

  • Since the pages have been created by using Bonita UI Designer, developers can:

    • Use the custom widget embedded in the new pages in their own application pages. The widget has been wrapped into a fragment that makes it very easy to use.

    • Modify the process or case visualization page, and use it in any Bonita application

Bonita Reporting Application

Here it comes, Bonita Reporting Application is now available for download on Bonita’s Customer Service Center/Customer Portal and is compatible starting with Bonita 2021.2.

A subscription account is required for downloading the .jar, that contains “Process Historical Data” and “Human tasks historical data” reports, designed for process performance and human tasks execution analysis. More details are available in the dedicated documentation page Bonita application for analytics and reporting.

A new widget to deal with Currencies

A new input widget is now available in UI Designer to manage financial data using currencies at ease in pages or forms.

Bonita Artifact Repository

In Bonita 2022.1, we delivered Bonita Test Toolkit through an additional Maven archive. With Bonita 2022.2 we are delivered our subscription only Bonita Artifact Repository, and Bonita Test Toolkit is the first available for download artifact. Step by step, all our supported products will become available for download through Bonita Artifact Repository.


Development suite changes

A new first-start flow for the Studio

When launched for the first time after an install, the Studio will no longer start with a default project. The goal is to make this first start less cumbersome. Also, to increase user guidance, the "Welcome" page has been improved with clear call-to-action buttons.

Bonita Marketplace - Display installed extension

A new filter was added to display the already installed extensions in order to help users know the extensions installed in their project while browsing the Bonita Marketplace

With the previous version, you could import malformed extensions in your project without any warnings. This leading to errors downstream and confused users. From now, when importing or updating an extension, errors will be detected and users will be informed in Studio.

Improved guidance when the actor mapping is not defined

With the previous version, if the actor mapping of a process was not defined, an unclear error message was displayed to the user. To help our users move forward with the deployment of their processes, we have improved the error detection by providing a clear message when this issue occurs.

New Menus for Bonita Studio

The menus have been reviewed for an easier user journey.

Added Environment duplication feature

With the previous versions, creating a new environment required to set up the whole project configuration entirely, including configuration of each process, what could be time consuming and error prone with big projects. From now on, users can create environments starting from duplicating an existing one.

Functional changes

Process and Case info REST API resources - Subscription editions

It is now possible to retrieve the tasks execution data of all open cases of a process by using the bpm/processInfo REST API resource. It returns counters for each flow node in the process, showing the number of flow node instances that are in executing, ready, or failed state.

The REST API resource Case info bpm/caseInfo which is used for case visualization is now available in subscription editions only. For Community users who update to 2022.2, if you have this business need, you can create a REST API extension that leverages Bonita Engine java API to get the same functionality as in Bonita 2022.2 - Subscription version.

Human task REST API resource

It is now possible to retrieve the tasks - pending or already assigned - for which a user is a potential candidate by combining the filters user_id and show_assigned_to_others of bpm/humanTask REST API resource.

Technical updates

UI Designer frontend has been migrated to AngularJS 1.8.

Only the UID application has been upgraded to AngularJS 1.8. Your applications will still be generated with AngularJS 1.3. Stay tuned for further updates.

Feature deprecations and removals


SVN integration in Bonita Studio Subscription has been removed. You may migrate an existing SVN repository to a Git repository following this guide.

Multi-tenancy deprecation

Multi-tenancy has been deprecated commercially by Bonitasoft starting from Bonita 2021.1.

To cover the multi-tenancy use cases in the best technical way, Bonitasoft is proposing a new architecture solution. For customers running a Bonita multi-tenancy platform, the technical path from multi-tenancy proposed by Bonitasoft is multi-runtime. This choice will require to split the current multi-tenant platform into several runtimes, each one with their own Bonita engine database.

As this path can be challenging for customers using multi-tenancy, Bonitasoft developed a conversion tool, available for download on Bonitasoft Customer Portal. We strongly suggest our customers to take the time and use the tool in a pre-production environment before using it on a production environment.

Multi-tenancy to multi-runtime conversion tool can be executed on Bonita Runtimes starting with Bonita 7.11 and up to Bonita 7.15.

In case you are using a non-supported version, perform the update of the platform before converting it to multi-runtime.

Reminder : For commercial and support questions, please refer to your Customer Success referent.

New debounce property in UID pages

From version 7.15.4, a new debounce property has been added to the pbInput and pbAutocomplete widgets.

A page that is generated with this version is still compatible with a previous version and can be imported without any issues, but the debounce property will simply be ignored.

Bug fixes

For the users of Bonita Community edition, Bonita 2022.2 also comes with all the bug fixes released in the Maintenance versions of Bonita 2022.1 (up until version 2022.1-u6). The detailed list is available in the "What’s new in Bonita 2022.1" page, in the "Bug fixes" section.

Fixes in Bonita 2022.2-u9 (2024-04-18)

Fixes in Bonita Runtime including Bonita Applications

  • RUNTIME-1824 - Filter on "caller" does not work when searching for ArchivedProcessInstance

  • RUNTIME-1828 - ArchivedProcessInstance are not deleted when not root process instances

  • RUNTIME-1832 - Initialize Keycloak CryptoIntegration to fix java.lang.RuntimeException: java.lang.IllegalStateException: Illegal state. Please init first before obtaining provider

  • RUNTIME-1833 - SanitizerFilter should be disabled by default to avoid data loss when updating. Please visit the HTML sanitizer filter article to evaluate the risks.

  • RUNTIME-1835 - SInvalidExpressionException generated when a parameter is used from within a groovy script

  • RUNTIME-1844 - Update tomcat to 9.0.87

  • CVE-62 - Regular Expression Denial of Service (ReDoS) in AngularJS (CVE-2024-21490)

  • CVE-63 - Upgrade Apache Tomcat version (fixing CVE-2024-24549)

Fixes in Bonita 2022.2-u8 (2024-02-21)

Fixes in Bonita Runtime including Bonita Applications

  • RUNTIME-407 - Open Cases Administrator call API/bpm/case performance slowness in 2021.1-0617

  • RUNTIME-1816 - New sanitize filter makes payloads with "null" attribute values fail

  • RUNTIME-1818 - [Kerberos SSO] - IOException: conf/login.conf (No such file or directory)

  • RUNTIME-1820 - [SAML SSO]: Decrypt of encrypted assertion fails with error: java.lang.NoSuchMethodError: 'org.codehaus.stax2.ri.SingletonIterator org.codehaus.stax2.ri.SingletonIterator.create(java.lang.Object)'

  • RUNTIME-1821 - Docker image fails to start with JMX_REMOTE_ACCESS=true

  • CVE-56 - X-Frame-Options and Content-Security-Policy header is missing on some URLs.

Fixes in Bonita 2022.2-u7 (2024-01-26)

Fixes in Bonita Runtime including Bonita Applications

  • RUNTIME-1725 - graphical issue with admin living app

  • RUNTIME-1802 - Search fields don’t work when search term contain special characters

  • RUNTIME-1811 - "jaasAuthenticationService" and "authenticationService" beans not created if custom authentication service is configured

  • CVE-58 - Some UI screens in administration panel have been secured against stored XSS attacks. We also introduced a backend input validation to prevent storing XSS attacks in the database.
    We would like to thank both Tomas Castro Rojas and Mohammad A’mir for reporting this high severity issue to us.

Fixes in Bonita Studio including Bonita UI Designer

  • UID-727 - Invalid js minification

Fixes in Bonita 2022.2-u6 (2023-11-24)

Fixes in Bonita Studio including Bonita UI Designer

  • STUDIO-4478 - BPMN Export text as CDATA

  • STUDIO-4483 - BonitaMarketplace: NPE generated in the log file when the HTTP response’s entity-body is empty

  • STUDIO-4490 - Exception at runtime: the Call activity is wrong in the process-design.xml generated

  • UID-723 - Update to 7.15: Web browser’s disk and memory caches break the product and custom pages

  • CVE-50 - Removing from the packaged maven repository an old vulnerable log4j library which wasn’t executed

Fixes in Bonita Runtime including Bonita Applications

  • RUNTIME-1733 - Update several dependencies

  • RUNTIME-1753 - ClientAbortException: Broken pipe errors in runtime logs

  • RUNTIME-1775 - Bad java modules permissions for Hazelcast

  • RUNTIME-1784 - REST API authorisation: renaming of 'process_categories' permission breaks permissions after update to 7.15 or 8.0

  • RUNTIME-1785 - OIDC SSO: "Basic" authentication header is encoded in 8-bit and is not compatible with some IdPs

  • CVE-4 - Path-relative style sheet import

Fixes in Bonita 2022.2-u5 (2023-08-03)

Fixes in Bonita Runtime including Bonita Applications

  • RUNTIME-1642 - [Admin App][Process details] Visual glitch in the categories label

  • RUNTIME-1679 - We can’t set a timezone to bonita containers

  • RUNTIME-1713 - Apply debounce to official pages using a search box

  • RUNTIME-1364 - Search users triggers API call for each keystroke

  • RUNTIME-1716 - [Bonita cluster]: Hazelcast Kubernetes discovery not working

Please note that, due to an issue in recent Hazelcast versions, Hazelcast was rolled back to version 5.1.5 in order to fix RUNTIME-1716.

Fixes in Bonita 2022.2-u4 (2023-07-06)

Fixes in Bonita Studio including Bonita UI Designer

  • STUDIO-4468 - Some of shortcuts in script editor not working in Debian 10/11

Fixes in Bonita Runtime including Bonita Applications

  • RUNTIME-30 - Deleting process definition does not remove associated process supervisor, process category mapping

  • RUNTIME-38 - hasContent column stays as TRUE after using deleteContentOfArchivedDocument method

  • RUNTIME-1049 - Error message not explicit in Portal when creating a user with password policy enforced

  • RUNTIME-1701 - Event USER_CREATED is never raised

  • RUNTIME-1704 - Process supervisor mapping cannot be deleted

  • RUNTIME-1708 - REST API/bpm/activityVariable generates InvalidDefinitionException: Java 8 date/time type java.time.LocalDate

Fixes in Bonita 2022.2-u3 (2023-05-26)

Fixes in Bonita Studio including Bonita UI Designer

  • STUDIO-4454 - Changing tabs in expression editor duplicates the expression

  • STUDIO-4455 - Deploying an organisation fails if a parent and child process instances are still running in the Studio’s engine Tomcat

  • STUDIO-4458 - Custom page name conflict not detected at deploy

  • STUDIO-4460 - Fix ArrayIndexOutOfBoundsException when resolving variables context in the Groovy script editor

  • STUDIO-4461 - Improve pre 2022.1 project dependencies migration with better detection of dependencies with classifier

  • STUDIO-4462 - Fix Validate action getting stuck when diagrams contains Subprocess event figures.

  • UID-437 - Improve hotzone of the fx button

Fixes in Bonita Runtime including Bonita Applications

  • RUNTIME-369 - Uploaded file names are not XSS proof

  • RUNTIME-747 - Improve ronustness for concurrent BDM install/update requests

  • RUNTIME-1016 - Connection Pool attribute named testWithIdle is wrong in bonita template and default files

  • RUNTIME-1591 - Fix ECDSA KeyFactory not available when using SSO with OIDC

  • RUNTIME-1639 - Fix Bonita Admin app case list to keep the selected filter when going "back"

  • RUNTIME-1645 - OIDC client adds port 0 to redirect-uri-path configured in keycloak-oidc.json when using HTTPS

  • RUNTIME-1648 - Page permission warning is not implemented in resource page

  • RUNTIME-1650 - Missing authentication method client_credential_post for token request with OIDC

  • RUNTIME-1656 - Process list filter remain empty in user case list

  • RUNTIME-1657 - [Security] Update several dependencies for 2022.2-u3 (7.15.3)

  • RUNTIME-1662 - OIDC front channel logout is not working

  • RUNTIME-1663 - In a Bonita cluster, configuration updates are not effective unless all the nodes are stopped at once, then restarted one after another

  • RUNTIME-1666 - Process variables information missing in case details section for archived cases

  • RUNTIME-1668 - Error message displayed when mapping 6th role to process actors

  • RUNTIME-1672 - An HTTP call to portal back-end generates a wrong redirect instead of an error

  • RUNTIME-1680 - Dynamic permission DownloadDocumentPermissionRule - user doesn’t have access to downloaded document

  • RUNTIME-1688 - The X-Frame-Options header set in bonita pages no longer allows to specify authorized origins for parent frames

  • RUNTIME-1699 - CSRF Token Validation Filter and RestAPI Authorization Filter copy multiparts requests content in memory

  • RUNTIME-1700 - Some parameters from JAVA_OPTS environment variable (Docker image) are not taken into account

  • RUNTIME-1701 - Event USER_CREATED is never raised

Fixes in Bonita 2022.2-u2 (2023-02-02)

Fixes in Bonita Studio including Bonita UI Designer

  • STUDIO-4451 - Fix Dependency remote lookup failure when central is not reachable

  • STUDIO-4452 - Fix refresh validation so that Groovy script validation marker does not disappear

  • UID-716 - Fix missing keys in localization.json asset

Fixes in Bonita Runtime including Bonita Applications

  • RUNTIME-1555 - Fix selection in Users mapped to process manager profile: when selecting one user in search list, all users were selected

  • RUNTIME-1566 - Fix Logger configuration failure with Bonita docker image

  • RUNTIME-1567 - Fix layout deployment: the permissions corresponding to the 'resources' in are now added into the

  • RUNTIME-1580 - [Security] Version update of several dependencies for 2022.2-u2 (7.15.2)

  • RUNTIME-1582 - Fix New ProcessPermissionRule granting access to ANY user provided the process has pending tasks

  • RUNTIME-1590 - Fix Users having access to overview of process when they are not involved in it

  • RUNTIME-1625 - Fix REST API extension matching when url start with a / in

  • RUNTIME-1630 - Fix bonita/portal/custom-page : HTTP status 500 Internal error + NPE

  • RUNTIME-1633 - Fix translation in admin user app

Fixes in Bonita 2022.2-u1 (2022-12-05)

Fixes in Bonita Studio including Bonita UI Designer

  • STUDIO-4425 - Fix Welcome page incorrectly displayed

  • STUDIO-4426 - Fix Type lost on condition after variable removal

  • STUDIO-4437 - Fix SNAPSHOT external lib not displayed in "add dependency" in process configuration

  • UID-346 - Fix Not translated messages in Upload widget

  • UID-711 - Fix Currency widget: issue with negative values

Fixes in Bonita Runtime including Bonita Applications

  • RUNTIME-145 - Fix User creation on the fly when role doesn’t exist

  • RUNTIME-278 - Fix LDAP Synchronizer failures when the username LDAP attribute value’s changes case (uper/lower)

  • RUNTIME-578 - Fix [admin-case-list] undefined for William Jobs in Started by column when using technical user

  • RUNTIME-626 - Fix Waiting events of Start events not created when process is deployed using BCD and has a .bconf file

  • RUNTIME-752 - Fix Error 404 resulting in blank task list

  • RUNTIME-1269 - Fix LDAP Synch: group synchronisation failure when use_paged_search=true and one LDAP group search returns more than one page of results

  • RUNTIME-1431 - Fix Instantiation REST service Exposing the groovy script after an exception

  • RUNTIME-1434 - Fix custom user information truncated in admin app

  • RUNTIME-1476 - Fix Default dynamic permissions: process deployers, process initiators and process managers should access GET bpm/process

  • RUNTIME-1477 - [admin-case-details] improve display of Started by information

  • RUNTIME-1478 - [admin-task-details] improve display of Executed by information

  • RUNTIME-1485 - Fix [SSO] Allow the usage of any claim of the ID token for the OIDC adapter to fetch the username value from

  • RUNTIME-1486 - Fix [Rest API Extension][Java] Archetype generating bad InputStream management code

  • RUNTIME-1489 - [Security] Version update of several dependencies for 2022.2-u1 (7.15.1)

  • RUNTIME-1527 - Fix Platform API resources access should not need an API session along with the platform session

  • RUNTIME-1545 - Fix [SSO] OIDC auto detect bearer only option breaking json requests

  • RUNTIME-1552 - Fix [SSO] OIDC bearer requests blocked by CSRF protection

  • RUNTIME-1559 - Fix LDAP Synch: when number of members in an Active Directory group > MaxValRange, last page of members not synchronised

  • RUNTIME-1562 - Fix Session invalidated when accessing the license page in admin application

Fixes in Bonita 2022.2 (2022-10-05)

Fixes in Bonita Studio including Bonita UI Designer

  • STUDIO-4399 - Fix synchronize project open/close action

  • STUDIO-4400 - Fix [Organization] Password resolution

  • STUDIO-4419 - Fix failed to Load EMF ressource when trying to open an imported .bpmn file

Fixes in Bonita Runtime including Bonita Applications

  • RUNTIME-211 - Fix access to a non existing token in an app raise a 403 instead of a 404

  • RUNTIME-334 - Fix REST API ../API/identity/user/-1?d=professionalData as it returns the list of users

  • RUNTIME-335 - Fix REST API ../API/identity/user/-1 as it returns a APIMissingIdException

  • RUNTIME-864 - [Security] Several dependencies updates for 2022.2 (7.15.0)

  • RUNTIME-869 - Fix [Admin App]: BPM process: The 2 Popups to Disable and Enable installed process do not close

  • RUNTIME-978 - Fix organisation import does not update 'lastUpdate' field in user entries

  • RUNTIME-1011 - Fix processId in URL not taken into account in admin case list

  • RUNTIME-1147 - Fix office to PDF connector is not working on a 2022.1-u0 docker enterprise image

  • RUNTIME-1248 - Fix [Admin App]: Case list should not display the "view diagram" icon if the feature is not available

  • RUNTIME-1273 - Fix [Admin App]: BPM pages should be editable in subscription editions

  • RUNTIME-1275 - Fix bonita-sp- maven-repository 7.13.x contains extra files

  • RUNTIME-1408 - Fix slow REST API extension requests due to a java sycnhronized block

Known issues