This content is dedicated to our next version. It is work in progress: its content will evolve until the new version is released.

Before that time, it cannot be considered as official.

Release notes

New available values

BDM data retention (GDPR)

For Teamwork, Efficiency, Performance, Enterprise and Scale editions only.

A new feature lets administrators configure data retention rules per BDM object type to automatically delete expired business data on a scheduled basis. For each top-level object type, you can choose the reference date (creation or last update) and a retention period in days; a scheduled cleanup job then removes every expired instance, cascading to composition children.

Rules are managed through the new Data Retention (GDPR) page in the Admin application. Each cleanup run is audited via the new BUSINESS_DATA_CLEANED_UP queriable log event, and the schedule is driven by the new bonita.runtime.retention.schedule.cron configuration property (default: 0 0 2 * * 6, every Saturday at 02:00 UTC).

Legacy BDM object instances created before this version are not tracked automatically. A migration procedure is documented to backfill them when you want them subject to retention rules.

When updating from an earlier version with the Bonita Update Tool, the new Data Retention (GDPR) page is installed automatically but must be added to your existing Admin application’s menu manually.

See BDM data retention for the complete reference.

Notable changes

Support matrix changes

Deprecations and removals

API deprecations

API removals

Custom component changes

Configuration changes

Bug fixes

Fixes in Bonita 2026.1-u0 (2026-04-28)

  • BPA-183 - Process instance never completes: row in FLOWNODE_INSTANCE table with stateid 28 and kind multi

  • BPA-199 - BDM Custom Query with Single Result Type Returns Array Instead of Single Object

  • BPA-203 - Automatic cleanup of TEMPORARY_CONTENT rows does not delete actual object stored in pg_largeobject table

  • BPA-297 - BDM REST API returns empty JSON for HibernateProxy entities

  • BPA-316 - Prograde Java policy is too restrictictive for AI connectors

  • BPA-321 - ThreadLocal EntityManager leak after JTA transaction timeout causes stale persistence context reuse

  • BPA-411 - [OIDC][Cluster] single-use refresh token invalidation causes repeated session loss

  • BPA-443 - [Cluster] NPE on HTTP API for every void method (retryTask, logout, …​)

  • BPA-449 - Studio: .bar built from a process with no declared dependencies contains all project dependencies

  • Several dependencies updated