Full Changelog: https://github.com/Activiti/Activiti/compare/7.21.0-rc.327...7.21.0-rc.328

Full Changelog: https://github.com/Activiti/Activiti/compare/7.21.0-rc.326...7.21.0-rc.327

• 5a9acfc: [js] Expose BiDi CDDL ast and model as shared artifacts (#17657) (Titus Fortner) #17657
• 2bfb990: [rb] skip Safari double_click action tests (Titus Fortner)
• 3f37cce: [rb] set window state before each window test instead of resetting driver (Titus Fortner)
• f53de51: [rb] run minimize test on linux now that #17644 fixed fluxbox startup (Titus Fortner)

Full Changelog: https://github.com/Activiti/Activiti/compare/7.21.0-rc.325...7.21.0-rc.326

• Artemis auto-configuration uses a predictable default location for the embedded broker's data #50743
• MailSender auto-configuration does not enable hostname verification #50742
• SSL should not be enabled when a SSL bundle is overridden to an empty string #50624
• Layer written outside the output location of '//' exception is thrown when using extract layers in root directory #50501
• Docker Compose support does not restore thread interrupt flag when catching InterruptedException #50451
• RabbitProperties enables SSL even when spring.rabbitmq.ssl.bundle is overridden to an empty string #50429
• GraphQL WebSocket support does not configure allowed origins #50391
• Buildpack module does not validate long-to-int casts #50382
• MappingsEndpoint reports the context's own ID as parentId when a parent exists #50373
• Created StackTracePrinter instances have no access to the Environment #50303
• NullPointerException in reactor-netty SniProvider when SSL bundle uses client-auth or server truststore without server-name-bundles #50301
• Spring Boot Loader Does Not Support RSA and EC Signed Jars #50292
• ConfigurationPropertiesReportEndpoint exposes AOP proxy internals #50273
• Actuator's '/cloudfoundryapplication' endpoint does not work if restrictive CORS configuration is provided using a bean named corsConfigurationSource #50254
• Meter registries are not removed from the global registry when the context is closed #50235
• ThreadPoolTaskScheduleBuilder unnecessarily loses precision when configuring await termination time #50225
• Apply HTML escaping to timestamp attribute in Whitelabel error page #50205
• NimbusJwtDecoder silently accepts unknown values for spring.security.oauth2.resourceserver.jwt.jws-algorithms #50118
• EndpointRequest links matcher unnecessarily matches HTTP methods other than GET #50095

• Fix reference to Gradle documentation for module replacement #50641
• Remove the use of Optional from Data Neo4j repository examples #50600
• Fix typos in documentation #50593
• Document Java 25 requirement for AOT cache #50482
• Clarify dependency requirement for Bean Validation support #50290
• Document SSL reloading with Let's Encrypt #50222
• Polish InvalidConfigurationPropertyValueException constructor javadoc #50212
• Document known testcontainers lifecycle issues #50210
• Document configuring multiple connectors with Jetty #50206
• Fix typo in Spring Security OAuth2 client registration documentation #50193

• Upgrade to Caffeine 3.2.4 #50308
• Upgrade to Cassandra Driver 4.19.3 #50670
• Upgrade to Glassfish JAXB 4.0.9 #50671
• Upgrade to Groovy 4.0.32 #50310
• Upgrade to Hibernate 6.6.53.Final #50721
• Upgrade to Jackson Bom 2.21.4 #50673
• Upgrade to Jakarta Json Bind 3.0.2 #50674
• Upgrade to Jakarta XML Bind 4.0.5 #50313
• Upgrade to Jaxen 2.0.6 #50722
• Upgrade to Jetty 12.0.36 #50676
• Upgrade to Jetty Reactive HTTPClient 4.0.14 #50723
• Upgrade to jOOQ 3.19.35 #50724
• Upgrade to Logback 1.5.34 #50677
• Upgrade to Maven Failsafe Plugin 3.5.6 #50678
• Upgrade to Maven Surefire Plugin 3.5.6 #50679
• Upgrade to Micrometer 1.15.12 #50511
• Upgrade to Micrometer Tracing 1.5.12 #50512
• Upgrade to Netty 4.1.135.Final #50680
• Upgrade to Postgresql 42.7.11 #50317
• Upgrade to Pulsar 4.0.11 #50725
• Upgrade to R2DBC MySQL 1.4.2 #50319
• Upgrade to Reactor Bom 2024.0.18 #50513
• Upgrade to SAAJ Impl 3.0.6 #50726
• Upgrade to SLF4J 2.0.18 #50533
• Upgrade to Spring AMQP 3.2.11 #50514
• Upgrade to Spring Authorization Server 1.5.8 #50515
• Upgrade to Spring Batch 5.2.6 #50516
• Upgrade to Spring Data Bom 2025.0.12 #50517
• Upgrade to Spring Framework 6.2.19 #50518
• Upgrade to Spring GraphQL 1.4.6 #50739
• Upgrade to Spring HATEOAS 2.5.3 #50519
• Upgrade to Spring Integration 6.5.9 #50520
• Upgrade to Spring Kafka 3.3.16 #50521
• Upgrade to Spring LDAP 3.3.8 #50522
• Upgrade to Spring Pulsar 1.2.18 #50523
• Upgrade to Spring RESTDocs 3.0.6 #50524
• Upgrade to Spring Retry 2.0.13 #50525
• Upgrade to Spring Security 6.5.11 #50526
• Upgrade to Spring Session 3.5.7 #50527
• Upgrade to Spring WS 4.1.4 #50528
• Upgrade to Tomcat 10.1.55 #50534

Thank you to all the contributors who worked on this release:

@Abdlatif-nabgha, @DragonFSKY, @Kapil-chn7, @SJvaca30, @SebTardif, @ares333, @codingkiddo, @dlwldnjs1009, @henriquejsza, @igormukhin, @johnnypwong, @kwondh5217, @leestana01, @mheath, @ngocnhan-tran1996, @nosan, @quaff, @scordio, @vinhhieu21, @won-seoop, and @zxuhan

• Add public constructor to InvalidConfigurationPropertyValueException that accepts a cause #50211
• Reduce memory consumption when repeatedly calling WritableJson.toByteArray #49428

• MailSender auto-configuration does not enable hostname verification #50747
• Artemis auto-configuration uses a predictable default location for the embedded broker's data #50745
• Embedded LDAP SSL should not be enabled when its bundle is empty #50700
• InetAddressFilter.externalAddresses does not exclude special purpose addresses from RFC 6890 #50668
• NullPointerException in reactor-netty SniProvider and unmapped SSL bundle with RSocket #50645
• SSL should not be enabled when a SSL bundle is overridden to an empty string #50635
• Test auto-configuration no longer integrates Spring Security with HtmlUnitDriver #50633
• Configuration property metadata includes incorrect class references #50632
• Docker Compose support does not restore thread interrupt flag when catching InterruptedException #50618
• RabbitProperties enables SSL even when spring.rabbitmq.ssl.bundle is overridden to an empty string #50612
• NullPointerException in reactor-netty SniProvider when SSL bundle uses client-auth or server truststore without server-name-bundles #50610
• SpringJtaPlatform should have been deprecated since 4.1.0-M3 #50592
• Layer written outside the output location of '//' exception is thrown when using extract layers in root directory #50510
• ConfigurationPropertiesReportEndpoint exposes AOP proxy internals #50417
• Created StackTracePrinter instances have no access to the Environment #50414
• MappingsEndpoint reports the context's own ID as parentId when a parent exists #50412
• Buildpack module does not validate long-to-int casts #50410
• Gradle gRPC support fails if protobuf-java dependency is used instead of protobuf-java-util #50405
• GraphQL WebSocket support does not configure allowed origins #50394
• Spring Boot Loader Does Not Support RSA and EC Signed Jars #50298
• Meter registries are not removed from the global registry when the context is closed #50287
• DataSourceBuilder cannot derive a DataSource from a lazy connection proxy #50271
• Nullable annotations from AbstractErrorController.getErrorAttributes are not aligned with implementation #50266
• Bean definitions can be added with an initializer before setAllowBeanDefinitionOverriding is called #50264
• EndpointRequest links matcher unnecessarily matches HTTP methods other than GET #50261
• Actuator's '/cloudfoundryapplication' endpoint does not work if restrictive CORS configuration is provided using a bean named corsConfigurationSource #50258
• ThreadPoolTaskScheduleBuilder unnecessarily loses precision when configuring await termination time #50234
• NimbusJwtDecoder silently accepts unknown values for spring.security.oauth2.resourceserver.jwt.jws-algorithms #50228
• Missing dependency management for spring-boot-web-server-test #50224
• Spring Batch support for MongoDB modules are not included in dependency management #50223
• Apply HTML escaping to timestamp attribute in Whitelabel error page #50216
• GrpcServerHealthScheduler is not started in servlet environments #50209
• Setting server.servlet.session.cookie.partitioned=true has no effect when using Tomcat #50204

• Fix reference to Gradle documentation for module replacement #50647
• Document SSL reloading with Let's Encrypt #50630
• Remove the use of Optional from Data Neo4j repository examples #50622
• Fix typos in documentation #50620
• Clarify dependency requirement for Bean Validation support #50614
• Document Java 25 requirement for AOT cache #50485
• Add links for Java CAS Client Spring Boot Starter #50285
• Document known testcontainers lifecycle issues #50220
• Document adding multiple connectors for Jetty #50218
• Polish InvalidConfigurationPropertyValueException constructor javadoc #50214
• Fix typo in Spring Security OAuth2 client registration documentation #50199

• Upgrade to ActiveMQ 6.2.6 #50652
• Upgrade to Byte Buddy 1.18.10 #50693
• Upgrade to Caffeine 3.2.4 #50338
• Upgrade to Cassandra Driver 4.19.3 #50654
• Upgrade to Couchbase Client 3.11.3 #50576
• Upgrade to Elasticsearch Client 9.4.2 #50655
• Upgrade to Glassfish JAXB 4.0.9 #50656
• Upgrade to Groovy 5.0.6 #50340
• Upgrade to Hibernate 7.4.1.Final #50732
• Upgrade to Infinispan 16.1.4 #50342
• Upgrade to Jackson 2 Bom 2.21.4 #50657
• Upgrade to Jackson Bom 3.1.4 #50658
• Upgrade to Jakarta Json Bind 3.0.2 #50659
• Upgrade to Jakarta XML Bind 4.0.5 #50345
• Upgrade to Jaxen 2.0.6 #50710
• Upgrade to Jetty 12.1.10 #50661
• Upgrade to Jetty Reactive HTTPClient 4.1.5 #50711
• Upgrade to jOOQ 3.21.5 #50712
• Upgrade to Kafka 4.2.1 #50662
• Upgrade to Kotlin 2.3.21 #50347
• Upgrade to Lettuce 7.5.2.RELEASE #50581
• Upgrade to Liquibase 5.0.3 #50582
• Upgrade to Logback 1.5.34 #50663
• Upgrade to Maven Enforcer Plugin 3.6.3 #50583
• Upgrade to Maven Failsafe Plugin 3.5.6 #50664
• Upgrade to Maven Surefire Plugin 3.5.6 #50665
• Upgrade to Micrometer 1.17.0 #50559
• Upgrade to Micrometer Tracing 1.7.0 #50560
• Upgrade to MongoDB 5.8.0 #50608
• Upgrade to Native Build Tools Plugin 1.1.1 #50585
• Upgrade to Neo4j Java Driver 6.1.0 #50586
• Upgrade to Netty 4.2.15.Final #50666
• Upgrade to OpenTelemetry 1.62.0 #50588
• Upgrade to Oracle Database 23.26.2.0.0 #50667
• Upgrade to Postgresql 42.7.11 #50349
• Upgrade to Protobuf Java 4.34.2 #50590
• Upgrade to Protobuf Maven Plugin 5.1.4 #50589
• Upgrade to Pulsar 4.2.2 #50713
• Upgrade to R2DBC MySQL 1.4.2 #50351
• Upgrade to Reactor Bom 2025.0.6 #50561
• Upgrade to SAAJ Impl 3.0.6 #50714
• Upgrade to SLF4J 2.0.18 #50591
• Upgrade to Spring AMQP 4.1.0 #50562
• Upgrade to Spring Batch 6.0.4 #50563
• Upgrade to Spring Data Bom 2026.0.0 #50564
• Upgrade to Spring Framework 7.0.8 #50565
• Upgrade to Spring GraphQL 2.0.4 #50741
• Upgrade to Spring gRPC 1.1.0 #50566
• Upgrade to Spring HATEOAS 3.1.1 #50567
• Upgrade to Spring Integration 7.1.0 #50568
• Upgrade to Spring Kafka 4.1.0 #50569
• Upgrade to Spring LDAP 4.1.0 #50570
• Upgrade to Spring Pulsar 2.0.6 #50571
• Upgrade to Spring RESTDocs 4.0.1 #50572
• Upgrade to Spring Security 7.1.0 #50573
• Upgrade to Spring Session 4.1.0 #50574
• Upgrade to Spring WS 5.0.2 #50575
• Upgrade to SQLite JDBC 3.53.2.0 #50715
• Upgrade to Tomcat 11.0.22 #50354

Thank you to all the contributors who worked on this release:

@Abdlatif-nabgha, @DragonFSKY, @Kapil-chn7, @Kimgyuilli, @SJvaca30, @SebTardif, @ares333, @codingkiddo, @dlwldnjs1009, @eddumelendez, @henriquejsza, @igormukhin, @johnnypwong, @kwondh5217, @leestana01, @mheath, @mmoayyed, @msridhar, @ngocnhan-tran1996, @nosan, @quaff, @scordio, @vinhhieu21, @vpavic, @won-seoop, and @zxuhan

• MailSender auto-configuration does not enable hostname verification #50746
• Artemis auto-configuration uses a predictable default location for the embedded broker's data #50744
• NullPointerException in reactor-netty SniProvider and unmapped SSL bundle with RSocket #50640
• SSL should not be enabled when a SSL bundle is overridden to an empty string #50634
• Docker Compose support does not restore thread interrupt flag when catching InterruptedException #50617
• RabbitProperties enables SSL even when spring.rabbitmq.ssl.bundle is overridden to an empty string #50611
• NullPointerException in reactor-netty SniProvider when SSL bundle uses client-auth or server truststore without server-name-bundles #50609
• Test auto-configuration no longer integrates Spring Security with HtmlUnitDriver #50602
• Layer written outside the output location of '//' exception is thrown when using extract layers in root directory #50509
• ConfigurationPropertiesReportEndpoint exposes AOP proxy internals #50416
• Created StackTracePrinter instances have no access to the Environment #50413
• MappingsEndpoint reports the context's own ID as parentId when a parent exists #50411
• Buildpack module does not validate long-to-int casts #50409
• GraphQL WebSocket support does not configure allowed origins #50393
• Configuration property metadata includes incorrect class references #50375
• Spring Boot Loader Does Not Support RSA and EC Signed Jars #50297
• Meter registries are not removed from the global registry when the context is closed #50286
• Nullable annotations from AbstractErrorController.getErrorAttributes are not aligned with implementation #50265
• EndpointRequest links matcher unnecessarily matches HTTP methods other than GET #50260
• Actuator's '/cloudfoundryapplication' endpoint does not work if restrictive CORS configuration is provided using a bean named corsConfigurationSource #50257
• ThreadPoolTaskScheduleBuilder unnecessarily loses precision when configuring await termination time #50233
• NimbusJwtDecoder silently accepts unknown values for spring.security.oauth2.resourceserver.jwt.jws-algorithms #50227
• Apply HTML escaping to timestamp attribute in Whitelabel error page #50215
• Setting server.servlet.session.cookie.partitioned=true has no effect when using Tomcat #50201

• Fix reference to Gradle documentation for module replacement #50646
• Document SSL reloading with Let's Encrypt #50629
• Remove the use of Optional from Data Neo4j repository examples #50621
• Fix typos in documentation #50619
• Clarify dependency requirement for Bean Validation support #50613
• Document Java 25 requirement for AOT cache #50484
• Add links for Java CAS Client Spring Boot Starter #50281
• Document known testcontainers lifecycle issues #50219
• Document adding multiple connectors for Jetty #50217
• Polish InvalidConfigurationPropertyValueException constructor javadoc #50213
• Fix typo in Spring Security OAuth2 client registration documentation #50198

• Upgrade to Caffeine 3.2.4 #50322
• Upgrade to Cassandra Driver 4.19.3 #50681
• Upgrade to Glassfish JAXB 4.0.9 #50682
• Upgrade to Groovy 5.0.6 #50324
• Upgrade to Hibernate 7.2.19.Final #50733
• Upgrade to Jackson 2 Bom 2.21.4 #50684
• Upgrade to Jackson Bom 3.1.4 #50685
• Upgrade to Jakarta Json Bind 3.0.2 #50686
• Upgrade to Jakarta XML Bind 4.0.5 #50328
• Upgrade to Jaxen 2.0.6 #50717
• Upgrade to Jetty 12.1.10 #50688
• Upgrade to Jetty Reactive HTTPClient 4.1.5 #50718
• Upgrade to jOOQ 3.19.35 #50719
• Upgrade to Liquibase 5.0.3 #50554
• Upgrade to Logback 1.5.34 #50689
• Upgrade to Maven Enforcer Plugin 3.6.3 #50555
• Upgrade to Maven Failsafe Plugin 3.5.6 #50690
• Upgrade to Maven Surefire Plugin 3.5.6 #50691
• Upgrade to Micrometer 1.16.6 #50535
• Upgrade to Micrometer Tracing 1.6.6 #50536
• Upgrade to Neo4j Java Driver 6.1.0 #50556
• Upgrade to Netty 4.2.15.Final #50692
• Upgrade to Postgresql 42.7.11 #50332
• Upgrade to R2DBC MySQL 1.4.2 #50333
• Upgrade to Reactor Bom 2025.0.6 #50537
• Upgrade to SAAJ Impl 3.0.6 #50720
• Upgrade to SLF4J 2.0.18 #50558
• Upgrade to Spring AMQP 4.0.4 #50538
• Upgrade to Spring Batch 6.0.4 #50539
• Upgrade to Spring Data Bom 2025.1.6 #50540
• Upgrade to Spring Framework 7.0.8 #50541
• Upgrade to Spring GraphQL 2.0.4 #50740
• Upgrade to Spring HATEOAS 3.0.4 #50542
• Upgrade to Spring Integration 7.0.5 #50543
• Upgrade to Spring Kafka 4.0.6 #50544
• Upgrade to Spring LDAP 4.0.4 #50545
• Upgrade to Spring Pulsar 2.0.6 #50546
• Upgrade to Spring RESTDocs 4.0.1 #50547
• Upgrade to Spring Security 7.0.6 #50548
• Upgrade to Spring Session 4.0.4 #50549
• Upgrade to Spring WS 5.0.2 #50550
• Upgrade to Tomcat 11.0.22 #50335

Thank you to all the contributors who worked on this release:

@Abdlatif-nabgha, @DragonFSKY, @Kapil-chn7, @Kimgyuilli, @SJvaca30, @SebTardif, @ares333, @codingkiddo, @dlwldnjs1009, @henriquejsza, @igormukhin, @johnnypwong, @kwondh5217, @leestana01, @mheath, @mmoayyed, @msridhar, @ngocnhan-tran1996, @nosan, @quaff, @scordio, @vinhhieu21, @won-seoop, and @zxuhan

• AAE-46367 Prevent leaking collection element variable into multi-instance call activity result collection with variable mapping extensions by @igdianov in https://github.com/Activiti/Activiti/pull/5429

Full Changelog: https://github.com/Activiti/Activiti/compare/7.21.0-rc.324...7.21.0-rc.325

Full Changelog: https://github.com/Activiti/Activiti/compare/7.21.0-rc.323...7.21.0-rc.324

Full Changelog: https://github.com/Activiti/Activiti/compare/7.21.0-rc.322...7.21.0-rc.323