8.3+gen13

Operate

🚀 New Features

• skip creating update requests for missing batch operations (#6772)

💊 Bugfixes

• avoid blocking the threads in importer (#6769)
• remove dry-run and reusable workflow due the usage of master workflows (#6759)
• add allowlist to SortValuesWrapper to prevent untrusted deserialization [Backport stable/8.3] (#6762)

🧹 Chore

• update Zeebe and Identity till 8.3.12 (#6775)

8.5+gen2

Overview

Camunda application in this release generation:

• Identity: 8.5.1
• Operate: 8.5.1
• Tasklist: 8.5.1
• Zeebe: 8.5.1

Identity

💊 Bugfixes

• added audience parameter to generic oidc login uri (#2784) (#2853)
• upgrade alpine to 3.19.1 (#2822) (#2827)

🧹 Chore

• revert include package.json and yarn.lock in docker image (#2846) (#2851)
• centralize spring boot version (#2838)
• update spring boot to 3.2.4 (#2716) (#2752)
• upgrade software.amazon.awssdk:rds from 2.25.22 to 2.25.23 (#2748)

Operate

What's Changed

• ci: Add Operate Build step to merge queue (#17226) by @houssain-barouni in camunda/camunda#17366
• fix: fix incorrect versions in pom and dockerfiles for 8.5.0 release by @matt-whiteman in camunda/camunda#17326
• fix: return inner IndexSettings object that holds all settings by @robert-sorkin in camunda/camunda#17426
• fix: INCIDENT state is not returned in Public API by @mihail-ca in camunda/camunda#17528
• perf: Backoff Mechanism to Handle ElasticSearch Unavailability [Backport stable/operate-8.5] by @kristinkomschow in camunda/camunda#17494
• fix: Handle index value of null in PostImporter by @mihail-ca in camunda/camunda#17508
• fix: allowed for empty POST request bodies [Backport stable/operate 8.5] by @kristinkomschow in camunda/camunda#17495
• fix: set TransportOptions for OpenSearch requests by @ralfpuchert in camunda/camunda#17608
• fix: API error message for invalid size parameters [Backport stable/operate-8.5] by @kristinkomschow in camunda/camunda#17496
• fix: use raw REST calls for OpenSearch repository API by @ralfpuchert in camunda/camunda#17680
• ci: backport move all operate import and slower tests to nightly job by @matt-whiteman in camunda/camunda#17852
• deps: Update actions/checkout digest to 8459bc0 (stable/operate-8.5) by @renovate in camunda/camunda#17983
• deps: Update alpine:3.19.1 Docker digest to c5b1261 (stable/operate-8.5) by @renovate in camunda/camunda#17984
• deps: Update eclipse-temurin:21-jdk-jammy Docker digest to 9c8e8e4 (stable/operate-8.5) by @renovate in camunda/camunda#17985
• deps: Update stefanzweifel/git-auto-commit-action digest to 4b8a201 (stable/operate-8.5) by @renovate in camunda/camunda#17986
• deps: Update ubuntu:jammy Docker digest to 6d7b5d3 (stable/operate-8.5) by @renovate in camunda/camunda#17987
• deps: Update all non-major dependencies (stable/operate-8.5) by @renovate in camunda/camunda#17988
• deps: Update dependency com.amazonaws:aws-java-sdk-bom to v1.12.710 (stable/operate-8.5) by @renovate in camunda/camunda#17989
• deps: Update dependency com.azure:azure-sdk-bom to v1.2.23 (stable/operate-8.5) by @renovate in camunda/camunda#17990
• deps: Update dependency com.github.luben:zstd-jni to v1.5.6-3 (stable/operate-8.5) by @renovate in camunda/camunda#17991
• deps: Update dependency com.github.spotbugs:spotbugs-annotations to v4.8.4 (stable/operate-8.5) by @renovate in camunda/camunda#17992
• deps: Update dependency com.github.spotbugs:spotbugs-maven-plugin to v4.8.4.0 (stable/operate-8.5) by @renovate in camunda/camunda#17993
• deps: Update dependency @floating-ui/react-dom to v2.0.9 (stable/operate-8.5) by @renovate in camunda/camunda#17995
• deps: Update dependency commons-io:commons-io to v2.16.1 (stable/operate-8.5) by @renovate in camunda/camunda#17996
• deps: Update dependency commons-io:commons-io to v2.16.1 (stable/operate-8.5) by @renovate in camunda/camunda#17997
• deps: Update dependency io.camunda:zeebe-bom to v8.5.0 (stable/operate-8.5) by @renovate in camunda/camunda#17999
• deps: Update dependency io.camunda:zeebe-parent to v8.5.0 (stable/operate-8.5) by @renovate in camunda/camunda#18000
• deps: Update dependency io.github.classgraph:classgraph to v4.8.172 (stable/operate-8.5) by @renovate in camunda/camunda#18003
• deps: Update dependency io.micrometer:micrometer-bom to v1.12.5 (stable/operate-8.5) by @renovate in camunda/camunda#18004
• deps: Update dependency io.netty:netty-bom to v4.1.109.Final (stable/operate-8.5) by @renovate in camunda/camunda#18005
• deps: Update dependency io.zeebe:flaky-test-extractor-maven-plugin to v2.1.3 (stable/operate-8.5) by @renovate in camunda/camunda#18008
• deps: Update dependency io.projectreactor:reactor-core to v3.6.5 (stable/operate-8.5) by @renovate in camunda/camunda#18007
• deps: Update dependency io.projectreactor.netty:reactor-netty-http to v1.1.18 (stable/operate-8.5) by @renovate in camunda/camunda#18006
• deps: Update dependency org.apache.maven.plugins:maven-shade-plugin to v3.5.3 (stable/operate-8.5) by @renovate in camunda/camunda#18011
• deps: Update dependency org.apache.maven.plugins:maven-source-plugin to v3.3.1 (stable/operate-8.5) by @renovate in camunda/camunda#18012
• deps: Update dependency org.apache.maven.plugins:maven-shade-plugin to v3.5.3 (stable/operate-8.5) by @renovate in camunda/camunda#18010
• deps: Update dependency org.camunda.feel:feel-engine to v1.17.7 (stable/operate-8.5) by @renovate in camunda/camunda#18014
• deps: Update dependency org.eclipse.parsson:parsson to v1.1.6 (stable/operate-8.5) by @renovate in camunda/camunda#18015
• deps: Update dependency org.slf4j:slf4j-api to v2.0.13 (stable/operate-8.5) by @renovate in camunda/camunda#18017
• deps: Update dependency org.rocksdb:rocksdbjni to v8.11.4 (stable/operate-8.5) by @renovate in camunda/camunda#18016
• deps: Update dependency org.springframework.security:spring-security-bom to v6.2.4 (stable/operate-8.5) by @renovate in camunda/camunda#18019
• deps: Update dependency org.testcontainers:elasticsearch to v1.19.7 (stable/operate-8.5) by @renovate in camunda/camunda#18020
• deps: Update stefanzweifel/git-auto-commit-action digest to 7d0ca8f (stable/operate-8.5) by @renovate in camunda/camunda#18023
• deps: Update dependency org.wiremock:wiremock to v3.5.4 (stable/operate-8.5) by @renovate in camunda/camunda#18035
• deps: Update dependency software.amazon.awssdk:bom to v2.25.40 (stable/operate-8.5) by @renovate in camunda/camunda#18036
• deps: Update docker.elastic.co/elasticsearch/elasticsearch Docker tag to v7.17.20 (stable/operate-8.5) by @renovate in camunda/camunda#18038
• deps: Update docker.elastic.co/kibana/kibana Docker tag to v7.17.20 (stable/operate-8.5) by @renovate in camunda/camunda#18039
• feat: change claim for clusterId by @sdorokhova in camunda/camunda#17883
• deps: Update spring boot to v3.2.5 (stable/operate-8.5) by @renovate in camunda/camunda#18042
• deps: Update spring core to v6.1.6 (stable/operate-8.5) by @renovate in camunda/camunda#18043
• deps: Update version.byte-buddy to v1.14.14 (stable/operate-8.5) by @renovate in camunda/camunda#18047
• deps: Update version.elasticsearch7 to v7.17.20 (stable/operate-8.5) by @renovate in camunda/camunda#18048
• deps: Update version.keycloak to v23.0.7 (stable/operate-8.5) by @renovate in camunda/camunda#18051
• deps: Update dependency com.github.dasniko:testcontainers-keycloak to v3.3.1 (stable/operate-8.5) by @renovate in camunda/camunda#18070
• deps: Update dependency com.amazonaws:aws-java-sdk-bom to v1.12.711 (stable/operate-8.5) by @renovate in camunda/camunda#18084
• deps: Update dependency org.scala-lang:scala-library to v2.13.14 (stable/operate-8.5) by @renovate in camunda/camunda#18085
• deps: Update dependency software.amazon.awssdk:bom to v2.25.41 (stable/operate-8.5) by @renovate in camunda/camunda#18086
• fix: use upsert instead of update for updates to UserTaskEntity by @ralfpuchert in camunda/camunda#17890
• fix: ignore missing attributes in processing UserTask by @ralfpuchert in camunda/camunda#17889
• Clean up stable/operate-8.5 - remove Zeebe from operate stable branch by @Zelldon in camunda/camunda#18105
• fix: remove duplicate method by @ralfpuchert in camunda/camunda#18170
• deps: Update actions/checkout digest to 44c2b7a (stable/operate-8.5) by @renovate in camunda/camunda#18126
• deps: Update dependency com.amazonaws:aws-java-sdk-bom to v1.12.713 (stable/operate-8.5) by @renovate in camunda/camunda#18131
• deps: Update dependency styled-components to v6.1.9 (stable/operate-8.5) by @renovate in camunda/camunda#18133
• deps: Update dependency software.amazon.awssdk:bom to v2.25.43 (st...

8.4+gen7

Overview

Camunda application in this release generation:

• Identity: 8.4.7
• Operate: 8.4.8
• Tasklist: 8.4.7
• Zeebe: 8.4.7

Identity

💊 Bugfixes

• added audience parameter to generic oidc login uri (#2784) (#2852)
• upgrade alpine to 3.19.1 (#2822) (#2826)

🧹 Chore

• revert include package.json and yarn.lock in docker image (#2846) (#2850)
• centralize spring boot version (#2839)
• update spring boot to 3.2.5 (#2829)

Operate

🚀 New Features

• add CSRF protection (#6733)
• change claim for clusterId (#6736)

💊 Bugfixes

• AWS Opensearch requests are failing (#6742)
• remove external domains from CSP in self-managed (#6740)

🧹 Chore

• pom: update Zeebe and Identity to 8.4.7 (#6746)
• disable CSRF for e2e tests (#6737)

Tasklist

🚀 New Features

• adapting tasklist to Auth0 claim changes [Backport stable/8.4] (#4906)

💊 Bugfixes

• remove ES and OS healthcheck [Backport 8.5] [Backport stable/8.4] (#4909)
• Add ilm and ism support [Backport 8.4] (#4896)
• Tasklist importer does not import new Zeebe records when import-position points to old sequence (#4877)

🧹 Chore

• Bump to 8.4.7 (#4929)
• make IT test extension Prototype scope beans (#4911) [Backport stable/8.4] (#4915)
• git ignore build files under tasklist subfolder when switching between master and stable branches [Backport stable/8.4] (#4843)

Zeebe

Bug Fixes

Broker

• Align deployment rejection message for DMN resources (#8806)

Go Client

• zbctl 8.4.0 can't send requests with authorization information (#16015)

Misc

• Opensearch exporter fails with 400 on AWS Opensearch service (#18251)
• Broken job stream aggregation (#17513)
• Potential duplicate PI creation across partitions in case of request timeouts (#17333)
• SetVariables is not always retryable (#15549)

Maintenance

• Setup a nightly integration workflow with a AWS Opensearch instance (#18252)
• Make Snapshot Store IO bounded instead of CPU (#17717)

Merged Pull Requests

• fix: do not retry create instance on closed connection (#18264)
• fix: add leading slash to opensearch endpoints (#18253)
• refactor: migrate test to new infrastructure (#18223)
• test: disable flake BackupUploadIT.shouldSaveBackupWithManyFiles (#18205)
• fix: retry SetVariable on for UNAVAILABLE and RESOURCE_EXHAUSTED (#18180)
• fix: go client omit optional scope param if not set (#18154)
• test: fix flaky test by buffering possibly chunked content (#17923)
• fix: Make SnapshotStore IO bounded. (#17718)
• Fix broken job stream aggregation across stream restarts (#17545)
• fix: fix broken job lifetime metric (#17499)
• Align deployment rejection message for DMN resources (#17475)
• deps: Update dependency com.github.spotbugs:spotbugs-maven-plugin to v4.8.4.0 (main) (#17395)
• fix: delete existing ISM policy when retention is disabled (#17386)
• ci: cancel outdated ci runs (#17315)
• ci: rely on automatic setup of CodeQL (#17313)
• test: increase await assertion timeout in OpensearchExporterIT IndexSettingsTest to overcome flaky test runs (#17282)
• ci: never time out during release jobs (#17271)
• Exporter can soft pause and resume (#16345)

Optimize

🚀 New Features

• email: allow check server identity to be skipped in start/tls (#12468)

💊 Bugfixes

• apply running instance filter to currently running instance adoption report (#12868)
• e2e: increase ES disk watermark to stabilize tests (#12730)
• notifications: update C3 props
• select: handle disabled state properly (#12591)
• download button: take user as a prop
• release: use correct app actor for release job

🧹 Chore

• deps: update patch dependencies (maintenance/3.12) (patch) (#12944)
• deps: update bitnami/keycloak:24.0.3 docker digest to a6ef846 (#12748)
• deps: update patch dependencies (maintenance/3.12) (patch) (#12819)
• deps: update actions/checkout digest to 0ad4b8f (#12663)
• deps: update eclipse-temurin:21 docker digest to 17f4e7f (#12825)
• deps: update patch dependencies (maintenance/3.12) (patch) (#12734)
• keycloak: Change to a working version of keycloak (#12706)
• deps: update patch dependencies (maintenance/3.12) (patch) (#12653)
• deps: update eclipse-temurin:21 docker digest to dd90127 (#12718)
• deps: update eclipse-temurin:21 docker digest to 9e7cdd2 (#12711)
• deps: update eclipse-temurin:21 docker digest to 9c8f5e2 (#12672)
• deps: update patch dependencies (maintenance/3.12) (patch) (#12647)
• deps: update actions/upload-artifact digest to 6546280 (#12628)
• deps: update actions/checkout digest to 1d96c77 (#12626)
• deps: update actions/upload-artifact digest to 1746f4a (#12596)
• deps: update patch dependencies (#12525)
• deps: update hashicorp/vault-action digest to 47dbc64 (#12531)
• deps: update eclipse-temurin:21 docker digest to fe90fc9 (#12534)
• deps: update patch dependencies
• release workflow: fix changelog generation (#12501)
• identityService: return all users in saas when searchterm empty
• deps: update eclipse-temurin:21 docker digest to 3e7d577 (#12460)
• config: send slack webhooks to optimize status channel (#12457)
• ci: update slack status channel usage to new name (#12453)
• release: use the actor id in gha github email
• deps: update korthout/backport-action digest to ef20d86 (#12391)
• deps: update patch dependencies (#12423)
• release: add new upgrade plan
• deps: update patch dependencies to v18.2.73
• release workflow: generate changelog before pushing new tag (#12051)
• release workflow: fix branches checkouts

8.6-alpha1

More info about the release is in the mono repo: 8.6.0-alpha1

8.3.11

Zeebe

Release 8.3.11

Bug Fixes

Misc

• Broken job stream aggregation (#17513)
• Potential duplicate PI creation across partitions in case of request timeouts (#17333)

Maintenance

• Make Snapshot Store IO bounded instead of CPU (#17717)

Merged Pull Requests

• fix: do not retry create instance on closed connection (#18264)
• test: disable flake BackupUploadIT.shouldSaveBackupWithManyFiles (#18205)
• test: fix flaky test by buffering possibly chunked content (#17923)
• fix: Make SnapshotStore IO bounded. (#17718)
• Fix broken job stream aggregation across stream restarts (#17545)
• ci: cancel outdated ci runs (#17315)
• ci: rely on automatic setup of CodeQL (#17313)
• ci: never time out during release jobs (#17271)
• Exporter can soft pause and resume (#16345)

Operate

🚀 New Features

• backend: Updates to mitigate security vulnerabilities (#6710)

💊 Bugfixes

• remove external domains from CSP in self-managed (#6741)
• allowed for empty POST request bodies [Backport stable/8.3] (#6726)
• log: log all exceptions in SchemaStartup (#6728)
• backend: Handle index value of null in PostImporter (#6717)
• INCIDENT state is not returned in Public API (#6720)
• API error message for invalid size parameters (#6676)

🧹 Chore

• pom: update Zeebe and Identity to 8.3.11 (#6745)

Tasklist

🚀 New Features

• adapting tasklist to Auth0 claim changes [Backport stable/8.3] (#4903)

💊 Bugfixes

• remove ES and OS healthcheck [Backport 8.5] [Backport stable/8.3] (#4908)
• Add ism dynamic update for ES Indices [Backport 8.3] (#4897)
• Tasklist importer does not import new Zeebe records when import-position points to old sequence (#4878)

🧹 Chore

• Bump to 8.3.11 (#4928)
• git ignore build files under tasklist subfolder when switching between master and stable branches [Backport stable/8.3] (#4841)

Identity

💊 Bugfixes

• upgrade alpine to 3.19.1 (#2822) (#2825)

🧹 Chore

• upgrade org.springframework.security:spring-security-web from 6.2.3 to 6.2.4 (#2783)
• revert include package.json and yarn.lock in docker image (#2846) (#2849)
• update spring boot to 3.2.5 (#2830)
• backport-2636-to-v8.3 (#2680)

Optimize

🚀 New Features

• email: allow check server identity to be skipped in start/tls (#12467)

💊 Bugfixes

• apply running instance filter to currently running instance adoption report (#12867)
• notifications: update C3 props
• objVars: handle null entries in list object vars
• release: use correct app actor for release job

🧹 Chore

• deps: update actions/checkout digest to 0ad4b8f (#12666)
• deps: update patch dependencies (maintenance/3.11) (patch) (#12821)
• deps: update eclipse-temurin:17 docker digest to a30e573 (#12831)
• release: rename release job
• deps: update patch dependencies (maintenance/3.11) (patch) (#12657)
• keycloak: Change to a working version of keycloak (#12707)
• deps: update eclipse-temurin:17 docker digest to de7b9bf (#12713)
• deps: update eclipse-temurin:17 docker digest to 9303030 (#12673)
• deps: update patch dependencies (maintenance/3.11) (patch) (#12648)
• release workflow: generate changelog before pushing new tag
• release workflow: fix branches checkouts
• deps: update actions/upload-artifact digest to 6546280 (#12630)
• deps: update actions/checkout digest to 1d96c77 (#12629)
• deps: update actions/upload-artifact digest to 1746f4a (#12597)
• deps: update hashicorp/vault-action digest to 47dbc64 (#12532)
• deps: update eclipse-temurin:17 docker digest to 83192a0 (#12535)
• deps: update patch dependencies to v2.0.13 (#12528)
• deps: update patch dependencies
• release workflow: fix changelog generation (#12501)
• deps: update patch dependencies (#12442)
• deps: update eclipse-temurin:17 docker digest to 22e6378 (#12461)
• identityService: return all users in saas when searchterm empty
• ci: update slack status channel usage to new name (#12452)
• deps: update patch dependencies (#12424)
• release: use the actor id in gha github email
• Release: add next upgrade plan
• deps: update dependency @types/react to v18.2.72
• release workflow: remove 0 version check

8.2.27

Zeebe

Release 8.2.27

Bug Fixes

Misc

• Potential duplicate PI creation across partitions in case of request timeouts (#17333)

Merged Pull Requests

• test: disable flake BackupUploadIT.shouldSaveBackupWithManyFiles (#18205)
• test: fix flaky test by buffering possibly chunked content (#17923)
• ci: cancel outdated ci runs (#17315)
• ci: rely on automatic setup of CodeQL (#17313)
• ci: never time out during release jobs (#17271)
• Exporter can soft pause and resume (#16345)

Operate

🚀 New Features

• backend: Updates to mitigate security vulnerabilities (#6709)

💊 Bugfixes

• allowed for empty POST request bodies [Backport stable/8.2] (#6727)
• INCIDENT state is not returned in Public API (#6723)
• backend: Handle index value of null in PostImporter (#6716)
• API error message for invalid size parameters (#6677)

🧹 Chore

• pom: update Zeebe and Identity to 8.2.27 (#6744)

Tasklist

🚀 New Features

• adapting tasklist to Auth0 claim changes [Backport stable/8.2] (#4904)

💊 Bugfixes

• add dynamic ISM on ES existent indexes [Backport 8.2] (#4894)
• Tasklist importer does not import new Zeebe records when import-position points to old sequence (#4879)

🧹 Chore

• Bump to 8.2.27 (#4927)

Identity

💊 Bugfixes

• upgrade alpine to 3.19.1 (#2822) (#2824)

🧹 Chore

• upgrade org.springframework.security:spring-security-web from 6.2.3 to 6.2.4 (#2781)
• revert include package.json and yarn.lock in docker image (#2846) (#2848)
• upgrade spring boot to 3.2.5 (#2831)

Optimize

🚀 New Features

• email: allow check server identity to be skipped in start/tls (#12466)

💊 Bugfixes

• objVars: handle null entries in list object vars
• release: use correct app actor for release job

🧹 Chore

• deps: update browser-actions/setup-chrome digest to 361a23f (#12929)
• deps: update bitnami/keycloak:24.0.3 docker digest to a6ef846 (#12747)
• deps: update patch dependencies (maintenance/3.10) (patch) (#12938)
• release: rename release job (#12878)
• deps: update patch dependencies (maintenance/3.10) (patch) (#12822)
• deps: update eclipse-temurin:17 docker digest to a30e573 (#12832)
• deps: update patch dependencies (maintenance/3.10) (patch) (#12658)
• keycloak: Change to a working version of keycloak (#12708)
• deps: update actions/checkout digest to 0ad4b8f (#12702)
• deps: update eclipse-temurin:17 docker digest to de7b9bf (#12714)
• deps: update actions/checkout digest to 1d96c77 (#12686)
• deps: update eclipse-temurin:17 docker digest to 9303030 (#12674)
• deps: update patch dependencies (maintenance/3.10) (patch) (#12649)
• release workflow: generate changelog before pushing new tag
• release workflow: fix branches checkouts
• deps: update actions/upload-artifact digest to 6546280 (#12633)
• deps: update actions/checkout digest to 1d96c77 (#12632)
• deps: update browser-actions/setup-chrome digest to 82b9ce6 (#12613)
• deps: update actions/upload-artifact digest to 1746f4a (#12598)
• deps: update eclipse-temurin:17 docker digest to 83192a0 (#12462)
• deps: update patch dependencies (#12396)
• deps: update hashicorp/vault-action digest to 47dbc64 (#12533)
• release workflow: fix changelog generation (#12501)
• identityService: return all users in saas when searchterm empty
• release: use the actor id in gha github email
• release: add new upgrade plan
• release workflow: remove 0 version check

8.5.0

Zeebe

Enhancements

Broker

• Subscribe to a message boundary event on process instance migration (#16384)
• Data Recovery in Zeebe (#5310)
• Increase job timeout resolution / reject requests below resolution threshold (#5073)
• ActivateJobsRequest doesn't specify units for timeout and requestTimeout (#3944)
• Define the job retries statically or as expression (#3803)
• I can query broker status using zbctl (#2612)
• The job payload is propagated on completion to the task scope (#1860)
• Non-strict JsonPath conditions (#1751)
• Write dedicated payload events (#1619)
• Align bpmn xml handling in client API (#382)
• Client should throw proper exception when reading bad property values (#375)

Java Client

• Zeebe Java Client can not be used to build Native Image with GraalVM (#6054)
• Reactive client for a Zeebe (#5892)
• custom serializer configuration for zeebe Java client (#5578)
• Job handler interface should declare throws Exception (#397)

Go Client

• go-client: Job worker polling backoff mechanism (#6150)
• zbctl: tell the user to use the --insecure flag when it's needed (#3822)
• Migrate update payload to set variables in zbctl (#2136)

Misc

• Reject process deployment with compensation start event (#16970)
• Remove compensation subscription when terminating subprocess (#16808)
• Support Azure UAMI for backup storage authentication (#16736)
• I can use a multi-instance activity as compensation handler (#16602)
• I can use a call activity as compensation handler (#16600)
• I can trigger compensation from an event subprocess (#15465)
• Wait until the compensation handlers are completed (#15066)
• Cancel compensation handlers on process instance termination (#15065)
• Remove compensation subscriptions when the process instance ends (#15064)
• Invoke compensation handler attached to a compensation boundary event (#14970)
• Zeebe worker api support specifying process id(s) to avoid job type conflict (#5054)
• I can fail a job without activating it (#3757)
• Java client: add ability to recreate job from json (#3017)
• Add TLS support to zbctl (#2885)

Bug Fixes

Broker

• I can't activate a job with payload larger then maxMessageSize/2 (#6207)
• KryoException: java.nio.BufferUnderflowException Serialization trace: data (io.atomix.raft.zeebe.ZeebeEntry) (#5495)
• ModelParseException: SAXException while parsing input stream (#5490)
• Workers broken as gRPC connections fail (quickly after registering workers) in versions >23.1 in some configurations (#5187)
• Restart takes too long or never completes when snapshot contains many files (#5135)
• Rolling update from 0.23 to 0.24 is not possible (#5102)
• Benchmark 0.24.0-RC1 stopped making progress (#4871)
• Parallel multi-instance call activity cannot collect output (#4860)
• Possible regression in job activation (#4524)
• Unexpected non-empty log failed to read the last block (#3543)
• Replicated snapshots contain no last processed position (possibly) (#3485)
• Restarting a broker with many segments causes broker timeout (#3456)
• Buffered messages are correlated out of order (#3397)
• Engine tests degrade in test execution time (#3007)
• WorkflowInstanceCreationRecordValue does not extends RecordValueWithVariables (#2532)
• No leader services installed on any node for a partition (#2465)
• Investigate why create workflow instance requests are not evenly distributed across all partitions (#2187)
• Unset field when cancelling timer causes event processing error (#2114)
• Success response for push deployment is send before it is persistently written to logstorage (#2110)
• Wrapping Records in States can interfere with the TypedStreamProcessor TypedRecords (#1916)
• Wrong BPMN Element Type after Event-Based Gateway (#1889)
• ExporterIntegrationRule always start since recording exporter is configured (#1840)
• Task Custom Header Value can't be longer than 128 (#1823)
• Docker run of 0.1.0 breaks with java.lang.OutOfMemoryError: Direct buffer memory (#390)

Gateway

• Gateway fails to connect to broker after broker restarts (#5362)
• Workers broken as gRPC connections fail (quickly after registering workers) in versions >23.1 in some configurations (#5187)
• Standalone gateway returns out-of-date topology when brokers go away (#2501)

Java Client

• Openapi code generation failed on zeebe-client-java (#16759)

Go Client

• zbctl emits usage help when I got it right (#3776)

Misc

• Potential bug in timer due date checker scheduling (#17227)
• Opensearch Retention policy is not applied to existing zeebe indices when enabled (#17186)
• Broker scaling up is stuck in the operation adding a new broker (#16870)
• Retention policy is not applied to existing zeebe indices when enabled (#16720)
• Endless processing state machine error loop (#16107)
• Job backoff migration causes duplicate incidents (#15954)
• After cancellation, a completed change operation should not overwrite updated topology (#15726)
• NoSuchElementException: null while recovering from a snapshot (#15721)
• Intermediate signal throw event should not send a response out (#15649)
• Restore from backup should validate partition count (#15411)
• Failure to delete pending snapshot leads to inactive partition until restart (#14670)
• Failed jobs are not reactivate after backoff (#14329)
• Re-processing detects inconsistency due to Deployment rejection (#5610)
• Nullpointer on ZeebeStateMachine (#4086)
• Unable to start broker on windows with Java 13 via launcher (#3979)
• Follower restart causes fail over and stops processing (#3389)
• ActiveRole the onLeaderHeartbeat uses wrong context for transition (#4164)
• NPE in FsLogStorage#getSize (#3343)
• AsyncSnapshotDirector is not removed cleanly on failover (#3274)
• Broker Stops working with the Too many files open exception. (#3091)
• Broker get OutOfMemory after a while (#3090)
• Server throws at long-poll deadline timeout if client has already timed out deadl...

8.4.6

Zeebe

Bug Fixes

Broker

• Stream is spammed by duplicate Timer TRIGGER commands (#17128)

Misc

• Potential bug in timer due date checker scheduling (#17227)
• Opensearch Retention policy is not applied to existing zeebe indices when enabled (#17186)
• Failed jobs are not activated again (#16884)
• Broker scaling up is stuck in the operation adding a new broker (#16870)
• Retention policy is not applied to existing zeebe indices when enabled (#16720)
• NPE in PendingProcessMessageSubscriptionChecker (#16609)
• Job backoff migration causes duplicate incidents (#15954)
• Possible inconsistency of job not found in DbJobState#visitJob (#15733)
• Failed jobs are not reactivate after backoff (#14329)
• Scheduler Tasks can't be canceled on the ProcessingScheduleService (#10541)

Maintenance

• Respect quiet period before shutting down the gateway (#16024)

Merged Pull Requests

• fix: avoid race between scheduling and execution of due date checker (#17251)
• fix: opensearch exporter - update ISM policy for existing indices when retention config changes on rerun (#17187)
• [Backport release-8.5.0] Fix duplicate timer schedules (#17171)
• fix: update lifecycle policy for existing indices when retention config changes on elasticsearch exporter re-run. (#17124)
• ci: don't cache results of building zeebe docker image (#17064)
• test: stabilize flaky test by increasing timeout (#17001)
• feat: gracefully shut down gRPC server (#16956)
• fix: do not fail retry of member join operation (#16907)
• Add warning to checkers (#16873)
• deps: Update dependency org.apache.commons:commons-compress to v1.26.1 (stable/8.4) (#16861)
• deps: Update dependency io.projectreactor:reactor-core to v3.6.4 (stable/8.4) (#16859)
• deps: Update dependency io.projectreactor.netty:reactor-netty-http to v1.1.17 (stable/8.4) (#16858)
• deps: Update dependency io.micrometer:micrometer-bom to v1.12.4 (stable/8.4) (#16857)
• test: await identity readiness (#16843)
• [Backport stable/8.4] Ensure lastProcessesPosition is set when StreamProcessor is paused (#16840)
• deps(maven): Update dependency org.testcontainers:testcontainers-bom to v1.19.7 (stable/8.4) (#16799)
• deps(maven): Update dependency io.github.classgraph:classgraph to v4.8.168 (stable/8.4) (#16798)
• deps(docker): Update ubuntu:jammy Docker digest to 77906da (stable/8.4) (#16797)
• [Backport stable/8.4] Adjust condition of auto-merge (#16793)
• deps(docker): Update eclipse-temurin:21-jdk-jammy Docker digest to feeeb86 (stable/8.4) (#16789)
• [Backport stable/8.4] fix: respect offset and length on DbBytes#wrap (#16773)
• [Backport stable/8.4] docs: Remove the ExperimentalApi annotation from the Java client CommandWithTenantStep interface (#16771)
• Release 8.4.5 (#16740)
• Clean Backoff column family from wrong jobs (#16508)

Operate

🚀 New Features

• backend: Implement OpensearchBackupRepository with REST (#6614)

💊 Bugfixes

• backend: use raw requests for OpenSearch pipeline requests
• decision table scrolling behavior [Backport stable/8.4] (#6664)
• backend: Delete parent pi fails on archived instances (#6658)
• remove opensearchClient from elasticsearch file (#6659)
• elasticsearch/opensearch archiverrepository: fix applying ILM policy to non-existing index) (#6642)
• Error calling Prometheus endpoint with multitenancy enabled (#6645)
• PermissionsService: check for null authentication (#6635)

🧹 Chore

• update zeebe and identity to 8.4.6 (#6690)
• Jenkins: Revert temporary switch main pipelines to sable nodes (#6575) (#6622)

Tasklist

🚀 New Features

• adding support for changes in number_of_replicas for ES/OS [Backport stable/8.4] (#4721)

💊 Bugfixes

• rename build tasklist docker (#4825)
• backport extension user task restrictions (#4730)
• racing condition for deployments with forms and tasks at the same time [Backport stable/8.4] (#4720)
• Tasklist returns empty schema for an embedded form [Backport stable/8.4] (#4716)
• Prevent Mixpanel block starting UI
• use the right alpine:3.19.1 digest [Backport stable/8.4] (#4671)

🧹 Chore

• bump deps for v8.4.6 release (#4816)
• set action.destructive_requires_name to false for E2E ES [stable/8.4] (#4774)
• upgrade springboot to 3.1.10 to fix CVE-2024-22259 (#4744)
• update helm release camunda-platform to v9.3.0 (#4688)
• update CHANGELOG.md

Identity

💊 Bugfixes

• upgrade spring-security to fix cve-2024-22257 (#2696) (#2698)

🧹 Chore

• upgrade org.springframework.boot:spring-boot-starter-web from 3.1.9 to 3.1.10 (#2704)
• backport-2664-to-v8.4 (#2666)

Optimize

💊 Bugfixes

• sharing: embedded reports and dashboards sometimes fail to load (#12263)
• docs: Remove -rc# and -alpha from docs link, also use base version (#12112)
• chart: disable zoom in plugin when no datapoints presented (#12039)

🧹 Chore

• deps: update korthout/backport-action digest to ef20d86 (#12391)
• deps: update patch dependencies (#12423)
• release: add new upgrade plan
• release: update zeebe/identity deps
• deps: update bitnami/keycloak:23.0.7 docker digest to 9596e39 (#12390)
• deps: update patch dependencies to v18.2.73
• deps: update dependency org.elasticsearch.client:elasticsearch-rest-high-level-client to v7.17.19 ([#12371](https://github.com/camunda/camunda-optimize/issues/12371))
• deps: update eclipse-temurin:21 docker digest to 1f64d3e (#12355)
• deps: update patch dependencies ([#12238](https://github.com/camunda/camunda-optimize/issues/12238))
• deps: update dependency io.netty:netty-codec-http to v4.1.108.final [security]
• e2e: fix pipeline
• release: update C8 footer version
• deps: update bitnami/keycloak:23.0.7 docker digest to c4a2bf0 (#12275)
• deps: update spring security to 6.2.3 (#12280)
• GHA: update docker compose github action organisation (#12273)
• ci: rename tests to match status checks (#12245) (#12247)
• deps: update patch dependencies (#12184)
• deps: update actions/setup-java digest to 99b8673 (#12133)
• deps: ...

8.3.10

Zeebe

Enhancements

Broker

• Increase job timeout resolution / reject requests below resolution threshold (#5073)

Bug Fixes

Broker

• Stream is spammed by duplicate Timer TRIGGER commands (#17128)

Java Client

• Failed to activate jobs for worker xxx and job type xxx (#15507)

Misc

• Potential bug in timer due date checker scheduling (#17227)
• Failed jobs are not activated again (#16884)
• Retention policy is not applied to existing zeebe indices when enabled (#16720)
• NPE in PendingProcessMessageSubscriptionChecker (#16609)
• Possible inconsistency of job not found in DbJobState#visitJob (#15733)

Merged Pull Requests

• fix: avoid race between scheduling and execution of due date checker (#17251)
• [Backport stable/8.4] Fix duplicate timer schedules (#17178)
• [Backport release-8.5.0] Fix duplicate timer schedules (#17171)
• Fix duplicate timer schedules (#17136)
• fix: update lifecycle policy for existing indices when retention config changes on elasticsearch exporter re-run. (#17124)
• ci: don't cache results of building zeebe docker image (#17064)
• [Backport stable/8.4] feat: makes job timeout resolution configurable (#17004)
• Add warning to checkers (#16873)
• deps: Update dependency org.apache.commons:commons-compress to v1.26.1 (stable/8.3) (#16856)
• deps: Update dependency io.projectreactor.netty:reactor-netty-http to v1.1.17 (stable/8.3) (#16854)
• test: await identity readiness (#16843)
• [Backport stable/8.3] Ensure lastProcessesPosition is set when StreamProcessor is paused (#16839)
• [Backport stable/8.3] Adjust condition of auto-merge (#16792)
• deps(maven): Update dependency org.testcontainers:testcontainers-bom to v1.19.7 (stable/8.3) (#16788)
• deps(maven): Update dependency io.github.classgraph:classgraph to v4.8.168 (stable/8.3) (#16787)
• deps(docker): Update ubuntu:jammy Docker digest to 77906da (stable/8.3) (#16786)
• deps(docker): Update eclipse-temurin:17-jdk-jammy Docker digest to 721e57d (stable/8.3) (#16785)
• [Backport stable/8.3] fix: respect offset and length on DbBytes#wrap (#16774)
• [Backport stable/8.3] docs: Remove the ExperimentalApi annotation from the Java client CommandWithTenantStep interface (#16770)
• Release 8.3.9 (#16742)
• deps(maven): Update dependency io.github.classgraph:classgraph to v4.8.167 (stable/8.3) (#16730)
• [Backport stable/8.3] test: fix waiting for activated jobs (#16702)

Operate

🚀 New Features

• backend: port ILM fix for 5921 (#6662)

💊 Bugfixes

• decision table scrolling behavior [Backport stable/8.3] (#6665)
• backend: Delete parent pi fails on archived instances (#6657)
• PermissionsService: check for null authentication (#6646)
• Error calling Prometheus endpoint with multitenancy enabled (#6643)

🧹 Chore

• update zeebe and identity to 8.3.10 (#6689)
• add SecurityWrapperContext to SprintBootTest (#6661)

Tasklist

💊 Bugfixes

• Rename build-tasklist-docker tasklist (#4822)
• rename build tasklist docker folder (#4823)
• use the right alpine:3.19.1 digest [Backport stable/8.3] (#4668)

🧹 Chore

• bump deps for v8.3.10 release (#4815)
• upgrade springboot to 3.1.10 to fix CVE-2024-22259 (#4745)
• switch keycloak docker to quay.io/keycloak (#4741)
• update CHANGELOG.md

Identity

💊 Bugfixes

• upgrade spring-security to fix cve-2024-22257 (#2699)
• axios and follow-redirects cve issue (#2664)

🧹 Chore

• bump postgresql version to resolve CVE (#2713)

Optimize

💊 Bugfixes

• sharing: embedded reports and dashboards sometimes fail to load (#12262)
• chart: disable zoom in plugin when no datapoints presented (#12038)
• digest: digest email link targets incorrect page (#12054)

🧹 Chore

• Release: add next upgrade plan
• release: update zeebe/identity deps
• deps: update korthout/backport-action digest to ef20d86 (#12393)
• deps: update dependency @types/react to v18.2.72
• deps: update dependency org.elasticsearch.client:elasticsearch-rest-high-level-client to v7.17.19 (#12379)
• deps: update eclipse-temurin:17 docker digest to 05723aa (#12357)
• deps: update dependency org.aspectj:aspectjweaver to v1.9.22 ([#12343](https://github.com/camunda/camunda-optimize/issues/12343))
• deps: update patch dependencies (#12237)
• e2e: fix pipeline (#12299)
• release: update C8 footer version
• deps: update spring security to 6.2.3 (#12279)
• GHA: update docker compose github action organisation (#12272)
• deps: update docker/build-push-action digest to 2cdde99 (#12154)
• ci: rename tests to match status checks (#12245)
• deps: update actions/setup-java digest to 99b8673 ([#12136](https://github.com/camunda/camunda-optimize/issues/12136))
• style: Apply Google Code Style (#12146)
• deps: update patch dependencies (#12185)
• deps: update docker/login-action digest to e92390c ([#12137](https://github.com/camunda/camunda-optimize/issues/12137))
• deps: update patch dependencies (#12177)
• deps: update dependency @types/react to v18.2.62 (#12061)
• deps: update eclipse-temurin:17 docker digest to e8d451f (#12121)
• ci: prefix unit test workflow job (#12092)
• deps: update docker/build-push-action digest to af5a7ed (#12068)
• upgrade: add upgrade plan for 3.11.8 (#12058)

8.2.26

Zeebe

Bug Fixes

Misc

• Potential bug in timer due date checker scheduling (#17227)
• Retention policy is not applied to existing zeebe indices when enabled (#16720)

Merged Pull Requests

• fix: avoid race between scheduling and execution of due date checker (#17251)
• fix: update lifecycle policy for existing indices when retention config changes on elasticsearch exporter re-run. (#17124)
• ci: don't cache results of building zeebe docker image (#17064)
• [Backport stable/8.2] Ensure lastProcessesPosition is set when StreamProcessor is paused (#16838)
• deps(maven): Update dependency org.apache.commons:commons-compress to v1.26.1 (stable/8.2) (#16824)
• [Backport stable/8.2] Adjust condition of auto-merge (#16791)
• deps(maven): Update dependency io.github.classgraph:classgraph to v4.8.168 (stable/8.2) (#16784)
• deps(docker): Update ubuntu:jammy Docker digest to 77906da (stable/8.2) (#16781)
• [Backport stable/8.2] fix: respect offset and length on DbBytes#wrap (#16775)
• deps(docker): Update eclipse-temurin:17-jdk-jammy Docker digest to 721e57d (stable/8.2) (#16763)
• Release 8.2.25 (#16743)
• deps(maven): Update dependency io.github.classgraph:classgraph to v4.8.167 (stable/8.2) (#16729)
• [Backport stable/8.2] test: fix waiting for activated jobs (#16701)

Operate

💊 Bugfixes

• backend: Delete parent pi fails on archived instances (#6656)
• PermissionsService: check for null authentication (#6647)
• backend: Delete process instance operation is not retried (backport) (#6624)

🧹 Chore

• update zeebe and identity to 8.2.26 (#6688)

Tasklist

💊 Bugfixes

• Rename defaultconfigjson changelog (#4818)
• rename build-docker folder to build-tasklist-docker (#4821)
• use the right alpine:3.19.1 digest [Backport stable/8.2] (#4669)

🧹 Chore

• bump deps for v8.2.26 release (#4814)
• upgrade springboot to 3.1.10 to fix CVE-2024-22259 (#4744) (#4746)
• bump spring version to 3.1.9 to fix CVE-2024-24549 and CVE-2024-23672 - 8.2 (#4727)
• bump nimbus-jose-jwt to fix CVE-2023-52428 [Backport stable/8.2] (#4677)
• update CHANGELOG.md

Identity

💊 Bugfixes

• upgrade spring-security to fix cve-2024-22257 (#2696) (#2700)

🧹 Chore

• bump postgresql version to resolve CVE (#2712)
• backport-2664-to-v8.2 (#2665)

Optimize

💊 Bugfixes

• sharing: embedded reports and dashboards sometimes fail to load (#12249) (#12264)
• chart: disable zoom in plugin when no datapoints presented (#12037)

🧹 Chore

• release: add new upgrade plan
• release: update zeebe and identity deps
• deps: update korthout/backport-action digest to ef20d86 (#12394)
• deps: update dependency org.elasticsearch.client:elasticsearch-rest-high-level-client to v7.17.19 (#12380)
• deps: update eclipse-temurin:17 docker digest to 05723aa (#12358)
• deps: update patch dependencies (#12062)
• deps: update dependency io.netty:netty-codec-http to v4.1.108.final [security]
• e2e: fix pipeline ([#12301](https://github.com/camunda/camunda-optimize/issues/12301))
• deps: update Spring version to 6.1.5 (#12285)
• deps: update spring security to 6.2.3 (#12278)
• GHA: update docker compose github action organisation (#12271)
• ci: rename tests to match status checks (#12245) (#12248)
• deps: update docker/login-action digest to e92390c (#12140)
• style: Apply Google Code Style (#12148)
• deps: update docker/build-push-action digest to 2cdde99 (#12156)
• deps: update actions/setup-java digest to 99b8673 (#12139)
• deps: update eclipse-temurin:17 docker digest to e8d451f (#12122)
• ci: prefix unit test workflow job (#12093)
• deps: update docker/build-push-action digest to af5a7ed (#12070)
• upgrade: add upgrade plan for 3.10.9 (#12057)