Happy New Year!

Over the past few months, we shipped 50+ improvements across performance, security, task management, and BPMN editing.

To start the year, we want to highlight the most impactful technical enhancements, give thanks to our community contributors (Tyler Burton, William Jolivet and Christopher Bisom), and share how we're helping organizations run more efficiently.

What's New and Improved

1. Faster, More Reliable Execution

We made targeted performance and reliability improvements that reduce operational overhead in production environments:

Reduced database load by optimizing message correlation queries
Faster local service task execution by bypassing unnecessary HTTP calls
Improved multi-threaded task handling to prevent orphaned tasks and race conditions
More reliable boundary event processing for deterministic error handling

Result: workflows execute more predictably at scale, with fewer production surprises.

2. Improved Security & Identity

Security improvements focused on authentication, authorization, and task data isolation:

Expanded authentication support, including Login.gov
Stronger OAuth flows with PKCE and improved token refresh handling
Clearer task data boundaries limiting human task access to configured variables
Improved OpenID provider documentation for multi-provider environments

Result: safer defaults and a clearer security posture for regulated and enterprise deployments.

3. Custom Applications with SpiffWorkflow

If you are building your own frontends and want the ability to add custom details to user tasks — such as setting priority ("This is High Priority!") or a due date for a form — it is now possible to configure all user tasks system-wide to allow BPMN authors to specify these values as they create their diagrams.

Result: a seamless connection between your application's user interface and the BPMN authoring tool that drives it. Everything is aligned.

4. A More Productive BPMN Editor

The BPMN editor (code-named "ED") continues to mature with usability and debugging improvements:

Cross-tab copy/paste for faster diagram creation
Clearer debugging with precise script error line numbers
Improved previews and form rendering
Fixes for issues that previously interrupted modeling flow

Results: faster iteration, fewer context switches, and less friction while building and debugging workflows.

Community Spotlight

This release includes standout contributions from community members solving real deployment challenges:

Tyler Burton — Added Login.gov authentication support, enabling government agency deployments
William Jolivet — Contributed French translations, expanding SpiffWorkflow's international reach
Christopher Bisom — Implemented PKCE security for OAuth flow with multiple access token refresh support — critical for short-lived token configurations