Smile CDR v2022.08.PRE
On this page:

1.3Changelog: 2022

 

Legend

A new feature
An existing feature has changed
A bug fix
A performance improvement
A security issue has been corrected

1.3.1Smile CDR 2022.08.R01 (Pre-Release)

 

Release Information

PRE-RELEASE This version of Smile CDR has not yet been released. It is included here to show upcoming features that have been completed and are committed for release.
Released 2022-08-18
HAPI FHIR Smile CDR 2022.08.R01 is based on HAPI FHIR 6.1.0, and includes all changes and fixes included in this version. Please see the HAPI FHIR ChangeLog for details about what has changed.

Changes

Support has been added for the $expunge operation for MongoDB storage. Smile CDR can now expunge data from a MongoDB repository at the instance, resource or system level, using the expungeDeletedResources or expungePreviousVersions input parameters.

  • Changed P2P endpoints (api/oidc_servers/{serverid}/batch_job, api/oidc_servers/{serverid}/batch_job/{id} so that returned batchJobId is no longer a number, but a string.

Previously, support for the configuration parameters Allow Multiple Delete Enabled and Client ID Mode was added to the MongoDB persistence module, but the parameters were not added to the module's page in the web administration console. The parameters can now be viewed and set through the console.

1.3.2Smile CDR 2022.05.R01

 

Release Information

HAPI FHIR Smile CDR 2022.05.R01 is based on HAPI FHIR 6.0.0, and includes all changes and fixes included in this version. Please see the HAPI FHIR ChangeLog for details about what has changed.

Changes

When importing a Clinical Document Architecture (CDA) document, if a Procedure Activity Procedure section contains a Medication Activity subsection, this will be converted to a MedicationStatement resource and linked to the Procedure resource that corresponds to the Procedure Activity Procedure section using the partOf relation.

The Oracle OJDBC driver has been bumped to version ojdbc11-21.5.0.0

New OpenID Keystores have been added as a way to save and manage JWKS for outbound security module. Using the new Keystores, JWKS can be updated while server is running and the security module referencing them will not need to be rebooted. We have also deprecated the JWKS configs on the smart-out-security module in favour of defining a Keystore and linking the module to a keystore id. The former JWKS security configs will remain for now, but will be removed in a future version. It is advisable that consumers switch to the new keystore solution instead.

Added configuration check to ensure the http context_path configuration item agrees with base_url.fixed configuration item.

Implemented system-level MongoDB expunge everything operation.

Added support for debugging JavaScript callback functions. When enabled, the server will log the URL that a Chrome browser can open to establish a remote debugging session with the JavaScript Execution Environment and debug callback functions live as they are being executed.

Mdm links are now partition aware, incoming resources will only attempt mdm operations against golden resources in the same partition. Mdm operations are also partition aware.

Added a new column to keep track of when a user last logged in and display that in the web admin console.

When importing a Clinical Document Architecture (CDA) document, if a Procedure Activity Procedure section contains a Reaction Observation subsection, this will be converted to an AdverseEvent resource and linked to the Procedure resource that corresponds to the Procedure Activity Procedure section using the suspectEntity.instance relation.

When importing a Clinical Document Architecture (CDA) document, if the Social History Section contains a Pregnancy Observation entry, which in turn contains an Estimated Date of Delivery sub-entry, the fields of the sub-entry will be mapped as a component of the resulting FHIR Observation.

When importing a Clinical Document Architecture (CDA) document, if the Social History Section contains a Caregiver Characteristics entry, the fields of any participants in the entry will be mapped to fields of the resulting FHIR Observation.

When importing a Clinical Document Architecture (CDA) document, if a Social History Section is present, all entries within the section will be converted to Observation resources.

When importing a Clinical Document Architecture (CDA) document, if the Procedures Section contains one or more Procedure Activity Observation sections, each of these will be converted to an Observation resource with additional subordinate resources as needed.

When importing a Clinical Document Architecture (CDA) document, if the Procedures Section contains one or more Procedure Activity Act sections, each of these will be converted to a Procedure resource with additional subordinate resources as needed.

Previously, if a Health Check was unhealthy, the /endpoint-health endpoint would return a 200 response code along with the health check failure message. That status code is now configurable via the Unhealthy Status Code property.

Subscriptions on the default partition in partitioned systems can have an extension that allows it to listen to changes to resources in all partitions. Also added setting to disable this feature.

Provide the capability to have the body of a transaction log step serialized as inline (without formatting) or as inflated (with formatting) JSON

Previously, there was no way to setup the transaction log so that it only sent to a broker, and was not persisted. This is now possible. If you disable the transaction log database, and enable the transaction log broker, the log events will be sent directly to the broker. Note that when running in this mode, that asynchronous events (such as MDM steps and hl7v2 inbound steps) will only be linked to their parents via the transaction GUID.

MongoDB storage now supports searching on number types and not equals (ne) prefix based searching on quantity types. Additionally, searching with the not equals prefix on date types in MongoDB and RDBMS has been implemented.

The HL7 v2.x outbound processor now supports transforming DiagnosticReport.presentedForm attachments to Encapsulated Data in OBX-5.

The endpoint at /runtime-status/health-checks now supports a new boolean query parameter, onlyRunning. When set to true, only health checks on running processes are returned. E.g. /runtime-status/health-checks?onlyRunning=true

A pair of new permissions have been added that allow search results to be blocked from access if they contain a code (or do not contain a code) that is matched by a given ValueSet. See Block Unless Code in ValueSet for more information.

OIDC clients created via appSphere now has Remember User Approved Scopes flag set to true

Added new advanced persistence module config called 'Nickname Search' that when enabled allows searching by names using the :nickname modifier. E.g. /Patient?given:nickname=Kenny will match a patient with the given name Kenneth.

Update app registration fields in appSphere- increase long description length, add sales contact info

The well known management, introspection, and revocation endpoints were missing in the CapabilityStatement while included in the well known config (/.well-known/smart-configuration). The endpoints have been added to the CapabilityStatement.

The MongoDB Storage module now has a configurable search/query timeout setting.

appSphere: moved sales contact email field to profiles, added marketplace flag (for internal use)

When the Create Message Header for Each Message property is enabled, the HL7 v2.x inbound processor will map MSH-5 (Receiving Application) to MessageHeader.destination.name and MSH-6 (Receiving Facility) to MessageHeader.destination.receiver.identifier.

A new interceptor called Provenance Injection Interceptor has been added. This interceptor will inject transient/non-persisted Provenance resources into a response at the request time. This interceptor may be enabled either by the $everything operation or the ?_revinclude=Provenance:target search request.

Anonymous users can now request the version of a server by calling /version on the admin-json endpoint. Display version number on top-right of all cdr documentation pages.

P2P Client generates Provenance resources for incoming data.

Add support for saving draft registrations in appSphere

The Web Admin Console now runs Config Diagnostics on a module before presenting the module config page for that module, and displays any security, error, or warning issues at the module edit page.

Added all our documentation to sitemap.xml for Google to find.

New properties in the Cluster Manager permit you to modify the Audit Log Broker Channel Name and the Transaction Log Broker Channel Name.

Add support for saving multiple draft registrations in appSphere.

A new experimental external binary storage mode has been added to support AWS S3. This implementation also supports MinIO instances.

Added new MDM configuration fields in P2P Module for Patient records ingested as part of P2P transfer.

Providing Support to inject client supplied resource providers through property resource_provider_bean_types.

Added reads with theDeletedOk boolean in MongoDB. This previously threw UnsupportedOperationException. Additionally, the read() method calls were reordered to match that of JPA.

Added a configuration option to enable validation to the audience claim (aud) during the SMART on FHIR authorization process to conform to OAuth2 specifications.

Add support for saving re-registrations as draft in appSphere.

Add can re-register flag to appSphere to separate re-registration flow from new registrations.

Previously, if Intermediate Logging was enabled for an HL7V2 Listener endpoint, the endpoint would execute two bundle transactions. This could cause the version of the resources to increase. This has been corrected.

Added support to launch web apps directly from appSphere's gallery.

Added two new settings for Binary Storage Interceptor. One for the ability to prevent binaries from being automatically inflated on a request and another to control how many bytes can be automatically inflated per request, if it is enabled.

Config Diagnostics are now available on the admin-json endpoint at the path /diagnostics. The VIEW_MODULE_CONFIG user permission is required to access these diagnostics.

Added a new setting for Bulk Export, which adds the ability to set retention time of collection files. This is useful for instances where bulk export jobs take a long time due to high resource count. Previously, the hard-coded limit of 2 hours was causing in-flight jobs to be purged. If this value is set to 0 or less, the files are never removed.

Add configuration diagnostics messages for modules depending on persistence modules that do not fully support partitioning yet.

Restrict modification of OIDC clients generated by appSphere outside of appSphere.

Batch2 jobs were not displayed in Admin-Runtime-Jobs pages. They are now displayed.

Nickname search support has been added to MongoDB.

Previously, the STORAGE_PRESEARCH_REGISTERED pointcut was not being called for installations running MongoDB. While MongoDB does not require registered searches in the traditional sense, this pointcut permits searches to be modified before execution, and so is being added.

In order to enable more detailed error reporting, the entrypoint of the CDA Import feature has moved from the Channel Import module to the CDA Exchange module. The CDA Exchange module exposes an $import-cda operation that accepts a CDA document in XML format as input and returns an OperationOutcome resource containing a collection of error and warning messages.

Previously, when importing a Clinical Document Architecture (CDA) document, if an Encounter entry contained Indication sub-entries, these would be mapped to FHIR Conditions and linked to the Encounter via the diagnosis.condition reference. Now, the Conditions derived from Indications are linked via the reasonReference, and diagnosis.condition is used to refer to Conditions derived from the EncounterDiagnosis sub-entries.

Previously, when importing a CDA document with a Medications Section, all of the Medication Activities would be converted to FHIR MedicationStatement resources. This mapping is only appropriate for Medication Activities with an EVN mood code. Any Medication Activity with a different mood code will be skipped and a warning returned to the caller.

P2P Batch job submission API change. Moved Task, Consent and Organization creation to backend to provide complete API solution.

Support for Java 8 has been dropped. Minimum version to run Smile CDR is now Java 11. All demo projects have been updated to use Java 11 as well.

Searches using the _lastUpdated parameter with prefixes in the multi-target gateway used to return HTTP 400 response. This has been fixed, and these searches now return properly.

Previously, Multi Target Gateway would ignore the offset for an initial search request which used _offset=X. This has been corrected.

When calling an unsupported operation on a MongoDB server, the server used to respond with a cryptic 500 error. It now responds with an informative 501 error along with a message that explains the specific operation that is not yet implemented for MongoDB.

Previously, messages ingested via HL7V2 would have missing entries in the transaction log broker. This has been corrected and all steps of transaction log events will now appear in the broker.

On the MongoDB FHIR Storage module, searching for string Search Parameters will now correctly perform a prefix match as opposed to an exact match.

Reduced false exceptions at startup and shutdown.

When cross-partition reference Mode is used, the rest-hook subscriptions on a partition enabled server would cause a NPE. Cause of this is from the reloading of the subscription when the server is restarted. This issue has been fixed. Also fixed issue with revinclude for rest-hook subscription not working.

Support for the HMAC-SHA256 hashing algorithm has been added.

Fixed where the abortTransaction is invoked so that the MongoServerExceptions error will show up in the log file.

Improved the Smile CDR startup log messages. Removed extraneous lines and resolved warnings.

In the past, it could take up to an hour for an updated SearchParameter to start indexing new resources. This has been reduced to 10 seconds. This is accomplished via a new database table that is used to synchronize all caches across the cluster (SearchParameter, Subscription, and Library) every 10 seconds.

Fixed a regression in the Web Admin Console which caused users to be unable to view archived modules.

Fixed the bulk export permission issue on MongoDB. The user is now only allowed to bulk export the resources for which they have permissions, as defined on the FHIR_OP_INITIATE_BULK_DATA_EXPORT permission.

The manage, introspect, and revoke endpoints URLs in the CapabilityStatement did not match the structure definition causing Touchstone testing to fail. This has been fixed.

Fixed a bug where _id was not usable in a _has query.

Added version requirements to documentation for Kafka, ActiveMQ, and Infinispan, as per client request.

Add missing configuration categories to documentation pages. (appSphere and P2P modules)

Latest sales emails should always be used for appSphere applications

There was no way to recreate freetext indexes for terminology TermConcept and TermConceptProperty. Batch command reindex-terminology was created for this purpose.

Previously when using the $everything operation on the FHIR Gateway, the total element of the returned bundle, and the next links, were not being set correctly. This has been fixed.

The recent speedup of Search Parameter syncing was not functional for Postgresql. This has been corrected.

On Oracle Database, when a user refresh token concurrently, sometimes the concurrent requests throw a 500 deadlock error. This has been corrected by adding an index to the child table of the records being deleted. The deadlock may be caused by the child table not having index for the foreign key.

Previously, a bug caused binaries stored to an external binary storage system via the $binary-access-write operation to be stored as empty files. This has been corrected.

A recent switch to Alpine as a base docker image caused snappy compression in kafka to stop working. This has been corrected.

Fixed an issue where creating a new module in another node would result in an error.

Fixed an issue where requesting MDM clear returned HTTP 500.

Fixed a bug in viewing transaction log bodies where thymeleaf would throw an exception, but otherwise work.

In earlier versions, it was possible in the JavaScript Execution Environment to loop over fhir element arrays by calling .entries() on the element. This has been restored. E.g. It is once again possible to write a loop like for (let [i, identifier] of resource.identifier.entries()) { ...

Smile CDR documentation and configuration incorrectly referred to CDS Hooks as CDS-Hooks. This has been corrected.

Fix issue where Oracle throws an ORA-01795 ERROR when the StaleBatchJobCleanupSvc tries to delete more than 1,000 expired jobs at once.

Providing audience parameter validation against an allowed resource URL list when initiating an OId Connect request.

$graphql was not working properly with the Fhir Gateway endpoint. This has been resolved.

Fix issue Font Awesome Icons are not showing properly.

Fix for exception thrown when exporting Diagnostic report with document to HL7V2.

Fix exception in audit log to record when Observation $lastn operation is performed.

1.3.3Smile CDR 2022.02.R04 (Sojourner)

 

Release Information

Released 2022-04-18
Codename Sojourner
HAPI FHIR Smile CDR 2022.02.R04 is based on HAPI FHIR 5.7.2, and includes all changes and fixes included in this version. Please see the HAPI FHIR ChangeLog for details about what has changed.

Upgrade Instructions

Changes

Backported from: 2022.05.R01

Previously, a bug caused binaries stored to an external binary storage system via the $binary-access-write operation to be stored as empty files. This has been corrected.

1.3.4Smile CDR 2022.02.R03 (Sojourner)

 

Release Information

Released 2022-03-31
Codename Sojourner
HAPI FHIR Smile CDR 2022.02.R03 is based on HAPI FHIR 5.7.2, and includes all changes and fixes included in this version. Please see the HAPI FHIR ChangeLog for details about what has changed.

Upgrade Instructions

This version exists strictly to bump the Spring Core dependency to a non-vulnerable version.

Changes

Bump the version of HAPI-FHIR to rely on one that is not vulnerable to Spring4Shell.

1.3.5Smile CDR 2022.02.R02 (Sojourner)

 

Release Information

Released 2022-03-09
Codename Sojourner
HAPI FHIR Smile CDR 2022.02.R02 is based on HAPI FHIR 5.7.1, and includes all changes and fixes included in this version. Please see the HAPI FHIR ChangeLog for details about what has changed.

Changes

1.3.6Smile CDR 2022.02.R01 (Sojourner)

 

Release Information

Released 2022-02-17
Codename Sojourner
HAPI FHIR Smile CDR 2022.02.R01 is based on HAPI FHIR 5.7.0, and includes all changes and fixes included in this version. Please see the HAPI FHIR ChangeLog for details about what has changed.

Changes

Added subscription delivery retry handling for Remote ActiveMQ and External Kafka. Strategy will use the retry-count extension from the subscription to retry message delivery retry-count times with exponential backoff before giving up and dropping failed message into the default DeadLetterQueue of the system (ActiveMQ.DLQ for ActiveMQ, KAFKA.DLQ for Kafka

A new setting called Enable Indexing of Search Parameters has been added to the FHIR Storage (RDBMS) module. This setting enables indexing of token, string, and reference search parameters in the Lucene index. This add support for :text to token search parameters, and adds support for :contains and :text to string search parameters.

All Swagger v2 descriptions in Smile CDR (JSON Admin API, CDS Hooks Server, SMART Outbound Security module, etc.) have been migrated to support OpenAPI v3.

Two new node configuration items have been added. These must be set in the Smile CDR properties file. If 'node.config.locked' is set to true, then module configuration can not be changed via the json endpoint or web admin console. If 'node.security.strict' is set to true, then the server will not start if the admin user still has the default password, any anonymous user has superuser privileges or if any Smart Outbound Security module is using the example keystore. Furthermore FHIR Endpoint access will be denied to any user with both anonymous and superuser privileges if 'node.security.strict' is enabled.

A new configuration setting has been added to the SMART Inbound Security and SMART Outbound Security modules that allows the cache timeout for remote JWKS files to be configured or disabled entirely (previously it was set to a hardcoded value).

Add Enforce Referential Integrity on Write Config in MongoDB.

Configuring database-backed modules with a default_query_timeout_seconds greater than remove_abandoned_timeout_seconds will now throw a configuration exception. This is to prevent theoretically good queries from being abandoned because they are taking longer than the abandoned_timeout, but not the default_query_timeout.

Added the capability to use multiple threads for MDM if you are using eidSystems and Kafka as a message broker. See the documentation for details.

Modified the Admin Json mdm-clear endpoint to support tenant identification as part of the request body via the tenantId field.

Enable rudimentary import of CDA documents via the channel import module.

Added integration tests for subscription on a partitioned server. Deprecated Delivery to Site-defined External Queue extension, to use message channel type instead.

When calling the system-config endpoint of the JSON Admin API, there is now an optional boolean query parameter called includeLogs. If enabled, smile CDR will search through all file appenders of the logging system, and collect the contents of the log files to be added to the generated zip file. Note that this should be used with caution, as there is a risk of PHI being contained in your logs.

Added delivery module for AWS HearthLake, using a rest-hook subscription. Includes an extension which allows propagating also DELETE actions and a request interceptor to sign requests according to AWS Signature Version 4 specification.

Added operations equivalent to $mdm-clear and $mdm-submit to admin-json / swagger.

A new setting called Read-Only Mode Enabled has been added to the FHIR Storage (RDBMS) module. This setting is an indication to Smile CDR that all database connections will be read-only. This is useful for multi-node architectures such as those leveraging read replication.

Now _total=accurate and _summary=count both return Total count of resource's history collection in mongodb.

New configuration option added to validate bundle resources concurrently. Also new configuration added to skip validation of contained resources.

appSphere support for uploading, approving and displaying screenshots and video URL in the App Gallery

Allow custom interceptors to be registered in MDM module by specifying fully qualified class names (eg, com.test.foo.MyInterceptor) in MDM module, and enabling Message Subscription Enabled in persistence module.

Added a new configuration option for asynchronous pre-seeding to the storage module. When enabled, the storage module will pre-seed the database asynchronously. This will prevent long boot times if your installation pre-seed is slow.

P2P OIDC Server addition request notifications.

When importing a CDA document, properly escape spaces in ifNoneExist URLs in the generated bundle so that organizations without unique ids can be matched properly by name.

In bundles generated from CDA documents, the match URLs for Organization resources will use the :exact modifier to prevent ambiguous matches when organizations have similar names.

When processing a CDA document, the import process will fail fast if the document is not a Continuity of Care Document (CCD), or the repository is not R4.

It is now possible to add custom headers to outgoing HL7 over HTTP payloads using a custom interceptor.

Allows an administrator to configure which Device to use as the assembler in the Provenance resource of a Bundle derived from an imported CDA document.

Added getClaim API to AuthenticationContext for use in onAuthenticateSuccess scripts. This API can be used to fetch any claim of any data type (string, int, etc) and will return the json value stored in the JWT.

Updated the MongoDB supported column of the MongoDB vs RDBMS compatibility table in fhir_storage_modules docs. Also added test methodology, reasoning/errors for non-supported operations, and resources I found helpful when testing.

GraphQL queries are now supported on FHIR Endpoints backed by the MongoDB FHIR Storage module.

The _tag search parameter is now supported on FHIR Endpoints backed by the MongoDB FHIR Storage module.

Email Server configuration has moved to the Cluster Manager. This will require user to update new email server configuration in Cluster Manager. Modules which require an Email Server (such as appSphere and Subscription) will use this configuration and will no longer configure their own in each module.

Add access denied error page in web admin.

Added a new property to any FHIR Servlet: Allow Compartment Searches. When disabled, this property will prevent users with compartment access from executing searches, even if the results could potentially contain resources in the compartment. When enabled, the search will be permitted and the results will be filtered to remove any resources not in the compartment.

A new troubleshooting logging capability has been added for the FHIR Gateway Endpoint module. This can be used to troubleshoot routing issues.

In the HL7V2 inbound module, previously, the DG1 segment would concatenate DG1-20.1 and DG1-3.1 as the Condition's identifier value. There is now an advanced option to instead concatenate DG1-20.1 and DG1.1 as the identifier value instead. This will help use cases which send in a placeholder to conform with a given IG, and need to subsequently update the DG1.

Smile CDR 2022.02 now supports (and recommends) deployment using OpenJDK 17. The Smile CDR Docker Distribution is now based on the Amazon Corretto 17.x JDK.

Added a new propertyto determine how long to keep inactive batch jobs.

The token SearchParameter :of-type modifier is now supported on both RDBMS and MongoDB storage modules. This is an optional feature and is disabled by default but can be enabled via a new configuration option.

In the JavaScript Execution Environment, a new bundle method addEntry() is now available to add a new entry to an existing bundle.

When externalized binary storage is in inline DATABASE mode (the default) and binary access operations are enabled, a redundant scan of each resource being persisted was enabled. This caused a small but measurable performance hit to writes, and has been eliminated.

The screen in the Web Admin Console for editing Search Parameters has been removed. While convenient, this screen was unreliable and often resulted in Search Parameters being incorrectly synchronized into the FHIR repository and could lead to data loss. For editing Search Parameters it is recommended to modify the SearchParameter resources directly using the API.

Inline match URLs are now enabled by default in FHIR Storage (Relational) modules. Previously these were disabled as they could potentially result in inadvertant disclosure of the existence of data, but they are now fully secured against this risk.

If a SearchParameter resource is deleted (or never created) in a FHIR Storage (Relational) module, the search parameter will not be used. Previously, if a search parameter existed in the 'built-in' set supplied in the FHIR Core specification, it would be used if no actual SearchParameter resource existed for the given base and name, which could be confusing.

This version strictly exists to pin the log4j API version to 2.17.1. While Smile CDR is not vulnerable to the log4shell vulnerability as we do not use the log4j core, we are pinning the dependency to prevent false positives.

This version strictly exists to pin the log4j API version to 2.16.0. While Smile CDR is not vulnerable to the log4shell vulnerability as we do not use the log4j core, we are pinning the dependency to prevent false positives.

Updated gateway to throw bad gateway exceptions (502) when encountering errors from underlying servers that it doesn't know how to handle. Gateway Exceptions can also be configured to (optionally) contain the underlying server exception.

Assigned permissions for users are now displayed in the roles and permissions column of the user manager page.

P2P - Core Product Enhancement - Smile CDR needs a backend FHIR client service.

Batch Job shows duplicate entry if there are two persistence modules when invoke $delete-expunge operation in one of them. This has been resolved.

Previously when using system-config endpoint to extract logs, not all appenders would be found. This has been fixed.

Gateway resourceIdPrefix is incorrectly prefixed to contained references. This has been resolved.

Fixed a bug where validation was returning ERRORs when it was set to return WARNINGs for unknown code systems.

Fixed a bug on MongoDB where transactions containing entries, which in turn contained references that lacked an actual reference element, would cause an error during ingestion.

Fixed a bug where permission can not be saved in when an optional permission argument is null. For example, attempting to save FHIR_OP_INITIATE_BULK_EXPORT with no argument would previously fail.

When using the RTE feature and targeting an Oracle database, you will see the following Oracle Error: 'ORA-00933: SQL command not properly ended'. This has been corrected.

When creating or editing modules, every configuration item should now have appropriate categories. There should not be any configuration items in the Additional Configuration category.

User filter by moduleId in WAC should display both security_in and security_out modules

A regression in FHIR Gateway caused by sending empty Parameters objects in requests has been fixed.

The Lock After Failed Attempts property of new Smile CDR installs defaults to 5 instead 0.

HL7v2 inbound module, TLS/SSL shows up twice in nav bar.

Increase the minimum password requirements of Smile CDR users. When setting the password, it should be at least 8 characters in length, at least 3 of the 4 available character types including lowercase letters, uppercase letters, numbers, and symbols, it must not contain the user's username or parts of their name, and it must be unique from the previous password.

The subsequent download of a file from a GET request of a resource of type binary/ID with content type application/rtf file did not return a .rtf extension. This has now been fixed.

Fixed a number of incorrect authentication permissions, audit log event types, and transaction log event types.

$member-match operation was changed to not idempotent as it must be invoked by POST method. Also security configuration was fixed for operation as it was returning 'Access denied' error for some use cases.

Fixed a bug when user can still create OIDC clients without preset permissions through API. This has been corrected.

Update own password through API returns statusCode 0 instead of the actual status code. This has been corrected. Update password through API didn't apply password complexity rules. This has been corrected.

Custom user data added to the user session during login was lost in refreshed SMART (OIDC) sessions. This has been corrected.

Flag to disable runtime monitoring statistics and storage job was created in SMILE-1872, but did not cover all cases in which runtime monitoring statistics data was modified. This caused issues as a client was using a read only database, and these values could not be updated. This has now been fixed. As a note of importance, the variable name for toggling the runtime monitoring statistics has been changed from persist_process_level_metrics to persist_runtime_monitoring_statistics. Documentation text has also been updated accordingly.

Previously, the FHIR Gateway Patient $everything operation would trigger FHIRGW_READ_TARGET_PREINVOKE instead of FHIRGW_OPERATION_TARGET_PREINVOKE. This has been corrected.

MDM operations should use with FHIR_OP_MDM_XXX permissions instead of MDM_ADMIN permission. This has been corrected.

When using the FHIR Gateway with target servers that use ID prefixes, the _id search parameter will now be properly translated before being forwared to the target server.

User Search by username fixed for Federated and Smart Security Inbound users. Previously, searching by individual username did not find these types of users as the search terms were massaged in a similar way to normal usernames.

URIs for user-defined tables are fixed. Previously incorrect table constants were associated to PV1-10 and PV1-15. Additionally, documentation for PV1-36 is updated as we don't map to Encounter.hospitalization.dischargeDisposition.text anymore.

Previously, batch jobs would be purged after 48 hours, regardless of whether or not they had finished. This has been corrected.

Change the default value of TRANSACTION_LOG_BODY_DISPLAY_MODE to hidden. Added an audit log when user view the message body of a transaction log.

Approvals history for assets are added to the audit log in AppSphere

1.3.7Smile CDR 2021.11.R05 (Raccoon)

 

Release Information

Released 2022-03-31
Codename Raccoon
HAPI FHIR Smile CDR 2021.11.R05 is based on HAPI FHIR 5.6.3, and includes all changes and fixes included in this version. Please see the HAPI FHIR ChangeLog for details about what has changed.

Changes

Bump HAPI-FHIR dependency to remove Spring4Shell-vulnerable libraries.

1.3.8Smile CDR 2021.11.R04 (Raccoon)

 

Release Information

Released 2022-01-10
Codename Raccoon
HAPI FHIR Smile CDR 2021.11.R04 is based on HAPI FHIR 5.6.2, and includes all changes and fixes included in this version. Please see the HAPI FHIR ChangeLog for details about what has changed.

Changes

Backported from: 2022.02.R01

This version strictly exists to pin the log4j API version to 2.17.1. While Smile CDR is not vulnerable to the log4shell vulnerability as we do not use the log4j core, we are pinning the dependency to prevent false positives.

1.3.9Smile CDR 2021.08.R08

 

Release Information

HAPI FHIR Smile CDR 2021.08.R08 is based on HAPI FHIR 5.5.4, and includes all changes and fixes included in this version. Please see the HAPI FHIR ChangeLog for details about what has changed.

Changes

Backported from: 2021.11.R01

Gateway GET operation returns a 500 if the target server's response bundle.total field is null. This has been resolved.