Added support for the prompt parameter during OAuth Authorization Code Flow, limited to the value login.

The MongoDB FHIR storage module now supports inline conditional URL references, which are used by Synthea-generated data. This change allows Synthea data to be ingested into MongoDB instances.

Added support for Basic Authentication fields in the Admin Console that will be sent to authenticate with the remote terminology server.

Add permission for operation $partition-management-list-partitions

Added a new setting to the Storage module which allows users to set index prefixes for any indexes created by Elasticsearch.

The Swagger/OpenAPI interface now supports OIDC authorization.

Configurable additional logging for HL7 v2.x-to-FHIR conversion has been added to the transaction log.

The CCDA goals section can now contain the author entry when being generated

The CCDA immunization section can now contain the author entry when being generated for available entries

The CCDA procedure section can now contain the author entry when being generated for available entries with the correct data

The CCDA encounter section can now contain the author entry when being generated for available entries with the correct data.

When generating a CDA document, a Social History Observation entry will be added to the Social History Section for any Observation that does not correspond to one of the specialized entry types.

New configuration flags have been added to the MongoDB Storage module that can be used to disable server/type/instance level history operations. Disabling these can improve performance on servers that do not need to support these operations.

When generating a CDA document, a Pregnancy Observation entry will be added to the Social History Section for any Observation whose value is drawn from a list of codes relating to the patient's pregnancy status.

The CCDA social history section can now be generated with the tobbaco use entry

Populate information for Encounter and Provenance in the default javascript template. Improved error handling in AuthorParticipation when fields are not defined.

When selecting resources for inclusion in a CDA document, Observations can be grouped in a subsection of the vital signs section. The corresponding Vital Sign Observation entries will be grouped together in a Vital Sign Organizer entry in the generated CDA document.

The Javascript Execution Environment Fhir.search().forResource().where() chain would accept invalid arguments and simply not apply the where clause. It is now the case than an error is returned.

App Management Tools Console Managers' emails could now be set up to receive notifications when an app is registered or re-registered.

In order to support the US Core Implementation Guide's profile for the Device resource, Device is now included as part of the partient compartment. This is supported for READ, VREAD, SEARCH operations. Note that this implementation uses authentication as a mechanism of inclusion, so if you have replaced the CdrAuthorizationInterceptor, you will need to make the equivalent changes on your interceptor. More information can be found in the documentation.

Added support for $everything operator when using mongo persistence module

Added toggles in hl7v2 inbound module to allow Patient Account resource derived from PID18 segment, Related Person resource derived from gt1 segment, and Associated Party resource derived from NK113 segment to be mapped to standalone resources when identifiers are provided.

It is now possible to customize the CORS allowed request headers list. This can be done via the Cors Allowed Request Headers property.

Add support for Patient/123/$everything endpoint through fhir-gateway

Add new profile types to AG profiles, such as Individual, Business and Payer.

Added toggle on Smile CDR user management page to filter out users created by Federated OIDC or other external IdPs

Add $mdm-create-link operation

HL7 v2.x inbound support for OBX-5 values containing the ED datatype (used to contain binary content such as images and PDF documents) has been added.

HL7 v2.x inbound support will now attempt to recover from messages with invalid MSH-9-3 (Message Structure) values, instead of failing to process the message.

When parsing an HL7 v2.x inbound message containing an OBX-5 value of type NM where the supplied value is not actually a valid number, the segment will be treated as a string instead. This allows for more graceful processing of messages containing textual NM content which is common in real-world systems.

A new endpoint has been added to the user-management API in admin-json module, which allows you to fetch a single user's details by PID. This can be reached at GET [base]:9000/user-management/<NodeId>/<ModuleId>/<PID>. This requires VIEW_USERS permission.

Added support for $everything operation on Patient type through gateway.

Support on MongoDB for quantity searches (e.g. Observation?value-quantity=...) has been added.

A new parameter, _id has been added to the Patient/$everything type-level operation. This allows you to pass in multiple patients as arguments, e.g. [base]/Patient/$everything?_id=1,2,3. This call would retrieve everything for patients with IDs 1,2, and 3. More information can be found in the documentation.

Several improvements have been made to smileutil that improve performance of the synchronize-fhir-servers command. In COPY mode, when using a directory as the source the resources will no longer be copied to a temporary directory before uploading. A new argument has also been added that allows an arbitrary path expression to be used as a semaphore.

New configuration options have been added to help troubleshoot connection pool exhaustion issues. See Database Connection Pool for details

The ability to add Channel Prefixes automatically to broker channels has been removed due to a failure in implementation. While the configuration property still exists for now, this is effectively a no-op, and the property will be removed in a subsequent release.

Change the default value of db.connectionpool.test_on_return from false to true.

The $mdm-clear operation has been converted to a batch operation that can be managed in the Batch Jobs page of the Web Admin Console.

Previously, the admin-json system-config endpoint, which generates a zip file of all server information, concatenated all node properties into a single file. This has been changed, so there is a properties file on a per-node basis.

Swagger-ui doesn't work with Partitions. This has been resolved.

When using the MongoDB storage module, conditional updates performed as a part of a transaction resulted in a new resource version being persisted even if the resource body did not actually change. This has been corrected.

Custom user data added to the user session during login is now maintained into refreshed SMART sessions.

Removes the duplication of the Template OIDs in every section of a generated CDA document

In moving from FHIR DSTU3 to R4, the URLs used in some of our CodeSystems were left outdated. This has been corrected.

Previously in MongoDB, during a transaction if a resource with conditional match URL relied on a resource only defined via another resource in the transaction, a PreconditionalFailedException would be thrown. This has been corrected.

Previously in a MongoDB transaction, if the resource contained a conditional URL which relied on a sibling resource in the same transaction, there was the potential for duplicates in high-concurrency situation. This has been resolved.

unable to access dropdown search parameter via the FHIR Web module due to a Javascript error. This has been fixed.

Previously, when resources failed validation during a PUT/POST, the transaction log would be missing the request body for the ENDPOINT_RECEIVE step. This has been corrected.

Additional CodeSystem URLs have been updated to properly reflect both FHIR DSTU3 and R4 uses.

Previously, creating and searching for resources in a Mongo database would fail if the resource type has a search parameter named resource, which is a reserved word in our model. This fix adds special handling to avoid the name collision.

Migration task failure when upgrading from 2021.08.PRE-38 to 2021.11.PRE-06

Fixed a bug where Conditional Updates and Conditional Creates in transactions were not being successfully retried when using MongoDB as a storage module

Fixed a bug in HL7 V2.x inbound mapping where Encounter.serviceProvider is not generated when PV1-39 is populated, updated documentation for PV1-39 segment

Fixed a bug which occured while multiple refresh attempts were made simultaneously against a single access token.

Fixed a bug that produced this error: TemplateInputException: An error happened during template parsing (template: class path resource [META-INF/adminweb/views/runtime/batch/jobList.html]

Recover from MS SQLServer migration failure on the CDR_OAUTH2_REFRESH_TOKEN table that failed because the column name 'KEY' is a reserved word on MS SQLServer. The column has been renamed to TOKEN_KEY.

Add Support For $validate-code Against CodeSystem Resources As Well As $subsumes Against CodeSystem And ValueSet Resources

Fixed hl7v2 inbound mapper to handle DG1 segments with invalid 'IMO' diagnoses codes and stop generating incorrect encounter diagnosis extensions

Previously when executing a PUT against a user by PID in the user-management API, only the UserDetails information that were passed in were subsequently returned. This has been changed so that the user's full deatils are now returned.

$mdm-query-links and $mdm-duplicate-golden-resources now enforce paging via parameters _offset and _count. More details can be found in the MDM Operations documentation. Furthermore, Smile CDR's internal APIs in the admin-json module also support these same new parameters.

The JSON Admin API's OIDC Sessions API will now revoke any accepted Terms of Service (TOS) when revoking a given client for a given user.

Hybrid providers will occasionally need to specifically be booted after a particular module. A new optional dependency of type Boot After has been added to hybrid provider endpoints. This will ensure that the module specified there will be booted before the hybrid provider.

Add AWS Secrets Manager JDBC Driver Support for PostgreSQL

The transaction log can now be configured to send events to a kafka queue for realtime reporting

Support for multiple header-passthrough option using -hp or --header-passthrough parameter was added to smileutil commands: map-and-upload-csv-bulk-import-file, upload-bundle-files, upload-examples, upload-sample-dataset and upload-terminology

Ability to maintain different version of attestations (add new, update existing one, retrieve all, retrieve current)

Log lines now identify the module running and the request being processed.

The SMART Backend Services authorization guide is now fully supported, and can be used to authenticate FHIR Bulk Export jobs as described in the guide.

A number of new fields have been added to the HL7 v2.x PV1, DG1, and AL1 segments.

Smile CDR now supports (and recommends) deployment on the OpenJDK 16.x JVM.

Users approving OIDC clients managed by the App Gallery will be presented with the plain-language version of the developer attestation

The SMART Outbound Security module can now be configured to require PKCE for all code exchanges, and to optionally disable the PLAIN challenge type.

Old (completed, failed, etc.) batch jobs in the FHIR Storage (RDBMS) after 48 hours.

The Batch Job JSON API has been improved to add an optional executionUUID parameter that can be used to search for a specific execution of a job.

A new set of configuration options has been added to the FHIR Storage (RDBMS) module to allow individual scheduled tasks to be selectively enabled and disabled on a given node.

The SMART Outbound Security module can now optionally present the user with a context selection screen during interactive login flows. This screen permits the user to choose a session context, such as the person whose data is being accessed.

It is now possible to configure the number of threads available to the batch job executor service for tasks like bulk import and bulk export.

Completely automate the provisioning of attestation html text for new SmileCDR App Gallery installation.

The SMART Outbound Security module revoke page now has a logout button.

A new property on the ETL Importer module allows you to enable Transaction Logging. Note that this will have heavy impacts to performance if enabled. Currently this is only supported for synchronous server-side ETL mode.

Added new Runtime -> Batch Jobs menu item in the Web Admin Console for viewing and stopping recently run jobs. In this initial implementation, the details of the last 5 jobs of each type are displayed and a button provided to stop any job currently running. The VIEW_BATCH_JOBS permission is required to view jobs and MANAGE_BATCH_JOBS permission is required to stop jobs.

Added a configuration property to Realtime Export module, allowing you to set the channel prefix when running in POINTCUT mode. This is useful in scenarios where you may have multiple RTE modules operating on multiple Storage modules.

Added ServletRequestDetails parameter to all FHIR Gateway pre-invoke pointcuts.

A new setting has been added to the FHIR Storage module that controls whether non-versioning changes to resources (such as Resource.meta chages) should result in subscription processing.

A new pair of settings on the FHIR Storage module allow SearchParameters to be automatically enabled and disabled on startup based on a specified set of patterns.

Added support to generate an AuthorParticipation CDA sub-section from FHIR provenance objects.

Add ability to sort by different columns names and select sort direction to app gallery REST API.

A new Storage Module config parameter called 'Request Validating Bean Types' has been added. Users can set the value of this config parameter to a comma-separated list of customerlib-provided subclasses of IValidationSupport to be added to the validation support chain.

Stale Batch jobs will now only be deleted 48 hours after they were last updated, as opposed to 48 hours after they were originally created.

The BatchJobs JSON Admin API now provides a count of how many records were processed by a given job instance.

The JSON Admin API for Batch Jobs now has new operations for stopping and restarting job executions.

Add requesting apps and helpdesk URL/Email address in App Gallery Smile config

A new setting on the FHIR Storage (RDBMS) module allows specific validation messages to be suppressed using one or more regex patterns.

A new administrative API has been added to the JSON Admin API that can be used to list currently approved SMART applications for a given user, and also to revoke specific ones.

Add privacy policy URL in App Gallery Smile config

Javascript Execution environment now supports the ability to check the presence of a profile on a given resource as follows: resource.meta.hasProfile('http://myprofile.com|1.0.0');

A user-specified list of HTTP headers can now be accessed on theRequest object in authentication callback scripts

The CCDA goals section can now be generated through the CDA Exchange module

Add developer note during registration to console and portal REST API.

Add in Smile Documentation, a sample MDM survivorship javascript function to copy identifiers in golden records, in MDM Survivorship Rules page.

Added a new broker option NONE that can be used to run without a broker.

The MongoDB History operations (Type-, and Instance- level) now support paging to descend farther into the history beyond what is shown on the first page.

Instance-level history is now supported on MongoDB.

Added a Config Diagnostics page to the Web Admin Console that detects and reports common misconfigurations. This page also lists configuration settings that could affect performance.

A new setting called Write-Semaphore Mode has been added to the FHIR Storage (RDBMS) module. This setting allows beter performance when writing highly concurrent data where multiple threads may try to create or update the same resource.

Generated CCDA documents can include an Encounters section (2.16.840.1.113883.10.20.22.2.22) containing Encounter Activity (2.16.840.1.113883.10.20.22.4.49) entries derived from Encounter resources.

Added AWS Secrets Manager JDBC support for DB types: MariaDB, MSSQL, MySql, Oracle, Postgres

A new setting has been added that enabled an asynchronous mode for audit log writing. This mode uses an internal in-memory queue for writing audit log events that reduces the latency of individual FHIR operations at the expense of some latency in the audit logs.

A new setting has been added to the FHIR Storage (RDBMS) module that forces the use of Offset Queries, which means that the Query Cache will never be used for FHIR searches.

Most heavily trafficked smileutil commands (upload-csv-bulk-import-file, map-and-upload-csv-bulk-import-file, synchronize-fhir-servers) have a new optional parameter, --request-id, which when populated will mark each log line in the Smile CDR server with the provided request id. This can be useful for matching logs to specific smileutil invocations.

Automatically include App Gallery into Smile CDR build.

The MongoDB Storage module now supports the _profile search parameter.

A new partitioning feature called Patient ID Partition Mode has been added. In this mode the partition ID is determined by the resource ID of the Patient compartment owner for the given resource.

Generated CCDA documents can include an Immunization section (2.16.840.1.113883.10.20.22.2.2.1) containing Immunization Activity entries (2.16.840.1.113883.10.20.22.4.52) derived from Immunization resources.

Added 'smileutil version' command that prints out the current version of Smile CDR and HAPI-FHIR.

Support creating apps in different App Gallery module to support multiple OIDC endpoints.

Backported from: 2021.08.R01

Support creating apps in different App Gallery module to support multiple OIDC endpoints.

Generated CCDA documents can include a Medical Equipment section (:2.16.840.1.113883.10.20.22.2.23) containing Medical Equipment Organizer (2.16.840.1.113883.10.20.22.4.135) entries derived from List resources, Non-Medicinal Supply Activity (2.16.840.1.113883.10.20.22.4.50) entries derived from DeviceUseStatement resources and Procedure Activity Procedure (2.16.840.1.113883.10.20.22.4.14) entries derived from Procedure resources.

The MongoDB Storage module now supports the _profile search parameter, allowing searches for resources with a given profile declaration.

The _total search parameter is now supported by the MongoDB FHIR Storage module.

The MongoDB FHIR Storage module now supports performance tracing, which can add the raw query sent to MongoDB and details about the response latency to the transaction log.

Generated CCDA documents can include a Procedures section (2.16.840.1.113883.10.20.22.2.7.1) containing Procedure Activity Act (2.16.840.1.113883.10.20.22.4.12), Procedure Activity Procedure (2.16.840.1.113883.10.20.22.4.14) and Procedure Activity Observation (2.16.840.1.113883.10.20.22.4.13) entries derived from Procedure resources.

Resource type is now populated in the SearchPageRequest parameter of the FHIRGW_SEARCH_PAGE_TARGET_PREINVOKE pointcut.

Enhance the CCDA document Immunization section (2.16.840.1.113883.10.20.22.2.2.1) to support entries with the INT mood code, derived from ImmunizationRecommendation resources.

Add new entry in App Gallery Smile config for PHI Warning URL.

A setting exposing the HAPI FHIR RestfulServer Bundle Inclusion Rule has been added.

Generated CCDA documents can include a Functional Status section (2.16.840.1.113883.10.20.22.2.14) containing Functional Status Observation (2.16.840.1.113883.10.20.22.4.67), Functional Status Organizer (2.16.840.1.113883.10.20.22.4.66) and Sensory Status (2.16.840.1.113883.10.20.22.4.127) entries.

OIDC/Federated setup allows for configurable external user names when creating local Smile CDR user records.

Add email server configuration to app gallery config.

Added email notification to App Gallery

Added a new $reindex operation with similar syntax to $delete-expunge that creates a spring-batch job to reindex selected resources. As with the $delete-expunge batch job, this $reindex job can specify a list of urls to be reindexed and the web admin console provides controls for viewing the job in progress as well as stopping and restarting it.

A new setting has been added disable Partitioning Security for systems that do not require it.

It is now possible to specify more than one target server for the smileutil synchronize-fhir-servers command.

An optimization has been made to the Javascript Execution environment's search() operations. They previously executed an additional search for each .where() clause. These additional searches have been removed.

Smile CDR will now automatically disable unicode strings for the MSSQL (SQL Server) driver, which significantly improves performance in some cases.

The Smile CDR RDBMS Connection Pool will no longer mark connections as autocommit-enabled when a connection is no longer needed. This removes a small piece of overhead for every database connection.

Added the individual Approved and Revoked SMART scopes to audit log entries.

DELETE _expunge=true has been converted to use Spring Batch. It now simply returns the jobId of the Spring Batch job while the job continues to run in the background. A new operation called $delete-expunge has been added to provide more fine-grained control of the delete expunge operation. This operation accepts an ordered list of URLs to be delete-expunged and an optional batch-size parameter that will be used to perform the delete expunge. If no batch size is specified in the operation, then the value of DaoConfig.getExpungeBatchSize() is used.

Refactored the CDA Template Service. Created a separate CDA Document Service for clarity and testability.

The CDA Exchange module will generate documents based on R4 FHIR resources.

ConceptMap.group.element.target.display may now be up to 500 characters in length.

The list of ids of all Entry elements derived from FHIR resources will include the FHIR id of that resource as well as all external identifiers. The base URL to use as the root of local ids is a configuration parameter of the CDA Exchange module.

The HL7 v2.x inbound processor now considers the encounter when performing conditional updates of Observations derived from ADT OBX segments. This is in addition to the Observation's subject, code, and date.

The HL7 v2.x inbound processor previously required a value of MR be present in PID-3[0]-5. It will now accept a value of either MR or MB – depending on which is configured for a given HL7 v2.x Listening Endpoint module. In either case, this first repetition will be used as the primary business identifier for the resulting Patient.

Asynchronous-mode ETL Import jobs failed when executed against a partitioned server. This has been corrected.

When using MongoDB with Uplifted Refchains, an identifier with an Identifier.type.text value caused a crash. This has been resolved.

Fixed a bug wherein an Audit Log was only created for SECURITY_OUT_SMART_APPROVE_SCOPE if the related OIDC client was set to remember user-approved scopes. This has been fixed so that the audit log is created whether or not the scopes are set to be remembered.

In some situations, the cluster scheduler would prevent Smile CDR from starting with the error Couldn't get host name!. This has been corrected.

A bug was fixed for asynchronous ETL Jobs where the input CSV file contained multiple trailing newlines would cause a failure. sometimes result in the last segment of data not being loaded.

Default module names of especially verbose module sometimes exceeded the allowed length. This length has been increased.

During a previous upgrade of maximum module ID length, a particular validation check was missed. This has been corrected.

The JSON Execution Environment had an unnecessary restriction that prevented adding custom segments (Z-Segments) that had digits as a part of the segment name. This has been corrected.

A concurrency threading error was fixed in the HL7 v2.x Sending Endpoint module.

Fixed a bug wherein the Channel Import module would incorrectly use Cluster Manager channel prefixes for its channel names.

Fixed a bug where forcedEncoding setting was only applied to FHIR Operations, and not the standard Read/Search operations.

On Module "persistence_mongodb" setup, when adding FHIR Resource Types, some resource types were preventing the module to start. This has been corrected.

Database columns for OIDC Server Definitions used in federated mode were too short for real world URLs from some providers. These have been expanded.

Fixed CapabilityStatement returned by metadata in cases where a persistence module is configured with a fixed list of resource types (excluding Measure and CodeSystem).

The Hybrid Providers module incorrectly ignored FHIR search _include directives in the format [resourceType]:*. This has been corrected.

The Package Registry property was not working and was documented incorrectly. This has been corrected.

A constraint error on Oracle was resolved when performing the Refresh Tokeb flow using an authorization URL containing parameters with no value.

Resource profile declarations were not being preserved in the MongoDB Storage module.

Auto-retry on constraint errors was not being respected for MongoDB Storage Modules. This has been corrected.

The system had mistakenly applied the terms-of-service page to the session revoke page if called with a client_id parameter. This has been fixed.

Fixed a bug in the MongoDB module where date searches with low granularity (e.g. Observation?effective=2021-01-01) would not return all results. This requires the addition of a new top-level document field which contains the ordinal calendar date of any date-based search parameter. This setting can be controlled via a property on the module.

When using MongoDB with an uplifted RefChain, if the target of the refchain was also created in the same FHIR transaction bundle, race condition could cause a failure to save. This has been corrected.

Under some conditional, the unique constraint index in MongoDB was not correctly used to enforce conditional operations, leading to suboptimal performance. This has been corrected.

Fixed searchRevInclude elements in CapabilityStatement returned by metadata in cases where a persistence module is configured with a fixed list of resource types (excluding Measure and CodeSystem).

Fixed a bug introduced in 2021.08.PRE-14 that caused retired SearchParameters to be activated on startup by default.

Logout button on Revoke Page is not placed appropriately, its placed at extreme left corner of the screen. This has been corrected, and Logout button on Revoke Page is on top right now.

Added application last modified date to the payload and removed date of change from note payload

Numerous minor enhancements to Channel Import Retry Configuration.

• 0 is now an allowable retry attempt count. It indicates that any failures should go directly to the failed channel.
• Errors not considered retriable will now be sent directly to the failed topic, instead of dropped.
• A new configuration option has been added to explicitly control the concurrent consumer count on the retry channel.
• Channel Import will now fail to boot if retry is misconfigured. Previously it defaulted to a non-retriable channel.

When using the FHIR Gateway with ID Prefixes enabled, users with compartment-specific permissions were not able to access search results, as the authorization layer considered the non-prefixed IDs instead of the prefixed ones. This has been corrected.

SAML authentication option for FHIR Web module was not working. This has been fixed.

Backported from: 2021.08.R01

SAML authentication option for FHIR Web module was not working. This has been fixed.

Recent changes to CapabilityStatement to filter resource types not included in the allowed list inadvertently resulted in searchRevInclude references being excluded from the CapabilityStatement. This has been fixed.

When using a MongoDB storage module, the $validate operation did not use the supplied Validation Support dependency. This has been fixed.

The previous docker image used as a base for Smile CDR's docker image had various open vulnerabilities open against it. These have been remedied by changing the base image to use Alpine. This resolves the following CVEs:

• CVE-2021-33574
• CVE-2019-25013
• CVE-2018-12886

The FHIR Gateway incorrectly returned an HTTP 500 if a consent service script rejected all resources in the response.

The MongoDB Storage module was incorrectly creating transaction sessions, meaning the aborted FHIR transactions could leave incomplete data in document collections. This has been corrected.

Bundle.total in FHIR Gateway module returns the number of resources in the Bundle. It should return the total number of matching resources for the search. This has been resolved.

On the MongoDB FHIR Storage module, resource updates that change nothing except the tags, profile declarations, or security labels resulted in a NO-OP that did not actually update the metadata. This has been corrected.

When executing a logout on a Smart Auth endpoint, the redirect to the signin page would fail if the module defined a custom context path. This has been corrected.

Correctly generate placeholder entries for Smoking Status and Sex Assigned at Birth when the Social History Section of a CCD document is empty

Fix the order of audit logs in App Gallery. Change from natural order to reverse order.

Fix registrationNote entry in App Gallery. Change the return type from NoteJson to String.

Fix Download System Configuration Button when Environment Variables are used as Admin Json Module context path.

When defining a module dependency in the properties file, Smile CDR now trims all surrounding whitespace. This prevents a rather insidious bug wherein a user could get mysterious failures if they added trailing whitespace to a module dependency.

Executing a ConceptMap/$translate operation nested within a FHIR Batch or Transaction bundle incorrectly resulted in an HTTP 500 error. This has been corrected.

A cache issue caused valid anonymous FHIR requests to occasionally fail with an error indicating that the user had no permissions. This has been corrected.

A bug prevented channel import from being used on a paertitioned server if the channel messages were raw FHIR resources and not CSV files. This has been corrected.

Right-side navigation bar in documentation/website in changelog links point to the incorrect section. This have been fixed

The Context Selection feature of the SMART Outbound Security Module did not function when the module was configured with a non-default web root context. This has been corrected.

The HL7 v2.x inbound processor was not issuing an error for ORM_O01 messages where an ORC (Order Control) segment was not populated. This has been corrected.

The HL7 v2.x inbound processor was incorrectly issuing an error for ORU_R01 messages where ORC-2 (Placer Order Number) was not populated. This has been corrected, and a warning is now issued instead.

Fix the rendering of PQ data type elements in a CDA document to derive the 'unit' attribute from the 'code' field of the source Quantity object if it is populated.

When a context path ending in '/' (and is not '/') is used for admin json module, its swagger-ui page couldn't be reached. This has been fixed.

Allow the Reason for Referral section of a CDA document to be generated using ServiceRequest resources in the context of the R4 model.

When generating a CCDA document, Allow an Allergy Concern Act to render if the corresponding AllergyIntolerance resource contains a code from any of NDF-RT, RxNorm or Smomed-CT code systems.

Fix search by Vendor Name on app gallery page.

Detect the interpretation code of a Vital Signs Observation using either OID or URI

When rendering a Result Observation entry in a CDA document, detect the interpretation code using either the code system OID or URI.

When creating a CDA document with a Results section, the reference range of each observation will be populated.

Fix a ClassCastException that was thrown while rendering the Procedures section of a CDA document if the Procedure contains a complicationDetail.

Adds a mapping from http://hl7.org/fhir/device-statement-status to ActStatus for the status code of the Non-Medicinal Supply Activity entry.

Previously when running in Partitioned mode, users did not require explicit access to access the DEFAULT partition. This has been changed, and now explicit access to the DEFAULT partition must be granted.

The Security Troubleshooting log contained a log message when logging in using the Local Inbound Security module that contained the hashed value of the user's password. This has been removed.

Backported from: 2021.08.R01

The JSON Admin API's OIDC Sessions API will now revoke any accepted Terms of Service (TOS) when revoking a given client for a given user.

Backported from: 2021.08.R01

Add in Smile Documentation, a sample MDM survivorship javascript function to copy identifiers in golden records, in MDM Survivorship Rules page.

Backported from: 2021.08.R01

Added a new broker option NONE that can be used to run without a broker.

Backported from: 2021.08.R01

The MongoDB History operations (Type-, and Instance- level) now support paging to descend farther into the history beyond what is shown on the first page.

Backported from: 2021.08.R01

Instance-level history is now supported on MongoDB.

Backported from: 2021.08.R01

Added 'smileutil version' command that prints out the current version of Smile CDR and HAPI-FHIR.

Backported from: 2021.08.R01

The Smile CDR RDBMS Connection Pool will no longer mark connections as autocommit-enabled when a connection is no longer needed. This removes a small piece of overhead for every database connection.

Backported from: 2021.08.R01

DELETE _expunge=true has been converted to use Spring Batch. It now simply returns the jobId of the Spring Batch job while the job continues to run in the background. A new operation called $delete-expunge has been added to provide more fine-grained control of the delete expunge operation. This operation accepts an ordered list of URLs to be delete-expunged and an optional batch-size parameter that will be used to perform the delete expunge. If no batch size is specified in the operation, then the value of DaoConfig.getExpungeBatchSize() is used.

Backported from: 2021.08.R01

Default module names of especially verbose module sometimes exceeded the allowed length. This length has been increased.

Backported from: 2021.08.R01

During a previous upgrade of maximum module ID length, a particular validation check was missed. This has been corrected.

Backported from: 2021.08.R01

Fixed a bug in the MongoDB module where date searches with low granularity (e.g. Observation?effective=2021-01-01) would not return all results. This requires the addition of a new top-level document field which contains the ordinal calendar date of any date-based search parameter. This setting can be controlled via a property on the module.

Backported from: 2021.08.R01

Added application last modified date to the payload and removed date of change from note payload

Backported from: 2021.08.R01

Numerous minor enhancements to Channel Import Retry Configuration.

• 0 is now an allowable retry attempt count. It indicates that any failures should go directly to the failed channel.
• Errors not considered retriable will now be sent directly to the failed topic, instead of dropped.
• A new configuration option has been added to explicitly control the concurrent consumer count on the retry channel.
• Channel Import will now fail to boot if retry is misconfigured. Previously it defaulted to a non-retriable channel.

Backported from: 2021.08.R01

The Security Troubleshooting log contained a log message when logging in using the Local Inbound Security module that contained the hashed value of the user's password. This has been removed.

Backported from: 2021.08.R01

Add AWS Secrets Manager JDBC Driver Support for PostgreSQL

Backported from: 2021.08.R01

Ability to maintain different version of attestations (add new, update existing one, retrieve all, retrieve current)

Backported from: 2021.08.R01

Log lines now identify the module running and the request being processed.

Backported from: 2021.08.R01

The SMART Backend Services authorization guide is now fully supported, and can be used to authenticate FHIR Bulk Export jobs as described in the guide.

Backported from: 2021.08.R01

A number of new fields have been added to the HL7 v2.x PV1, DG1, and AL1 segments.

Backported from: 2021.08.R01

Smile CDR now supports (and recommends) deployment on the OpenJDK 16.x JVM.

Backported from: 2021.08.R01

Users approving OIDC clients managed by the App Gallery will be presented with the plain-language version of the developer attestation

Backported from: 2021.08.R01

The SMART Outbound Security module can now be configured to require PKCE for all code exchanges, and to optionally disable the PLAIN challenge type.

Backported from: 2021.08.R01

Old (completed, failed, etc.) batch jobs in the FHIR Storage (RDBMS) after 48 hours.

Backported from: 2021.08.R01

The Batch Job JSON API has been improved to add an optional executionUUID parameter that can be used to search for a specific execution of a job.

Backported from: 2021.08.R01

A new set of configuration options has been added to the FHIR Storage (RDBMS) module to allow individual scheduled tasks to be selectively enabled and disabled on a given node.

Backported from: 2021.08.R01

The SMART Outbound Security module can now optionally present the user with a context selection screen during interactive login flows. This screen permits the user to choose a session context, such as the person whose data is being accessed.

Backported from: 2021.08.R01

It is now possible to configure the number of threads available to the batch job executor service for tasks like bulk import and bulk export.

Backported from: 2021.08.R01

Completely automate the provisioning of attestation html text for new SmileCDR App Gallery installation.

Backported from: 2021.08.R01

The SMART Outbound Security module revoke page now has a logout button.

Backported from: 2021.08.R01

A new property on the ETL Importer module allows you to enable Transaction Logging. Note that this will have heavy impacts to performance if enabled. Currently this is only supported for synchronous server-side ETL mode.

Backported from: 2021.08.R01

Added new Runtime -> Batch Jobs menu item in the Web Admin Console for viewing and stopping recently run jobs. In this initial implementation, the details of the last 5 jobs of each type are displayed and a button provided to stop any job currently running. The VIEW_BATCH_JOBS permission is required to view jobs and MANAGE_BATCH_JOBS permission is required to stop jobs.

Backported from: 2021.08.R01

Added a configuration property to Realtime Export module, allowing you to set the channel prefix when running in POINTCUT mode. This is useful in scenarios where you may have multiple RTE modules operating on multiple Storage modules.

Backported from: 2021.08.R01

Added ServletRequestDetails parameter to all FHIR Gateway pre-invoke pointcuts.

Backported from: 2021.08.R01

A new setting has been added to the FHIR Storage module that controls whether non-versioning changes to resources (such as Resource.meta chages) should result in subscription processing.

Backported from: 2021.08.R01

A new pair of settings on the FHIR Storage module allow SearchParameters to be automatically enabled and disabled on startup based on a specified set of patterns.

Backported from: 2021.08.R01

Add ability to sort by different columns names and select sort direction to app gallery REST API.

Backported from: 2021.08.R01

A new Storage Module config parameter called 'Request Validating Bean Types' has been added. Users can set the value of this config parameter to a comma-separated list of customerlib-provided subclasses of IValidationSupport to be added to the validation support chain.

Backported from: 2021.08.R01

Stale Batch jobs will now only be deleted 48 hours after they were last updated, as opposed to 48 hours after they were originally created.

Backported from: 2021.08.R01

The BatchJobs JSON Admin API now provides a count of how many records were processed by a given job instance.

Backported from: 2021.08.R01

The JSON Admin API for Batch Jobs now has new operations for stopping and restarting job executions.

Backported from: 2021.08.R01

Add requesting apps and helpdesk URL/Email address in App Gallery Smile config

Backported from: 2021.08.R01

A new setting on the FHIR Storage (RDBMS) module allows specific validation messages to be suppressed using one or more regex patterns.

Backported from: 2021.08.R01

A new administrative API has been added to the JSON Admin API that can be used to list currently approved SMART applications for a given user, and also to revoke specific ones.

Backported from: 2021.08.R01

Add privacy policy URL in App Gallery Smile config

Backported from: 2021.08.R01

Javascript Execution environment now supports the ability to check the presence of a profile on a given resource as follows: resource.meta.hasProfile('http://myprofile.com|1.0.0');

Backported from: 2021.08.R01

Add developer note during registration to console and portal REST API.

Backported from: 2021.08.R01

Smile CDR will now automatically disable unicode strings for the MSSQL (SQL Server) driver, which significantly improves performance in some cases.

Backported from: 2021.08.R01

Added the individual Approved and Revoked SMART scopes to audit log entries.

Backported from: 2021.08.R01

Asynchronous-mode ETL Import jobs failed when executed against a partitioned server. This has been corrected.

Backported from: 2021.08.R01

Fixed a bug wherein an Audit Log was only created for SECURITY_OUT_SMART_APPROVE_SCOPE if the related OIDC client was set to remember user-approved scopes. This has been fixed so that the audit log is created whether or not the scopes are set to be remembered.

Backported from: 2021.08.R01

In some situations, the cluster scheduler would prevent Smile CDR from starting with the error Couldn't get host name!. This has been corrected.

Backported from: 2021.08.R01

A bug was fixed for asynchronous ETL Jobs where the input CSV file contained multiple trailing newlines would cause a failure. sometimes result in the last segment of data not being loaded.

Backported from: 2021.08.R01

The JSON Execution Environment had an unnecessary restriction that prevented adding custom segments (Z-Segments) that had digits as a part of the segment name. This has been corrected.

Backported from: 2021.08.R01

A concurrency threading error was fixed in the HL7 v2.x Sending Endpoint module.

Backported from: 2021.08.R01

Fixed a bug wherein the Channel Import module would incorrectly use Cluster Manager channel prefixes for its channel names.

Backported from: 2021.08.R01

Fixed a bug where forcedEncoding setting was only applied to FHIR Operations, and not the standard Read/Search operations.

Backported from: 2021.08.R01

On Module "persistence_mongodb" setup, when adding FHIR Resource Types, some resource types were preventing the module to start. This has been corrected.

Backported from: 2021.08.R01

Database columns for OIDC Server Definitions used in federated mode were too short for real world URLs from some providers. These have been expanded.

Backported from: 2021.08.R01

Fixed CapabilityStatement returned by metadata in cases where a persistence module is configured with a fixed list of resource types (excluding Measure and CodeSystem).

Backported from: 2021.08.R01

The Hybrid Providers module incorrectly ignored FHIR search _include directives in the format [resourceType]:*. This has been corrected.

Backported from: 2021.08.R01

The Package Registry property was not working and was documented incorrectly. This has been corrected.

Backported from: 2021.08.R01

A constraint error on Oracle was resolved when performing the Refresh Tokeb flow using an authorization URL containing parameters with no value.

Backported from: 2021.08.R01

Resource profile declarations were not being preserved in the MongoDB Storage module.

Backported from: 2021.08.R01

Auto-retry on constraint errors was not being respected for MongoDB Storage Modules. This has been corrected.

Backported from: 2021.08.R01

The system had mistakenly applied the terms-of-service page to the session revoke page if called with a client_id parameter. This has been fixed.

Backported from: 2021.08.R01

When using MongoDB with an uplifted RefChain, if the target of the refchain was also created in the same FHIR transaction bundle, race condition could cause a failure to save. This has been corrected.

Backported from: 2021.08.R01

Under some conditional, the unique constraint index in MongoDB was not correctly used to enforce conditional operations, leading to suboptimal performance. This has been corrected.

Backported from: 2021.08.R01

Fixed searchRevInclude elements in CapabilityStatement returned by metadata in cases where a persistence module is configured with a fixed list of resource types (excluding Measure and CodeSystem).

Backported from: 2021.08.R01

Fixed a bug introduced in 2021.08.PRE-14 that caused retired SearchParameters to be activated on startup by default.

Backported from: 2021.08.R01

Previously when running in Partitioned mode, users did not require explicit access to access the DEFAULT partition. This has been changed, and now explicit access to the DEFAULT partition must be granted.

Added new Admin JSON endpoint /system-config, which prepares a ZIP file containing JVM information, a thread dump, the node module config, and node health statuses.

Realtime Export now supports a new property called Transaction-Based Processing. When enabled, Realtime Export will process full transactions as single logical units against the remote database.

Added bundle import support in channel import, which will behave similar to POSTing a bundle to '/' endpoint and depending on the bundle type will either treat the bundle as a resource and modify it depending on the operation type or ignore the operation type of the payload and handle each resource independently

Add a new property for cluster manager: audit_log.request_headers_to_store. This can be set to a comma-delimited list of header names. During Audit Event creation, Smile CDR will attempt to extract the named headers from the request and store them with the Audit Event

Support for accepting and processing HL7 v2.x VXU (Vaccine/Immuization) messages has been added.

Added support for Group Bulk export via the /Group/[id]/$export operation, which limited support for query parameters. The documentation indicate contains more details.

The FHIR Gateway module now supports the following additional search parameters:

• _has
• _profile

Added support for system/ and user/ scopes, which mirror the patient/ scopes.

Extend ldap inbound to better support static and dynamic groups. Add optional attribute for member property to onSuccess handler context isMemberOfGroup(). Added queryStringAttributes() to onSuccess handler context to fetch attribute values during the callback. Add new config property authenticator.bind.user.attributes to the LDAP inbound security module to define a list of attributes to query during authentication.

A new setting has been added to the FHIR Gateway target configuration called headersToForward. HTTP headers identified in this configuration will be forwarded from the original client request through the gateway and on to the target server.

Add user data to UserSessionDetailsJson for use in hooks.

Added new config parameter to database connection called 'db.expect_writable', default false. When set to 'true', then health-checks on this server will fail if that database connection is read-only.

Support has been added for the fhirUser scope in the SMART Outbound Security module.

The FHIR Endpoint module can now be configured to return an HTTP 401 for all security issues, instead of returning a 403 when insufficient permissions are found for an otherwise authenticated user.

Added support for Fhir.patch operation in the JavaScript execution environment.

Hybrid Providers are now able to register their own health-checks to report on the status of their connection to external systems they depend on.

The SMART OIDC login flow now has an optional terms-of-service (TOS) page.

The ZIP file generated by admin-json endpoint /system-config now includes a file called cdr-version.txt which contains the HAPI FHIR and Smile CDR build versions

Support string values for resource versions in the audit log. This is needed by the Gateway when fronting servers that use non-numeric resource versions.

A new configuration item has been added to the FHIR Gateway Target document that allows a target to be configured to always use HTTP POST form for FHIR search operations.

Two new configuration properties have been added to the FHIR Endpoint modules that can be used to automatically populate missing Coding.display values, and to automatically enrich CodeableConcepts using available translations. Both features leverage a validation support repository and can be used on all kinds of FHIR endpoints. See Response Terminology Enhancement for more information.

Added configuration to Realtime Export module to allow for multiple consumers

When Auto-Create Placeholder Reference Targets is enabled, Smile CDR now automatically creates Search Parameters for the placeholder extension. This search parameter can be queried as Patient?resource-placeholder=true.

All FHIR Endpoint modules now include support for the Prefer: handling=lenient directive that allows for unknown search parameters to be ignored.

The CapabilityStatement exported by the FHIR Endpoint module will now include supported profiles (StructureDefinition.url) as well as any custom SearchParameter resources supported by the server.

The expect-writable heath-check was not accurately determining when the cluster-manager database is read-only. This has been corrected.

It is now possible to account for third-party Authorization (OIDC) servers that use nonstandard claim names to communicate the list of approved scopes associated with an access token.

The SMART Outbound Security module can now optionally be configured to allow self registration of users.

A new option has been added to the Storage Module, which enables :mdm search parameter qualifier. If an MDM module exists and this option is enabled, MDM search expansion will be enabled. You can read more about MDM expansion in the HAPI FHIR Docs

A new optional element has been added to the FHIR Gateway module's target configuration, serverCapabilityStatementValidationEnabled. If this is supplied a boolean value of false, the gateway will not validate the target server's CapabilityStatement with a request to /metadata. Default is true.

A new method getStringArrayClaim has been added to the JWT processing callback API, granting callback scripts access to claims in the form of an array of strings.

A new setting has been added to the validation section of the FHIR Storage (RDBMS) module called Unknown CodeSystem Validation Policy. When acting as a validation support repository, this setting controls how the system will respond when it encounters a Coding that uses a CodeSystem URL that can not be resolved.

A new optional feature has been added to the FHIR Gateway module's target client creation, to allow setting a client interceptor (using IClientInterceptor), before the FHIR client is called to read or search resources from targets. If this is supplied (via BaseRequest), the client interceptor will then be called before sending the request to a target server, and after the response is received from it.

A new option has been added to the ETL Import module that causes import jobs to be executed asynchronously. This can help to more evenly distribute load across a cluster and ensure that HTTP calls return faster.

When automatically creating a placeholder reference that is set to auto-populate identifiers, logic has been improved. If the reference does not contain an identifier, but the inline match URL does, the identifier found in the match URL will be added to the target. If both are populated, they will both be added to the target.

A new optional element has been added to the FHIR Gateway module's target configuration, allowedToFail, default value 'false'. If this is supplied a boolean value of true, the gateway will allow the target to fail silently (but with warning entries in the log), in search routes, without returning an error to the client unless all targets for a given search request have failed. This permits sending partial target results in response to client requests when a target cannot be reached or fails to handle the request. Read routes are not modified by this new configuration, and are still not allowed to fail on any target.

Added revoke-url, scopes and other recommended fields to the .well-known/smart-configuration url. Also, added a configuration item scopes_to_enforce to configure the scopes field. Renamed the user revoke endpoint to session management endpoint. The url changed from oauth/revoke to session/management

Added support for operations in FHIR Gateway. Currently only $meta and $process-message are supported.

Add getHeader function to RequestDetailsJson to allow to allow consent service to access request headers if exists

A new command has been added to the SmileUtil tool that can be used to ingest CSV Bulk Import files with the CSV-to-FHIR processing happening in the client instead of the server.

The relevant OIDC client was added to the audit log entries for SMART terms-of-service, and the OIDC scope revoke events.

A new setting has been added to the FHIR Storage (RDBMS) module called Enable Match URL Cache. This setting improves write performance on servers with frequent use of conditional URLs (e.g. conditional creates, conditional updates, etc.)

The HL7 v2.x Sending (outbound) endpoint now supports several new ADT and Orders transaction types, and several new segments, as well as support for DFT^P01 messages.

It is now possible to specify a tenant name for an HL7 v2.x Listening endpoint as a configuration option. Setting this on a partitioned server will determine which partition is used to store the data receievd in HL7 v2.x messages.

The Smile CDR Docker build has been bumped to a base of openjdk-11.0.11-slim-buster.

A new configuration option called Internal Synchronous Search Size has been added to Storage modules to allow control over the maximum synchronous load size during internal operations such as delete with expunge.

As of Smile CDR 2021.05.R01, users of the Infinispan Caching module will be required to include their own Infinispan client JAR in the customer_lib directory of their installation. Previously, a client JAR version 9.4.21.Final was included. Note that there is now a known CVE reported that affects this particular version (CVE-2021-21295) so it is no longer recommended for use.

The version of the Bootstrap framework used in the SMART Outbound Security module has been bumped from 3.8.x to 4.6.x, due to the rising number of reported CVEs against the 3.x series. This change will affect any skins that have been developed using the built-in library.

Under some circumstances, processing a received HL7 v2.x ORU^R01 message failed with an unrecoverable NullPointerException. This has been corrected.

When using Smile CDR in Federated OAuth2 mode to connect to a third-party OpenID Connect provider, Smile CDR would fail to process the authorization if the third-party server used an ID Token signature algorithm other than RSA-256. This has been corrected.

The Fhir Web module would not work when partitioning was enabled with an URL_BASED Tenant Identification Strategy. A new configuration option has been added to the Fhir Web module to specify the named partition to use in this case.

A regression was fixed: If a FHIR Endpoint module is paired with a FHIR Storage module (RDBMS), the endpoint should use the FHIR Storage module for validation support if no explicit validation support module is specified.

The module-config/properties endpoint now correctly renders multiline scripts during export.

A regression in Smile CDR 2021.02 meant that OAuth2 Code Exchange flows required a client_secret request parameter, as opposed to also allowing authentication through an Authorization header. This has been resolved.

Smile CDR was not correctly recognizing the Group Bulk Export provider, this has been rectified.

The SMART Discovery Document served from the FHIR Endpoint module was not available on endpoints with a non-default context root. This has been corrected.

Change RTE single-quote escape policy from a backslash to doubled up quotes

When performing a federated OIDC login with a provider that has a JWKS containing both an EC256 and an EC512 key, the wrong key may be selected for verification, resulting in a false negative. This has been corrected.

A new pointcut has been added to the CDR Interceptor framework that allows FHIR Gateway search operations to be intercepted after the search has completed on each target server, potentially modifying the results before they are returned to the client.

The FHIR Gateway module will now gracefully handle search responses from any targets that do not correctly supply self or previous paging links in their search response Bundles.

Not all Mongo storage pointcuts were being called properly. Specifically, STORAGE_PREACCESS_RESOURCES and STORAGE_PRESHOW_RESOURCES were not being called for read, search and delete operations. This has been corrected.

When performing a cascading delete, information about the results of the cascade was not correctly showing up in the OperationOutcome resource returned to the client, even though the cascade succeeded.

The FHIR Gateway module will now gracefully handle search responses from any targets that incorrectly supply prev paging links instead of previous paging links in their search response Bundles.

Added support for enforcing resource profiles in the Mongo Storage Module via a repositoryValidationProvideRules() javascript function.

When using the SMART Outbound Security module to execute the Refresh Token flow, the Launch Context Resource IDs associated with the user session were not persisted with the refresh token, meaning they were not available to the callback scripts. This has been corrected.

The FHIR Gateway module was incorrectly invoking the FHIRGW_SEARCH_TARGET_PREINVOKE interceptor hook instead of the FHIRGW_READ_TARGET_PREINVOKE interceptor hook. This has been fixed.

Both the FHIR Gateway REST Endpoint and Hybrid Providers REST Endpoint modules provided configuration for consent service scripts; however, neither actually invoked these scripts. This has been corrected.

Removed reference to deprecated MDM-specific TerserUtil class from the SurvivorshipHelper class and added isGoldenResourceOlderThanTarget() method.

The initial implementation of FHIR Gateway module did not include support for _id and _source search parameters. Support for these search parameters has now been added.

In the SMART Outbound Security module, any authorities added to the user in the onTokenGenerating callback script were not respected in the eventual user session. This has been corrected.

The FHIR Gateway module was setting the fullUrl values incorrectly in search results when targets were configured without resourceIdPrefix value. This has been fixed.

Calls to /runtime-status/node-statuses/health-checks and /runtime-status/node-statuses/complete used to require both ACCESS_ADMIN_JSON and VIEW_MODULE_STATUS. This has been changed so that only VIEW_MODULE_STATUS permissions are required.

When processing an ORU^R01 message in the HL7 v2.x Listening Module, under some circumstances a message could cause a processing failure with an invalid request error. This has been corrected.

The SMART authentication module failed to process login when configured with a context path and the terms-of-service feature was active. This has been fixed.

The SMART authentication module failed to process login for a second application on the same user session when the terms-of-service feature is active. This has been fixed.

NPE Occurs When Issuing DSTU3 PUT ProcedureRequest Where occurrenceTiming.repeat.boundsPeriod.end Is Not Provided

SIU support was vulnerable to null pointer exceptions in various places. This has been resolved

SIU support mapped AIL-4 inconsistently. This has been resolved

Custom Kafka Config settings were ignored by the RTE module. This has been corrected.

Addressed the following CVE reports:

• CVE-2021-27568
• CVE-2020-28491
• CVE-2021-23341
• CVE-2018-14040
• WS-2020-0287 This was addressed by ensuring the JMX name is never set on the BasicDataSource bean.

Backported from: 2021.05.R01

NPE Occurs When Issuing DSTU3 PUT ProcedureRequest Where occurrenceTiming.repeat.boundsPeriod.end Is Not Provided

Backported from: 2021.05.R01

A new setting has been added to the FHIR Gateway target configuration called headersToForward. HTTP headers identified in this configuration will be forwarded from the original client request through the gateway and on to the target server.

Backported from: 2021.05.R01

The FHIR Endpoint module can now be configured to return an HTTP 401 for all security issues, instead of returning a 403 when insufficient permissions are found for an otherwise authenticated user.

Backported from: 2021.05.R01

The SMART Discovery Document served from the FHIR Endpoint module was not available on endpoints with a non-default context root. This has been corrected.

Backported from: 2021.05.R01

Change RTE single-quote escape policy from a backslash to doubled up quotes

When converting HL7 v2.x messages via the HL7 v2.x Listening Endpoint module, if MessageHeader creation is enabled, the MSH-10 Control ID value will now be copied to an extension in the generated MessageHeader resource.

A new validation mode called Repository Validation has been added, as well as a new ability to use a FHIR Storage (RDBMS) module specifically to provide validation support. This significantly improves the ability to require conformance to specific IGs in FHIR CDRs.

Refactoring of the SmileCDR Enterprise Master Patient Index solution to a Master Data Management solution to accommodate corresponding changes in HAPI FHIR EMPI. The following changes were made:

• Module name was changed from cdr-persistence-empi to cdr-persistence-mdm
• EMPI match on the Patient / Provider resources was changed to use new MDM semantic
• New MDM match ($mdm-match) operation was introduced.
• EMPI operations were renamed to MDM. E.g. $empi-update-link to $mdm-update-link, $empi-merge-persons to $mdm-merge-golden-resources, etc.
• RESTful Service Path URLs path prefix changed from /empi to /mdm
• EMPI permission category, while still in existence, is deprecated
• Permission category for MDM was added

Added new OAuth2Exceptions API within the SMART on FHIR Outbound Security JavaScript execution environment to support returning failure codes other than HTTP 500 Internal Server Error. Returning HTTP 401 Unauthorized and HTTP 403 Forbidden are now also supported.

An example user revocation page skin has been added to the Demo Skin for the SMART Outbound Security module.

The SMART Client Revocation Page will now revoke active access and refresh token, as well as forgetting any previously approved scopes.

Access tokens generated by the SMART Outbound Security module will now include a claim called scope that contains a list of approved scopes associated with the token.

As IT Admin, I need ability to allow SmileCDR clients automatically receive their OIC secrets during creation process

Added new CDS-Hooks module that implements Version 1.1 of the CDS-Hooks specification.

Support has been added for the launch (EHR Launch Context) scope in the SMART Outbound Security module.

Added new functionality to the Realtime Export module to support retaining all historical versions of resources. This can be enabled by setting retainAllHistory to true in the JSON configuration of Realtime Export.

Added two auto-prefetch features to CDS-Hooks: auto prefetch from FHIR endpoint specified in request and auto-prefetch from FHIR Storage module.

Two improvements have been made to the Smile CDR .well-known discovery docs: * The OIDC discovery doc now includes the mandatory subject_types_supported element, which was previously missing * Support has been added for the SMART discovery endpoint, which supercedes the extensions added to the FHIR CapabilityStatement (although these have not been removed

Improved Channel Import to be able to handle plaintext, CSV, and non-FHIR JSON payloads. See the Documentation for more details about how to process incoming messages.

Added new variable ${client_attestation_accepted} that is now available to the login and approve skins that indicates whether or not that client has accepted the attestation to the policy.

Added support for the $evaluate-measure Operation as part of adding CQL support.

Two new variables ${client_scopes} and ${client_auto_grant_scopes} that are now available to the login skin that contain lists of oidc client scopes and auto-grant scopes respectively.

When using the Javascript Execution Environment Fhir object to access a FHIR Storage module that is configured to run in Request Tenant Selection Mode, a new method has been added to the JS API that allows tenant selection.

Mongo search default and maximum page sizes are now configurable. Also added Mongo support for searching with _offset.

The 2020.11.R01 release of Smile CDR introduced a new optimized SQL generator for RDBMS repositories. This new system was disabled by default in 2020.11 but has been enabled by default in 2021.02.R01

With a new version of HAPI comes an upgrade from Hibernate Search 5 to Hibernate Search 6. Anybody using fulltext search, terminology expansion, or the lastN operation will need to reindex all their data, as field formats have changed between versions. This change requires those using Elasticsearch as a backend to upgrade their Elasticsearch clusters to 7.10. Additionally, HTTPS connections to Elasticsearch clusters are now supported via the protocol property on the Elasticsearch Provider. WARNING: If you use Lucene in any capacity (fulltext search, terminology expansion, lastN), you must empty out your lucene storage directory before upgrading, as Lucene's index storage format has changed.

The instructions in the Smile CDR tutorial for launching the Growth Chart app have been replaced with new instructions that leverage the latest version of the app launched directly from the source code instead of using an old version that is bundled into Smile CDR.

When using the SMART Outbound Security module, the onTokenGenerating callback script was not called for authentications using the Client Credentials Grant type. This has been corrected.

When using the JSON API, searching the transaction log by transaction ID failed with a ClassCastException. This has been corrected.

With new modules accepting external input into kafka channels, Smile CDR now drops messages that fail deserialization (poison pills). Previously they would block the consumers as they were stuck on the poisoned offset.

When a client is configured to be allowed a SMART 'star scope' such as patient/*.read, it should be automatically permitted to request an equivalent but narrower scope such as patient/Observation.read. A regression in 2020.11 meant that the approval was allowed, but the narrower scope couldn't actually be used in any API calls. This has been corrected.

The onTokenGenerating(..) callback previously provided a mechanism to access approved scopes, but it was not populated and was therefore not usable. This has been corrected, and this function can now access and modify the list of approved scopes.

Fixed a bug that would cause message receive failure in Channel Import module when using ActiveMQ as a broker.

Smile CDR's JavaScript Execution Environment's FHIR Model API now supports extensions on primitive types using an underscore prefix (i.e. _).

A number of issues were found to occur when migrating Smile CDR databases with flyway disabled. These issues are now fixed.

When trying to retrieve a list of users from JSON Admin console, an error was returned if no sort criteria was selected. This has been fixed.

Tab is now supported as a delimiter by ETL Importer.

Addressed the following CVE reports via the removal of hibernate search 5, and related Elasticsearch libraries:

• CVE-2019-7611
• CVE-2019-7614
• CVE-2020-7020
• CVE-2017-12629

When Suppress Error Details was enabled, OIDC Client Credentials grants did not suppress the fact that an invalid client ID was truly unknown, allowing a malicious user to search for valid client IDs. This has been corrected.