Added a new module, Channel Import, which is a channel-based method to import resources into a storage module.

Added a new configuration class for creating retriable channel consumers. See the Message Broker Retrying documentation. Currently, only the Channel Import module supports retrying.

Hybrid Provider resource providers, as well as interceptors registered against any FHIR server can now access the list of approved OIDC scopes via a new property in the Java Execution Environment.

It is now possible to access the list of approved OIDC scopes from consent service scripts.

Provide new Smile CDR Kafka configuration properties to support adding arbitrary kafka configuration for Kafka producers and consumers

Added a new storage configuration parameter dao_config.maximum_transaction_bundle_size that, if set, will throw a PayloadTooLargeException if a transaction bundle is submitted with more resources than this value.

Added simplified REST API for EMPI operations that consume and produce leaner json. The following new empi operations are now available through the admin json interface: query-links, duplicate-persons, not-dupliace, merge-persons, and update-link. See the Swagger UI for more details.

Added new web page on Smart Auth endpoint to revoke application scope approvals.

Added permissions to cdr to support the new DELETE _expunge parameter added to hapi-fhir. A user must have both FHIR_DELETE_ALL_OF_TYPE permission and FHIR_EXPUNGE_EVERYTHING permission to use DELETE _expunge=true.

Support has been added for parsing references with inline match URLs when using the synchronize-fhir-servers command.

Added support for new http-header value 'X-RequestTrace-Enabled: redacted' which works the same as 'X-RequestTrace-Enabled: true' except it does not substitute the ? parameters. Useful for quickly looking up query ids by query string.

Smile CDR now supports a new Realtime Export module. Its purpose is to convert FHIR data in the repository into relational form, and pass it along to a traditional RDBMS. Documentation for this module can be found here. This module is currently experimental.

Support has been added for authenticating web based components of Smile CDR (such as the Web Admin Console and FHIRWeb) using SAML.

A new API for working with XML documents has been added to the Javascript Execution Environment.

It is now possible to federate the built-in Smile CDR OpenID Connect server (i.e. the SMART Outbound Security module) with a third-party OpenID Connect provider. This is helpful in cases where you have an existing OpenID Connect server that can be used to authenticate users, but that server does not support the SMART extensions to the OpenID Connect specification.

A new operation has been added to the JSON Admin API that allows users to modify their own SMART default launch context assuming they have appropriate user permissions to do so.

The HL7 v2.x Inbound Mapper now includes mappings for MSH-4 (Sending System), PR1-4 (Procedure Description), and PR1-6 (Procedure Functional Type).

A new script callback function has been added to the SMART Outbound Security module called onTokenGenerating. This method is called immediately before a token is issued and can be used to customize the SMART Launch Context attributes in environments where these need to be set dynamically.

The smileutil synchronize-fhir-servers command now supports using a directory containing NDJSON files as the upload source. NDJSON (Newline Delimited JSON) is the approach mandated by the FHIR Bulk Data Transfer (Flat FHIR) Implementation Guide.

A new API has been added to the SMART Outbound Security module that allows callback scripts to add custom claims to the generated JWT access token via the onTokenGenerating function.

A new configuration item has been added to the HL7 v2.x Inbound Listening module, allowing a fixed value to be specified to be placed in MessageHeader.destination.name.

The _source search parameter now works on MongoDB.

The legacy EMPI settings in the Persistence module have been removed. This is supplanted by the new EMPI module.

When using the SMART Outbound Security module with a Refresh Token Grant flow, a new refresh token will now be issued and the previous token will be invalidated any time a refresh token is exchanged for an access token.

The _id search param was not supported in MongoDB. This has been corrected.

All scripts in Smile CDR's JavaScript Execution Environment now support multithreaded access.

A bug was fixed that was blocking updating users in Web Admin that had been created by SMART Inbound Security module.

Binary Storage Mode: Database Blob now works for My SQL.

The smileutil function upload-sample-dataset client was using DSTU3, when default persistence module is R4.

When an EMPI module is first added and enabled in the Persistence module, the server would sometimes deadlock while starting up. This has been fixed.

When authorizing a SMART on FHIR app with resource specific scopes (e.g. patient/Condition.read), access was incorrectly blocked if a requesting user had compartment specific permissions (e.g. FHIR_READ_ALL_IN_COMPARTMENT). This has been corrected.

property node.propertysource did not allow templated values due to a legacy oversight. This has been fixed

A bug in the MongoDB Storage module was fixed that caused duplicate resources to be created when performing conditional update/create operations within a FHIR transaction.

The OIDC servlet attributes available in the Java Execution Environment were not correctly set when using the SMART Outbound Security module. This has been corrected. Two new attributes have also been added, providing access to the OIDC client ID and approved scope set.

Search includes did not support the star (*) syntax for MongoDB. This has been corrected.

A bug was fixed where users holding resource instance specific permissions (e.g. FHIR_READ_INSTANCE/Patient/123) were not able to access the requested resource when a type-specific FHIR scope was granted (e.g. `patient/Patient.read).

JavaScript execution performance could sometimes degrade when running under highly concurrent load. This has been corrected.

When performing FHIR transactions on a MongoDB Storage Module, when using some specific combinations of operations with placeholder IDs, resources could be stored in the repository with invalid links. This has been corrected.

In rare cases, an aborted startup could leave a record in the cluster manager database that prevented subsequent startups due to a NullPointerException. This has been corrected."

In the MongoDB Storage module, resource metadata fields Meta.tag, Meta.security, and Meta.source were not persisted to the database. This has been corrected.

In some cases, long running CDR processes could end up with scheduler errors that did not auto-recover after any network interruption between the CDR and the cluster manager database. This has been corrected.

When using the JSON Admin API operation to export Smile CDR configuration as a properties file, the output did not correctly account for multiline values (i.e. values with a newline character in them). This has been corrected.

The SMART Outbound Security module /logout endpoint did not work in recent versions of Chrome due to a now-mandatory SameSite cookie declaration. In addition, a bug prevented this endpoint from working under non-root context paths. These issues have both been corrected.

When using the SMART Outbound Security module with a client that has both 'remember previously approved scopes' enabled and at least one auto-approved scope, the remembered choices did not persist. This has been corrected.

Web Admin Console sessions were not timing out after the configured number of minutes had elapsed. This has been corrected.

Addressed the following CVE reports:

• CVE-2019-12400
• CVE-2018-14040
• CVE-2018-14042
• CVE-2014-0114
• CVE-2019-10086
• CVE-2020-7226
• CVE-2017-18640
• WS-2019-0379
• CVE-2020-11612
• CVE-2020-10683
• CVE-2016-1000027
• CVE-2020-5421
• CVE-2017-8045
• CVE-2018-11087
• CVE-2020-13692
• CVE-2020-5411
• CVE-2020-10693
• CVE-2019-14900
• CVE-2020-5413

Backported from: 2020.11.R01

Web Admin Console sessions were not timing out after the configured number of minutes had elapsed. This has been corrected.

Backported from: 2020.11.R01

A bug was fixed where users holding resource instance specific permissions (e.g. FHIR_READ_INSTANCE/Patient/123) were not able to access the requested resource when a type-specific FHIR scope was granted (e.g. `patient/Patient.read).

Backported from: 2020.11.R01

When performing FHIR transactions on a MongoDB Storage Module, when using some specific combinations of operations with placeholder IDs, resources could be stored in the repository with invalid links. This has been corrected.

The nashorn JavaScript engine has been replaced by graal-js. This may require changes to your JavaScript code. See JavaScript Execution Environment for details about this change.

Broker channels (aka ActiveMQ Queues and Kafka Topics) can now have an optional prefix specified in configuration. This will cause the given prefix to be prepended to the names of all channels being used by Smile CDR.

Apache Kafka based message brokers can now be configured to use SASL for authentication.

The HL7 v2.x Inbound Endpoint module will now include more details in ACK responses when the message processing failed due to a mapping error such as a missing or invalid field value. Previously the response contained a generic error message and the details could only be found in system and transaction logs. The specific failures will now be included in the HL7 v2.x ACK response as well.

The FHIR Gateway and SMART modules can now have a TrustStore specified in order to allow outgoing HTTPS client connections to connect to endpoints that use self signed certificates.

New scopes have been added to the SMART Inbound/Outbound security modules that allow an application to be authorized to perform various functions that are not provided by the SMART on FHIR framework. See Supported Scopes for more information.

A new operation has been added to the JSON Admin API called Invalidate All Sessions that can be used to invalidate all active Access Tokens and Refresh Tokens issued by Smile CDR for a given user.

The HL7 v2.x inbound processor now supports IN1-12 (Plan Effective Date) and IN1-13 (Plan Expiration Date).

The HL7 v2.x inbound processor now supports IN1-7 (Insurance Co Phone/Telecom List)

The HL7 v2.x inbound processor now supports IN2-63 (Insured's Phone/Telecom List) and IN2-64 (Insured's Employer Phone/Telecom List).

Added integration with Spring Batch. This will allow Smile CDR to produce more observable batch tasks, with increased durability to handle partial completions and restarts.

Added new feature which allow querying for Transaction logs based on: Username, user who performed the operation, Complete resource URL All logs sorted a descending manner, which is already the case in the Web Admin console

Added support for phonetic search parameters. See Phonetic Search Parameters for details.

New LDAP API has been added to enable callback scripts to perform search and lookup of user details from an external LDAP.

Add a new Cluster Manager configuration option module.clustermgr.config.kafka.validate_topics_exist_before_use default value false. Set this to true if your Kafka broker is configured to prevent new topics from being automatically created (e.g. if 'auto.create.topics.enable' is set to false on the broker). When this property is set to true, Smile will prevent subscriptions from being created or updated if the delivery topic they depend on doesn't exist yet..

The HL7 v2.x Outbound capability has been upgraded so that it now supports FHIR R4 as well as DSTU3 (which was the only version that was previously supported).

Support for the FHIR NPM Package specification has been added to Smile CDR. This can be used to automatically import validation resources from a central package server to be used by the validator, to pre-seed resources into newly built environments, and even to host an enterprise package server for your organization. See Packages and IGs for more information.

The FHIR Gateway module now supports conditional deletes.

The network bind address is now configurable for all HTTP servers.

MongoDB Conditional Update/Create operations now use a unique constraint in the MondoDB collection to allow for safe concurrent execution without creating duplicates.

The module editing screen in the Web Admin Console will now show the reason for a failed module start/stop operation.

In the Web Admin Console, when adding an OIDC client or server definition, the Node ID did not appear in the module selection box. This made it hard to select when multiple nodes had a module with the same ID. This has been corrected.

Support for logging into interactive web modules in Smile CDR (e.g. Web Admin Console and FHIRWeb Console) using the Security Assertion Markup Language (SAML) has been added.

The HL7 v2.x inbound processor was only accounting for the first repetition of GT1-2 (Guarantor Number). This has been fixed to account for all repetitions.

Can now increase the maximum number of child resource that will be handled during Cascade Delete request through a new configuration parameter.

On MongoDB FHIR Storage modules, searches for code fields where the system URL is implied (for example, Observation.code doesn't explicitly reference the system URL but it is implied by the ValueSet binding for that field), a search using only the code would not work. This has been corrected.

On MongoDB FHIR Storage modules using subscriptions, previously activated Subscription resources would fail to re-register if the system was restarted. This has been corrected.

A bug in Smile CDR 2020.05 prevented expired HTTP sessions from being removed from the database. These sessions were no longer usable after their expiry time, but continued to take up space in the database. This has been corrected.

Binary Storage Mode: Database Blob now works for MS SQL.

Null Pointer errors are no longer being logged when /endpoint-health is invoked

FHIR 'OR' searches were not correctly processed on MongoDB FHIR Storage modules. This meant that Subscriptions would stop processing after a short period of time. This has been corrected.

When updating a user account using the JSON Admin API, the user account lost the following details, even if they weren't modified: Default Launch Context, Permissions Note that this wasn't an issue when creating a new account via the admin API, just when submitting a PUT request for the same account. This issue has been fixed

Updates to users via the JSON Admin API that omitted the password field were resulting in NullPointerException on installations that have a password pattern set.

Calls to /runtime-status/node-statuses/health-checks were incorrect always showing healthy:false for each module.

In implementing partitioning in Smile CDR, no setting for controlling the Cross-Partition Reference Mode was provided. This has been corrected.

The PKCE verifier for the SMART Inbound Security module incorrectly used UTF-8 bytes instead of US-ASCII bytes, resulting in an inability to verify challenge codes that used characters other and letters and digits. This has been corrected. Note that this bug resulted in false rejections as opposed to false acceptances of challenge codes, so it could not be used to cause a security breach.

In Smile CDR 2020.05.R01, the payloads used for Subscription processing using Kafka (but not ActiveMQ) changed slightly in a non-backwards compatible way. This caused issues to anyone upgrading while resource payloads are in flight in Kafka. The system is now able to handle the previous format gracefully.

Custom interceptors registered against the FHIR Endpoint module can now inject a copy of the HAPI FHIR DaoRegsitry if needed.

A bug prevented the use of native server TLS in Smile CDR when using OpenJDK 11.0.x. This has been corrected.

If the FHIR Storage module was stopped and started again on a running Smile CDR instance (i.e. without stopping the entire CDR process), under some circumstances subscriptions could stopped being checked and delivered. This has been corrected.

When restarting individual modules or the entire Smile CDR process, sometimes the restart would fail with an unexpected exception and leave the system in an inconsistent state. This has been corrected.

When using FHIRWeb Console with a non-default context root path, the logout button did not work. This has been corrected.

The 2020.05.R02 point release corrects two issues: * An inefficient SQL query was created when repository searches were performed containing multiple chained search parameters. See HAPI FHIR Issue 1842 for information on this issue. * Two new columns were added to the RDBMS repository index table supporting date based searches. A database index was missed, resulting in slow performance for some date based searches. Users of the FHIR Storage (RDBMS) module are advised to upgrade to this point release instead of 2020.05.R01. Other users are not affected.

A new feature called Partitioning has been added to the FHIR Storage (RDBMS) module. This can be used to create Multitenant servers, set up logical data sharding, and other similar configurations.

By default, LiveBundle Watchlists are cached in memory and refreshed on read once a minute. This has been changed so that only individual subscriptions are cached as opposed to the entire list. Also, a new config parameter has been added to disable this cache.

The $livebundle-watchlist-subscribers command now supports _include and _include:recurse parameters.

The setKeepReferencesPath() method is now available on all Keepers. (Previously it was available only on toggle keepers.)

The $livebundle-watchlist, $livebundle-watchlist-subscribers, and $livebundle now all support multiple subscriberGroup parameters.

Added Date Type SearchParameter support for MongoDB.

Implemented FHIR endpoint custom SearchParameter search support for MongoDB.

Implemented FHIR endpoint search by match support for MongoDB.

Implemented FHIR endpoint History support for MongoDB.

There is now basic support for Elastic APM agent, including transaction naming based on the HTTP request and its query parameters.

The JavaScript execution environment HTTP Client API now has additional options for using custom TrustStore/Certificates/KeyStore files for executing TLS/HTTPS calls.

Add a new system monitoring mechanism using Elastic APM

Added support for the "message" subscription channel type.

Documentation has been added showing how to add the Troubleshooting Logs to the console logging, which is useful for docker based deployments.

A new setting has been added to the FHIR Storage (RDBMS) module called Resource Deletion Enabled. This setting should be disabled on systems where resource deletion is not being used, as this avoids the need for some resource deletion checks during write operations, and therefore increases overall write performance.

The HL7 v2.x inbound processor now supports PR1-1 (Set ID - PR1). If PR1-1 is populated, the value will be stored within a procedure-sequence extension at the root of the resulting Procedure resource.

A setting to Smile CDR HTTP server modules has been added that forces the server to behave as though incoming requests are HTTPS even if the request is not. This is useful for interacting with some network infrastructure that does not correctly provide forwarding headers.

The FHIR Gateway module now supports FHIR Delete operations, including cascaded deletes.

Added a property to toggle the usage of ordinal dates for day-precision searches. If enabled, will do a strict numeric comparison on the yyyymmdd value, ignoring all time. Property is module.persistence.config.dao_config.use_ordinal_dates_for_day_precision_searches. Default is true.

MongoDB FHIR Storage modules now support chaining searches. Note that this support is currently limited to token-based chains only, but other types are planned. Supported chains must be explicitly declared in advance of data population. See Uplifting Reference Chains for more information.

FHIR Subscriptions are now supported on MongoDB FHIR Storage modules.

The Oracle OJDBC driver has been bumped to version 19.6

It is now possible to pre-seed a new installation of Smile CDR with Users, OpenID Connect Client Definitions, and OpenID Connect Server Definitions using the new Pre-Seed feature. Note that this changes the way that the initial admin user is seeded into a new environment, so it will be a breaking change for any Node Configuration Property File what was being used to pre-seed an admin user with a non-default password.

The Web Admin Console process list will no longer show stopped processes for a node that has at least one running process. Showing stopped processes was generally reported to be misleading and/or confusing, and did not add value.

The Subscription processing engine has been significantly reworked in order to improve maintainability. This change has one user-facing consequence: The version-specific Subcription Processing modules have been replaced with a new version independent one.

The LDAP Inbound Security module previously output unhelpful error messages in the event that it was unable to bind to the LDAP server. The error messages output by this module have now been greatly improved.

A bug was fixed in the Web Admin Console, where changing a module dependency and restarting that module immediately afterwards sometimes resulted in the dependency reverting to its previous value.

FHIR search was returning deleted resources from the MongoDB storage module. This has been corrected.

Fixed issue for MongoDB Module where SearchParameterRegistry was not updated with custom SearchParameters.

Fixed issue in the Web Admin Console where an error occurs when multiple nodes are configured and the user attempts to access configuration for a module.

When using the MongoDB Storage module, credentials that were placed in the username and password configuration properties (as opposed to being embedded in the connection URL) could cause an error on startup. This has been corrected.

A bug in the cluster manager was fixed that could allow two processes to claim the same process ID if they happened to start at the exact same time.

The $snapshot operation failed to execute due to an audit log error. This has been corrected.

When a module was added to a running Smile CDR instance, for example using Web Admin console, the new module would not start until the application was restarted. This has been corrected.

loincupload.properties in path/to/smilecdr/terminology/loinc/ has been updated.

The HL7 v2.x outbound processor was failing where Specimen.identifier.type was not populated with an expected value. This has been fixed.

Documentation for the Subscription Custom Delivery Class has been corrected to identify a package, and to use the correct class name. Subscription.channel.endpoint was removed from the example for clarity.

When performing a FHIR update using the MongoDB storage engine, the server response contained the contents of the previous version of the resource instead of the new contents. This has been corrected.

When shutting Smile CDR down, an error was sometimes printed to the console towards the end of the shutdown, even though the shutdown was successful. This has been corrected.

If a Process ID is being reused by a new process (because it was previously shut down), the associated Process Name was not updated leading to misleading details in the Web Admin console. This has been corrected.

When an environment variable substitution was performed within a configuration property file, an incomprehensible error message was returned if the variable did not actually exist. This has been corrected.

It is now possible to enable/disable the automatic pre-seeding of validation and conformance resources such as StructureDefinitions, CodeSystems, and ValueSets. These resources were automatically seeded beginning in Smile CDR 2019.11.R01, but this feature is now disabled by default and can be enabled if required.

Added new $livebundle-reseed function to purge and reseed all bundles for the given rule.

Changed the meaning of the db_schema_update_mode config param. It used to set the hibernate auto-migration value. Now it determines Smile CDR startup behaviour when a Smile CDR database is out of date. When set to 'UPDATE' Smile CDR will now automatically update the database. When set to 'NONE' Smile CDR will abort startup if the database is out of date and expect you to update it manually using 'smileutil migrate'.

Support for ElasticSearch has been added as an alternative to Lucene for fulltext/terminology indexing. This is now the recommended mechanism for performing indexing in a clustered environment. See Lucene Indexing for more information.

Support has been added to the SMART Outbound Security module for the Proof Key for Code Exchange (PKCE) extension to the OAuth2 protocol. PKCE is an extra layer of security that is useful for public client applications that are unable to keep a secret (e.g. SPAs).

The metrics endpoint now supports a whitelist and blacklist that can be used to trim the number of metrics exported by the endpoint.

A new 'trace mode' has been added to the HTTP Troubleshooting Log that enables extra verbosity in this log in order to help diagnose networking issues.

Sites now have the option to create subscriptions that will deliver resources to a site-defined and externally readable message queue.

Scope claim in JWT Access Token can now be an array instead of a simple string, in order to support default format exported by ForgeRock IAM.

It is now possible to specify a socket timeout for HL7v2 inbound listener ports, and a default timeout of 30 seconds is set. Previously no timeout was applied (or possible) meaning that a misbehaving client could cause a connection leak if it did not properly close the connection.

Previously, Livebundle subscribers were added to subscriberGroups via the $livebundle-watchlist-add operation. Adding and removing subscribers from `subscriberGroup1s has been moved into two new operations: $livebundle-group-add, and $livebundle-group-delete.

It is now possible to skin the Two Factor Authentication page on the SMART Outbound Security module.

With the introduction of the Subscription Processor module type in 2019.11.R01, it was no longer possible to register interceptors against the SUBSCRIPTION_xxx pointcut family. A new module setting on the subscription module has been added that allows interceptors to be registered there.

The User Session was not provided to consent service scripts when Basic Auth was used. This has been corrected.

LiveBundle keepers used to be able to store a different tracking id from their filter watchlist subscriber id. This is no longer the case. This has consequences for rule scripts and the LiveBundle API. In the API, when requesting a LiveBundle, the trackingId parameter has been renamed to subscriberId. LiveBundleRule.setTrackingType() has been removed since that can now be derived from the Watchlist.subscriberType. Lastly, pathToSubscriber has been renamed to subscriberSearchParam. This field was incorrectly named as a path; it has always been a search parameter.

LiveBundle keepers can now have a list of FHIR paths of references to keep. (Previously, only one FHIR path was supported.)

Kafka configuration was appearing on Storage and Subscription module config when it should only appear on the Cluster Manager config. This has been corrected.

When performing a SMART Authorization on a SMART Outbound Security module with an alternate context root specified, the flow failed if a user with two-factor authentication enabled tried to authenticate. This has been corrected.

An issue in FHIRWeb was fixed where requests could fail with a cryptic error in cases where the target FHIR Endpoint had a Fixed Base URL that did not match the server Context Path.

A regression in Smile CDR 2019.11.R01 was fixed: When using the SMART Inbound Security module, users with only the ROLE-SUPERUSER or ROLE_FHIR_CLIENT_SUPERUSER permissions were sometimes denied access to FHIR operations.

The amount of database activity generated by the Web User Session manager (used by the Web Admin console and the SMART Outbound Security module) has been significantly reduced. This should reduce the load on the database, and improve responsiveness for console users. This also has the side effect of avoiding an occasional error message when using the H2 embedded database. In addition, a but was fixed that prevented old sessions from being purged from the database in some cases.

When a user was saved with invalid permission arguments, in some cases it was not possible to edit or use this user any longer due to an overzealous validator when loading the user from the database. This has been corrected.

A Google Analytics tracker was inadvertently added to the Web Admin Console homepage. This has been removed.

When using the SMART Inbound Security module, some RSA JWK keystores failed to parse if a key in the keystore did not explicitly declare which algorithm it used. This has been corrected.

The Web Admin Console user manager showed incorrect page numbers in the description below the pager widget. This has been corrected.

The CapabilityStatement generated for R4 FHIR servers did not include SMART URLs when equipped with a SMART on FHIR authorization module. This has been corrected.

When performing normal FHIR queries against a FHIR CDR, a number of unnecessary accesses to the Cluster Manager database have been removed, which should improve performance on heavily loaded systems.