On this page:

1.4Changelog: 2017



A new feature
An existing feature has changed
A bug fix
A performance improvement
A security issue has been corrected

1.4.1Smile CDR 2017.11.R01 (Buccaneer)


Release Information

Released 2017-11-23
Codename Buccaneer

Upgrade Instructions

This version has no special upgrade instructions.


The inbound HL7 v2.x transaction processor now conditionally creates either contained Condition resources within an Encounter or complete Condition resources as appropriate.

FHIRWeb Console can now optionally be configured to allow anonymous access to users. See Enabling Anonymous Access for more information.

The native HL7 v2.x inbound processor now creates non-contained Location resources for Encounter locations if PV1-3.10 (Location Comprehensive Identifier) is populated. Additionally, when populating Location resources based on PV1-3 data, Location.physicalType will be populated with an appropriate code (e.g. room, bed, ward) depending on whether PV1-3.[1,2,3] are populated.

A new endpoint has been added to the JSON Admin API for accessing audit logs.

When loading transaction log events via the JSON Admin API, it is now possible to load the event body along with the details.

HL7 v2.x transactions that require a Patient (e.g. many ADT triggers) will no longer try to persist the transaction if the details of the Patient are invalid.

The HL7 v2.x inbound processor may now be configured to infer the namespace of the Patient and Encounter identifiers via a new pair of settings called Forced Namespace Mode.

The transaction log now contains details about HL7 v2.x inbound transactions that fail, including a description of the error.

HL7 v2.x MLLP listeners may now be configured to use the MSH-18 value as the message charset when parsing, or to use a hardcoded charset when parsing.

A new Inbound Security module has been added that introduces native support for authentication and authorization through an external LDAP directory such as Active Directory or OpenLDAP. Using this module, users can be authenticated using existing credentials. It is also possible to include individual permissions for users using a variety of methods. See LDAP Security for more information.

Invalid HTTP requests to the FHIR endpoint that are rejected prior to processing (such as invalid URLs, invalid authentication credentials, etc.) will now have a better error page displayed.

FHIR endpoints will now serve a /robots.txt file that requests indexers to not index the endpoint.

Failed FHIR transactions due to invalid credentials or authorization failures will now be logged in the transaction log.

MS SQL has been added to the list of supported drivers for Cluster Manager and FHIR Storage modules.

Smile CDR distribution now includes database driver JARs for supported database platforms.

The FHIR Endpoint now supports the use of the Cache-Control header on the request in order to explicitly state that a request should bypass the search result cache, or to disable paging in scenarios that require a small number of results quickly.

The Binary resource endpoint now supports the X-Security-Context header when reading or writing Binary contents using their native Content-Type (i.e exchanging the raw binary with the server as opposed to exchanging a FHIR resource).

FHIR Endpoints that are configured for CORS support will now declare suppport for the Prefer and Cache-Control headers.

FHIR Endpoints now keep an internal cache for the server CapabilityStatement (i.e. the response to the /metadata endpoint) and periodically prefetch this endpoint to keep the cache warm. This can have a significant improvement to performance for any client activities that involve loading the metadata statement since calculating resource counts can take a non-trivial amount of time. In particular, this can dramatically improve the performance of FHIRWeb.

Performance has been improved when updating resources with only minor changes. Previously, several index rows were deleted and then recreated unneccesarily during the database commit; however, these rows will no longer be touched if they have not changed, causing significant write performance improvements on some systems.

The HL7 v2.x ADT converter will attempt to reuse Practitioner resources if multiple ROL segments are found that have the same Practitioner (by ID) performing multiple roles. Previously, each segment would result in a duplicate Practitioner within the resulting FHIR Bundle, causing a minor performance overhead when saving (since the database ultimately determines that these are the same resource).

When displaying search results in FHIRWeb Console, the search URL that was displayed in the results page did not include the search parameters that were actually used to perform the search, making it misleading. This has been corrected.

An issue was corrected where resources containing a very specific pattern of deeply nested extensions (A primitive element containing an extension which in turn contained an extension containing a composite element) would not save the contents of this extension.

A regression was fixed where the SMART on FHIR demo apps (Growth Chart, BP Centiles) did not work when deployed via the SMART App Host module.

In the User Manager, the "Anonymous" role (which is actually just an internal system pseudo-role and not a real role you can assign to someone) is no longer shown next to the Anonymous user.

In the User Manager, the 'Disabled' and 'Locked' switches could be used to mark a user as disabled or locked respectively; however, it was not possible to subsequently clear these flags. This has been corrected.

In the Module Config, stopping/restarting a module will stop/restart any dependent modules.

In OpenID Connect Clients, renaming a client creates a new entry. This has been corrected.

In the User Manager within the Web Admin Console, updating any user data would incorrectly disable the User's password. This has been corrected.

When paging through multiple pages of search results, if the client had requested a subset of resources to be returned using the _elements parameter, the elements list was lost after the first page of results. This has been corrected. In addition, Smile CDR will not remove elements from search/history Bundles (i.e. elements from the Bundle itself as opposed to elements in the entry resources) unless the Bundle elements are explicitly listed (e.g. _include=Bundle.total).

The ValueSet$expand and ValueSet$validate-code operations incorrectly used the identifier parameter instead of the url parameter. This parameter was renamed during the STU3 ballot cycle but Smile CDR had not yet been updated. Either parameter is now supported.

In certain cases, if multiple clients/threads attempted to update the same resource simultaneously, an optimistic lock failure could cause a "gap" in the history numbers to occur. This would then cause a mysterious failure when trying to update this resource further. This issue has been resolved.

The resource Profile Validator has been enhanced to not try to validate bound fields where the binding strength is "example", and a crash was resolved when validating QuestionnaireResponse answers with a type of choice where the choice was bound to a ValueSet.

Processing of the If-Modified-Since header on FHIR read operations was reversed in some cases, returning a 304 when the resource had been modified recently. This has been corrected.

1.4.2Smile CDR 2017.09.R01 (Aardvark)


Release Information

Released 2017-09-28
Codename Aardvark

Upgrade Instructions

Several configuration properties have been renamed in this release. When upgrading to this release, execute the following SQL script on your cluster manager database prior to starting the new version:

update cdr_module_prot_cfg set enum_type = 'ca.uhn.fhir.rest.api.EncodingEnum' where enum_type = 'ca.uhn.fhir.rest.server.EncodingEnum';
update cdr_module_prot_cfg set cfg_key = 'default_pretty_print' where cfg_key = 'defaultPrettyPrint';
update cdr_module_prot_cfg set cfg_key = 'default_encoding' where cfg_key = 'defaultEncoding';
update cdr_module_prot_cfg set cfg_key = 'base_url.fixed' where cfg_key = 'baseUrl.fixed';


FHIRWeb Console will now display a helpful error message if the user attempts to perform a FHIR operation for which they lack adequate permissions.

A generic demographic mapping utility is now available for mapping from a source system to Smile CDR and/or to a downstream target system, and from Smile CDR back to the source system and/or to a downstream target system. The DemographicMapper utility can be used for both FHIR and HL7 v2.x processing.

The inbound HL7 v2.x transaction processor now maps Patient Account Number from PID-18 to Encounter.identifier as a secondary identifier.

When browser syntax highlighting is enabled, the response page presented to the browser has been enhanced to include the response http status code, and now also can be configured to include the request and response headers as well.

A new security mode for FHIR endpoints has been added. It is called trusted client mode. This allows a requesting client (generally a server connecting to Smile CDR via a trusted network) to assert that requests should be made under the authority of a specific user, optionally with specific permissions.

FHIR Subscriptions are now handled using an internal queuing mechanism, which means that all processing now happens asynchronously instead of holding up the active storage operation. This should allow Subscriptions to scale much better than they previously could.

A new "replication" mode has also been added to REST HOOK processing, which should allow one CDR to replicate its contents (or a subset of its contents) via Subscription, optionally adding a prefix to resource IDs in the process.

This rearchitecture will allow the use of an external queuing system for delivery, and should set the baseline for further performance enhancements in the future.

Several new fields for lab processing have been added to the native HL7 v2.x inbound processor:

  • OBR-3 (Filler Identifier) is now captured as an additional DiagnosticReport identifier.
  • OBR-14 (Date Received) is now captured.
  • OBR-24 (Diagnostic Service Section ID) is now captured.
  • OBX-8 (Observation Interpretation) is now captured.
An additional configuration option has also been added to allow DiagnosticReport resources to use either or both of the placer (OBR-2) and filler (OBR-3) IDs as primary identifiers.

A new endpoint has been added to the JSON Admin API for user management. This endpoint allows for searching, creating, and editing users programatically.

A new configuration option has been added to the FHIR Persistence Module configuration which causes the server to automatically create empty "placeholder" resources if a resource is created that contains references that are unknown.

In Smile CDR version 2017.05.R01, support for the :missing modifier on search parameters was added. This support is useful in cases where this specific type of query is required, but also has a noticeable adverse effect on write performance in many situations because it causes a number of extra rows to be written to the CDR index tables during write operations. As of this version, a new configuration option has been added to the persistence module configuration which allows support for :missing to be enabled or disabled, with the default now being set to disabled.

FHIR Subscriptions have been reworked to now use a queuing mechanism in order to decouple subscription checking and subscription delivery from the persistence and updating of data in the database. Under this new system, Subscriptions are processed in parallel, asynchronously from other parts of the write operation in the database. This system should allow Subscriptions to scale in a much more consistent way, meaning that a large number of subscriptions can now be created without slowing down the CDR storage and update functions. The new mechanism uses an embedded instance of Apache ActiveMQ for queuing. Future releases of the product will expand this to support other popular queue mechanisms.

FHIR Endpoint configuration properties defaultEncoding, defaultPrettyPrint, and baseUrl.fixed have been renamed to default_encoding, default_pretty_print and base_url.fixed respectively in order to be consistent with casing in other configuration properties.

A minor regression in 2017.07.R01 was fixed in the Web Admin Console where the favicon.ico stopped appearing.

Any OBX segments appearing after DG1 segments in HL7 v2.x ADT_A03 messages are now properly captured and processed.

When using a Local Inbound Security module, accounts created with an expiry date in the future were incorrectly denied access, and the resulting error message was not helpful. This has been corrected.

An issue was corrected where the Web Admin Console would display an error when trying to view search parameters if Smile CDR was running with PostgreSQL as the backing database.

An issue was corrected when running against an Oracle 12.2 database where the driver would run out of database cursors while performing the initial seed of SearchParameter resources to the FHIR repository, giving the error ORA-01000: maximum open cursors exceeded.

Mapping of DG1 segments in HL7 v2.x messages is greatly improved. Diagnoses are now conditionally mapped to either Encounter.reason or a contained Condition resource that is referenced by Encounter.diagnosis.

When creating a new user via the Web Admin Console, if the created user failed validation (e.g. because the username or password were blank) then the creation step silently failed. This has been fixed.

Web Admin Console showed an error message instead of the current product version when accessed from a browser with a non-US locale. This has been fixed.

Extensions on resource IDs were not correctly stored when saving resources, meaning that they were lost when the resource was accessed. This has been corrected.

An issue was corrected where search parameters containing negative numbers were sometimes treated as positive numbers when processing the search.

When performing a FHIR Transaction with an invalid request URL (e.g. "url": "Foo") the resulting error message was not particularly useful. This has been corrected.

A potential database deadlock in the stale search purging routine was fixed. This deadlock would only have occurred under very heavy load but it is no longer an issue.

When uploading a Bundle resource to the server (as a collection or document, not as a transaction) the ID was incorrectly stripped from resources being saved within the Bundle. This has been corrected.

1.4.3Smile CDR 2017.07.R01


Release Information

Released 2017-07-10

Upgrade Instructions

This version has no special upgrade instructions.


HTTP endpoints now have a new configuration option respect_forward_header that can be used to instruct the server to look at X-Forwarded-By, Forwarded, etc. headers to receive information about the source client IP and target host name when operating behing a reverse proxy. This setting is disabled by default.

Transaction log entries are now automatically purged after a configurable amount of time. Collected runtime statistics are now automatically collapsed to more coarse entries over time, and then eventually deleted after a configurable amount of time.

Script for starting and stopping Smile CDR has been reworked so that messages logged to the console are coloured, more helpful, and report any errors completely. The script should now be more tolerant of slow startups, too (e.g. running on a very slow database).

FHIRWeb Console now supports user authentication so it can be used with a secured CDR.

The FHIRWeb Console module now has a configuration option that allows anonymous access. An anonymous user with the ACCESS_FHIRWEB permission may access the FHIRWeb Console without logging in. Note that this permission only allows access to the FHIRWeb Console; the user still needs to have other appropriate permissions for any desired operations or they will be blocked.

An optional configurable hard cap to the number of search results that can be returned by a single search is now available.

Searches using search parameters of type date can now accept minute level precision.

FHIR Transactions sent to the server will now respect the HTTP Prefer header, allowing the client to request that the complete resource body of any created/updated resources be returned in the response Bundle.

When adding tags to a resource (or saving a resource with tags), any duplicate tags are now automatically filtered (since duplicate tags do not have any meaning in FHIR).

When executing a search (HTTP GET) as a nested operation in a transaction or batch operation, the search now returns a normal page of results with a link to the next page – as any other search would. Previously, the search would return a small number of results with no paging performed so this change brings transaction and batch processing in line with other types of searches.

Additionally, the CDR no longer returns an OperationOutcome resource as the first resource in the Bundle for a response to a batch operation. This behaviour was previously present but was not specified in the FHIR specification so it caused confusion, and it was inconsistent with behaviour in other servers.

The server CapabilityStatement (metadata operation, previously known as Conformance) is now cached for a set period of time. This should improve performance fairly significantly in some cases since many clients fetch the CapabilityStatement before making a call. This behaviour can be disabled via endpoint module configuration.

A few redundant columns have been removed from some select statements in relational persistence searches, which should improve performance slightly.

Searches now load the first page of results using a scrolling cursor in a separate managed thread, which should significantly increase performance for searches that return a large number of results while ensuring that results are consistent across pages.

An issue was corrected when processing transactions where creates and updates to resources with tags caused the tags to be created twice in the database. These duplicates were automatically filtered upon read so this issue was not user-visible; however, it could occasionally lead to performance issues if a resource containing multiple tags was updated many times via transactions.

When modifying an existing user's permissions in a Local Inbound Security module, the new permissions did not take effect for up to 10 minutes due to a badly timed cache. The caching time has been reduced to 3 seconds, and a note has been added to the permission screen.

When modifying module configuration for a FHIR Storage module, the database password would be cleared even though the UI indicated that it could be left blank.

If a user has write permission to only Patient/A's compartment, attempts to update a resource in Patient/B's compartment to change the subject so that it would be in Patient/A's compartment were previously allowed to proceed. The user will now require write permission to both patients' compartments (or equivalent/greater permission) in order for this operation to be allowed by the security layer.

Searches with an empty search parameter (e.g. Patient?birthdate=&name=smith) returned an HTTP 500 Internal Server Error. Empty parameters will now be ignored.

FHIRWeb Console failed to execute FHIR transaction operations when the response Bundle contains entries with no associated Bundle.entry.resource value. This has been corrected.

When connected to a PostgreSQL database, persistence modules did not automatically expire search results from the cache if the search URL was extremely long. This has been corrected.

When creating or updating resources, the request will be rejected with an HTTP 400 Bad Request if any of the indexed reference fields refer to a deleted resource. Previously, this was not detected, which led to potential invalid references.