Smile CDR v2023.05.PRE
On this page:

1.7Changelog: 2018



A new feature
An existing feature has changed
A bug fix
A performance improvement
A security issue has been corrected

1.7.1Smile CDR 2018.11.R01 (Food)


Release Information

Released 2018-11-12
Codename Food
HAPI FHIR Smile CDR 2018.11.R01 is based on HAPI FHIR 3.6.0, and includes all changes and fixes included in this version. Please see the HAPI FHIR ChangeLog for details about what has changed.


The HL7 v2.x transaction processor now maps RXA-20 (Completion Status) to MedicationAdministration.status.

Previously, transaction processing time was only visible from the Transaction Log summary view in the Web Admin Console. It is now also visible from the Transaction Log event view.

Authentication scripts now support a JavaScript based callback script that can be used to add additional processing rules to the authentication. See the Callback Script Documentation for more information.

Whem mapping HL7 v2.x ORC segments, the value for ORC-4 (Placer Group Number) is now mapped to ProcedureRequest.requisition.

HL7 v2.x Sending Endpoint MLLP connections may now have the send timeout configured, so that sending to an endpoint which is slow to reply does not cause an error.

When viewing HL7 v2.x Sending Endpoint deliveries in the transaction log, the ID of the triggering resource as well as the ID of the triggering subscription are now shown in the transactiong log.

HL7 v2.x inbound and outbound processors now know how to handle Observations (OBX segment) having structured numeric values (HL7 v2.x SN datatype, mapping to Quantity and Ratio datatypes in FHIR).

A new configuration property has been added to SMART/OIDC client definitions called canReissueTokens. If this property is enabled, when a client performs a SMART grant request, if a similar grant request (in terms of requested scopes, etc.) has recently been performed, the same token will be reissued. This is useful for some clients that request tokens repeatedly.

The FHIR Gateway and FHIR Hybrid Providers modules are now both able to support arbitrary extended operations (i.e. operations such as Patient/$foo that are not defined in the FHIR specification and are added by developers). Several new permissions have been added to the Smile CDR permission system to allow users to be authorized to access these operations as well.

The FHIR Gateway module now allows FHIR $operations to be called through the gateway.

Support for the SMART on FHIR Cross-Organizational Data Access Profile has been added to the SMART Outbound Security Module.

The JSON Admin API "Set configuration options for the given module" option has an input parameter named "name" that is equivalent to the parameter named "key" on all other operations. This has been renamed for consistency (although the previous parameter name will remain functional as well for now in order to reduce the burden on upgrading).

A variable called ${client_name} may now be used in SMART Outbound Security module skins to provide the name of the client being authorized.

A new route has been added to the CDA Exchange Module endpoint for creating / updating template scripts with body type application/javascript. This allows a user to directly copy and paste their JavaScript template into their request body without needing to escape any special characters.

Navigations buttons have been added to the Transaction Log viewer in the Web Admin Console. These buttons may be used to move directly to the previous or next entry in the Transaction Log.

A new FHIR operation called $trigger-subscription has been added. This operation can be used to cause a resource to be processed (or reprocessed) through a specific subcription without needing to resubmit the source resource. See Manually Triggering Subscriptions for more information.

The HL7 v2.x outbound message mapper can now use MessageHeader resources stored in the repository in order to populate the MSH segment in generated messages. See Outbound HL7 v2.x for information.

The HL7 v2.x outbound message mapper can now use NamingSystem resources in the repository to populate HL7 v2.x identifier fields with appropriate values based on naming systems found in FHIR identifiers. See NamingSystem Mapping for information on how this works.

A new configuration flag has been added to the database settings for the Cluster Manager and FHIR Storage modules called db.schema_update_mode. This setting allows an administrator to configure whether the database schema should be automatically updated upon system startup.

The Smile CDR CLI upload-csv-bulk-import-file command now has an additional option to skip the first N rows rather than uploading them. This is useful for troubleshooting or recovering from errors.

The inbound HL7 v2.x transaction processor now maps DG1-16 (Diagnosing Clinician) to a Practitioner resource that is referenced by Condition.asserter.

The inbound HL7 v2.x transaction processor now maps additional NK1 fields to FHIR, including NK1-6 (Business Phone Number), NK1-7 (Contact Role), NK1-13 (Organization Name), and NK1-33 (Next of Kin/Associated Party's Identifiers).

The inbound HL7 v2.x transaction processor was mapping PID-6 (Mother's Maiden Name) to with a name use code of maiden. This has been corrected such that repetitions of this field are now mapped to mothersMaidenName extensions on the Patient.

The inbound HL7 v2.x transaction processor now maps PV1-14 (Admission Source) to Encounter.hospitalization.admitSource.

The inbound HL7 v2.x transaction processor includes a new configuration item for handling of PV1-3 (Assigned Patient Location) and PV1-6 (Prior Patient Location). Default behaviour is to treat each of PL-1, PL-2, and PL-3 as distinct locations (e.g. ward, room, bed). In conjunction with associated extra components, PL-1, PL-2, and PL-3 will each result in a unique Location resource. However, when hl7v2_fhir_mapper_pv1.treat_pv1_3_and_6_patient_location_as_atomic is set to true, all of PL-1, PL-2, and PL-3 will be treated as a single atomic location (e.g. ward-room-bed). Processing the PL in this way will result in a single Location resource.

The inbound HL7 v2.x transaction processor now maps PV1-36 (Discharge Disposition) to Encounter.hospitalization.dischargeDisposition.

The inbound HL7 v2.x transaction processor now maps PV1-39 (Servicing Facility) to Encounter.serviceProvider.

Previously, the inbound HL7 v2.x transaction processor would map the value of ORC-2.2 (Placer Order Number - Namespace ID) to both MedicationRequest.identifier.system and its associated MedicationAdministration.identifier.system. RXA-2 (Administration Sub-ID Counter) can now be overloaded to declare a different identifier system. If the first extra component of RXA-2 is populated, its value will be stored in MedicationAdministration.identifier.system.

The inbound HL7 v2.x transaction processor now maps non-standard ZXT segments to FHIR. One or more of these optional segments can be appended to any message structure. The general purpose for ZXT segments is to populate fields and extensions in FHIR that the inbound HL7 v2.x transaction processor doesn't already handle. Provided a declared value type, a value, and a path, the processor will populate FHIR accordingly.

When following documentation links to anchor tags, the desired content no longer hides under the webpage header.

For repetitions where RXE-7.1 and RXE-7.3 are both populated, the HL7 v2.x transaction processor maps this field to MedicationRequest.dosageInstruction.additionalInstruction. For repetitions where only RXE-7.2 is populated, the HL7 v2.x transaction processor maps this field to MedicationRequest.dosageInstruction.text. Previously, this field was only mapped to .additionalInstruction.

User logout events from the SMART Outbound Security module were not being added to the audit log. This has been corrected.

In the FHIR Gateway Endpoint module, if a client requested a search using an invalid search parameter, a meaningless error (!MESSAGE!) was returned to the client. This has been corrected.

Under some circumstances, database credentials were being added to the Smile CDR logfile. This has been corrected.

When using pinned host mode, if no port was specified in the pinned host definition, the port would default to 80. This works for HTTP, but causes weirdness for HTTPS. This has been corrected.

The SMART Outbound Security logout endpoint did not work when a custom context path has been specified. This has been corrected.

When accessing services with very high concurrency, occasional requests at the start of the day could fail with a database concurrency error. This has been corrected.

When mapping RAS_O17 messages to FHIR, the inbound HL7 v2.x transaction processor was incorrectly reading RXR segments from the ENCODING group instead of the ADMINISTRATION groups such that MedicationAdministration.dosage.route and were not being populated. This has been fixed.

When operating under heavy load, the first system access on a given day by a specific user could occasionally cause a failure due to concurrent database access. This has been corrected.

1.7.2Smile CDR 2018.09.R01 (Economist)


Release Information

Released 2018-09-17
Codename Economist
HAPI FHIR Smile CDR 2018.09.R01 is based on HAPI FHIR 3.5.0, and includes all changes and fixes included in this version. Please see the HAPI FHIR ChangeLog for details about what has changed.

Upgrade Instructions

As of the 2018.09 release, database migration is performed using the smileutil migrate-database command. See the command documentation for more information.


A new database migration utility has been added to the smileutil command. This tool allows database migrations between versions of Smile CDR to be automated.

A new option has been added to FHIR Storage module configuration that enables support for the :contains modifier on String searches.

Smile CDR now has the ability to send outbound (from the CDR) HL7 v2.x message feeds in response to data that has been created or updated in the repository. Initial support includes Orders and Observations messages, and more are planned.

A few noisy elements in the Smile CDR log (smile.log) have been removed. Specifically, regular logging about cluster heartbeats and statistics cleanup have been reduced, which means that the logs will be much less noisy when the system is not under load.

The CapabilityStatement returned by FHIR servers will now include the server base URL in the CapabilityStatement.implementation.url field.

A new API has been added to the Javascript Execution Environment that allows access to environment variables passed in from the OS or command line.

A new option has been added to the Node Configuration Properties file, allowing you to specify that all configuration in the file should take precedence over configuration in the database. This is useful if a node is unable to start because of invalid settings saved in the database, or if you wish to reconfigure a node to a known saved state.

In a clustered deployment, it is now possible to create multiple master nodes (each of which may potentially have clone nodes as well) via properties files.

The SMART Outbound Security module now supports the OAuth2 Token Revocation Endpoint (RFC 7009), as well as a new endpoint for session logout.

Support for current draft FHIR R4 resources has been added. Note that FHIR R4 remains unreleased and is subject to change until the formal release, so definitions may change slightly between releases of Smile CDR. However, this functionality can be useful for testing out upcoming functionality and preparing for the release of FHIR R4.

When using SMART on FHIR security in a multi-master clustered configuration, it was previously not possible to put the SMART Outbound Security module on a different master node from the endpoints that were secured by that module. It is now possible to use a SMART Inbound Security module on a separate master node in order to accept tokens issued by a SMART Outbound Security module within the same cluster.

A new module type CDA Exchange has been added. This module adds the following functionality:
Create, Delete, and View CDA document templates via REST api. These templates are scripts that use the JavaScript execution environment. Use a CDA document template. The user can fill in the template parameters to generate a new Fhir Composition, Fhir FullTextDocument, and/or CDA document. Note: currently, only Continuity of Care C-CDA documents are supported.

Additional search functionality has been added to the JavaScript Execution Environement. Users can now use Fhir object in the JSEE to every type of search that their Fhir server supports (previously only Token searches were supported). Additionally, the new function Fhir.getResource(String theURI) has been added to the JSEE that retrieves a specific resource.

A new method has been added to ResourceBuilder in the JavaScript Execution Environment. Users can now call ResourceBuilder.buildComposition() to create a Composition. This Composition acts like any ResourceBuilderResource, but with additional functionality to support the building of Fhir Documents and C-CDA Documents.

The inbound HL7 v2.x transaction processor now sets Condition.category to system and code encounter-diagnosis.

A new user permission called FHIR_PATCH has been added, allowing users to perform resource patches.

Documentation will now be accessible from the Web Admin Console without requiring the user to be logged in.

All HTTP servers exposed by Smile CDR may now be configured to have an access log (or multiple access logs) that contain information about individual requests. These logs may be configured to a variety of formats.

The SMART Outbound Security module now has CORS configuration matching all other HTTP server modules. Previously CORS was permanently enabled for this specific module type.

A new setting has been added to the FHIR Storage module that allows the administrator to select which FHIR resource types will be supported by the server.

A new module type called FHIR Gateway has been added. This module type works as a proxy to a remote FHIR server, adding security, management and other functionality as a part of the proxy.

Configuration category pages in the documentation (the pages listing the various possible configuration options) now includes a list of possible values for enumerated types.

Smile CDR can now be configured to connect to an external instance of ActiveMQ for powering subscriptions in a cluster-aware way.

Subscription processing now uses a separate message queue for each subscription. This means that one subscription failing to deliver will not prevent another thread from attempting to deliver. This also allows for delivery characteristics to be configurable on a per-subscription basis.

Smile CDR CLI (smileutil) now has an additional interactive method of requesting credentials from the user, instead of having them passed in on the command line. In addition, a new entry has been added to the Smile CDR configuration file called node.system_properties.source. This entry allows system properties to be read in via a properties file. These changes improve the ability to pass sensitive information such as database credentials via the command line.

A new setting has been added to HL7 v2.x Listener Endpoints that allows unprocessable messages to either be accepted (using AA response code) or rejected (using AE response code).

The FHIR endpoint authorization system has been enhanced so that read requests for data within a compartment will now often be blocked prior to any data being fetched if the user has access only to a different compartment. For example, if the user had read access to compartment Patient/123, a search for Observation?subject=456 would previously only be denied after data had been fetched (but before this data was returned to the user). The request will now be denied before data is fetched from the database.

Under certain conditions, buttons for actions that were not actually possible to take would display on the Web Admin Console console config page. This has been corrected.

Access tokens issued by the SMART Outbound Security module did not have a token_type claim, which indicates that the token is intended to be used as a Bearer token. This has been corrected.

Session management for clustered HTTP servers requiring an HTTP session (such as the SMART Outbound Security module, or the Web Admin Console) has been improved. Environments with content spraying across clusters should now be more resilient to rapid distribution of requests across the cluster.

When adding a new module in the Web Admin Console, configuration items which have an enumerated set of allowable values were incorrectly defaulting to the first item in the list instead of the specified default value. This has been corrected.

When the Web Admin Console was run with a context path other than the default, some deep links to documentation pages did not accurately reflect the context root. This has been corrected.

The smileutil "upload-csv-bulk-import-file" command did not previously have a way of specifying the ID of the ETL Importer module to target, and instead assumed that it was always called "etl". This has been corrected.

Previously, the inbound HL7 v2.x transaction processor was mapping DG1-5.1 and an extra component (effectively DG1-5.3) to Condition.onsetDateTime and Condition.abatementDateTime. This has been changed such that DG1-5.1 will now be mapped to Condition.assertedDate.

Two bugs were fixed around the use of default launch contexts in the SMART Outbound Security module. First, a crash was addressed when changing a user's default launch context from one patient to another in the Web Admin Console user manager. Second, if a user's default launch context was changed, this change was sometimes not reflected in OIDC logins happening shortly after the change was made.

When editing a module in the Web Admin Console, in the dependency list for a given module the module type was shown but not the module ID. This made it difficult to select the correct dependency when multiple modules of the same type were present.

When uploading an external CodeSystem (e.g. LOINC) to Smile CDR, some concepts did not get indexed correctly by Lucene, leading to incomplete ValueSet expansions. This has been corrected.

Several security fixes were made in order to prevent common web attacks against HTTP servers exposed by Smile CDR. These include:

  • CSRF protection cookies are now sanitized in order to prevent a theoretical attack involving poisoned CSRF cookies being used to inject HTML into the user's browser
  • URL parts (paths, parameter names) on the FHIR server are now sanitized in order to prevent HTML injection attacks

A bug was fixed where the SMART Outbound Security module would fail to complete the Resource Owner Credentials Grant if the client definition did not have a redirect URL defined.

When changing the date range for charts in the Web Admin Console, sometimes the chart would flicker when hovering over data points. This flickering made the charts very hard to read. This issue has been corrected.

When creating an HL7 v2.x Listening module, an incorrect default was set on the Patient Primary Identifier Search Parameter setting. This has been corrected.

An issue was fixed in the Search Parameter statistics gathering module, where servers with a very high number of changes (creates and updates) in a short period of time could cause a memory leak.

1.7.3Smile CDR 2018.05.R01 (Dromedário)


Release Information

Released 2018-05-29
Codename Dromedário
HAPI FHIR Smile CDR 2018.05.R01 is based on HAPI FHIR 3.4.0, and includes all changes and fixes included in this version. Please see the HAPI FHIR ChangeLog for details about what has changed.

Upgrade Instructions

This release introduces several database schema enhancements.

The following upgrade script should be executed on the cluster manager database.


The following upgrade script should be executed on any persistence module databases.

alter table TRM_CODESYSTEM_VER drop column RES_VERSION_ID;


A new configuration option has been added to FHIR REST servers that allows the suppression of any identifying information about the server platform and version. This option removes the Server and X-Powered-By response headers and the software section of the server CapabilityStatement.

Additional fields have been added to the Smile CDR user manager and user data models for storing a default EHR launch context for a specific user. These fields can be used to supply a value to be returned by the SMART Outbound Security module when a client requests EHR Launch context scopes such as patient/launch and encounter/launch.

The user manager now has an additional field for the user's email address, and an additional field for capturing notes about the user. The email will be exported as a claim in any ID tokens generated by Smile CDR OpenID Connect server modules.

It is now possible for an administrator to set minimum password requirements for users setting their own password.

A new command has been added to the smileutil (CLI) tool called synchronize-fhir-servers. This command can be used to synchronize all resources from a source FHIR server into a target FHIR server.

When processing inbound (to Smile CDR) HL7 v2.x transactions, any received messages that are of an unknown type will now be ignored. Previously unknown message types caused a processing error, and an HL7 AE (error) code was returned to the sender. Now, an informational message is created, and an HL7 AA (accept) code is returned. This should make it easier to process feeds that contain extra messages that are not strictly needed.

When processing inbound HL7 v2.x messages, if the message was rejected because of missing mandatory fields or other business rules, the rejection reason was added to the transaction log (i.e. visible in the Web Admin Console) but not added to the system log (i.e. visible in smile.log). It is now logged in both places.

Periodic log entries showing queue sizes for subscription queues now include speed statistics showing throughput in and out of the queues.

A new security module called Scripted Inbound Security has been added. This module allows security decisions to be made using a customer-supplied script, meaning that external authentication providers can be called. The results of the external authentication can then be translated into Smile CDR user session permissions, SMART scopes, etc.

A new module called Hybrid Providers Endpoint has been added. This module allows the creation of custom Resource Providers (code which implements individual FHIR operations such as read, create, search, etc.) which will then be served by Smile CDR. These custom endpoints will be secured, audited, and managed by Smile CDR infrastructure, but can implement storage logic against any arbitrary data store.

ID Tokens generated by the SMART Outbound Security module now contain an at_hash claim containing the hash of the Access Token, as well as a jti claim containing a unique identifier for the token.

Latency graphs in the Web Admin Console (such as the FHIR endpoint latency graph) have been split so that the maximum latency and the average latency now appear on separate graphs. This makes it much easier to identify trends in average latency, since previously the "maximum" curve often drowned out the other two.

The end-user visible web pages provided by the SMART Outbound Security module (i.e. the Login page and the Approval page) can now be skinned rather than displaying a Smile CDR branded page.

Added route to the JSON Admin API endpoint for creating new module instances at {module_id}/{node_id}/create

When displaying the OAuth2 scope approval (confirmation) page, if only some scopes are listed in the client definition as "auto approve", these scopes will no longer appear as checkboxes for the user to approve.

A help button has been added to properties in the Web Admin Console that brings up the related property definition. This makes it easier to cross reference settings between the Web Admin Console and the properties file that is used to initialize settings.

A new FHIR operation called $expunge has been added. This operation permits an authorized user to physically (not logically) delete data from the CDR. Expunge can be used to prune old versions of resources, deleted resources, or even current live data from the database. Note that additional Smile CDR user permissions also been added to support this operation.

The Smile CLI Tool (smileutil) has been harmonized so that it also provides the features and commands of the HAPI FHIR CLI tool.

A new configuration item has been added to HTTP server modules (such as FHIR REST Endpoints or the Web Admin Console) called context_path. This setting can be used to specify that a server should serve its contents at a specific sub-path instead of servicing at the root path. See the HTTP Server Setup documentation for more information.

A new FHIR operation ($upload-external-code-system) has been enabled in Smile CDR that enables uploading of external terminology code systems such as LOINC and SNOMED CT. In addition, a command has been added to the Smile CLI Tool (smileutil) that can be used to invoke this operation from the command line.

Significant improvements have been made to the FHIR terminology services support for the LOINC code system. This includes complete support for LOINC properties and components (including the ability to search and filter based on these) as well as support for LOINC's various ValueSets (e.g. the Top 2000+ Lab Observations) and ConceptMaps (e.g. the RadLex to LOINC map).

The JavaScript Execution Environment now provides a new method within the FHIR API that facilitates terminology mapping. It is called Fhir.translate().

Any HTTP servers will now have a special [monitoring endpoint](/docs/monitoring/monitoring_basics.html#endpoint-health] that can be used by monitoring systems and network infrastucture to detect whether the server is currently operational.

It is now possible to access system environment variables and Java system properties from the Smile CDR configuration property file. See Variable Substitution for more information.

Minor layout improvements have been made to the Web Admin Console.

Smile CDR will now ignore any Authorization header containing an empty username and password. This is a workaround that allows the current version of Forge to upload conformance resources into Smile CDR despite sending an invalid Autohrization header.

The ConceptMap operation $translate has been implemented.

smileutil now includes two new commands. One is for importing and populating a ConceptMap resource from a CSV (import-csv-to-conceptmap); and one for exporting a ConceptMap resource to a CSV (export-conceptmap-to-csv).

A new short-term cache has been added to the Local Inbound Security module that will optionally cache successful authentication credentials for a very short period of time (3s) in order to avoid repeated expensive password checks when many requests are received in a short period of time. This can cause a dramatic performance increase on endpoints secured using HTTP Basic Auth, where the username and password must be checked for every request.

An optimization has been made to the way that resource counts are calculated and loaded into generated CapabilityStatements. Although these counts were already cached, previously if the cache was expired and five FHIR client requests arrived at the same time, all five threads would synchronously reload the resource counts. This could cause significant delays on heavily loaded systems where the conformance statement is reloaded regularly. After this change, resource counts will only ever be reloaded asynchronously and will never delay the FHIR client operation.

OpenID Connect Access tokens and ID tokens issued by the SMART Outbound security module will use the user's username as the iss (issuer) claim, instead of using the user's internal database ID.

The CPU usage graph in the Web Admin Console had breaks for null values on the x-axis where ticks should have indicated values of 0. This has been fixed.

Restarting a Persistence module did not correctly shut down ActiveMQ message channels (used internally for Subscription processing), causing a degradation in subscription processing and occasional errors in the logs due to the partially closed channels. This has been corrected.

MedicationAdministration resources created by processing RAS^O17 messages did not have the MedicationAdministration.subject or MedicationAdministration.context fields set.

In the Web Admin Console, exceptions are showing up while clicking on certain links/ buttons if user has fewer permissions. This has been corrected.

The SMART Outbound Security module "login" and "approve" pages were scaled badly on mobile devices, appearing small and hard to read. This has been corrected.

In the SMART Outbound Security module, the nonce parameter was not correctly being retained from the original authorization request so that it could be inserted into the generated ID Token.

While updating a user, giving a username that already exists shows an exception on admin web. This has now been fixed.

The Web Admin Console failed to come back up if it was restarted from within itself (i.e. if the "restart module" button was clicked on the Web Admin Console module itself). This has been corrected.

Search Parameters with status set to draft or disabled via the Web Admin Console now properly synchronize with server.

A regression in Smile CDR 2018-03-R01 was fixed when operating in a clustered setup. With this regression, any settings that were changed on modules on the master node did not automatically propagate to the equivalent module on any clone nodes until the entire node was restarted. This has been corrected.

When automatically deleting expired OAuth2 authentication codes, access tokens, and refresh tokens, a bunch of noisy constraint exceptions were shown in the system logs and this sometimes delayed clearing these tokens. This has been corrected.

If a client performed an OAuth2 authentication against the SMART Outbound Security module, and then subsequently performed an identical authentication within a short period of time, some attributes (specifically EHR Launch Context claims) would not be returned in the second generated grant. This has been corrected.

When working in clustered mode, the SMART Outbound Security module OAuth2 token granting process sometimes failed when used from a clone node. This has been fixed.

Editing a Search Parameter through the Web Admin Console now properly adds to that Search Parameter's history instead of creating a new one.

An issue was fixed in some module types where web content sprayed across nodes in a cluster very quickly would result in CSRF errors during login.

When multiple clients/threads tried to update the same resource at the exact same time, an HTTP 500 error with a nondescriptive message was returned to the client. This has been replaced with an HTTP 409 (Conflict) and a descriptive error message.

An occasional crash was fixed when exchanging a refresh token for an access token for the second time (i.e. on the second time that the refresh token gets used).

Redundant link to home in the Runtime dropdown menu has been removed from the Web Admin Console.

1.7.4Smile CDR 2018.03.R01 (Crouton)


Release Information

Released 2018-03-29
Codename Crouton

Upgrade Instructions

This release removes a code directory from the classes directory in the Smile CDR installation. When upgrading, please delete the ca directory (and all of its subdirectories) that is found within the classes directory. All other contents should be left alone.

When upgrading to this release, there are several database schema changes which must be made. Please ensure to back up your database prior to upgrading. The snippets shown below are for Postgres 9.4+. Please contact us if you require a migration script for another platform.

The following (Postgres) snippet should be executed on your cluster manager database.

ALTER TABLE cdr_module_cfg_prop ADD COLUMN value_extended TEXT;

The following (Postgres) snippet should be executed on any persistence module databases.

DROP TABLE hfj_search_result;
DROP TABLE hfj_search_include;
DROP TABLE hfj_search;
ALTER TABLE hfj_resource DROP COLUMN res_text;
ALTER TABLE hfj_resource DROP COLUMN res_encoding;
ALTER TABLE hfj_res_ver ALTER COLUMN res_encoding DROP NOT NULL;


Web Admin Console now provides the option for users to change their password.

A new option has been added to CLI hl7v2-transmit-flatfile command called --count. This option specifies a maximum number of messages to send before exiting.

Incoming HL7 v2.3 RDE^O01 messages, which are replaced by the newer trigger RDE^O11 in HL7 v2.4, will be accepted and processed as RDE^O11 in order to simplify processing legacy feeds.

Custom search parameters are now supported on DSTU2 endpoints (previously only STU3/R4 endpoints would index custom search parameters).

The inbound HL7 v2.x transaction processor now maps PR1 segments to Procedure resources.

A new configuration property has been added to the persistence module that allows the generation of server-assigned IDs to be done using sequential numbers (as was previously the case, and remains the default) or using randomly generated UUIDs. The latter is useful in architectures where data will be replicated from one CDR to another separate CDR instance.

SMART Outbound Security module now optionally allows the signing JWKS file to be specified as a text string containing the raw JWKS file instead of as a resource path.

A new security module called SMART Inbound Security has been added. This module assumes the existence of an external SMART on FHIR Authorization Server (i.e. an OpenID Connect server that is not a part of Smile CDR), and it will validate and use Access Tokens granted by that server.

The SMART Outbound Security module has received a number of enhancements in order to more fully support the SMART on FHIR specification including:

  • The profile scope is now fully supported.
  • The server supports the OpenID Connect metadata query endpoint (/.well-known/openid-configuration).
  • The server supports the Token Introspection endpoint (/oauth/token/introspect).
  • Refresh tokens are supported via the refresh_token Grant Type using the offline_access and online_access scope.
  • A SMART on FHIR tutorial has been added to the documentation.

A new configuration item has been added to the persistence module that allows users to disable the automatic reindexing of resources following a SearchParameter change. This can be useful on deployments with a large amount of data in the repository.

The HL7 v2.x ORU^R01 inbound processor now processes and maps several new fields:

  • SPM-4 (Specimen Type)
  • SPM-7 (Specimen Collection Method)
  • SPM-8 (Specimen Source Site)

HL7 v2.x ORU^R01 inbound processor will now accept messages without a populated ORC segment. The generated FHIR payload will have a DiagnosticReport resource but no corresponding ProcedureRequest resource.

When processing HL7 v2.x inbound ORU feeds, OBX segments may now have values of type CWE and CE.

The smileutil command hl7v2-analyze-flatfile now allows the user to specify a path instead of a file, and the entire path will be analyzed.

A new configuration property has been added to the FHIR Persistence module types that allows Lucene indexing to be completely disabled. This can have a positive impact on storage space and performance on servers that don't require any kind of fulltext searching or large codesystem expansions.

FHIR DSTU2 repositories now support the ability to create and use custom SearchParameter resources. This functionality already existed for DSTU3 repositories and has now been backported.

A new configuration item has been added that prevents the transaction log from storing transaction bodies in the database.

Experimental support for multitenancy has been added. This feature is new, and remains unsuitable for production use but it has been added in order to begin testing it. A future release will add functionality and remove it from experimental status.

A new experimental feature has been added to the FHIR Endpoint modules called "Versioned API Mode", which allows the client to request a specific version of FHIR in the response and the server will automatically return the correct version.

A new module type called ETL Import module has been added. This module allows data to be imported from CSV extracts and converted into FHIR resources, then saved in a persistence module. This module uses a newly developed JavaScript mapping API for converting CSV rows into FHIR resources. In addition, a JSON Admin API ETL Import Endpoint has been added, as well as a smileutil command that can be used to automate processing.

When using smileutil commands that accept a file or path as an argument (such as transmit-hl7v2-flatfile), if a file has the extension .gz or .bz2 it will now automatically be expanded prior to processing.

A new configuration item has been added to the Persistence module configuration called subscription.processor_queuing_mode. This setting allows Subscription processing to be made synchronous, meaning that subscriptions are processed inline with incoming transaction requests. This can have a negative impact on performance but is useful for system testing and certain architectures/designs since clients get immediate feedback if a Subscription cannot be delivered.

The Smile CDR code for actually starting the system was packaged in a directory called ca in the [base]/classes directory within the installation. This led to confusion, as the product could not be upgraded simply by replacing the JARs in the [base]/lib directory. This has been addressed so that all code is now packaged in lib.

Status graphs on the Web Admin Console (e.g. CPU usage, throughput, etc.) have been updated to use the Chart.JS graphing library. This change doesn't have much impact on the user experience – although the graphs are a bit more fun to interact with – but it should set the stage for more graph features in the future.

Two new configuration properties have been added to database configuration pool settings:

  • A property that adjusts the amount of time a request may spend waiting for a database connection to become available when the pool is exhausted.
  • A property that determines whether or not prepared statements should be pooled.

In Module Config web and json, users now have the option to archive and reinstate a module when required.

When a browser is used to access a FHIR Endpoint with Syntax Highlighting enabled, the resulting page is nicely formatted and coloured for easy reading. As of this release, the formatted page includes response headers and line numbers. It also allows a user to click on links and create links that include highlighted line numbers in the response.

The validator used for DSTU3 validation has been upgraded significantly, and it now supports many advanced StructureDefinition features that were previously unsupported or only partially supported.

In the Web Admin Console, exceptions keep showing up while clicking on certain links/ buttons if user has fewer permissions. This has been corrected.

Accessing root url ("/") via an HTTP GET on FHIR endpoint was returning HTTP 500 (Internal Server Error). This has been corrected to return an HTTP 400 (Bad Request) which is the correct behaviour for this request.

HL7 v2.x inbound SPM segment processor incorrectly labelled segment identifiers mapped from SPM-2-2 (Filler ID) as being the placer identifier. This has been corrected.

When performing a $validate operation with a mode parameter of delete on a repository that had referential integrity disabled, the validate operation would delete resource reference indexes as though the delete was actually happening, which negatively affected searching for the resource that had been validated. This has been corrected.

A crash was fixed in the JSON resource parser when parsing extensions on repeatable elements (e.g. Patient.address.line) where there is an extension on the first repetition but not on subsequent repetitions of the repeatable primitive.

Two configuration properties for the HL7 v2.x Inbound Processor module called obr.use_obr2_placer_order_number_as_primary and obr.use_obr3_filler_order_number_as_primary have been renamed to hl7v2_fhir_mapper_obr.use_obr2_placer_order_number_as_primary and hl7v2_fhir_mapper_obr.use_obr3_filler_order_number_as_primary respectively. This was done in order to be more consistent with the naming of other properties in this module. If you have changed these settings from the default then you should update your configuration when upgrading.

A regression in Smile CDR 2017.11.R01 was fixed where the repository would not index for :missing search modifiers even if configured to do so.

A crash was fixed in FHIRWeb Console. When deleting a resource directly from within the console, the deletion succeeded but the resulting page in the console showed a nonspecific error message.

By default, the issuer URL for a Smart Outbound Security module was configured for HTTPS when it should be HTTP. This has been corrected.

By default, the authorizing endpoint for a Smart Outbound Security module was; it is now

If a user had write permissions for a given resource, they were not permitted to perform PATCH operations against that resource. This has been fixed.

When the server was returning a multi-page search result where the client did not explicitly request an encoding via the _format parameter, a _format parameter was incorrectly added to the paging links in the response Bundle. This would often explicitly request XML encoding because of the browser Accept header even though this was not what the client wanted. This has been corrected.

Searches using a combination of the _id and _content parameter failed with an HTTP 500 error. This has been corrected.

A bug was fixed where resources containing indexed fields with Korean text (e.g. a Patient with a Korean name) failed with an HTTP 500 upon creation.