Backported from: 2023.02.R01

Supplying ActiveMq with an error handler to prevent logging payload when encountering issues while processing received JMS messages.

Using passwordless IAM authentication for AWS RDS is now supported via the new Use IAM Auth. More information can be found here.

The cdr-endpoint-hybrid-providers-demoproject module was enhanced with additional code samples about internal Dao access (for DSTU2, DSTU3 and R4) and Custom operations. Hybrid Providers section in Smile CDR documentation was updated with two new sub-sections about Dao access and Custom operations implementation.

Added a new setting for Bulk Export that changes how many resources are stored in each binary output file. The default value for the setting is 1000 resources per file.

A new section has been added to the Smile CDR documentation called FHIR Standard which contains tutorials on beginner and advanced FHIR topics. Over time we will continue to add to this section.

Support for import of a CDA CCD document with a non-standard Assessments section has been added.

Support for the import of a CDA CCD document with a care team section has been added.

Support for import of a CDA CCD document with a Goals section has been added.

Support for import of a CDA CCD document with a Health Concerns section has been added.

Support for import of a CDA CCD document with a Notes section has been added.

MongoDB FHIR Storage module now supports performance tracing similar to the RDBMS module. Additionally, enabling Capture SQL results in individual MongoDB queries being captured and traced.

FHIR Persistence (MongoDB) modules now support native MongoDB Sharding, using Smile CDR partitioning mode. See MongoDB Sharding for more information.

Support for import of a CDA CCD document with a Note section has been enhanced to be able to conform to the US Core IG.

Import of the CDA CCD Result section to a FHIR DiagnosticReport resource did not set a category. The mapping accounts for the US Core IG if conformant data are found.

Support for import of a CDA CCD document with a Goals section has been enhanced to be able to conform to the US Core IG.

Import of the CDA CCD Medications section to FHIR did not handle a case that was required for optional US Core compliance. If a Medication Activity has an entryRelationship with templateId root = 2.16.840.1.113883.10.20.22.4.17 and classCode = "SPLY" and moodCode = "INT," then the whole Medication Activity will now be mapped onto the US Core MedicationRequest Profile.

Support for import of a CDA CCD document with a ProductInstance entry following the Implantable Device template has been enhanced to be able to conform to the US Core IG.

Import of a CDA CCD to a FHIR Organization resource did not set active, nor did handle the case of an OID of 2.16.840.1.113883.4.6, which corresponds to the URI http://hl7.org/fhir/sid/us-npi. Support for these has been added for optional conformance to the US Core profile for the resource.

Further support for patient demographics and clinical health information has been added to CDA import. This includes extensions for patient religion, race, ethnicity, and place of birth according to the US Core IG.

The HL7 v2.x inbound processor now maps repetitions of PID-26 (Citizenship) to patient-citizenship extensions on the Patient.

Adding support for _sort on mongodb for date parameters when querying data, also added exception when attempting to sort by unsupported search parameter types

Adding support for _sort on mongodb for remaining unsupported parameters.

Improving option documentation for smileUtil command import-csv-to-conceptmap. Current documentation does not include references to flag '-s' for specifying the concept map status although being required when validation is enabled.

Added support for OpenSearch. Added support for IAM authentication to Elasticsearch/OpenSearch. If you set the AWS Region property, IAM authentication will be attempted to the host.

Support for import of a CDA CCD document with a Product Instance entry (or entries) of a Procedure section has been added.

CDA Import now supports the mapping of certain fields populated with nullFlavors to FHIR fields with dataAbsentReason extensions for optional compliance to the US Core IG.

Support for import of a CDA CCD document with a Plan of Treatment section has been added.

Transaction and Audit logs will now store the Request ID and Transaction GUID for all FHIR requests where these details are available. In addition, the Audit Log can now be searched using a Transaction GUID.

A new feature called Response Watermarking allows FHIR REST responses to automatically have their associated transaction GUID injected into resource bodies for traceability purposes when at rest.

Previously, DELETE request type is not supported for any operations. DELETE is now supported, and is enabled for operation $export-poll-status to allow cancellation of jobs

Providing the capability to add launch context parameters other than resources to the response token in SMART Outbound Security.

When importing a CDA document, if the patient's birth sex is available, it will be mapped to the USCoreBirthSexExtension extension to conform to the US Core Patient Profile.

Added $submit-attachment system-level operation to support a solicited attachments workflow. Requests include: a tracking ID that corresponds to an existing Task in the repository by Task.identifier; and one or more attachments. The operation identifies an existing Claim in the repository via the Task, associates the attachments with the Claim, and then updates Task.status accordingly.

Update TransactionLogSvcImpl to be able to return a pageable result

OIDC Clients can now be configured with a remote JWKS Url for Client Credential flow. This url will be used in place of the inline JWKS json when present.

New attribute added for the @Operation annotation to define the operation's canonical URL. This canonical URL value will populate the operation definition in the CapabilityStatement resource.

The 'effectiveTime' of the CDA Note Section is mapped to 'DocumentReference.context.period'.

The cdr-interceptor-starterproject module was enhanced with additional code samples about internal Dao access (for R4), Spring configuration class, MDM interceptor and FHIR client calls. Interceptors section in Smile CDR documentation was updated with new sub-sections about Subscription and MDM interceptor sample implementation.

The cdr-interceptor-starterproject module was enhanced with additional code samples for all SERVER_XXX pointcuts for the FHIR Endpoint interceptor, all STORAGE_XXX pointcuts for the Persistence interceptor, all SUBSCRIPTION_XXX pointcuts for the Subscription interceptor, all FHIRGW_XXX pointcuts for the FHIR Gateway interceptor and finally all CLIENT_XXX pointcuts for the FHIR client interceptor. Interceptors documentation was modified to include new starter classes as examples. A new section about Client interceptor was also added.

Added support for multiple OR reference parameters in queries to the MongoDB persistence module. E.g. example Observation?subject=Patient/1,Patient/2 will now work.

Previously, MongoDB did not support MDM expansion over the $everything operation. This has now been added.

A new configuration option has been added to the FHIR Endpoint modules, allowing specific FHIR interactions to be selectively enabled in cases where you want an endpoint to only provide and advertise a specific set of interactions.

Several new options have been added to FHIR Endpoint CapabilityStatement/OpenAPI/Swagger generation: * The Swagger-UI page can now show resource types on separate pages (currently the only option) or show a combined single page with all resource types * Additional CSS can be supplied to be added to the Swagger-UI page * The exported software name and version strings can now be customized (previously these were hardcoded to 'Smile CDR') * The banner logo on the Swagger-UI page can now be customized

Extend $member-match to store Consent resource when there is a matching patient.

If a member_id parameter is passed to /oauth/token endpoint, it will be passed down to the onTokenGenerating script.

A hard-coded mapping for the transmitter agent is added to the generated Provenance resource.

The cdr-endpoint-hybrid-providers-demoproject module was enhanced with additional code sample about Custom operations returning other data types than FHIR. Some basic unit tests were also added to demonstrate how to use JUnit 5 / Mockito to test Hybrid Providers. Hybrid Providers section in Smile CDR documentation was updated with more details about Custom operations implementation.

Adding a new sub-section in Troubleshooting PostgreSQL section of Smile CDR Docs about potential issues with 'pg_largeobject' table in PostgreSQL, how the Persistence module 'Inline Resource Storage Below Size' property can be used to mitigate them, and how to run 'vacuumlo' command to remove orphaned large objects stored in 'pg_largeobject' table from a PostgreSQL database.

HL7 error messages in the logs will now contain the message control ID in order to help debugging

Added a new DB Index to the CDR_AUDIT_EVT table on the EVT_TIMESTAMP column.

To be consistent with US regulation, SMART public clients created by appSphere will no longer be granted refresh tokens, and SMART confidential clients will have a default expiry of 3 months.

Add update classifications endpoint to appSphere Admin Console.

Prevent modification of configurations when the application properties are loaded from the properties file.

Adding smileutil support (module-config-properties-export) to export module/node properties to a specified properties output file in the way that admin web allows.

Previously, successfully authenticated credentials in the inbound security modules were always cached for 20000 ms (20 seconds) when the Cache Successful Credentials property was enabled. This value is now configurable by specifying a value for the Authentication Cache Duration property.

appSphere registration process allows a Developer to request bulk transfers of various permission levels.

By default, if the $export operation receives a request that is identical to one that has been recently processed, it will attempt to reuse the batch job from the former request. A new configuration parameter Enable Bulk Export batch job reuse has been introduced that disables this behavior and forces a new batch job on every call.

appSphere - developer can select maximum bulk transfer permissions for their sandbox.

Import of the CDA Medications section to the FHIR MedicationRequest resource did not populate encounter. The field will now be populated with a reference to the first FHIR Encounter resulting from the first entry in the CDA Encounters section.

The MDM documentation was enhanced with a new subsection about rule definition, to provide more detailed information about rule definition fields, with use cases, pitfalls and performance tips.

Smile CDR console web UI will allow to modify some attributes for OpenID Connect Clients managed by appSphere.

Creation of Observation resources from Import of a CDA CCD did not set Observation.component.dataAbsentReason when appropriate. This capability has been added.

The MongoDB Storage module now implements Auto-Create Placeholder Reference Targets, which was previously only supported by the RDBMS module.

The creation of a FHIR Device during CDA Import did not set Device.udiCarrier.deviceIdentifier. This has been added for optional compliance to the US Core IG.

The MDM documentation was enhanced with a new subsection about using Enterprise Identifiers (EID) in MDM Rule Definition. It explains what the optional 'eidSystems' field does exactly more clearly, during candidate search phase and during matching phase. It also gives more details about using 'Prevent modification of External EIDs' and 'Prevent multiple EIDs from existing simultaneously on a target resource' MDM options.

A new propertysource mode called PROPERTIES_UNLOCKED has been added for troubleshooting purposes. In this mode, module configuration changes may be made at runtime through the web admin console, but these changes are lost and reset when Smile CDR restarts.

All Spring Batch dependencies and services have been removed. Async processing has fully migrated to Batch 2.

Removed Flyway database migration engine. The migration table still tracks successful and failed migrations to determine which migrations need to be run at startup. Database migrations no longer need to run differently when using an older database version.

The cdr-endpoint-hybrid-providers-demoproject module includes Patient resource provider implementation demonstration with a simple search method, findPatientsByName, which should support search by family name. The search method used an incorrect comparator and as such never returned any patients even when a valid family name parameter was provided. This has been corrected.

Previously, a bundle of type BATCH which contained GET requests would not use the permissions of the caller, but instead be executed as an anonymous user. This caused authorization failures in multitenant installations. This has been corrected.

Previously, user's name appearing in password validation was case sensitive, this has been corrected and validation is now case insensitive.

Previously, the value of 'Kafka Consumer Config Properties text' was never displayed. Also, if multiple configs were added at the same time separated by space, they would be mistakenly recognized as one whole config. These issues have been fixed, and Kafka configs can be correctly recognized and displayed.

Previously, on an HL7V2 listening endpoint was incorrectly using the DSTU3 URI for Condition category-code, even when running an R4 persistence module. This has been corrected, and R4 with newer versions will now use http://terminology.hl7.org/CodeSystem/condition-category.

A log message related to health check size appears in the logs every time when /endpoint-health is requested. Now, this message has been removed.

Previously, when using PostgreSQL, LOB table will retain resources when operation $expunge is run on the persistence module. This is now fixed, as it's required to set the Inline Resource Storage Below Size if using PostgreSQL, which will prevent writing to the LOB table for smaller data entries.

Fixed an issue with the server context path not being handled correctly if a non-empty (ie, not '/') context_path was specified.

Previously smileutil would throw an Exception on an incorrect thread count argument. This has now been fixed by automatically adjusting the thread count when appropriate.

Import of the CDA CCD Encounters section to a FHIR Encounter resource did not set the participant.type, participant.period, or reasonCode fields. This has been corrected for optional compliance to the US Core Encounters profile.

Import of the CDA Plan of Treatment section to a FHIR CarePlan missed certain fields with cardinality modified by the US Core IG. This has been corrected. The fields in question were CarePlan.text, CarePlan.text.status, CarePlan.category.coding.code, and CarePlan.category.coding.system.

Import of the CDA Health Concerns section to a FHIR Condition resource did not set Condition.verificationStatus. This has been corrected.

Import of the CDA Problem section to a FHIR Condition resource did not set Condition.verificationStatus. This has been corrected.

Import of a Performer entry in a CDA CCD to a FHIR Practitioner resource missed a case required for conformance to the US Core IG. Namely, an OID of 2.16.840.1.113883.4.6 should map to http://hl7.org/fhir/sid/us-npi. This has been corrected.

In Hl7v2 inbound mapper, previously the identifier-type url for R4 was mapped to the url for DSTU3, now it has been updated

Previously, birthDate is missing in the transaction outcome when input HL7 message included year only birthdate (For example, 1967). The issue has been fixed since a year only birthDate is an acceptable input value.

Previously, support for default SearchParameters was disabled in order to improve performance. This was resulting in the inability to use the built in SearchParameters that are provided by HAPI FHIR. Support for default SearchParameters is now configurable by enabling the search_parameter_seeding.support_default_search_parameters property in the persistence module.

Previously, documentation for PID-28 (Nationality) indicated the HL7 v2.x inbound processor would treat this field as having a cardinality of 0..*. This has been corrected to a cardinality of 0..1.

Previously, when an HL7V2 IN1-16 segment was populated, the inbound mapper created a RelatedPerson with a missing Patient resource inside the Coverage resource. This has been corrected.

Previously, when downloading the system config from the support page, the smart_capabilities_list will be downloaded with a bunch of backslashes. This was incorrect because in some cases it reads that as just one big line. Now, this error is fixed.

Previously, sending a SIU^S12 HL7v2 message appears as Unknown Message Trigger in the transaction log. This has now been fixed to SIU^S12 (Appointment Scheduling).

The admin console UI Batch2 job cancellation feature (blue stop button) would not correctly cancel jobs when MongoDb was used as supporting persistence module. This issue has been fixed.

Previously, NullPointerException is thrown when propose SIU^S12 message with an NTE segment. However, an NTE segment should be allowed to follow SCH. This issue has been fixed.

Previously, the Mother's Maiden name extension was incorrectly created as a HumanName. This has been corrected and is now a StringType extension. In addition, all HL7V2 inbound mapper test results (i.e. Bundles) are validated using the FHIR Validator. This has resulted in multiple enhancements including updating out-of-date code system urls, mapping additional segment fields to populate required Resource fields, and setting default values for Resources with required fields that have no data available.

When activating the consent service with custom JavaScript [consentStartOperation()] that refers to a Fhir.search() on a resource with _id in the where clause, any operation on that resource will fail with an _id not found Exception. This MR fixes this issue so that the error no longer occurs.

Previously, the SIU^S12 message that has chosen to omit the optional SCH-9 and SCH-10 fields will result in an error. This has been corrected, and SIU^S12 messages without those optional fields can be processed with no error.

HL7v2 mapper POST ifNoneExist field currently contains the resource (ex Patient) in the String. This fix removes the resource and the ? from that String.

Previously, $delete-expunge url included a slash in the documentation. Now, this error is fixed.

Updating documentation of applicable modules for properties of the Sessions configuration category.

Import of a CDA document containing an Encounter with Activity.code.translation set to 'IMP' would result in an error. This has been corrected.

Previously, Smile mapped SCH-6 (Event Reason) to a specific hardcoded system and ignored any message values inputted by the client that does not match with the CodeSystem. Now, user-defined service type code and display are valid. In addition, client can also specify a custom code system in SCH-6.3. Smile documentation is also updated accordingly.

Previously, when a client would provide a requestId within the source uri of a Meta.source, the provided requestId would get discarded and replaced by an id generated by the system. This has been corrected. And now it depends on configuration.

Previously, a user will be unauthenticated when using the Client Credentials with JWT Credential flow for bulk export. This has been fixed.

Execute a NO-OP UPDATE statement when running on MySQL and attempting to INSERT into the AG_CLASS Table, since MySQL does not have a NEXTVAL FUNCTION.

Previously, there were documentation links in the Web Admin Console (User Manager, OpenID Connect Client, and OpenID Connect Servers) that were broken if a context path was specified in the Web Admin Console configuration. This has been fixed.

Previously, when an access token was revoked and then introspected, the server responded with a 500 - Internal Server Error. This has been corrected and now when introspecting invalid tokens, or tokens that have been revoked, the server will respond with a 404 - Not Found invalid token introspection response.

CDA import previously mistakenly mapped Immunization Refusal Reason to Immunization.explanation.reasonNotGiven in FHIR DSTU3. This has been corrected to the equivalent R4 field, Immunization.statusReason.

Cascading deletes don't work correctly if multiple threads initiate a delete at the same time. Either the resource won't be found or there will be a collision on inserting the new version. This changes fixes the problem by better handling these conditions to either ignore an already deleted resource or to keep retrying in a new inner transaction..

CDA import mapped Patient.communication.language.coding to a ValueSet instead of a CodeSystem. This has been corrected.

Previously, the default Smile HL7 to FHIR translator still handled messages despite setting doNotAutoConvert=true in the onPreConvertHl7V2ToFhir() function of the HL7v2 listener script. This has now been fixed.

CDA import mapped Condition.category.coding to a ValueSet instead of a CodeSystem. This has been corrected.

Previously, mongodb delete-by-url would delete a maximum of 10 resources per request. This has been fixed by setting the limit to the internalSynchronousSearchSize which is extracted directly from JpaStorageSettings and has the default value of 10,000

Previously, the $reindex operation would fail with a ResourceVersionConflictException when MongoDB was used for the storage module. This has been corrected and now the $reindex operation completes without errors and processes the right number of resources.

CDA import of address use periods contained a bug that would set dates in the epoch BCE. This has been corrected.

The CDA mappings of agent.type.coding.id and agent.role.coding.id have been removed; generated Provenance is no longer conditional on an assembler device id; and mappings of agent.type, agent.who, and agent.onBehanlfOf have been changed to the US Core Profile.

Import of the CDA Vital Signs section to a FHIR Observation resource did not set Observation.category. This has been corrected.

Import of various CDA sections following the Observation structure did not codify units using the UCUM code system for values of type PQ. This has been fixed.

Fast-tracking batch jobs that produced only one chunk has been rewritten to use Quartz triggerJob. This will ensure that at most one thread is updating job status at a time. Also jobs that had FAILED, ERRORED, or been CANCELLED could be accidentally set back to IN_PROGRESS; this has been corrected.

Previously, the OAuth2 state value was limited to 124 characters which caused some authentications to fail. The maximum state value length now has expanded to 256 characters.

Previously, a SQL statement was exposed in the error message when client submit a state parameter with more than 124 characters. Now, this issue has been resolved and the error message will notify user that their input state variable exceed the state maximum length.

Previously, when importing a CDA document including an immunization with the negationInd set to true, the status code of the generated FHIR Immunization record was not being set correctly. This was also preventing the refusal reason code from being captured. Both these problems have been fixed.

Previously, when importing a CDA document with a Procedures section, Product Instance entries were being ignored. This has been fixed, and these entries will now be converted to Device resources as intended.

The 2022.02.R01 release introduced a regression for leaking connection pools, specifically in Realtime Export module. This has been corrected.

Previously bulk import would return a 500 HTTP status code if there was an invalid JWT token. This has now been fixed returning a 401 with an appropriate error message instead.

Previously if you had the HTTP troubleshooting log enabled, binary files would fail to write to disk with an error. This has been corrected.

Fixed CDA Vital Signs 'valueQuantity.system' to 'http://unitsofmeasure.org' instead of 'http://unitsofmeasure.org/'

Previously the hl7 appointment status codes (sch-25) Proposed and Arrived were not mapped. Now they have been added.

Fixed parsing of a HL7v2 message with a ZXT segment at the end, now this segment will be added to the Bundle regardless of its location in the HL7 message

In order to accommodate Smart V2 scope translation, the maximum allowed length of a scope string has been increased to 764 characters for all scope and scope related columns.

When using a repository in Forced Offset Mode, validation resource seeding could prevent the server from starting if the server already has a large number of resources.

Previously, custom SearchParameters with identical codes and bases could be created. This has been fixed. Right now, removal of the target base resource from the existing SearchParameter base list is required before creating the new definition, and corresponding instructions have been added to the documentation.

Creation of FHIR Practitioner resources in the import of a CDA CCD could result in invalid Identifier.systems. This has been corrected to set a URI rather than an OID where possible.

CDA Import of patient's implatable devices did not allow for manufacturing observations such as Serial number that populated their values as type ED, but with plaintext in the reference field. This has been corrected for leniency.

The 'BP Systolic/BP Diastolic' of the CDA Vital Sign Section was mapped to separate observations.  Now only one 'Blood pressure' observation is created. Same for 'Oxygen saturation in Arterial blood  (by Pulse Oximetry)', only 'Oxygen saturation in arterial blood by Pulse Oximetry' is created.  This fix only applies to observations that have the same identifier.

GraalScriptExecutor.callForJavaObject() was not handling the returned Value correctly, resulting in intermittent race conditions. Now that method will call returnExecutor() resulting in proper behaviour.

As of the Aug release, if the FHIR Endpoint specifies both a validation dependency and a persistence dependency, a duplicate bean error will be thrown. This adds a config diagnostics that helps the user understand the problem and fix it.

Previously, the setting to enable the MDM Search Expanding interceptor was missing from the Mongo Persistence Web UI. this has been corrected.

When importing a CDA CCD Results section, the mapping attempted to populate valueAttachment on a resultant FHIR Observation resource. This is valid only for DSTU3 resources, while CDA Import is currently restricted to FHIR R4. This has been corrected to now populate DiagnosticReport.presentedFrom in the resultant Bundle instead.

PractionerRole resource does not get created if there is no representedOrganization populated in the assignedEntity section of the CCDA. This issue has been fixed.

When fixing the CDA provenance us profile in ticket 3431, the agent of the device assembler was removed. This issue has been fixed.

Previously an edge case could have lead to the mismapping of CDA Observation entries within a Results section to the US Core DiagnosticReport profile. This has been corrected.

Mdm messages were using the resource id as a message key when it should be using the EID as a partition hash key. This could lead to duplicate golden resources on systems using Kafka as a message broker.

CDA Import did not properly set dataAbsentReason extensions on FHIR AllergyIntolerance.identifier when a nullFlavor was provided. This has been corrected.

Previously, when Smile encountered an invalid client_assertion_type parameter in an OAuth2 token request, it would skip JWT bearer authentication and move on to other authentication methods, which might ultimately result in either a return status of 200 or 401. In order to pass Inferno conformance testing, if the client_assertion_type parameter is present and contains an invalid value, Smile will now return a status 400 code.

When enabling partition on tenant ID and turning on reindexing after sp change, smilecdr will fail to start with an error complaining about a missing tenant ID. This is now fixed by adding ALL_PARTITIONS as a tenant ID on the validation initializer service.

Added additional validation checks for $submit-attachment parameters: PayerId must match Task.owner.identifier MemberId must be a an identifier for a valid Patient in the system. Must match Task.for.reference ServiceDate (if present) must match Task.input.valueDate AttachTo must match Task.reasonReference.reference and Claim.use

Fixed display of the archived modules with custom context path of the web admin module

CDA Import was not case insensitive when translating fields with tables of expected values in some cases. This has been corrected.

CDA Import supports mapping nullFlavors to dataAbsentReason extensions for the sake of (optionally) complying with the US Core IG. Certain fields did not actually need this functionality, and this has been corrected.

CDA Import did not set Device.patient in some cases. This has been corrected.

Due to a known issue in higher versions of java, attempts to save complex (ie, non-primitive, non-strings) to UserData in onTokenGenerating script will throw an error. Smile CDR will now log a warning and encourage serializing any complex JSON objects before saving them to UserData. (This can also be fixed by setting JVMARGS="$JVMARGS --add-opens=java.base/java.util=ALL-UNNAMED in the setenv file.)

Fixed issue with the latest created mongo persistence module being used as the persistence for mdm links, instead of the persistence that's specified for mdm/fhir endpoint.

Import of a CDA Results Organizer-templated Organizer would result in a FHIR DiagnosticReport with a missing encounter. This has been corrected.

The mapping attempted to fill in 'DocumentReference.type' with 'code' and 'translation code' while importing a CDA CCD consultation section. This is fixed. Now the 'DocumentReference.type' is populated by the 'translation code' only.

The jpa persistence module failed to start up when the database was in read-only mode due to an attempt to perform a database migration. This has been corrected.

The MongoDB Storage module previously incorrectly returned an HTTP 404 if a delete was issued against a non-existent resource. A correct 200 is now returned.

The CDA import was using the wrong code system URI when mapping the 'Condition.category.coding.system' from a CDA Indication. This has now been fixed.

Fixed a regression that was causing many batch jobs to be created on boot if mark resources for reindexing after search parameter change was enabled.

Clarifying documentation pertaining to Packages and Implementation Guides and correcting typos.

Previously, the batch2 maintenance job was still running, even when the suppress scheduled maintenance jobs property was set to true. This has been corrected, and now, the batch2 maintenance job will not run when the property is set to true.

Added configuration option for processing Z-segments in HL7 messages. It determines whether they are parsed in the root of the message or in the current segment.

When fetching pages of search results after the first page through the FHIR Gateway module, if multiple target servers were accessed in a parallel configuration, the call could occasionally fail due to a race condition. This has been corrected.

Previously, user provided field SCH-6.3 (Name of Custom Code System) was not mapped into the appointment resource, and the field SCH-6.1 (Service Type Code) was not allowing alphanumeric codes. Both issues have been resolved, and the SCH-6.2 field definition was updated to be required in the docs.

Fixed usage of exception for P2P ingestion step to retry instead of terminate.

Fixed transformation of bundle for ingestion to allow broken resource references.

commons-text has been pinned to 1.10.0 to avoid CVE-2022-42889. Having done an internal investigation, we have found that we do not use the affected vulnerable classes. This version pinning is done only out of an abundance of caution.

Backported from: 2022.11.R01

commons-text has been pinned to 1.10.0 to avoid CVE-2022-42889. Having done an internal investigation, we have found that we do not use the affected vulnerable classes. This version pinning is done only out of an abundance of caution.

Backported from: 2022.11.R01

Mdm messages were using the resource id as a message key when it should be using the EID as a partition hash key. This could lead to duplicate golden resources on systems using Kafka as a message broker.

Backported from: 2022.11.R01

Added support for OpenSearch. Added support for IAM authentication to Elasticsearch/OpenSearch. If you set the AWS Region property, IAM authentication will be attempted to the host.

Backported from: 2022.11.R01

When using a repository in Forced Offset Mode, validation resource seeding could prevent the server from starting if the server already has a large number of resources.

The 2022.02.R01 release introduced a regression for leaking connection pools, specifically in Realtime Export module. This has been corrected.

Backported from: 2022.08.R02

The 2022.02.R01 release introduced a regression for leaking connection pools, specifically in Realtime Export module. This has been corrected.

Previously if you had the HTTP troubleshooting log enabled, binary files would fail to write to disk with an error. This has been corrected.

Backported from: 2022.08.R02

Previously if you had the HTTP troubleshooting log enabled, binary files would fail to write to disk with an error. This has been corrected.

Previously, Smile Util commands that made HTTP requests could only be used for HTTP endpoints. This feature adds support for HTTPS endpoints by using TLS authentication for MapAndUploadCsvBulkImportFileCommand, SynchronizeFhirServersCommand and UploadSampleDataset.

Added new setting HISTORY_REWRITE_ENABLED on Storage Modules which permits users to edit historical versions of a resource. This comes along with a new permission for this, FHIR_UPDATE_REWRITE_HISTORY.

Added new cdr kafka config files to change the default timeout settings on kafka.

A new binary storage mode has been added to support Azure blob storage.

Added a new property to FHIRWeb and Web Admin Console modules which allows you to configure the maximum number of concurrent web sessions for a given user.

Added Privacy Security Notice Agreement page after the sign-in process and before the user gets to the web admin.

One can now store original HL7v2 messages as-is on a MessageHeader extension. If "create MessageHeader for each message" is enabled, Smile will reuse the created MessageHeader resource.

Limited support for SMARTv2 filter expressions has been added. Use requires an active consent interceptor, and is restricted to read and write permissions (not cruds), e.g. patient/Observation.read?code=55399-0.

Added support for mdm on mongo persistence

Support has been added for the $expunge operation for MongoDB storage. Smile CDR can now expunge data from a MongoDB repository at the instance, resource or system level, using the expungeDeletedResources or expungePreviousVersions input parameters.

Previously, there was no way to add record headers to outgoing kafka messages, for example for MESSAGE type subscriptions. . This is now possible by use of the customHeaders field of the outgoing ResourceModifiedJsonMessage. More documentation can be found here.

• Changed P2P endpoints (api/oidc_servers/{serverid}/batch_job, api/oidc_servers/{serverid}/batch_job/{id} so that returned batchJobId is no longer a number, but a string. - Implemented Batch2 P2P steps - Removed SpringBatch P2P; implemented/enabled Batch2 P2P job (with support for Mongo)

The HL7 v2.x Message Listener module callback script can now implement custom message processing for arbitrary message types (i.e. message/transaction types for which no built-in translation exists) and can also entirely replace built-in conversion rules. See Custom Processing Logic for more information.

A new troubleshooting log called the HL7 v2.x troubleshooting log has been added. This log contains additional processing details about HL7 v2.x processing.

Added new pointCut CdrPointcut.SERVER_CONFIGURATION_KEYSTORE allowing customers to a supply a Java keystore through for TLS support.

Added new options (--debug, --no-column-shrink, --skip-versions <Versions>, --strict-order, -x --flags <Flags>) to smileutil migrate-database command documentation.

Users with the FHIR_AUTO_MDM permission will have mdm expansion automatically applied to all queries for resources in the Patient compartment. SMART clients can assign this permission to their users by requesting the cdr_mdm scope.

Allow modification of the scopes and auto-grant scopes during the SMART login context selection callback. OAuth2SmartContextSelectionChoicePerson now has two lists of scopes to be added to the client request: auto-grant scopes and requested scopes. These lists can be populated by addAutoGrantScopes() and addRequestedScopes() in the OAuth2SmartContextSelectionChoicePerson. A new method addDisplayTranslation() on Auth2SmartContextSelectionChoices allows customizing the scope display text.

SMART Outbound Security module has a new Context Selection field which allows installing custom skins for the Context Selection page. Templates now have a new variable user_data, which contains client-populated user data.

Added JavaScript debugging support to the HL7v2 Listening Endpoint module.

Updated smileutil migrate-database command documentation for the --dry-run option.

Added metadata and country fields for Marketplace registration

Updated mongo support to allow for batch2 reduction step

Added 2 new config diagnostics entries. The first to check the persistence db and cluster manager db are not the same. The second to check if we are running postgres that inline_resource_storage_below_size is not zero.

Previously, interceptor beans could be loaded by name. Now, the interceptor bean types field also supports naming a Configuration class. If this is used, the configuration class will be loaded, and any beans annotated with @Interceptor will be extracted. This permits you to create interceptors that rely on your own beans that have been loaded into that application context.

Previously, hybrid provider interceptors had to be loaded through the interceptor_bean_types field. Now, interceptors can be defined and marked for registration inside of your Spring Context Config class. This allows your interceptors to make use of beans defined in your custom context. More details can be found in the docs.

Changed documentation on Response Terminology Mapping and Enable Response Terminology Mapping setting to include bulk export as a supported operation

Previously, there was no OIDC client id in any of the consent scripts. This features adds an additional parameter named theClientSession (of type ClientSessionJson) to all consent scripts (consentStartOperation, consentCanSeeResource, consentWillSeeResource, completeOperationSuccess, completeOperationFailure). The ClientSessionJson object has a single field called clientId that is the OIDC client's ID for their OAuth2 session.

Supporting PATCH operation with a MongoDB backend.

Adding new optional search parameters to existing GET /openid-connect-servers/

Fhir.translate() method now works with clients created using the FhirClientFactory.

Added configuration for coding system of admission type field (PV1-4) for Hl72InboundMapperImpl and Hl7V2OutboundMapperSvcImpl

Support has been added to MongoDB for Uplifting Strings via reference chains. This adds support for queries such as Task?requestor.given=Homer.

Added admin-json methods to query and cancel batch2 jobs.

Added additional search parameters being searched when $everything operation is invoked on mongodb persistence.

Make sure that current developer details are displayed in appSphere gallery

A new setting called Enable storing resource bodies in Lucene which allows some queries to be resolved directly from the Elastic/Lucene indexes.

All recent batch jobs per module will now be accessible in the batch jobs listing page.

When sending HL7 v2.x messages over HTTP, one can now re-use persisted messages and send them downstream verbatim.

Add request new app feature in appSphere gallery

Updated MongoJobPersistenceImpl to take advantage of new paging api for JobCoordinator

Allow removal of a requested scope or an auto-grant scope during the SMART login context selection callback. These scope can be removed by removeAutoGrantScopes() and removeRequestedScopes() in the OAuth2SmartContextSelectionChoicePerson.

Add captcha when requesting new app in appSphere gallery

Add feature for viewing new app requests in appSphere admin console

Added a new Maximum Expansion Size property to persistence modules, which permits you to set the maximum size of a valueset expansion in a query. This will permit queries using code:in and code:not-in to be performed on valuesets larger than 1000 codes.

The Legacy Search Builder has been removed.

The Delete Expunge operation has been moved from Spring Batch to Batch 2.

LiveBundle now fully supports partitions.

In order to accommodate Smart v2 fine-grained scopes with filters, the maximum allowed length of a scope string has been increased to 764 characters.

Previously, support for the configuration parameters Allow Multiple Delete Enabled and Client ID Mode was added to the MongoDB persistence module, but the parameters were not added to the module's page in the web administration console. The parameters can now be viewed and set through the console.

Fixed a bug where the multitarget gateway operation GET Patient $meta returns the response id as null.

Fixed a bug for importing ZXT segments in HL7 v2. Previously, if the ZXT segment was nested within a message structure in the input (such as found in RDE, ORU, or ORM messages), it would not be found nor mapped. This has now been fixed.

Updating validation message to Validation Passed with Warning for unknown code system.

Resolved the NullPointerException thrown when running smileutil hl7v2-analyze-flatfile on a message file with an Organization. Organizations will be created with the data in the message file instead of searching when analyzing flat files.

Previously, MDM features still worked even when mdm.enabled was set to false in the persistence module. This has now been fixed.

Update Mongo implementation of IIdHelperService that was modified in the corresponding Hapi-Fhir Pull Request (https://github.com/hapifhir/hapi-fhir/pull/3694). The Hapi-Fhir fix resolved the issue of deleted resources with client generated ids being including in the bundle total when searching by _id.

Added code to fix importing ORU messages with OBX-8 being incorrectly mapped to the (DSTU3 CodeSystem) [http://hl7.org/fhir/stu3/v2/0078/index.html] instead of the (R4 CodeSystem) [http://terminology.hl7.org/CodeSystem/v3-ObservationInterpretation] when using R4.

The Delivering Delete Events property in AWS Healthlake was behaving incorrectly. It has been removed, this property and Delivering Latest Version are now instead handled by default when Auto-Manage Subscription is enabled. These two extensions are now enforced via interceptor when creating a Subscription.

Fixed a bug in AWS Healthlake module where disabling the Auto-Managed subscriptions setting would not actually disable the existing subscription. This has been fixed, and disabling this setting will set the existing subcription to the OFF status.

It was not possible to debug javascript running in Smile CDR inside a docker container. This has been corrected.

Previously, when JavaScript execution environment debugging was enabled, and a path specified, Smile would assign a new URL every time the module was restarted by appending a numeric suffix to the specified path. Now, the URL will be reused when possible, and the suffix will only be appended to prevent a conflict with another active instance of the debugger.

Fixed spelling mistake on ValueSets in Create Module Page - Dependencies - Validation Support

Previously, it was possible to create two overlapping SearchParameters with the same base and code. This could cause non-deterministic search behaviour at runtime. Smile CDR now prevents the creation of a second search parameter that could conflict with an existing one.

HL7 Listener mapping Location System url typo fixed.

When using the gateway, configured forewarding headers were not actually passed from the gateway to the target server for FHIR extended operation invocations.

Fixing regression to allow setting of task status during start and completion of job. Failure states may require further work

Inconsistency in search results between RDBMS and MongoDb persistence when searching _tag with invalid search parameter system|value.

Added checks for empty values when creating PV1-20 Financial Class components: Financial Class Code, Effective Date

Previously, import-poll-status operation was throwing exception of don't know how to handle operation. This has been fixed, and the import-poll-status operation is now working as expected.

Changed log level in CsvProcessorContextJsonImpl from INFO to DEBUG

Previously, Smile was using it's own private version of ISubscriptionDeliverer. This fix removes the private ISubscriptionDeliverer (ca.cdr.api.pub.fhir.ISubscriptionDeliverer) and replaces it with the public api version (ca.cdr.api.fhir.interceptor.ISubscriptionDeliverer) to allow for more customization.

Previously, unsupported resource posted to AWS endpoint threw an InvalidRequestException. This fix, changes the log to handle the exception in a more graceful way, without errors and retries.

Previously, VIEW_MODULE_CONFIG permission was accidentally required to view transaction logs. This has been corrected.

Previously Multitarget Gateway was ignoring the parallel field in the configuration json, and was always sending out requests in parallel. This is now fixed.

Fixed a bug for the $everything instance-level operation for MongoDB. Previously, if you had referential integrity disabled, and you requested the $everything operation for an instance that did not exist in that database, Smile CDR would treat it as a type-level $everything operation. This has been corrected.

Previously, when an ADT message was created, the birthTime extension was being added to the Patient resource. This has been corrected and now the birthTime extension is added to the birthDate element. Additionally, now if there is no time specified in the birthDate element (i.e. 1970-01-01), then no birthTime extension will be added at all.

Fixed a bug where Batch2 jobs registered to a Mongo DB persistence module did not appear in the runtime batch jobs page.

Previously, configuring the Creation Mode - Practitioner to CONDITIONAL_CREATE in the HL7-v2 listening module also applied the conditional create to Appointments. This has now been changed so that the Creation Mode - Practitioner property only applies to Practitioners and Appointments are always treated as conditional updates.

Fixed an issue where the module setting for reindex operations was missing from MongoDB persistence module.

updated the mongo job persistence layer to take advantage of new API to hand back the WorkChunk after updating error count

Previously, if the Realtime Export module threw an error while attempting to write to the remote database, it could print query values to the logs. This has been corrected and now only placeholders will be logged.

Update documentation for Store resource bodies in Lucene parameter to indicate full lucene reindex is required for previously indexed resources.

Previously, some of the endpoints in the well-known JSON in SMART configuration appeared as manage, introspect, and revoke. In order to allow for automated discovery, these have been changed to management_endpoint, introspection_endpoint, and revocation_endpoint respectively.

Previously, a NullPointerException might be thrown during some operations when the Enable Search Expanding Interceptor property of the persistence module is enabled. This has been fixed.

Previously, if the property module.persistence.config.dao_config.mark_resources_for_reindexing_after_sp_change was true, the persistence module might fail to start up. This has been fixed.

Previously there was missing logging information for the AWS HealthLake Export Module. New logging has been added for the time taken to fetch credentials from AWS, sign the credentials, and PUT resources to AWS HealthLake. Additionally, a new AWS HealthLake Troubleshooting Log has been created to log the new events, as well as all other events related to the AWS HealthLake Export Module. The Log Requests to System Logs configuration property has also been removed along with the associated LoggingInterceptor. As a result there are no longer request / response bodies in the logs. Finally, x-amz-security-token, Signature and Credential information has been removed from the logging output.

Previously the embedded FHIR client inside the AWS HealthLake Export Module was making an additional GET /metadata request when data was PUT to the server. This request has been removed to increase performance.

Previously, when OIDC clients tried to access endpoints using access tokens generated with Grant Type: Authorization Code, and an Authorized Redirect URL there was no information available in theClientSession parameter of the consent callback scripts. This fix populates theClientSession using user session details if they are present.

Previously, custom operations would fail when registered on a FHIR Endpoint module. This has been corrected.

Fix issues with mongoDB persistence and MDM operations $mdm-submit and $mdm-merge-golden-resources

MongoDb $mdm-update-links was creating duplicate records for the old and new link. This has been corrected.

Added replacement of keypass field data with [REMOVED] when downloading System Config from Admin GUI

Backported from: 2022.08.R01

When using the gateway, configured forewarding headers were not actually passed from the gateway to the target server for FHIR extended operation invocations.

Backported from: 2022.08.R01

Fixed a bug for the $everything instance-level operation for MongoDB. Previously, if you had referential integrity disabled, and you requested the $everything operation for an instance that did not exist in that database, Smile CDR would treat it as a type-level $everything operation. This has been corrected.

Backported from: 2022.08.R01

Added 2 new config diagnostics entries. The first to check the persistence db and cluster manager db are not the same. The second to check if we are running postgres that inline_resource_storage_below_size is not zero.

Backported from: 2022.08.R01

The Delivering Delete Events property in AWS Healthlake was behaving incorrectly. It has been removed, this property and Delivering Latest Version are now instead handled by default when Auto-Manage Subscription is enabled. These two extensions are now enforced via interceptor when creating a Subscription.

Backported from: 2022.08.R01

Fixed a bug in AWS Healthlake module where disabling the Auto-Managed subscriptions setting would not actually disable the existing subscription. This has been fixed, and disabling this setting will set the existing subcription to the OFF status.

When importing a Clinical Document Architecture (CDA) document, if a Procedure Activity Procedure section contains a Medication Activity subsection, this will be converted to a MedicationStatement resource and linked to the Procedure resource that corresponds to the Procedure Activity Procedure section using the partOf relation.

The Oracle OJDBC driver has been bumped to version ojdbc11-21.5.0.0

New OpenID Keystores have been added as a way to save and manage JWKS for outbound security module. Using the new Keystores, JWKS can be updated while server is running and the security module referencing them will not need to be rebooted. We have also deprecated the JWKS configs on the smart-out-security module in favour of defining a Keystore and linking the module to a keystore id. The former JWKS security configs will remain for now, but will be removed in a future version. It is advisable that consumers switch to the new keystore solution instead.

Added configuration check to ensure the http context_path configuration item agrees with base_url.fixed configuration item.

Implemented system-level MongoDB expunge everything operation.

Added support for debugging JavaScript callback functions. When enabled, the server will log the URL that a Chrome browser can open to establish a remote debugging session with the JavaScript Execution Environment and debug callback functions live as they are being executed.

Mdm links are now partition aware, incoming resources will only attempt mdm operations against golden resources in the same partition. Mdm operations are also partition aware.

Added a new column to keep track of when a user last logged in and display that in the web admin console.

When importing a Clinical Document Architecture (CDA) document, if a Procedure Activity Procedure section contains a Reaction Observation subsection, this will be converted to an AdverseEvent resource and linked to the Procedure resource that corresponds to the Procedure Activity Procedure section using the suspectEntity.instance relation.

When importing a Clinical Document Architecture (CDA) document, if the Social History Section contains a Pregnancy Observation entry, which in turn contains an Estimated Date of Delivery sub-entry, the fields of the sub-entry will be mapped as a component of the resulting FHIR Observation.

When importing a Clinical Document Architecture (CDA) document, if the Social History Section contains a Caregiver Characteristics entry, the fields of any participants in the entry will be mapped to fields of the resulting FHIR Observation.

When importing a Clinical Document Architecture (CDA) document, if a Social History Section is present, all entries within the section will be converted to Observation resources.

When importing a Clinical Document Architecture (CDA) document, if the Procedures Section contains one or more Procedure Activity Observation sections, each of these will be converted to an Observation resource with additional subordinate resources as needed.

When importing a Clinical Document Architecture (CDA) document, if the Procedures Section contains one or more Procedure Activity Act sections, each of these will be converted to a Procedure resource with additional subordinate resources as needed.

Previously, if a Health Check was unhealthy, the /endpoint-health endpoint would return a 200 response code along with the health check failure message. That status code is now configurable via the Unhealthy Status Code property.

Subscriptions on the default partition in partitioned systems can have an extension that allows it to listen to changes to resources in all partitions. Also added setting to disable this feature.

Provide the capability to have the body of a transaction log step serialized as inline (without formatting) or as inflated (with formatting) JSON

Previously, there was no way to setup the transaction log so that it only sent to a broker, and was not persisted. This is now possible. If you disable the transaction log database, and enable the transaction log broker, the log events will be sent directly to the broker. Note that when running in this mode, that asynchronous events (such as MDM steps and hl7v2 inbound steps) will only be linked to their parents via the transaction GUID.

MongoDB storage now supports searching on number types and not equals (ne) prefix based searching on quantity types. Additionally, searching with the not equals prefix on date types in MongoDB and RDBMS has been implemented.

The HL7 v2.x outbound processor now supports transforming DiagnosticReport.presentedForm attachments to Encapsulated Data in OBX-5.

The endpoint at /runtime-status/health-checks now supports a new boolean query parameter, onlyRunning. When set to true, only health checks on running processes are returned. E.g. /runtime-status/health-checks?onlyRunning=true

A pair of new permissions have been added that allow search results to be blocked from access if they contain a code (or do not contain a code) that is matched by a given ValueSet. See Block Unless Code in ValueSet for more information.

OIDC clients created via appSphere now has Remember User Approved Scopes flag set to true

Added new advanced persistence module config called 'Nickname Search' that when enabled allows searching by names using the :nickname modifier. E.g. /Patient?given:nickname=Kenny will match a patient with the given name Kenneth.

Update app registration fields in appSphere- increase long description length, add sales contact info

The well known management, introspection, and revocation endpoints were missing in the CapabilityStatement while included in the well known config (/.well-known/smart-configuration). The endpoints have been added to the CapabilityStatement.

The MongoDB Storage module now has a configurable search/query timeout setting.

appSphere: moved sales contact email field to profiles, added marketplace flag (for internal use)

When the Create Message Header for Each Message property is enabled, the HL7 v2.x inbound processor will map MSH-5 (Receiving Application) to MessageHeader.destination.name and MSH-6 (Receiving Facility) to MessageHeader.destination.receiver.identifier.

A new interceptor called Provenance Injection Interceptor has been added. This interceptor will inject transient/non-persisted Provenance resources into a response at the request time. This interceptor may be enabled either by the $everything operation or the ?_revinclude=Provenance:target search request.

Anonymous users can now request the version of a server by calling /version on the admin-json endpoint. Display version number on top-right of all cdr documentation pages.

P2P Client generates Provenance resources for incoming data.

Add support for saving draft registrations in appSphere

The Web Admin Console now runs Config Diagnostics on a module before presenting the module config page for that module, and displays any security, error, or warning issues at the module edit page.

Added all our documentation to sitemap.xml for Google to find.

New properties in the Cluster Manager permit you to modify the Audit Log Broker Channel Name and the Transaction Log Broker Channel Name.

Add support for saving multiple draft registrations in appSphere.

A new experimental external binary storage mode has been added to support AWS S3. This implementation also supports MinIO instances.

Added new MDM configuration fields in P2P Module for Patient records ingested as part of P2P transfer.

Providing Support to inject client supplied resource providers through property resource_provider_bean_types.

Added reads with theDeletedOk boolean in MongoDB. This previously threw UnsupportedOperationException. Additionally, the read() method calls were reordered to match that of JPA.

Added a configuration option to enable validation to the audience claim (aud) during the SMART on FHIR authorization process to conform to OAuth2 specifications.

Add support for saving re-registrations as draft in appSphere.

Add can re-register flag to appSphere to separate re-registration flow from new registrations.

Previously, if Intermediate Logging was enabled for an HL7V2 Listener endpoint, the endpoint would execute two bundle transactions. This could cause the version of the resources to increase. This has been corrected.

Added support to launch web apps directly from appSphere's gallery.

Added two new settings for Binary Storage Interceptor. One for the ability to prevent binaries from being automatically inflated on a request and another to control how many bytes can be automatically inflated per request, if it is enabled.

Config Diagnostics are now available on the admin-json endpoint at the path /diagnostics. The VIEW_MODULE_CONFIG user permission is required to access these diagnostics.

Added a new setting for Bulk Export, which adds the ability to set retention time of collection files. This is useful for instances where bulk export jobs take a long time due to high resource count. Previously, the hard-coded limit of 2 hours was causing in-flight jobs to be purged. If this value is set to 0 or less, the files are never removed.

Add configuration diagnostics messages for modules depending on persistence modules that do not fully support partitioning yet.

Restrict modification of OIDC clients generated by appSphere outside of appSphere.

Batch2 jobs were not displayed in Admin-Runtime-Jobs pages. They are now displayed.

Nickname search support has been added to MongoDB.

Previously, the STORAGE_PRESEARCH_REGISTERED pointcut was not being called for installations running MongoDB. While MongoDB does not require registered searches in the traditional sense, this pointcut permits searches to be modified before execution, and so is being added.

In order to enable more detailed error reporting, the entrypoint of the CDA Import feature has moved from the Channel Import module to the CDA Exchange module. The CDA Exchange module exposes an $import-cda operation that accepts a CDA document in XML format as input and returns an OperationOutcome resource containing a collection of error and warning messages.

Previously, when importing a Clinical Document Architecture (CDA) document, if an Encounter entry contained Indication sub-entries, these would be mapped to FHIR Conditions and linked to the Encounter via the diagnosis.condition reference. Now, the Conditions derived from Indications are linked via the reasonReference, and diagnosis.condition is used to refer to Conditions derived from the EncounterDiagnosis sub-entries.

Previously, when importing a CDA document with a Medications Section, all of the Medication Activities would be converted to FHIR MedicationStatement resources. This mapping is only appropriate for Medication Activities with an EVN mood code. Any Medication Activity with a different mood code will be skipped and a warning returned to the caller.

P2P Batch job submission API change. Moved Task, Consent and Organization creation to backend to provide complete API solution.

Support for Java 8 has been dropped. Minimum version to run Smile CDR is now Java 11. All demo projects have been updated to use Java 11 as well.

Searches using the _lastUpdated parameter with prefixes in the multi-target gateway used to return HTTP 400 response. This has been fixed, and these searches now return properly.

Previously, Multi Target Gateway would ignore the offset for an initial search request which used _offset=X. This has been corrected.

When calling an unsupported operation on a MongoDB server, the server used to respond with a cryptic 500 error. It now responds with an informative 501 error along with a message that explains the specific operation that is not yet implemented for MongoDB.

Previously, messages ingested via HL7V2 would have missing entries in the transaction log broker. This has been corrected and all steps of transaction log events will now appear in the broker.

On the MongoDB FHIR Storage module, searching for string Search Parameters will now correctly perform a prefix match as opposed to an exact match.

Reduced false exceptions at startup and shutdown.

When cross-partition reference Mode is used, the rest-hook subscriptions on a partition enabled server would cause a NPE. Cause of this is from the reloading of the subscription when the server is restarted. This issue has been fixed. Also fixed issue with revinclude for rest-hook subscription not working.

Support for the HMAC-SHA256 hashing algorithm has been added.

Fixed where the abortTransaction is invoked so that the MongoServerExceptions error will show up in the log file.

Improved the Smile CDR startup log messages. Removed extraneous lines and resolved warnings.

In the past, it could take up to an hour for an updated SearchParameter to start indexing new resources. This has been reduced to 10 seconds. This is accomplished via a new database table that is used to synchronize all caches across the cluster (SearchParameter, Subscription, and Library) every 10 seconds.

Fixed a regression in the Web Admin Console which caused users to be unable to view archived modules.

Fixed the bulk export permission issue on MongoDB. The user is now only allowed to bulk export the resources for which they have permissions, as defined on the FHIR_OP_INITIATE_BULK_DATA_EXPORT permission.

The manage, introspect, and revoke endpoints URLs in the CapabilityStatement did not match the structure definition causing Touchstone testing to fail. This has been fixed.

Fixed a bug where _id was not usable in a _has query.

Added version requirements to documentation for Kafka, ActiveMQ, and Infinispan, as per client request.

Add missing configuration categories to documentation pages. (appSphere and P2P modules)

Latest sales emails should always be used for appSphere applications

There was no way to recreate freetext indexes for terminology TermConcept and TermConceptProperty. Batch command reindex-terminology was created for this purpose.

Previously when using the $everything operation on the FHIR Gateway, the total element of the returned bundle, and the next links, were not being set correctly. This has been fixed.

The recent speedup of Search Parameter syncing was not functional for Postgresql. This has been corrected.

On Oracle Database, when a user refresh token concurrently, sometimes the concurrent requests throw a 500 deadlock error. This has been corrected by adding an index to the child table of the records being deleted. The deadlock may be caused by the child table not having index for the foreign key.

Previously, a bug caused binaries stored to an external binary storage system via the $binary-access-write operation to be stored as empty files. This has been corrected.

A recent switch to Alpine as a base docker image caused snappy compression in kafka to stop working. This has been corrected.

Fixed an issue where creating a new module in another node would result in an error.

Fixed an issue where requesting MDM clear returned HTTP 500.

Fixed a bug in viewing transaction log bodies where thymeleaf would throw an exception, but otherwise work.

In earlier versions, it was possible in the JavaScript Execution Environment to loop over fhir element arrays by calling .entries() on the element. This has been restored. E.g. It is once again possible to write a loop like for (let [i, identifier] of resource.identifier.entries()) { ...

Smile CDR documentation and configuration incorrectly referred to CDS Hooks as CDS-Hooks. This has been corrected.

Fix issue where Oracle throws an ORA-01795 ERROR when the StaleBatchJobCleanupSvc tries to delete more than 1,000 expired jobs at once.

Providing audience parameter validation against an allowed resource URL list when initiating an OId Connect request.

$graphql was not working properly with the Fhir Gateway endpoint. This has been resolved.

Fix issue Font Awesome Icons are not showing properly.

Fix for exception thrown when exporting Diagnostic report with document to HL7V2.

Fix exception in audit log to record when Observation $lastn operation is performed.

Backported from: 2022.08.R01

Previously Multitarget Gateway was ignoring the parallel field in the configuration json, and was always sending out requests in parallel. This is now fixed.

Backported from: 2022.05.R01

Previously, a bug caused binaries stored to an external binary storage system via the $binary-access-write operation to be stored as empty files. This has been corrected.

Bump the version of HAPI-FHIR to rely on one that is not vulnerable to Spring4Shell.

Added subscription delivery retry handling for Remote ActiveMQ and External Kafka. Strategy will use the retry-count extension from the subscription to retry message delivery retry-count times with exponential backoff before giving up and dropping failed message into the default DeadLetterQueue of the system (ActiveMQ.DLQ for ActiveMQ, KAFKA.DLQ for Kafka

A new setting called Enable Indexing of Search Parameters has been added to the FHIR Storage (RDBMS) module. This setting enables indexing of token, string, and reference search parameters in the Lucene index. This add support for :text to token search parameters, and adds support for :contains and :text to string search parameters.

All Swagger v2 descriptions in Smile CDR (JSON Admin API, CDS Hooks Server, SMART Outbound Security module, etc.) have been migrated to support OpenAPI v3.

Two new node configuration items have been added. These must be set in the Smile CDR properties file. If 'node.config.locked' is set to true, then module configuration can not be changed via the json endpoint or web admin console. If 'node.security.strict' is set to true, then the server will not start if the admin user still has the default password, any anonymous user has superuser privileges or if any Smart Outbound Security module is using the example keystore. Furthermore FHIR Endpoint access will be denied to any user with both anonymous and superuser privileges if 'node.security.strict' is enabled.

A new configuration setting has been added to the SMART Inbound Security and SMART Outbound Security modules that allows the cache timeout for remote JWKS files to be configured or disabled entirely (previously it was set to a hardcoded value).

Add Enforce Referential Integrity on Write Config in MongoDB.

Configuring database-backed modules with a default_query_timeout_seconds greater than remove_abandoned_timeout_seconds will now throw a configuration exception. This is to prevent theoretically good queries from being abandoned because they are taking longer than the abandoned_timeout, but not the default_query_timeout.

Added the capability to use multiple threads for MDM if you are using eidSystems and Kafka as a message broker. See the documentation for details.

Modified the Admin Json mdm-clear endpoint to support tenant identification as part of the request body via the tenantId field.

Enable rudimentary import of CDA documents via the channel import module.

Added integration tests for subscription on a partitioned server. Deprecated Delivery to Site-defined External Queue extension, to use message channel type instead.

When calling the system-config endpoint of the JSON Admin API, there is now an optional boolean query parameter called includeLogs. If enabled, smile CDR will search through all file appenders of the logging system, and collect the contents of the log files to be added to the generated zip file. Note that this should be used with caution, as there is a risk of PHI being contained in your logs.

Added delivery module for AWS HearthLake, using a rest-hook subscription. Includes an extension which allows propagating also DELETE actions and a request interceptor to sign requests according to AWS Signature Version 4 specification.

Added operations equivalent to $mdm-clear and $mdm-submit to admin-json / swagger.

A new setting called Read-Only Mode Enabled has been added to the FHIR Storage (RDBMS) module. This setting is an indication to Smile CDR that all database connections will be read-only. This is useful for multi-node architectures such as those leveraging read replication.

Now _total=accurate and _summary=count both return Total count of resource's history collection in mongodb.

New configuration option added to validate bundle resources concurrently. Also new configuration added to skip validation of contained resources.

appSphere support for uploading, approving and displaying screenshots and video URL in the App Gallery

Allow custom interceptors to be registered in MDM module by specifying fully qualified class names (eg, com.test.foo.MyInterceptor) in MDM module, and enabling Message Subscription Enabled in persistence module.

Added a new configuration option for asynchronous pre-seeding to the storage module. When enabled, the storage module will pre-seed the database asynchronously. This will prevent long boot times if your installation pre-seed is slow.

P2P OIDC Server addition request notifications.

When importing a CDA document, properly escape spaces in ifNoneExist URLs in the generated bundle so that organizations without unique ids can be matched properly by name.

In bundles generated from CDA documents, the match URLs for Organization resources will use the :exact modifier to prevent ambiguous matches when organizations have similar names.

When processing a CDA document, the import process will fail fast if the document is not a Continuity of Care Document (CCD), or the repository is not R4.

It is now possible to add custom headers to outgoing HL7 over HTTP payloads using a custom interceptor.

Allows an administrator to configure which Device to use as the assembler in the Provenance resource of a Bundle derived from an imported CDA document.

Added getClaim API to AuthenticationContext for use in onAuthenticateSuccess scripts. This API can be used to fetch any claim of any data type (string, int, etc) and will return the json value stored in the JWT.

Updated the MongoDB supported column of the MongoDB vs RDBMS compatibility table in fhir_storage_modules docs. Also added test methodology, reasoning/errors for non-supported operations, and resources I found helpful when testing.

GraphQL queries are now supported on FHIR Endpoints backed by the MongoDB FHIR Storage module.

The _tag search parameter is now supported on FHIR Endpoints backed by the MongoDB FHIR Storage module.

Email Server configuration has moved to the Cluster Manager. This will require user to update new email server configuration in Cluster Manager. Modules which require an Email Server (such as appSphere and Subscription) will use this configuration and will no longer configure their own in each module.

Add access denied error page in web admin.

Added a new property to any FHIR Servlet: Allow Compartment Searches. When disabled, this property will prevent users with compartment access from executing searches, even if the results could potentially contain resources in the compartment. When enabled, the search will be permitted and the results will be filtered to remove any resources not in the compartment.

A new troubleshooting logging capability has been added for the FHIR Gateway Endpoint module. This can be used to troubleshoot routing issues.

In the HL7V2 inbound module, previously, the DG1 segment would concatenate DG1-20.1 and DG1-3.1 as the Condition's identifier value. There is now an advanced option to instead concatenate DG1-20.1 and DG1.1 as the identifier value instead. This will help use cases which send in a placeholder to conform with a given IG, and need to subsequently update the DG1.

Smile CDR 2022.02 now supports (and recommends) deployment using OpenJDK 17. The Smile CDR Docker Distribution is now based on the Amazon Corretto 17.x JDK.

Added a new propertyto determine how long to keep inactive batch jobs.

The token SearchParameter :of-type modifier is now supported on both RDBMS and MongoDB storage modules. This is an optional feature and is disabled by default but can be enabled via a new configuration option.

In the JavaScript Execution Environment, a new bundle method addEntry() is now available to add a new entry to an existing bundle.

When externalized binary storage is in inline DATABASE mode (the default) and binary access operations are enabled, a redundant scan of each resource being persisted was enabled. This caused a small but measurable performance hit to writes, and has been eliminated.

The screen in the Web Admin Console for editing Search Parameters has been removed. While convenient, this screen was unreliable and often resulted in Search Parameters being incorrectly synchronized into the FHIR repository and could lead to data loss. For editing Search Parameters it is recommended to modify the SearchParameter resources directly using the API.

Inline match URLs are now enabled by default in FHIR Storage (Relational) modules. Previously these were disabled as they could potentially result in inadvertant disclosure of the existence of data, but they are now fully secured against this risk.

If a SearchParameter resource is deleted (or never created) in a FHIR Storage (Relational) module, the search parameter will not be used. Previously, if a search parameter existed in the 'built-in' set supplied in the FHIR Core specification, it would be used if no actual SearchParameter resource existed for the given base and name, which could be confusing.

This version strictly exists to pin the log4j API version to 2.17.1. While Smile CDR is not vulnerable to the log4shell vulnerability as we do not use the log4j core, we are pinning the dependency to prevent false positives.

This version strictly exists to pin the log4j API version to 2.16.0. While Smile CDR is not vulnerable to the log4shell vulnerability as we do not use the log4j core, we are pinning the dependency to prevent false positives.

Updated gateway to throw bad gateway exceptions (502) when encountering errors from underlying servers that it doesn't know how to handle. Gateway Exceptions can also be configured to (optionally) contain the underlying server exception.

Assigned permissions for users are now displayed in the roles and permissions column of the user manager page.

P2P - Core Product Enhancement - Smile CDR needs a backend FHIR client service.

Batch Job shows duplicate entry if there are two persistence modules when invoke $delete-expunge operation in one of them. This has been resolved.

Previously when using system-config endpoint to extract logs, not all appenders would be found. This has been fixed.

Gateway resourceIdPrefix is incorrectly prefixed to contained references. This has been resolved.

Fixed a bug where validation was returning ERRORs when it was set to return WARNINGs for unknown code systems.

Fixed a bug on MongoDB where transactions containing entries, which in turn contained references that lacked an actual reference element, would cause an error during ingestion.

Fixed a bug where permission can not be saved in when an optional permission argument is null. For example, attempting to save FHIR_OP_INITIATE_BULK_EXPORT with no argument would previously fail.

When using the RTE feature and targeting an Oracle database, you will see the following Oracle Error: 'ORA-00933: SQL command not properly ended'. This has been corrected.

When creating or editing modules, every configuration item should now have appropriate categories. There should not be any configuration items in the Additional Configuration category.

User filter by moduleId in WAC should display both security_in and security_out modules

A regression in FHIR Gateway caused by sending empty Parameters objects in requests has been fixed.

The Lock After Failed Attempts property of new Smile CDR installs defaults to 5 instead 0.

HL7v2 inbound module, TLS/SSL shows up twice in nav bar.

Increase the minimum password requirements of Smile CDR users. When setting the password, it should be at least 8 characters in length, at least 3 of the 4 available character types including lowercase letters, uppercase letters, numbers, and symbols, it must not contain the user's username or parts of their name, and it must be unique from the previous password.

The subsequent download of a file from a GET request of a resource of type binary/ID with content type application/rtf file did not return a .rtf extension. This has now been fixed.

Fixed a number of incorrect authentication permissions, audit log event types, and transaction log event types.

$member-match operation was changed to not idempotent as it must be invoked by POST method. Also security configuration was fixed for operation as it was returning 'Access denied' error for some use cases.

Fixed a bug when user can still create OIDC clients without preset permissions through API. This has been corrected.

Update own password through API returns statusCode 0 instead of the actual status code. This has been corrected. Update password through API didn't apply password complexity rules. This has been corrected.

Custom user data added to the user session during login was lost in refreshed SMART (OIDC) sessions. This has been corrected.

Flag to disable runtime monitoring statistics and storage job was created in SMILE-1872, but did not cover all cases in which runtime monitoring statistics data was modified. This caused issues as a client was using a read only database, and these values could not be updated. This has now been fixed. As a note of importance, the variable name for toggling the runtime monitoring statistics has been changed from persist_process_level_metrics to persist_runtime_monitoring_statistics. Documentation text has also been updated accordingly.

Previously, the FHIR Gateway Patient $everything operation would trigger FHIRGW_READ_TARGET_PREINVOKE instead of FHIRGW_OPERATION_TARGET_PREINVOKE. This has been corrected.

MDM operations should use with FHIR_OP_MDM_XXX permissions instead of MDM_ADMIN permission. This has been corrected.

When using the FHIR Gateway with target servers that use ID prefixes, the _id search parameter will now be properly translated before being forwared to the target server.

User Search by username fixed for Federated and Smart Security Inbound users. Previously, searching by individual username did not find these types of users as the search terms were massaged in a similar way to normal usernames.

URIs for user-defined tables are fixed. Previously incorrect table constants were associated to PV1-10 and PV1-15. Additionally, documentation for PV1-36 is updated as we don't map to Encounter.hospitalization.dischargeDisposition.text anymore.

Previously, batch jobs would be purged after 48 hours, regardless of whether or not they had finished. This has been corrected.

Change the default value of TRANSACTION_LOG_BODY_DISPLAY_MODE to hidden. Added an audit log when user view the message body of a transaction log.

Approvals history for assets are added to the audit log in AppSphere

Previously, a bug caused binaries stored to an external binary storage system via the $binary-access-write operation to be stored as empty files. This has been corrected.

Bump HAPI-FHIR dependency to remove Spring4Shell-vulnerable libraries.

Backported from: 2022.02.R01

This version strictly exists to pin the log4j API version to 2.17.1. While Smile CDR is not vulnerable to the log4shell vulnerability as we do not use the log4j core, we are pinning the dependency to prevent false positives.

Backported from: 2022.02.R01

Added a new propertyto determine how long to keep inactive batch jobs.

Backported from: 2022.02.R01

Previously, batch jobs would be purged after 48 hours, regardless of whether or not they had finished. This has been corrected.

Backported from: 2021.11.R01

Gateway GET operation returns a 500 if the target server's response bundle.total field is null. This has been resolved.