The docker image pushed to https://docker.smilecdr.com now includes arm64 support, meaning M1 and M2 macs can now natively run the docker images.

Added Server Restore points, which take snapshots of the configs when modules are changed or on successful server startup. Also added an endpoint that will return all known restore points. The automatic restore point creation is currently disabled!

Add additional FHIR Gateway diagnostics validations for troubleshooting connectivity issues with target FHIR endpoint(s). Capability statement URL or an alternate target FHIR URL could be used to validate endpoint accessibility with anonymous access.

Added findIndex support while parsing the FHIR structure with repeatable elements.

A new configuration option has been added to the FHIR Storage (RDBMS) module which enables indexing and supporting the _language special SearchParameter.

A new configuration option has been added to the FHIR Storage (RDBMS) module which disables storing resource version history, causing the server to only maintain the current version in the database.

MDM audit logs will now include additional information. $mdm-create-link, $mdm-update-link, $mdm-not-duplicate, $mdm-duplicate-golden-resources will contain affected target resources.

Implementations of the experimental custom HL7 v2 outbound mapper functionality can now return 0..* messages instead of the previous required 1 message to be sent as a result of an individual subscription trigger.

When FHIR Endpoint Watermarking is enabled, the watermark string now includes the fully-qualified resource ID and URL, as well as the data access timestamp.

SMART outbound: Add the OIDC client_id to theUserSession and audience (aud claim) to theAuthorizationRequestDetails.

A new permission called FHIR_OP_PATIENT_EVERYTHING_ACCESS_ALL has been added. This permission allows the user to invoke the $everything operation that returns all resources that references the input Patient (including those outside of the patient's compartment), even if the user doesn't have other explicit permissions to see those resources.

Added getClaims API to AuthenticationContext for use in onAuthenticateSuccess script. This API can be used to fetch all claims from the ID token as a single object (key/value Map).

Added Basic Authentication support to HL7 v2.x Listening Endpoint module configured in HL7_OVER_HTTP Transport Protocol mode. HL7 v2.x Listening Endpoint now uses Smile CDR BaseJettyServer instead of SimpleServer from HAPI - Java HL7 API - Base Module library if HL7_OVER_HTTP Transport Protocol is enabled. Existing HL7 v2.x Listening Endpoint (Deprecated) module with type=ENDPOINT_HL7V2_IN has been deprecated. HL7 v2.x Listening Endpoint with type=ENDPOINT_HL7V2_IN_V2 should be used instead.

A camel route endpoint service was made available to hybrid endpoints, allowing them to send messages to a camel module route.

Previously, when the payload of a subscription message exceeds the broker maximum message size, exception would be thrown and retry will be performed indefinitely until the maximum message size is adjusted. Now, the message will be successfully delivered for rest-hook and email subscriptions, while message subscriptions remains the same behavior as before.

A new operation has been added to the JSON Admin API which can be used to revoke all active access and ID tokens with a given scope approved.

Camel dependencies were added to cover common use cases out of the box.

Created new Pointcuts: CDA_PRE_IMPORT, CDA_POST_IMPORT, and CDA_POST_EXPORT. These pointcuts allow you to inspect and modify documents as they are imported and/or exported.

Adds Camel processors for each message transformation step of the HL7 v2.x listening endpoint module (i.e. Javascript pre-convert, custom mapper bean pre-convert, Java pre-convert, Smile generic mapper, Javascript post-convert and Java post-convert).

Updating dqm persistence module to latest CQL 3.0.0, latest cql engine improvements, and Clinical Reasoning operations to leverage repository api pattern. This removed configuration and property setting in hapi-fhir for CDR to manage and improved performance to clinical-reasoning operations

The CapabilityStatement returned by the FHIR endpoint will now include partition descriptions and partition names if Include Partition Name property is enabled. See related documentation here.

A new mode for Outbound HL7 v2.x generation using a flexible Java-based message conversion API has been introduced. This allows for significantly more flexibility in terms of which kinds of messages are generated and what content goes into them, as well as which workflows trigger them.

Adding the capability for clients to provide additional properties to transactionLogEventJson through server pointcuts.

Added an endpoint to Admin Json module, /mdm/{mdm_module_id}/mdm-algorithms that will return the list of Similarity and Match algorithms known by the MDM system.

Added an implementation of Clinical Reasoning CDS on FHIR to the CDS Hooks module that allows PlanDefinition worfklows to be processed as CDS Services using the $apply operation.

Add configurations required for encounter-start hook for Prior Auth CRD module.

Added an endpoint in admin-json to return mdm metrics. This is supported in both JPA and Mongo persistence modules.

Audit logs in the Admin Console will now be preserved on page refresh. Additionally, url parameters will be utilized to allow sending links to other admins or saving for future use.

Created new Pointcuts: AG_APPLICATION_STATUS_UPDATING & AG_APPLICATION_STATUS_UPDATED. These pointcuts allow you to inspect appSphere application details as they are being updated by an admin.

A new parameter of type Hl7v2ToFhirConversionResultJson has been added to the HL7V2IN_PRE_HL7V2_TO_FHIR_MAPPING_PROCESSING and HL7V2IN_POST_HL7V2_TO_FHIR_MAPPING_PROCESSING pointcuts. In addition, a new example project has been added that demonstrates how this new parameter should be used.

Added new Cluster Manager configuration parameter reload_scripts_on_save (default false). When enabled, saving module configuration via the Web Admin Console or the Admin JSON endpoint, will trigger script reload. All scripts in that configuration will be reloaded, but only within the server process where the save occurred. This allows javascript developers to quickly test changes to scripts on a standalone development server without having to restart the module.

Documentation change to show all the modules that require the message broker in one location in the documentation

Previously, provenance resource was not being injected when enabling it in the FHIR Gateway module properties. The provenance injection feature has been enabled to reflect the configuration.

A new CDR Pointcut called SMART_FEDERATED_OIDC_PRE_PROVIDER_SELECTION has been created. This pointcut allows interceptors registered against a SMART Outbound Security in federated mode to programmatically select which federated provider to use for a given authorization request instead of requiring the user to manually select.

A new setting has been added to all modules which permit custom Interceptors or Contexts. This allows the user to ensure that all user-supplied beans operate in a secure context, by providing only a subset of all beans normally available in the context. This setting is currently disabled by default, but will be enabled by default in a future release.

A new configuration option called Code Display Mismatch Policy has been introduced to the FHIR Storage (RDBMS) module. This setting controls the validator behavior when the display name on a coded element does not agree with the expected display name from the CodeSystem the code is drawn from. Documentation on this can be found here

HL7's encoding requires as the line ending, but many systems do not conform to this, and use . Previously, the Smile CDR HL7V2 Listening endpoint would fail with cryptic errors due to bad line endings. Now, those line-endings are automatically converted to before processing.

Enforce persistence module dependency on CDS hooks if PriorAuth CRD module is in use.

When a SMART Outbound Security module has an Allowed Audience List specified, and a client requests an invalid audience, the error message returned was not descriptive to the user as to the nature of the problem. This has been improved with a better error screen.

Updating an MDM link from MATCH -> NO_MATCH will now rebuild the formerly linked Golden Resource using the current set of survivorship rules and the current set of linked (MATCH'd) source resources.

Add settings to enable CDS on FHIR for CDS Hooks and for CDS Services using CDS on FHIR.

The Camel module is no longer feature flagged and is available for selection from the Web Admin Console.

The Subscription and MDM modules are now plugins, and will start before any other modules that depend on their persistence module.

The $submit-attachment operation has been changed to not associate the submitted attachments with an existing claim. The operation now saves the submitted attachment in the task output without modifying any existing claim or checking the existence of a claim or patient. It will now be the responsibility of the payer’s application to associate submitted documentation to a claim or prior authorization by evaluating the Task resource. The operation now also supports unsolicited attachments. That is, if a Task whose Identifier matches the TrackingId parameter exists in the system, then that Task is updated. If such a Task does not exist, then it is created by the submit-attachment operation. The operation has also been changed to support the new requirements of CDEX STU2.0:

• TrackingId input parameter type was a string, but now is an Identifier.
• At least one of the OrganizationId or ProviderId fields must now be present. Previously they were both required.
• Final parameter is now supported. The Task status is updated to Completed when Final is true, or absent. If Final exists and false, the Task status remains in In Progress.
• ServiceDate is required when AttachTo value is claim.

By default, Smile CDR will now preserve versioned references in the following fields: AuditEvent.entity.what, MessageHeader.focus, and Provenance.target. Previously the default was not to preserve versioned references in any fields. As always, this default can be changed through configuration.

Previously, when using MongoDB, a superfluous version of a resource would be created as a result of an update request which didn't have a real logical change to the resource but only changed the order of existing items in tag, security label or profile collections. This change prevents this behaviour. Also on resource retrieval, these meta collections are sorted alphabetically, based on (security, code) pair for tags and security labels. Thus the order is now consistent with the other JPA based storages as a similar change has been applied to JPA based storages as well.

Enhanced MDM survivorship rules documentation.

The Camel module configuration now can use multiple @Configuration classes to inject custom route processors.

Previously, disabling an LDAP user in JSON Admin module did not prevent them from logging in. Now, when the user disabled flag is set, it is checked as part of all username/password based logins. Thus, the next login attempt will fail for a disabled users (e.g. via session expiry or re-login).

The JavaScript callback functions 'hash' and 'handle' were deprecated in 2019. These callback function names are no longer supported and the new names should be used.

Custom Camel processor beans are now able to @Autowire in beans that are in the Camel module Spring context, e.g. IMessageBrokerSvc, IMailSvc, IKeystoreManager, ITransactionLogStoringSvc, IAuditLogStoringSvc.

Redundant classes in the HL7V2 Inbound Module that were used to track an HL7V2 to FHIR conversion have been removed and replaced with the new Hl7v2ToFhirConversionResultJson class.

Previously, MDM_UI module used to seed SearchParameter resources. This behaviour has now been changed and no more SearchParameter resources are seeded.

Previously, the Hl7v2ToFhirConversionResultJson#clone(Message) method always returned an instance of ca.uhn.hl7v2.model.GenericMessage instead of the class of the original Message (i.e. ca.uhn.hl7v2.model.v25.message.ADT_A01). This has been fixed.

Previously, the HL7v2 Inbound listener created contained resources with invalid FHIR IDs with VXU_V04 type messages on DSTU3, this has now been fixed.

The transaction log did not have documentation stating what information it actually captures. This has been remedied. To see the new docs, see here

Previously, navigating away from the transaction log page or refreshing the page with filters applied would cause the filters to be lost. This has been fixed.

Previously, conditional updates complied only with STU3 specifications on MongoDB FHIR Storage module. Now, conditional updates on R4 server are aligned with R4 specification.

Previously, type-level expunge was allowed for ROLE_FHIR_CLIENT_SUPERUSER even if expunge operation was turned off. This is now fixed.

Previously, a FHIR endpoint would return an incorrect health check code after reconnection with its backing persistence module. This issue has been fixed.

When calling $everything operation on a Patient instance with MongoDB persistence configured, it was possible to retrieve data related to another patient via a List or Group resources. This has been fixed.

Previously, FHIR REST Endpoint (All FHIR Versions) did not support the $member-match operation. This has been fixed.

SMART Scopes with lengths longer than 100 characters generated an error if a refresh token was created. This has been corrected.

When configured with MongoDB, responses to updates to resources were missing the resource ID in the diagnostic text. This has been fixed.

Previously it was not possible to deselect module dependency in the web admin console. This has been fixed.

Previously, we did not warn the user regarding adding multiple server configurations using text and file input. Now we include a warning message that displays on the web admin UI.

An inbound Hl7 module was not able to restart using R5, this fix enables that module to use R5 as validation support

Previously, the FHIRGW_UPDATE_POST_SELECT_ROUTE hook was not invoked during an update operation. This has been fixed.

Previously, when using a JSON patch (application/json-patch+json) or XML patch (application/xml-patch+xml) as the Content-Type for a Patch request, the request body was not being set in the transaction log. This has been fixed.

In previous version, HL7V2 inbound mapping would escape markdown for Appointment comment (FHIR R4) of type string and Appointment note (FHIR R5) of type annotation. Fix the implementation such that markdown is escaped only for FHIR R5.

Previously, restarting MDM was resulting in transaction errors for the underlying MDMUI module. This behaviour has now been fixed.

On admin web UI, filtering transaction logs by endpoint was not returning any results. This has now been fixed.

Previously, the transaction log would not save the filters that were used for the search, now with these changes it does.

Previously, the $mdm-link-history operation would result in a 404 response when it was executed after a $mdm-clear. This has now been fixed by removing link history on $mdm-clear.

Previously, SmileCDR would fail to delete a resource when it is the only MATCH source resource and its golden resource has POSSIBLE_MATCH links to other resources. This is now fixed.

Previously, the client secret for an Open ID Connect Client can be printed in the logs using the SMART callback script. This has now been fixed.

Previously, method addContained() and adding contained resources were not supported in R5. This has been fixed.

Previously, the application would fail to restart when adding a new persistence module in the main configuration. This issue has been fixed.

A typo in the default route of the Camel module has been fixed.

Previously, when a configuration property had a default value, it couldn't be set to blank. This has been fixed.

On MongoDB, updating a resource was causing existing security labels on the resource to lose their version attribute and changing the value of the userSelected attribute to false. This has been fixed.

Removed warning messages for bulk export permissions that were added without an argument and do not require it to work correctly.

The standalone Transaction Log Module now permits you to search by username.

Fixed a bug that disallowed /oauth/token/introspect endpoint from working with "Basic clientid:clientsecret" authentication header.

Previously, HL7v2 messages failing ingestion through Channel Import were not added to channel configured to receive messages that could not be processed. This issue has been fixed.

The SMART_FEDERATED_OIDC_PRE_PROVIDER_SELECTION pointcut incorrectly documented that it returned a server Name and not a server Registration ID. This has been corrected.

Previously, the MatchedRoutesJson object that was sent to interceptors was not a clone of the original object. This meant that interceptors could modify the object, causing subsequent FHIR Gateway calls to operate on a subset of routes/targets. The interceptors now operate strictly on clones of the original routes.

Previously, additional headers provided through a FHIR gateway pre-submit interceptor would not be forwarded to a target endpoint. This problem has been fixed.

Fixed issues with some thymeleaf templates that resulted in errors in the logs. This also resolves the issue where no 404 page is returned for routes that do not exist.

Fix for an issue where the default scopes are appended to the app repeatedly, once for every registration/re-registration

Previously, the smile log will not show the correct errors that occurs during the conversion of HL7v2 message on a HL7v2 listening endpoint with a pre-convert script. This has been fixed.

Previously, ingesting resources through ETL import would fail for a specific case of conditional update. This has been fixed.

Update upgrade instructions for 2023-05-R01 mentioning the cleanup of SMART Apps Host module config.

Previously (with release 2023.08.) restricting supported resource types in the persistence module blocks creation of core search parameter resources. This has been fixed.

Previously, submitting a HL7v2 message containing an invalid account status in the PV1-41 segment did not display the correct error in the return message. This has been fixed.

Stale search results are now cleaned faster. Busy servers should no longer accumulate dead stale search results.

Previously, messages resulting from validation would be different after upgrading an R4 FHIR endpoint to a version independent endpoint . This has been fixed.

Fixed a bug where saving blank passwords on the admin console (the default behaviour if no password has been changed) resulted in the password being erased.

Previously, editing OIDC clients created by AppSphere using the web admin console would lead to the client's secret removal. This has been fixed.

Ingesting an HL7v2 msg with AL1 segment could cause all AllergyIntolerance previously created for a Patient to be deleted. This issue has been fixed.

Clinical reasoning bug that did not invalidate resources in repository api global caches for terminology and libraries when updates/deletes were made. This also bumps Clinical Reasoning version with upstream performance improvements to valueSet code lookups and migration of MeasureService class from hapi to Clinical Reasoning repository

Make updates to $qpp-build operation in Dqm module to enable APM entity type scenarios, registry submission method transformations, measureReport.reporter population from batch2 job, and practitioner Group parameter

Previously, invoking the encode() functionality of the HL7 v2.x Mapping API could raise an exception. This is now fixed

Previously, sending HTTP request to Hl7 v2 Listening Endpoint with incorrect Content-Type header would result in 500 HTTP response code instead of 400. This issue has been fixed.

Previously, if running in federated mode, and a server authentication script returned an AuthenticationException after the IDP had already authenticated the user, the server would return a 500 error code. This is now fixed, and the server will return a 401 error code instead.

Previously, the pre-convert (script), custom mapper bean, and pre-convert (interceptor) transformation steps in the Hl7 v2 Listening Endpoint module were modifying the original message that was stored when the store_original_message property was enabled. This has been fixed.

Expired search results are now deleted as intended.

Previously, when multiple interceptors were defined for a pointcut, and one of them returned Boolean, it was interrupting the invocation sequence, even when it returned true. This is now fixed

The Reload Scripts functionality failed to work on modules which were previously not started correctly, causing boot failures in some modules.

Backported from: 2023.11.R01

Expired search results are now deleted as intended.

Previously, resource validation with local_reference_policy=VALIDATE_EXISTS would cause a slow memory leak during continuous load. This has been fixed.

Added a red asterisk beside fields that are required for create/edit actions on web admin console

The endpoint dropdown menu in transaction log is now sorted alphanumerically.

Added ability to configure nickname matching, by allowing consumers to provide their own comma separated list of nicknames. This is a persistence setting that can be configured along with other search parameter settings.

Previously, CDR did not support HL7v2 patient merge messages (ADT_A39 and ADT_A40). The functionality was provided by setting each patient's 'patient.link' to the other.

Two new pointcuts have been added to the Smile CDR interceptor framework that allow callbacks to be called when a SMART (OIDC) client has been created or updated.

JavaScript can now be broken up using import statements. See ECMA Modules.

A number of new camel processors and translators were added to the Camel module. See the Camel module documentation for details.

Previously, clients were not able to search for specific segments in an HL7v2 message. This functionality was added.

The Mongo batch now supports warning message. Saved warning messages will now be display in the batch job section of the web admin console.

Users can now filter batch jobs by job status on the web admin console Batch Jobs page.

Added a configuration item for setting normalized unit searching in SmileCDR.

When creating or modifying a SearchParameter using MongoDB, the local SearchParameter cache is now immediately flushed.

Previously, the new design for CDA Exchange lived in the CDA Exchange module behind a feature flag, this change will bring the new design into it's own module

Adds a new module called Camel which provides support for Apache Camel integration.

Added the ability to specify a set of block-list rules to omit specific resources from mdm matching.

MegaScale-enabled FHIR Storage (RDBMS) modules can now support multiple credentials to access the same connection URL. This allows Postgresql Row-Level Security to be used. In addition, extra SQL statements can now be supplied by the MegaScale interceptor that will be used to further initialize the database.

The Javascript environment now supports searches of type URI, for example /Observation?_profile=http://my-system.

Created new Pointcut HL7V2IN_POST_HL7V2_TO_FHIR_MAPPING_PROCESSING which is roughly similar to the javascriptonPostConvertHl7V2ToFhir() which contains the converted set of Transaction Bundles generated by the HL7V2 Mapping. This pointcut allows you to see the original HL7V2 message and allows you to modify the converted FHIR Bundles.

Added different build options for smile for different customers.

Some modules under Monitors and Health Checks page on web admin console now have a Download Grafana JSON button. Button downloads a JSON file that can be imported into Grafana to display the module's charts.

A new module named Prior Auth CRD has been added. This new experimental licensed module can enable Coverage Requirement Discovery (CRD) on the CDS hooks module.

Adding the capability to specify that partition names be included in the capalityStatement provided by a fhir endpoint. See related documentation here.

MDMUI module now seeds SearchParameter resources on startup to support required searches for front-end application.

Camel module now supports both yaml and xml format for routes

Adds a new Development Forecast section to the docs page.

The MegaScaleCredentialRequestJson now also contains the partition name, in addition to the partition ID.

The SMART Inbound Security module now supports a getUserName callback. This allows customization of the username instead of using the issuer and subject claims.

MegaScale-enabled storage modules will now cache the response from the megascale interceptor in order to reduce the number of calls to this interceptor.

The frequency of the stale search cleanup process is now configurable. Previously it was hardcoded to every 60 seconds.

A new setting has been added to persistence modules which allow you to force all Subscriptions to rely on IN_MEMORY matching strategy and reject subscriptions which cannot be evaluated in memory.

New pointcuts have been added to the FHIR Gateway Module, to allow for dynamic routing of requests to different FHIR servers based on the request URL. These are titled FHIRGW_[OPERATION_NAME]_POST_SELECT_ROUTE for each of READ, CREATE, DELETE, UPDATE, SEARCH, OPERATION. This pointcut permits you to change the selected routes once they are chosen by the Gateway.

Expand capability of dqm-module's $qpp-build operation to allow for partial submission report generation from MeasureReports. This is required in order to build qpp report objects for submission edits.

Added support for :above, :below, :contains and :missing _source search parameter modifiers.

Prior Auth CRD module now register encounter-start hook to CDS hooks module for supporting Prior Authorization workflow.

Binary resources created as a part of Bulk Export jobs are now only readable by the specific user who initiated the bulk export job. This makes it much easier to set up Bulk Export security for most systems.

MDMUI module now seeds SearchParameter resources on startup for enforcing uniqueness on Task resources created by MDMUI.

Added support for hl7v2 input to Camel script functions.

A new column has been added to the Batch Jobs page on web admin console displaying the job type.

In interceptor starter project, the DSTU3 resources used were replaced with R4 resources. The dependency on DSTU3 structures was also replaced with R4 structures.

Previously, DTR module did not require a license. This behaviour has been changed and starting Smile CDR v2023.08 DTR module will require a valid license.

The embedded Camel libraries have been upgraded to 3.21.0 LTS.

Previously a configuration with clustermgr transaction log disabled and no transaction module would cause the WAC TX Log page to fail. This has been fixed.

Externalized metrics using Prometheus and Grafana

Posting an HL7v2 ADT message with an AL1 will not replace and re-create the corresponding AllergyIntolerance due to a bad DELETE URL added to the transaction Bundle. This has been fixed.

Smile CDR inadvertently introduced two separate scheduled jobs for purging expired searches from the query cache, resulting in unnecessary database traffic. This has been corrected.

Camel xml route files could be incorrectly interpreted as yaml files. This has been corrected.

The PersistenceModuleDiagnostics class should only issue a WARN on Oracle DBs when the Username is the same for identical JDBC URLs.

Previously, if a HL7v2 message contained an AIL-3 segment, the Location resources created were not referenced in the Appointment.participant section of the corresponding Appointment resource as per the HL7v2 specification. This has now been fixed.

Previously, an Implementation Guide added after the initial boot-up sequence would not be used during inbound resource validation. This issue has been fixed.

Previously, after processing ADT A03 and ADT A11 HL7v2 messages using the 'HL7 endpoint listening module', Location resources weren't created. This has now been fixed.

Previously, the MongoDb persistence provider would fail to process DELETE by url requests. This issue has been fixed

Previously, the client secret used for token introspection on OIDC server page was exposed. The client secret is no longer exposed.

Previously, when the last source resource with a MATCH link was deleted, the golden resource remained in the database, leaving it orphaned. This has now been fixed such that when there are no more MATCH links left associated with a golden resource, the golden resource will automatically be deleted.

Updated $everything command documentation to contain list of resources that the command can return

Any attempt to access a contained resource type through JavaScript resulted in an undefined result. This has been fixed.

Previously, set internal synchronous search size to a small value will limit the result set from synchronous searches thereby affecting certain modules such as MDM startup validation.

Previously, in a clustered environment, having two instances with one stopped, Web Admin node status shows restart required when modules that are changed and restarted, this has been fixed.

It is not currently possible to set tls_debug_disable_sni_check (disable SNI checking for TLS connections) outside of PROPERTIES mode. This has been fixed by adding tls_debug_disable_sni_check as a proper configuration key and adding diagnostics for every module that uses TLS to warn this configuration should not be used in production.

When using MongoDb as persistence provider, the response resulting from creating or updating a resources is missing sub properties of meta.tag. This issue has been resolved.

Updated HL7v2 documentation to include storage related interceptor examples and fixing links.

Start date and time no longer appears for QUEUED jobs in web admin console batch jobs page.

The smileutil map-and-upload-csv-bulk-import-file command can complete prematurely before processing all of the input. This has been corrected.

Previously, when performing conditional update on a resource, where the conditional url in use is enforcing uniqueness via unique search parameter, the conditional update fails with error. This is now fixed.

Previously, an error message of the form Failed to retrieve moduleDiagnosticsSvc for this module type:... would be outputted to the log during the startup of certain modules. This has been fixed by adding config diagnostics to all modules.

Due to a rework which changed the way module diagnostics were calculated, rebooting MSSQL persistence modules would result in query timeouts. This has been corrected.

Added support for mdm-clear operation to use batch-size and delete expunge service for more efficient clearing of golden resources.

The mdm module fails to properly restart on MSSQL. This has been corrected.

The SMART discovery document was not available from the FHIR Endpoint module when the Request Tenant Mode was set to URL_BASED. This has been corrected.

In Mongo, a PUT request with a new meta tag would change the values of userSelected and version for all meta tags for that resource,. This has been fixed.

Previously, paging requests issued by the FHIR Gateway would use HTTP GET even if the server was configured to use POST with flag useHttpPostForAllSearches. This issue has been fixed.

Updated troubleshooting log documentation to include custom logback mechanism.

The bulk export documentation is not clear about the interaction between the _type and _typeFilter parameters. This has been fixed.

The ConfigDiagnosticsSvcImpl class will now issue a WARN instead of an ERROR when it cannot find an existing ConfigDiagnosticJson for a Module.

Previously even if Smile was booted up with R5, the UI would display R4 this change fixes that issue.

Fixed bug in MDM match rules using nickname matching.

The FhirWeb Module would Fail to startup if the fhir_endpoint base_url.fixed value was set to an empty string. This fix now allows the FhirWeb Module to startup even in this situation.

The system was failing to recognize custom resources during transaction processing. This has been fixed.

Fixing deadlocks in oracle when purging data from Livebundle.

Updated documentation to discourage users form allowing crawlers on Smile CDR.

The admin web and admin JSON pages are unable to view batch jobs on a persistence mode running on another node. Now there is documentation with procedures on how to configure the admin node to view those jobs.

Previously, channel import module would fail to start when using MongoDB. This is now fixed.

Change the way gateway pagination recovers sent request parameters to support useHttpPostForAllSearches configuration.

Fix a bug where the database configuration check for the db.driver value was expecting a String instead of a DriverTypeEnum.

Previously, MDMUI module would throw error on module startup when seeding SearchParameters. This has now been fixed.

The FhirWeb Module would Fail to startup if the fhir_endpoint base_url.fixed value was set to an empty string and the fhir_endpoint contains a context_path value. This fix now allows the FhirWeb Module to startup even in this situation.

Fix exception thrown by gateway $everything operation when resource id was not present

MongoDB $everything operation bundle could include a next link when there was no next page

Adding a new storage module did not store any SearchParameter resources in the new module when the module was first started. This has been corrected.

Previously, TransactionBuilder object provided to the JavaScript environment would not support R5. This has been fixed.

Fix exception thrown by gateway $everything operation when resource id was not present

Previously gateway operation orchestrator was not sharing routes with pagination services. This is now fixed.

Changing a module's configuration and restarting it would allow the wrong status icon to be displayed in the sidebar. The affected modules where those that depended on the edited module. This has been corrected.

The Web Admin Console Persistence Module config showed the wrong diagnostic and config key when a shell environment variable is used in a config properties file. This has been fixed.

Changed multiple smilecdr.com to smiledigitalhealth.com, and updated document links.

Previously, some MDM interceptors were not unregistered upon stopping, causing duplication of interceptors when MDM is restarted. This has now been fixed.

Resolve the issue of aggregation of measure report. Addressed the following, 1. Migrated Aggregation code from Clinical Reasoning in CDR. 2. Fixed Aggregation Bug that was leading to invalid MeasureScores, Invalid SDE references, and duplicate SDE counts. Also fixed merging bug on stratifiers. 3. Migrated Threading code from Clinical Reasoning to CDR. 4. Added Threading configuration to Web Admin Console.

Fixed problem with gateway pagination caching which was preventing searches by offset to work properly.

Previously, Prior Auth CRD module registered order-sign and encounter-start hooks resulted into 404 service not found. This has now been corrected.

The HL7 v2.x Listening Endpoint can capture received HL7 v2.x messages in FHIR MessageHeader resources as they arrive prior to any transformation. This was actually happening after some parsing had taken place, but that has been corrected.

Previously, the persistence module would fail to restart on MongoDB. This is now fixed.

Previously, using an environment variable placeholder as a module reference resulted in a boot cycle error at startup. This has been fixed.

Fixed gateway not paginating by adding default and maximum page size values.

Fix module diagnostics checker throwing exceptions when configuration values are null.

Added a configuration diagnostic to the Transaction Log and Audit Log modules which indicates you cannot run them on the same database as the cluster manager. If you want to do that, simply use the Cluster Manager's builtin logs.

Previously, when restarting a module in the admin console, the page becomes blank until a refresh gets requested, this has now been fixed.

Added evaluation setting for hapi-fhir storage-cr module operations from cql module. Updated provider loading from hapi-fhir instead of cdr for caregaps and submitdata providers

Add gateway route matcher which matches routes not only by resource but also by request type and operation.

A bug was introduced in 2023.05.R01, which would cause the transaction log to not be activated if a user had enabled both module.clustermgr.config.transactionlog.enabled=true and also module.clustermgr.config.transactionlog.broker.enabled=true. This has been corrected and the Transaction Log will now load correctly.

cdr startup failed on Oracle with an error that it cannot drop a non-existent sequence. This has been fixed.

When running with mongo, delete expunge will only delete the first 10,000 resources if there are more than 10,000 resources. This is now fixed.

The property 'Enable Terminology Indexing' and its corresponding configuration item is no longer needed because Terminology indexing is turned on when Lucene is enabled

Removed deprecated class FhirSearchParameterEntity and dropped it's corresponding tables in migration.

Backported from: 2023.11.R01

Expired search results are now deleted as intended.

Backported from: 2023.08.R01

The mdm module fails to properly restart on MSSQL. This has been corrected.

Adding support for the HL7v2 BAR message ingestion which is used to communicate updates to Diagnoses and/or Procedures.

Add support for archival of OAuth2 Server and Client definitions

Cross-partition references are now supported within MegaScale enabled repositories.

The $expunge operation is now supported on MegaScale repositories.

Previously, the Gateway Patient $everything operation only supported R4 Patient resources. Now, gateway $everything supports both FHIR R4 and DSTU3 resources.

Add support for extensions to CDS hooks.

Added functionality for mdm to match against resources from all partitions, also added option for all golden resources to be stored on a specific partition

Javascript callbacks that take longer than 30s will generate warnings in the system logs.

Add support for applying different strategies to different prefetch queries in CDS hooks.

Added the information about synchronization of Subscriptions when they are updated in clustered Smile

FHIR Storage modules now support adding custom (user-defined) resource types outside of the collection provided by FHIR itself.

A new error message is added to catch when a user is attempting to change the module type of an existing database module.

A new customer-only log configuration file has been provided in customerlib/logback-smile-custom.xml to simplify customization.

A new log file smile-dlq-failures.log has been added to record undeliverable messages that could not be delivered to the dead letter queue (DLQ).

A new log file smile-phi-redacted.log has been added to contain log messages diverted for potentially containing sensitive information.

Navigating between sections on menu bar for Web Admin Console has been changed from hover to click.

Added a config to CDA export module that allows users to specify javascript function hooks.

Added pre-CDA import javascript hook that can be used to pre-proess the input xml.

Updated the JavaScript XML parser to add a number of functions. Most of which are useful for parsing and modifying XML in a JavaScript hook.

Added functionality to allow users to register, and utilize, the onPostExportCDA JavaScript hook. Documentation on how to use this function has also been added.

Updated the xml parser in JavaScript execution environments to add additional functionality (re: adding namespaces to an existing document). Documentation has been updated as well.

The HL7 v2.x inbound message mapper can now use NamingSystem resources in the repository to populate the FHIR identifier system field with appropriate values based on naming systems found with HL7 v2.x identifiers. See NamingSystem Mapping for information.

Previously, HL7 v2 Inbound Endpoint allows malformed resources to be created. Now, the fix for this issue has been implemented in hapi-fhir, this branch is used to add more test coverages.

During CDA Import, if a resource of type AllergyIntolerance, Condition or MedicationRequest is encountered that has the same identifier as a resource already in the repository, the fields AllergyIntolerance.clinicalStatus, Condition.clinicalStatus and MedicationRequest.status, respectively, will be updated to reflect the contents of the new CDA document.

During CDA import, if the record target patient's name or address has changed, those fields will be updated in the repository.

During CDA import, if the record target patient's race has changed, that extension will be updated in the repository.

Previously, an mdm-submit operation with Prefer: response-async header resulted in a NullPointerException in the error logs and a batch job status of FAILED. This has been fixed in hapi-fhir.

New "Premium" tag added to certain docs site pages denoting modules that require additional licensing to use. Currently found on DQM and Payer to Payer module pages, and pages under Amazon HealthLake Outbound REST Connector section.

Adds the ability to create cds hooks on runtime by passing a function. CDS hooks created this way can also be deleted dynamically

Two new operations on the FHIR Storage (RDBMS) module allow for reindexing of a single resource, and simulated reindexing. These operations return a complete description of the existing and new indexes, which can be useful when testing new search parameters.

A new permission called FHIR_EXTENDED_OPERATION_ON_ANY_INSTANCE_OF_TYPE has been added. This permission can be used to authorize FHIR extended operations that can operate at the resource instance level on any instance of any type.

The Smile CDR Consent Service can now be configured using Java-based consent service implementations, as an alternative to using the existing JavaScript-based mechanism.

Updated RTE generation tool in smile-cli to take a file specifying child tables to create. The generation tool has also been updated to use fhir path, not SP types, to determine what columns to create.

Added a new JavaScript boolean function on resources hasContained() that indicates whether the resource has any contained resources.

Introduce configuration to enable the feature that stores the history of MdmLinks. Introduce the $mdm-link-history operation.

Add support for MdmLink history in the data model. MdmLink history will be stored in the new mdm_link_aud table.

Added new pointCut 'CdrPointcut.CHANNEL_IMPORT_MESSAGE_PRE_PROCESSED' allowing customers to modify or reject messages a part of the Channel Import message processing.

Adding pointcut capabilities to HL7v2 inbound endpoint allowing message alteration/routing/dropping before the HL7v2 to FHIR mapping. See pointcut HL7V2IN_PRE_HL7V2_TO_FHIR_MAPPING_PROCESSING for further details.

Hl7 v2.x messages are now supported through channel import.

The metrics endpoint now records min, max, and mean latency times for modules with ports.

The FHIRWeb module will now include buttons to invoke several operations from search result pages. These operations include $everything, $summary, and $diff. Operation buttons will only appear if the individual operations are actually active in the backing FHIR server.

A new module named MDM UI has been added. This new experimental module provides a web based UI for administering links within the MDM module.

Add Provenance references to Task resources for tracking P2P exchanges.

Added support for accessing environment variables from Javascript via a new method called Environment.getEnv().

Users can now click on any Premium badge on a docs page which brings them to a newly added page 'Smile CDR Premium Solutions' for further information. Additionally, pages under Amazon HealthLake section in docs site were tagged Experimental. This has been changed to Trial.

appSphere will now attempt to use the Fixed Value for Endpoint Base URL from the fhir_endpoint module, if a dependency was not found it will default to the original fhirUrl configuration.

Add the DTR module which implements the $populate operation in support of the DaVinci Burden Reduction Documentation Templates and Rules (DTR) IG.

Added AWS as a trial feature on the maturity list section for CDR documentation.

Introduce the ability for DQM users to transform $evaluate-measure-produced MeasureReports into CMS qpp accepted format. This can be done via the $qpp-build operation. Documentation of specifications be found here

Add CQL module to add components used for clinical reasoning features & capabilities into Smile CDR, which includes distributable $evaluate-measure operation as well as measure tests.

A new Pointcut called STORAGE_BINARY_ASSIGN_BLOB_ID_PREFIX has been added. If you wish to customize the prefix used for externalized binary blob IDs, you can do so by implementing this Pointcut, and returning a prefix.

A new parameter called _exportId has been added to the $export operation. If set, any Binary resources created by this Bulk Export will be annotated with that ID in their binary.meta.extension field.

Adds $care-gaps functionality to the Smile CDR The DaVinci DEQM IG specifies an operation called $care-gaps that extends Measure $evaluate-measure to produce reports that show any gaps in the care plan for a given subject relative to the clinical best practices encoded in the Measure. Also adds $submit-data functionality which is used to submit measure report and resources to be saved to the local instance repository and transaction bundle is returned.

Added documentation for $care-gaps operation

Added a Config Check which ensures that the broker is not enabled on the Transaction Log Module, as that is not currently supported.

Using the onTokenGenerating callback method in the SMART Outbound Security module, it is now possible to add complex JSON claims to the generated access token (previously only simple string claims were possible).

A new permission has been added to the Smile CDR permission system that authorizes the use of the International Patient Summary (IPS) $summary operation. A new audit event type has also been added for secure auditing of this operation.

Added validation capability, including package validation, to fhir-gateway.

Two new parameters have been added to the server-level $reindex operation for migrating to/from Inline Storage Mode and disabling the optimistic locking for better performance.

The default value for the Inline Resource Storage Below Size has been changed to 10000 from the current default of 0. This new default setting provides a better balance between performance and database size. See Resource Body Storage for more information.

Locking during authentication has changed to reduce the chance of stalls under heavy load.

Database connections now automatically disable autocommit, which allows for a minor performance improvement by not needing to check autocommit status later.

P2P ingestion mechanism is now been updated to use server assigned ids instead of client assigned ids to avoid hitting 64 character limits for resource.id

The CDA Import mapping for the Health Concern section has been changed so that the free text description of the concern from the narrative block of the section is being captured in the corresponding Condition resource. The category of this resource has also been changed to health-concern to conform to the US Core profile.

When importing an AllergyIntolerance resource from a CDA document, if the clinicalStatus can not be determined based on an Allergy Status Observation entry, the transformation will fall back to mapping the statusCode field of the Allergy Concern Act, rather than hard-coding the clinicalStatus to 'active'.

Previously, the Quartz database connection used the default database connector with auto-commit enabled. This has been changed to use the JobStoreTX transactional connector which is recommended by Quartz when running in clustered mode.

The application logging stack frame filter was changed to include more detail.

Batch2 work-chunk processing now aligns transaction boundaries with event transitions in Mongo.

The deprecated SMART App Host module has been removed

The Task interceptor for MDM UI now handles both creating and updating Task resources

Due to a recent change in hapi-fhir where transactions are no longer flushed prior to the STORAGE_PRECOMMIT_RESOURCE_CREATED being fired, the LiveBundle interceptor now flushes the entity manager explicity on the path where a database search is required.

Update setup documentation for MDM UI, include a single bundle instead of multiple SearchParameters

When a P2P batch job completes or fails we now add a status specific note to the Task resource associated with the transfer. A default note is now also added to the Task regardless of batch job status

There are enum and JSON classes in cdr-api that should be moved to cdr-api-public as a first step to migrate HSSC off of cdr code. These classes have now been moved over.

Mongo batch jobs are now transitionally safe.

Previously, in the HL7 v2.x Mapping API, extra components could not be accessed individually using the rawMessage for fields that were of type Primitive. This has been fixed.

There was an issue in smileutil with command synchronize-fhir-servers. When invoked with a thread-count argument that was less than 10, the provided value would be ignored. This issue was corrected.

NTE segments corresponding to observation notes have a markdown datatype but the punctuation in these notes was not escaped. This has been corrected, and users can now opt-in via the Escape Markdown Punctuation: NTE-3 property.

Previously, clients could configure a property called use_dstu3_mapping_mode within the HL7 v2.x Listening Endpoint module to use mappings from the DSTU3 version cycle. This property has been removed and now if an HL7 v2.x Listening Endpoint module declares a DSTU3 FHIR Storage module dependency, the mappings from the DSTU3 version cycle will be used automatically.

Add missing placeholder attributes for text fields on the Web Admin Console

Previously, in a clustered environment, Web Admin node status shows problems for processes that are stopped on nodes that are not running, this has been fixed.

Some members of the CodeSystemEnum were changed as a result of their stated URLs being incorrect.

Previously, an error will occur when posting a resource with inline reference to Mongo. This is now fixed.

Previously, if a javascript callback called getExtension(url) on a base that had no extensions, then it would create an empty extension. This is no longer the case. If a base has no extensions, then getExtension(url) will now return null.

Previously, when extracting text from a CDA document section narrative block, the CDA import would only capture the contents of text nodes that were immediate children of the identified element in the text block. Now, we will also capture text nodes that are nested deeper in the document structure.

Previously, invoking a bulk export job multiple times while using Mongo DB would result in multiple individual jobs being created. This has been fixed to behave like the JPA implementation, where invoking a bulk export job twice will not result in a dupliacted job.

Previously, prefetch queries with search parameters in CDS Hooks were not working. This is now resolved.

On FHIR Storage (MongoDB) modules, if inline match URLs are disabled and a client attempts to submit one, the URL was previously ignored resulting in an invalid resource being saved. These will now be rejected.

Previously, when using addEntry() on a Bundle built using the ResourceBuilder in the JavaScript Execution Environment, an error will occur. This is now fixed.

IG support is only supported for R4, so IG settings should not show up in the FHIR Storage (R3 Relational) module. This has been corrected and documentation of applicable modules for properties of the Sessions configuration category also has been updated.

When importing a CDA document that indicates the patient has no health problems, a FHIR Condition with a 'No current problems or disability' code will be created.

Previously, parsing HL7v2 messages with IN1 segments resulted in the corresponding coverage resources being stored in a non-deterministic order. This has been changed, so that the order of the coverage resources matches the order of the IN1 segments in the original HL7v2 message.

Previously, it was not possible to clear a migration lock applied to the audit table with cdr-cli. This has been fixed.

Previously, an error during a subscription delivery to consumers would cause any subsequent messages scheduled for delivery in the same set to be ignored. This has been fixed.

A fix for a previous issue (see #3200) caused all multiline system config property values to lose their trailing backslashes. This implementation restores the previous method of handling all multiline property values and ensures that we will not lose this behaviour for specific properties via new unit tests.

The application startup log smile-startup.log no longer includes log-setup warnings.

Previously adding an OIDC server to a P2P module would not show P2P specific fields on the new web admin console. This has been fixed.

In 2023.02.R01, the Audit Log Persistence Module would fail to boot up on subsequent restarts. This has been corrected.

Previously, migration tasks were failing when they were run with a Quartz Transactional connector using Postgres or MS SQL. This has been fixed.

Documentation for the JavaScript Execution Environment's FHIR Model API has been updated to include steps for adding contained resources when not using the TransactionBuilder API.

Previously, when multiple different modules shared the same value for persistence_clustered_scheduler_name, the modules would not properly shut down. To help, new module diagnostics have been introduced to detect a duplicate Mongo clustered scheduler name. Also, the documentation has been modified to mention the consequences of having duplicate scheduler names.

Previously, upgrading from smile version earlier than 2023.05.PRE-09 to a version later than 2023.05.PRE-10 would result in the entries in the OIDC server and the client list to no longer be visible. This has been fixed.

Previously cds hook exceptions were thrown as ConfigurationException, even if they were of type BaseServerResponseException. This has been fixed and now exceptions of type BaseServerResponseException are thrown as originally created.

Clinical Reasoning subject chunking was getting memory exceptions when running at scale, reworked this step of batch2 to leverage paging and iterables to avoid memory bottlenecks

During CDA Import, when an encounter has an associated diagnosis in the CDA document, the generated Condition resource will have its category set to encounter-diagnosis.

When MegaScale was enabled with request tenant partitioning, the subscription module would fail to start. This has been fixed.

Fixed an issue in CDS Hooks where POSTing an empty context would result in a 500 error instead of a 400 (bad request) error.

Previously, errors caused during realtime export could contain PHI. These messages are now filtered out.

Previously, invoking $mdm-link-history on only the golden resource ID or source ID would fail due to faulty validation. This has been fixed.

The Admin JSON console is missing $mdm-link-history. This has now been fixed.

Previously, the top nav status indicator would state Restart Required even if the only Module requiring a restart was Archived. With this change, only non-Archived Modules will be checked when evaluating the overall Health Status of the Node.

When querying $mdm-link-history with no inputs, the error message is mislaeading. Also, $mdm-link-history cannot handle comma-delimited inputs. Both issues are now fixed.

When running a batch job in 2022-11 or earlier and upgrading to a new release, the batch job no longer shows up in admin web Runtime > Batch Jobs. This is now now fixed.

When querying $everything on mongodb, the results contain a patient unrelated to the queried patient if there is an encounter linked to first patient and observation linked to the second patient and to that encounter. This has been fixed.

Previously, CDA Import would fail if certain fields in the document contained special characters which are reserved in FHIR queries. The generated conditional create queries are now properly escaped to prevent this problem.

Previously, rollback of CRUD operations not managed by the HapiTransactionService would be silently ignored. This issue has been fixed.

Previously, a configuration property name with punctuation would cause the module config help link to fail to navigate to the property's anchor link. This has been corrected.

When performing large searches (returning 1000s of results) against a MegaScale-enabled database, the paging links did not always work. This has been corrected.

The suppress scheduled jobs setting on the FHIR Storage (RDBMS) module did not suppress all clustered scheduler activity, meaning that although most jobs were not scheudled, the scheduler would still attempt to connect with the scheduler database. This has been corrected.

The $import-cda operation has a dependency on a library that is not thread-safe. Guard code has been added to prevent multiple threads from accessing the library at once until a permanent fix can be found.

Previously uploading multiple (similar) documents via $cda-import would cause ConstraintViolation exceptions. This has now been fixed via use of a retry mechanism for failed imports.

Previously, P2P subscription for adding a payer was triggered regardless of the property changed on P2P task. This is now fixed to trigger only on status changes.

Previously, users were allowed to opt-in via the Escape Markdown Punctuation: NTE-3 property to escape punctuation characters in observation notes. However, special characters in HL7 including backslashes and the pipe character were not escaped. This has been fixed.

When changing configs for a persistence module and restarting, if auto_create_placeholder_reference_targets is enabled, the module would sometimes fail to start. This has been fixed.

Updated the Smile CDR documentation to deprecate the CDA exchange module.

Registering 3rd party Java Mdm Interceptors would cause an overwrite of Smile's ApplicationContext in DaoRegistry (resulting in a failure to create system dao beans). This has been resolved.

Extended audit log table column storing username to 200 characters to avoid exception when trying to login with a user name longer than 100 characters.

In the Smile CDR documentation for the HL7v2 SIU^S12 message structure, the segments of SERVICE and GENERAL RESOURCE are not included. This has been added now.

In a multi-node cdr configuration, the node with admin web is unable to detect a diagnostics error with another node's configuration, only its own. This has been fixed by storing diagnostics errors for all nodes and modules at boot up, and changing admin web diagnostics to retrieve those errors when inspecting a module.

Previously, processing of a message by email delivery channel would throw an exception after the subscription module was restarted. This issue has been corrected.

Previously, permissions were incorrectly calculated for Patient Bulk Export. This was causing permission denied errors when it should not have been. This has been fixed. Group and System level export are unaffected by this change.

This fix allows exported system config files to be used on a Smile CDR installation when some of the system config properties contain values that span multiple lines.

Previously, when using basic authentication, a client was able to get an access token even if client_assertion and client_assertion_type were missing. This has been corrected.

Previously, if a CDA Exchange or Channel Import module was present in the master config, an AuthenticationCredentialsNotFoundException would be thrown in the logs upon starting SmileCDR. This has been fixed.

Previously, P2P ingestion will fail for Resource references not supporting identifier. This behaviour has been corrected.

Previously Smile CDR would fail to start when provided with a custom resource and enable auto-create placeholder reference Targets. This is now fixed.

Previously when a message with null NTE-3 segment was ingested, a NullPointerException was thrown. This is now fixed.

A regression was introduced which caused Audit and Transaction modules to fail to boot against completely empty PostgreSQL databases. This has been corrected.

When running smileutil generate-rte-schema, the generated SQL does not escape columns with SQL keywords (ex 'START' vs. '_START'). This has been fixed.

Paging with offsets when using mongo database was not working. This has been fixed.

Previously, the Transaction Log Module would appear to be editable in the web UI, but the changes could not be saved. This has now been fixed so that the Transaction Log Module is no longer editable in the Web UI. You must configure it via the properties file.

Previously, Modules on the same JVM that each had a Scheduler running could hang on shutdown due to order of operations and a name collision on the data source. The data source name is now unique for each Scheduler.

Previously, a process connecting to Smile CDR's control port and then exiting the session without inputting a command could cause the process to consume a significant amount of CPU time. This has been corrected.

Previously, rebooting a MongoDB module would fail, with a MongoCommandException failure. This has been fixed.

Backported from: 2023.08.R01

Due to a rework which changed the way module diagnostics were calculated, rebooting MSSQL persistence modules would result in query timeouts. This has been corrected.

When using RTE with binary storage set to any mode except DATABASE (the default), a FHIR Path that would have otherwise resolved a BLOB resource field stored within a database field will fail with a cryptic error. This is because with a non-DATABASE binary storage setting, the binary data will be stored externally. We have introduced better error handling and have documented the limitation.

Changed default application configuration to use generic (ALL Versions) FHIR REST endpoint.

Backported from: 2023.08.R01

Previously, paging requests issued by the FHIR Gateway would use HTTP GET even if the server was configured to use POST with flag useHttpPostForAllSearches. This issue has been fixed.

Provide warning messages in the configuration diagnostics when a multi-node deployment is composed of nodes with inconsistent versions.

Previously, running a configuration diagnostic in a multi-node environment would return an error. This issue has been fixed.

The known issue with Bulk Export in Smile CDR 2023.02.R01 has been resolved. Bulk export functionality is now more performant at large scale, and does not generate occasional incomplete file reports.

Added generate-rte-schema cli command to generate configuration and database schema for Smile CDR Realtime Export based on an Implementation Guide.

Previously, when Kafka was used as a message broker, hyphen characters (-) were replaced with periods (.) for all Smile generated channel names. A new property called Kafka Replace Hyphens with Periods has been added to disable this functionality.

Added support for FHIR UPDATE and CREATE operations to FHIR Gateway. This includes support for creates with client supplied ids, which are handled in the same way as an UPDATE.

A new module type called Audit has been added to Smile CDR. This permits users to separate audit logs from the main Cluster Manager database. Read more about it here.

Providing capabilities for self registered users to reset their password through the user interface.

A new utility will periodically log statistics about available RAM and CPU utilization to the system log for troubleshooting purposes.

The $delete-expunge operation and the _expunge query parameter are now supported for MongoDB.

Added _total request parameter handling to FHIR Gateway.

Configuration was added to allow defining javascript function (text or file) to be invoked to generate kafka partition key for each processed resource.

In admin web, a user has the ability to configure an persistence module to use that same module as validation support. smilecdr will not boot and will be difficult to shut dowh. Admin web has been fixed to remove this module from the dropdown. If a user had previously set up this configuration, smilecdr as a whole will start and only the module itself will not start with a clear error.

Previously the function btoa() was not working in the JavaScript Execution Environment. This function has now been added with the name Converter.base64Encode(). The decoder has also been added with the name Converter.base64Decode().

The Bulk Export operation now respects SMART session scopes that use SMART v2.0 resource constraint filters.

appSphere: Allow the Application Developer to choose sandbox authentication settings.

Add DQM module with clinical reasoning features & capabilities into Smile CDR, which includes distributable $evaluate-measure operation as well as measure tests. You can read more about this in the DQM documentation

SMART Outbound now provides optional processing to lookup the relevant Consent during the PDEX member-directed flow. When active, token generation will use the optional member_id to lookup the matching Consent. When present, it will be available to the onTokenGenerating() callback on the OAuth2AuthorizationRequestDetailsJson parameter.

The metrics endpoint now records authentication success/failure for SMART Inbound Security module and HTTP response metrics for Package Registry module.

Automatic reindexing of resources impacted by SearchParameter changes is now supported in MongoDB. Previously this feature was only available in RDBMS storage modules.

Smile CDR documentation pages for module configuration parameters now contain a link to the documentation for the module(s) that the parameter applies to.

Previously, client-confidential-asymmetric was not a part of the Capability Sets. This caused an error when trying to add it in the smile config. This has now been fixed, client-confidential-asymmetric has been added to the SmartCapability enum.

When a user initiates an $export operation, if they do not specify which resource types to include as an input parameter, the result will automatically be restricted to the resource types they have authorization to access.

Added CdrEndpointRequestDetailsJson supplier in FHIR REST Endpoint Spring context, to allow interceptors to modify request details headers used to build Audit Log entries. Using ICdrEndpointRequestDetailsJson from public API to prevent interceptor projects from having a direct mandatory dependency on jars from Smile CDR module, which can be problematic as they are non-public. Added sample AuditLogHeaderUpdateInterceptor in interceptor starter project to demonstrate how to use it.

Added support for FHIR DELETE operation to FHIR Gateway.

Update request new app fields in appSphere gallery

appSphere: Expired application emails will now be sent every 7 days

Previously, when viewing a transaction log of an update/create request of a patient, the information of the patient was visible. This is now configurable through a setting in cluster manager, to show and hide that information in the logs to prevent the showing of PHI or PII.

appSphere: Attestation warning will now be sent after updating developer profile

When parsing a CDA file, if there are multiple references to a single service delivery location, these will be deduplicated into a single Location resource in the output Bundle.

Previously, if the HealthLake connector module received an error response from Amazon Healthlake, it would retry the request indefinitely, unless the error is “Unsupported resource”. A retry limit with a default value of 20 has now been added, any amount of retries above the set amount will now be moved to Dead Letter Queues (DLQs)

Support has been added for Combo Unique and Combo Non-Unique SearchParameter resources in MongoDB.

Added new section to the platform requirements doc page, that details the supported versions of java in previous releases of smile.

Added resourceType parameter to $mdm-query-links

appSphere: Return permissions with application summaries & allow filtering via permissions in the admin console

Split out the licensing service from the clustermgr, adding in a separate license module that will handle licensing itself.

License module will display warnings or errors in startup logs. These logs will also be displayed on a daily timer to alert users when licenses are about to expire.

Web admin console now displays success/failure messages to users trying to enable TFA

Support was added for Reference and Uri combo search parameters in MongoDB.

The transaction log was previously enabled by default with a retention period of 90 days. It is now disabled by default in cdr-config-Master.properties and there is a default retention period of 7 days. The production_checklist.md documentation has been moved to installation notes production checklist

Added resourceType as a parameter to $mdm-duplicate-golden-resources operation.

Added sorting capability to $mdm-query-links operation. See: MDM Operations for more information.

Previously when navigating to a chapter in the docs page that does not exist, it displays a page with the exception message. Now it displays the Smile 404 page.

Added audit and transaction logs for P2P batch job.

Operation of search total counts will be unavailable when 'automatically_narrow_search_scope' is enabled to avoid accidental disclosure of non-narrowed resource counts. The property description has been updated according to this intended behaviour.

A new experimental feature for automatically generating International Patient Summary (IPS) documents has been added.

The metrics endpoint now records min, max, and mean latency times for persistence module.

Licensing is now enabled on all Smile CDR installations. View our license documentation for more details. Reach out to your Customer Success Advocate to discuss licensing. Currently, the AWS Healthlake Module, Payer-to-Payer Module, and the new DQM Module require a license.

List resource type has been added to the default Mongo DB Persistence resource types, as it is required for bulk export.

The filter of PHI and other sensitive data in the log has been extended to stack trace messages.

The MongoDB persistence module will cache instances of resource DAOs for reuse rather than creating a fresh instance every time they are needed.

Replace usages of ResourcePersistentId with an interface IResourcePersistentId and parameterize specific implementations of it in classes that rely on a specific implementation.

The default (out of the box) Smile CDR configuration will now configure a maximum of 4 GB of RAM instead of the previous maximum of 2 GB.

Previously, jobs were scheduled via a @PostConstruct annotated method. This has been changed to an implementation of IJobScheduler interface so the job scheduler can schedule all the jobs after it has been started.

The HL7 v2.x Listening Endpoint module has been changed to use FHIR ConceptMap resources in place of hard-coded lookup tables. This allows for the customization of such mappings, and affects most HL7 v2 processing; for complete details, see FHIR-based Terminology Translation.

Fhir resources in JSON or XML format will be scrubbed from log messages at level INFO or higher as they may contain PHI.

Previously, it was possible to have multiple clustered persistence scheduler names because the scheduler name was created using node id and module id. This has been changed, and now all clustered persistence schedulers are named cdr-persistence.

Logos in Web Admin Console changed from old Smile CDR logo to the new Smile Digital Health logo.

A new Persistence Module configuration setting has been added called dao_config.job_fasttracking_enabled, default false. If this setting is enabled, then gated batch jobs that produce only one chunk will immediately trigger a batch maintenance job. This may be useful for testing, but is not recommended for production use. Prior to this change, fasttracking was always enabled which meant if the server was not busy, small batch jobs would be processed quickly. However this lead do instability on high-volume servers, so this feature is now disabled by default.

Implements the streaming functionality for MongoDB that is used for batch jobs. This functionality fixes bulk export jobs with low max file size that were getting stuck in the FINALIZE state.

Updated the Payload Search Result Mode section in the document indicating that this feature also applies to Message channel type now.

The HL7 v2.x Listening and Sending Endpoints are compatible with partitioning, but still currently log a warning when partitioning is enabled. This has been corrected.

Attempting to use Channel Import with partitioning enabled would result in an error in most cases. This has now been fixed by allowing the client to pass a partitionId in the message payload. See the documentation for an example.

Resolved NullPointerException issue in the PartitionSecurityInterceptor that could occur when a user configured a named partition but then requested access to the default partition.

Creating an HL7 outbound module config with MLLP_OVER_TCP starting, then updating to HL7_OVER_HTTP and restarting causes a ClassCastException. This has now been fixed.

Previously, if a child element's length of a resource was called in the function of HL7 v2.x Listener Script several times and the child element was empty initially, then the length will appear to be different in each call. This was because of automatically generated placeholder. The issue has been fixed by adding a check condition to drop the empty placeholder from the existing value list.

Previously, subscription producers and consumers on separate nodes were not able to see one another's channels since the node name was added to the channel name. This has been changed by allowing the name of the subscription matching channel to be unqualified.

Previously, an HL7 v2.x VXU message did not correctly process an immunization manufacturer. Now, this issue has been fixed.

Added the function addContained() to the FHIR storage callback script execution environment to allow the user to create contained resources.

Previously, sending an HL7 v2.x SIU message that included multiple NTE segments was processing incorrectly. Now, this issue has been fixed.

Fixed a display issue with HL7 messages in the Web Admin Console transaction log

Updating the HL7V2 Structure Definition documentation to match the HL7v2 Generic Mapper.

Supplying ActiveMq with an error handler to prevent logging payload when encountering issues while processing received JMS messages.

Editing the 'Applies to Modules' column in the documentation for property 'Mark Resources for Reindexing after SearchParameter change' to not include mongoDB.

Previously, sending an HL7 v2.x inbound message that includes a numeric datatype variable in OBX segment with a positive leading sign was getting a processing issue. Now, this issue has been fixed.

Previously, a bulk import with DSTU3 would fail due to the valueUrl data type not existing. Now, documentation has been changed to use the valueUri type.

Realtime Export currently does not support a number of data types, including DATE_ONLY and DATE_TIMESTAMP. DATE_ONLY and DATE_TIMESTAMP are now supported.

Previously, instead of narrowing the search results, specifying resource-specific scopes in a SMART token would result in an Access Denied error. This is now fixed.

Mongo database users would always have search references replaced with resource ids inline during create/update. This is now configurable in mongo, and is defaulted to true for all dbs.

Previously, JavaScript version of translate operation only returned one result even when there were multiple matches. Now, this issue has been fixed by adding two new api method chains called 'andReturnMultipleCodings()' and 'andReturnMultipleCodesAsString()' which will return all the matched results as a list.

Previously, when \n, \r, or \t was used as a delimiter in the HL7 v2.x inbound mapper (i.e. Observation NTE, Observation OBX or Order Observation NTE), the mapped FHIR resource escaped the delimiter resulting in text that contained \\n, \\r, or \\t respectively. Now, this has been fixed.

There is inconsistent validation in the case of an incorrect communications language coding due to validation that looks for the first correct Coding. In the case of a single incorrect code there is one validation result. In the case of one correct code and one incorrect code, there is an entirely different result. This has been fixed by introducing a new optional configuration, turned off by default, that allows clients to toggle the behaviour.

Cross-partition subscription PUT with a custom interceptor will fail on validation because the read partition ID is validated. This has been fixed by making use of a hapi-fhir fix that skips validation if the validator invoked during an update operation

Previously, an exception would be thrown while parsing a CDA document if a social history observation had a nullFlavor on the root element. This has been fixed.

Realtime Export currently does not support the DOUBLE data type. This is now fixed.

Support for the CLOB datatype was added to Realtime Export.

Support for the BLOB datatype was added to Realtime Export.

Existing response watermark constant has a typo. Introduce a correctly spelled constant, deprecate the old one, and continue to support it.

Previously the example in documentation for Converter.base64Encode was incorrect. This has been fixed.

Realtime Export currently fails with a DATE_TIMESTAMP field on Postgres and potentially other DBs. This is now fixed.

Before, MDM operations invoked from Admin JSON were not generating audit log. This has been fixed.

Previously, in the JSE, resource.id returned the id containing the resource and the history version ex. Patient/123/_history/1, which violates the fhir specification. This has been fixed, and resource.id will only return the bare id (ex. 123). To preserve previous workflows, the resource type can be accessed via resource.resourceType, and the version number via resource.meta.versionId.

Previously, deleted resources were not being expunged properly with MongoDB. This was resulting in a ResourceNotFoundException whenever a resource level /history query was performed after using expunge. This has been corrected.

When an invalid JWT auth token is used during bulk export, a 401 Unauthorized failure response is given. This has been changed to return 400 Bad Request to match client test cases.

Restores the ability to invoke the $export operation using an HTTP GET request.

Previously, the description of Forward Persisted Messages property in HL7 V2 Outbound Module documentation was not displaying as a link. This has been fixed.

Before, the input for each field when creating a new module would be blank. The default values are now given for each field.

The results of the GET Patient/$everything command when using Mongo DB differ from the results when using JPA/RDMS. The Mongo implementation has been improved to be much closer to the JPA implementation.

Previously, when the Realtime Export module was started with the dao_config.auto_create_placeholder_reference_targets.enabled set to true a PreconditionFailedException was thrown resulting in a start up failure. This has been fixed.

Before MDM Partition Key Generator type had to be configured through system properties. A Web Administration option has been added to allow configuring it.

Kafka message processing could log PHI during after delivery failures to both the target, and the dead-letter queue. This message body is now redacted.

Before Web Admin configuration properties help target was not specific when property name contained parenthesis. This has been fixed.

Previously, the Kafka SASL JAAS Config and Kafka SSL Key Password properties would be visible in the Web Admin Console. These properties are now hidden.

Trying to delete a resource through FHIR gateway configured in DSTU3 no longer returns a 500. Now delete is processed in the same way as a gateway configured in R4.

A recent change to automatic resource type selection for Bulk Export accidentally caused DSTU3 Bulk Exports to fail. This has been corrected.

When cleaning up expired OAuth2 authentication codes from the database, if a record was present in the database from an older version of Smile CDR the cleanup loop could occasionally fail. This has been corrected.

An occasional processing error caused an exception to be thrown when submitting data to a MongoDB Storage module with MDM enabled.

A race condition caused Batch2 job processing to stall occasionally on MongoDB storage modules if an unexpected error occurred. This has been corrected.

Improved fhir-gateway troubleshooting logging by providing extra debug entries.

Previously, when combo search parameters were created in MongoDB, the SearchParameter.name value was used for the name of the MongoDB document key that held the combo index value. This has been corrected and now the SearchParameter.code value is used.

Previously, combo unique search parameters were not properly enforcing uniqueness after being updated in MongoDB. Now, when a combo SearchParameter is changed from unique to non-unique, duplicate values are accepted. Similarly, when a combo SearchParameter is changed from non-unique to unique, duplicate values are rejected.

MongoDB Storage module sorting on the _lastUpdated parameter produced incorrect results.

Previously, the MongoDB FHIR Storage module would always use the Internal Synchronous Search Size configuration property as the number of documents to fetch, regardless of the details of the request. Now, the property will be used as an upper limit, but callers can request a smaller result set.

Fixed a bug with batch jobs in Mongo, where occasionally in a concurrent environment, messages could be double-delivered, causing batch jobs to hang due to the unknown state.

Fixed bug where the context path of the FHIR endpoint was being omitted in the generation of GraphQL URIs.

During CDA Import, some resources of types CarePlan, CareTeam, Condition and Device were not populating their identifier field. This could result in duplicate resources being created under some circumstances. This has been fixed.

Previously, queries in Mongo DB that used _include parameters could accidentally include multiple versions of a resource. This has been corrected.

A MongoDB patient $everything request was returning duplicate organizations after POSTing a Bundle with a Patient, Organization and Consent. This has now been fixed by filtering out the duplicate organizations from the response.

A bug existed where importing a CDA document that contained Blood Oximetry (code 59408-5) and OxygenConcentration (code 3150-0) observations but was missing FlowRate (code 3151-8) would result in an error. This has now been fixed.

Fixed bug when users are seeded with default launch contexts.

When using smileutil generate-rte-schema, REFERENCE resource fields were being converted to BLOB in JSON and oid in postgres SQL. This has been fixed by ensuring they are now converted to STRING/varchar(255), respectively.

Previously, the CDA Import feature was not populating 'No Known Allergies' codes correctly in AllergyIntolerance resources. This has been fixed.

The HL7 v2.x Listening Endpoint module used to handle OBR-4 fairly strictly. Sparser values are now accepted.

Previously, the default logging would log all Kafka config properties. This has been downgraded to DEBUG log level. To view these config properties in log, you can modify logback.xml and create a logger named ca.cdr.broker.kafka.config set to DEBUG level

Proper experimental tag added to documents to indicate correct level of maturity model for feature.

Previously, a CDS endpoint would return HTTP 500 when encountering issues parsing user submitted payload . This has been corrected.

When performing a P2P data transfer as the receiving system, MDM metadata in receieved data is now discarded, in order to avoid collisions with the MDM system on the receiving system.

Added a migration for older versions of smile which were storing the enforce_referential_integrity_on_write configuration item as a string instead of a boolean.

A new command in smileutil called clear-migration-lock has been added. This command can be used to clear a stale database migration lock row.

Bulk export jobs that are COMPLETED in Mongo DB were missing reports. This has been fixed by resolving a race condition where the report was overwritten with a null report.

Previously, it was not possible to clear a migration lock applied to the audit table with cdr-cli. This has been fixed.

$mdm-submit would throw a class-cast exception when running on mongo. This has been corrected.

The official Smile CDR Docker image now runs as a non-root user, and is based on an alpine image (amazoncorretto:17-alpine3.17).

Backported from: 2023.02.R01

Previously, queries in Mongo DB that used _include parameters could accidentally include multiple versions of a resource. This has been corrected.

Backported from: 2023.02.R01

When performing a P2P data transfer as the receiving system, MDM metadata in receieved data is now discarded, in order to avoid collisions with the MDM system on the receiving system.

Backported from: 2023.02.R01

A new Persistence Module configuration setting has been added called dao_config.job_fasttracking_enabled, default false. If this setting is enabled, then gated batch jobs that produce only one chunk will immediately trigger a batch maintenance job. This may be useful for testing, but is not recommended for production use. Prior to this change, fasttracking was always enabled which meant if the server was not busy, small batch jobs would be processed quickly. However this lead do instability on high-volume servers, so this feature is now disabled by default.

Backported from: 2023.02.R01

The results of the GET Patient/$everything command when using Mongo DB differ from the results when using JPA/RDMS. The Mongo implementation has been improved to be much closer to the JPA implementation.

Backported from: 2023.02.R01

Fixed a bug with batch jobs in Mongo, where occasionally in a concurrent environment, messages could be double-delivered, causing batch jobs to hang due to the unknown state.

Backported from: 2023.02.R01

A MongoDB patient $everything request was returning duplicate organizations after POSTing a Bundle with a Patient, Organization and Consent. This has now been fixed by filtering out the duplicate organizations from the response.

Backported from: 2023.02.R01

Added support for FHIR UPDATE and CREATE operations to FHIR Gateway. This includes support for creates with client supplied ids, which are handled in the same way as an UPDATE.

Backported from: 2023.02.R01

Resolved NullPointerException issue in the PartitionSecurityInterceptor that could occur when a user configured a named partition but then requested access to the default partition.

Backported from: 2023.02.R01

An occasional processing error caused an exception to be thrown when submitting data to a MongoDB Storage module with MDM enabled.

Backported from: 2023.02.R01

A race condition caused Batch2 job processing to stall occasionally on MongoDB storage modules if an unexpected error occurred. This has been corrected.

Backported from: 2023.02.R01

MongoDB Storage module sorting on the _lastUpdated parameter produced incorrect results.

Backported from: 2023.02.R01

$mdm-submit would throw a class-cast exception when running on mongo. This has been corrected.