0.1.1Changelog: 2025

 

Legend

A new feature
An existing feature has changed
A bug fix
A performance improvement
A security issue has been corrected

0.1.2Smile CDR 2025.08.R01 (TBD)

 

0.1.2.1Release Information

Released 2025-08-18
Codename TBD
HAPI FHIR Smile CDR 2025.08.R01 is based on HAPI FHIR 8.4.0, and includes all changes and fixes included in this version. Please see the HAPI FHIR ChangeLog for details about what has changed.

0.1.2.2Upgrade Instructions

0.1.2.3Changes

Added the ability to define a custom login logo to the login page for smart-out module, if no custom skin is being used.

A new operation ‘Group/$bulk-member-match’ has been introduced in the System-to-System Data Exchange Module. This operation is designed to process bulk member matching requests for groups in compliance with the PDex Bulk Member Match Operation specifications.

A new $sdh.mdm-bundle-match operation has been added to Smile CDR that processes a FHIR Bundle to match resources against existing resources in the repository using MDM rules. This operation helps prevent duplicate resources by identifying and removing resources in the input Bundle that match existing resources in the repository before persisting the bundle. Similar to Patient/$match, this operation can run with the MDM module operating in MATCH_ONLY mode. A new Camel processor called mdmBundleMatchProcessor is also provided to perform the same operation.

To prevent excessively large log files, logback.xml was updated to use SizeAndTimeBasedRollingPolicy and more logs-related guidance was added to the Production Checklist

Added a new FHIR operation $sdh.cda-to-fhir that can be used to translate a CDA Document into a FHIR document Bundle.

Remove all deprecated Clinical Reasoning logic.

Remove pointcut PRIOR_AUTH_CRD_GATHER_CONTEXT and configuration for specifying custom beans in Prior Auth CRD module as the patient in context can now be set in Camel route.

Porting CDS_HOOKS_REQUEST transaction logs into new PRIOR_AUTH_CRD sub type to enable greater control for use with Camel.

Add support for using Pulsar as a Message Broker (instead of Kafka or ActiveMq). Also added new Broker Troubleshooting Log that can be used to troubleshoot issues communicating with Pulsar, Kafka or ActiveMq.

For the $davinci-data-export endpoint, the exportType parameter is now mandatory. Any request to $davinci-data-export must include a valid exportType value. While the IG does not explicitly define the cardinality of this parameter, its absence leads to undefined behavior. Therefore, to ensure proper implementation, this field is required.

The Runtime Audit Log Action Filter was showing duplicate entries in the event sub-type selector. This has been fixed.

Refactored transformer strategies to allow adding attributes at the TransformationStrategy class, not just wrapper strategy. Added codeclass attribute 'ASSIGNED' to AssignedAuthor and AssignedEntity

Remove CDS hooks diagnostics warning require a persistence module dependency since this will be resolved through the FHIR endpoint dependency.

Mdm did not function properly with the new Pulsar broker. This has been corrected.

Previously, some modules which had optional dependencies on persistence modules were not correctly binding the Fhir API into their Javascript Execution Environments. This has been corrected, and now if a module depends on a persistence module, and has a javascript execution environment, the Fhir API will be available in it.

Upgrade to spring-security 6.4.5

0.1.3Smile CDR 2025.05.R01 (Fortification)

 

0.1.3.1Release Information

Released 2025-05-18
Codename Fortification
HAPI FHIR Smile CDR 2025.05.R01 is based on HAPI FHIR 8.2.0, and includes all changes and fixes included in this version. Please see the HAPI FHIR ChangeLog for details about what has changed.

0.1.3.2Upgrade Instructions

Upgrade Notes

Camel module configuration changes

Before 2025.05.R01, the property intermediate_logging_enabled, could be defined in camel module as well as in hl7v2_in module. Camel module definition has been deprecated. Going forward only hl7v2_in module definition (key = module.<endpoint-hl7v2-in-module>.config.intermediate_logging_enabled) will be accepted.

Changes to AWS IAM and AWS Secrets Manager usage

As of 2025.05.R01, Smile CDR now uses the AWS Advanced JDBC Driver to manage connections to RDS databases. This comes with minor changes on how to use both IAM and Secrets Manager. More details can be found in the documentation.

Changes to SMART permissions - Support for SMART 2.0 and changes to SMART 1.0

The SMART 1.0 scope patient/*.write grants create and update to applications. As of this release, it also grants delete. It is equivalent to patient/*.cud in the new SMART 2.0 syntax.

CDA Exchange+ import mode

The default value of the CDA Exchange+ Import Mode has changed to DOCUMENT_BUNDLE. If you are upgrading from 2025.02 and are using database configuration, your previous setting for this property will be retained. Otherwise, if you are upgrading from an older version of Smile CDR or you are using properties configuration, you will need to explicitly set this property to TRANSACTIONAL if you wish to continue using transactional bundles.

Consent module (EXPERIMENTAL) changes

There have been a number of significant changes to the Consent Module API.

Example using the old API:

{
   "canSeeResource": {
     "consentServiceFactory": "smileSecurityLabelConsentServiceR4",
     "consentRules": [
       { "name": "BTG_OVERRIDE_RULE", "matching": [  { "matchUrl": "Consent?purpose=BTG" } ]},
       { "name": "PATIENT_HIPPA_GRANT_RULE", "matching": [  { "matchUrl": "Consent?scope=patient-privacy" } ] }
     ],
     "fallbackConsentRule": "REJECT"
   }
}

Equivalent example using the new API:

{
   "canSeeResource": {
     "consentRules": [
       { "name": "BTG_OVERRIDE_RULE", "matching": [{ "matchUrl": "Consent?purpose=BTG"}], "consentResourcePolicy": "smileSecurityLabelConsentServiceR4"},
       { "name": "PATIENT_HIPPA_GRAN_RULE", "matching": [{"matchUrl": "Consent?scope=patient-privacy"}], "consentResourcePolicy": "smileSecurityLabelConsentServiceR4" },
       { "name": "FALLBACK_REJECT_RULE", "fixedPolicy":  "REJECT"}
     ]
   }
}

Summary of changes:

  1. The overarching consentServiceFactory has been removed.
  2. Each consent rule with matching criteria now defines their own consentResourcePolicy which serves the same purpose as the old consentServiceFactory. This removes the restriction of having the same consent service apply to all consent rules. Implementers should map each consentResourcePolicy to a new instance of an IConsentService in the new CONSENT_BUILD_CONSENT_RESOURCE_POLICY_CONSENT_SERVICE pointcut. Note that this pointcut replaces the old CONSENT_BUILD_CONSENT_SERVICE pointcut.
  3. The fallbackConsentRule has been removed and is now specified using the last rule in the consentRules as a fixedPolicy. Note that a fixedPolicy can be used anywhere in the consentRules and gives implementers the ability to make consent decisions that are not dependent on Consent resources. Implementers should map each fixedPolicy to a new instance of an IConsentService in the new CONSENT_BUILD_FIXED_POLICY_CONSENT_SERVICE pointcut.
  4. Each consent rule can have:
    • a fixedPolicy with no matching rules
    • a consentResourcePolicy with matching rules

Password Length Limitation with BcryptPasswordEncoder

Due to a version bump in bcrypt, maximum password length is limited to 72 characters for new passwords, specifically for those using the BcryptPasswordEncoder. This limitation applies to passwords created or updated after upgrading to 2025.05.R01. Existing passwords longer than 72 characters will continue to work until they are changed.

0.1.3.3Changes

A new feature called [Tokenization](/docs/fhir_repository/tokenization.html] has been added to the FHIR Storage (RDBMS) module. This feature can be used to replace specific elements within FHIR resources with opaque tokens, and provides a mechanism that could be used to implement record-level and element-level encryption within FHIR resources.

Smile CDR modules may now instantiate and use their own CamelContext in order to take advantage of Camel Processing, outside of the Camel Module.

The FHIR gateway now supports the history operation at the instance level (e.g. Patient/1/_history).

Added a warning message to the conversion results returned from an hl7v2 endpoint to the client when the value populated in OBR-24 could not be mapped to an element of Table 0074.

The CDA Exchange+ module now provides mappings between the C-CDA 2.1 and US Core 6.1.0 IGs. A new mapping has been added for the Specimen profile, the mapping for the Coverage profile has been significantly redesigned, and small changes related to modality and cardinality have been made in several resources including Patient, Observation and MedicationRequest.

There have been significant changes to the Consent Module API. Please see the 2025.05.R01 release notes for more details.

Bulk Export support has been added to the Consent Module. See the Bulk Export Support section for more details.

Previously, choosing Infinispan as a cache store would result in the query cache operating in a hybrid mode where only search results would leverage the Infinispan cache instance. This feature extends Infinispan caching to include storing the searches themselves, allowing the query cache to operate independently of the database. See our documentation on query cache support.

The Prior Auth Support (PAS) module now has two additional properties organization_npi_identifier_code_systems & practitioner_npi_identifier_code_systems, which will be used to search Practitioner and Organization resources. Additionally, the identifier_code_system property has been removed from the configuration.

A custom troubleshooting logger has been added for the Prior Auth Module.

Added support for SMART on FHIR STU 2.1 permission scopes like patient/Observation.cruds. These can be mixed with the existing support for SMART 1.0 scopes like patient/Observation.read. To match the SMART 2.1 specification, the *.write permission from SMART 1.0 is now interpreted to include delete in addition to create and update. More details can be found in the SMART 2.1 documentation.

Added support for Provider Access Da Vinci data export, via the $davinci-data-export operation.

Added a tutorial for how to add custom operations (e.g. $process-message) to a Smile CDR FHIR Repository.

Added Transaction Logging capabilities to the Smile CDA Exchange+ Camel processors.

Added new Transaction Log subtypes to account for $submit and $inquire operations

A new Camel processor called wrapInDocumentReferenceProcessor has been added. See the wrapInDocumentReferenceProcessor section for more details.

Added a new singleResourceProcessor for direct FHIR resource processing in Camel routes. This enables processing individual resources without requiring Bundle wrapping, simplifying common integration scenarios. Documentation and sample routes can be seen in the documentation.

Added a troubleshooting log for request partition routing.

Bulk export support was added to FHIR Gateway. This includes $export, $export-poll-status and $proxy-link operations. Please refer to the documentation for more details.

The following properties of the FHIR client used in the remote terminology service can now be configured:

  • [Connect Timeout](/docs/configuration_categories/fhir_storage_module_validation_svcs.html#property-remote-terminology-service-client-connect-timeout-ms) (`remote_term_svc.client_connect_timeout_ms`)
  • [Socket Timeout](/docs/configuration_categories/fhir_storage_module_validation_svcs.html#property-remote-terminology-service-client-socket-timeout-ms) (`remote_term_svc.client_socket_timeout_ms`)
  • [Max Pool Size](/docs/configuration_categories/fhir_storage_module_validation_svcs.html#property-remote-terminology-service-client-pool-max) (`remote_term_svc.client_pool_max`)
  • [Max Pool Size Per Route](/docs/configuration_categories/fhir_storage_module_validation_svcs.html#property-remote-terminology-service-client-pool-max-per-route) (`remote_term_svc.client_pool_max_per_route`)

The configuration bundle zip download now includes a summary of registered hooks, allowing users to see which pointcuts have interceptors attached to them.

If a Camel Message Body implements IModelJson (i.e. it is a Java class that supports JSON serialization), the body will now be serialized to JSON and made available to the Camel Script as a JSON object.

Previously when a Camel Script expected Java Bundle input, it needed to have the input=bundle parameter on the Camel Script URI. This is no longer required. Bundle types are now automatically detected and made available to the JavaScript Execution Environment.

FHIR Path expressions can now be evaluated on FHIR resources within the Java Execution Environment. See the FHIR Model API documentation for details on how to do this.

Modified Camel JavaScript integration to give Camel Scripts access to Exchange Headers and Properties by including includeExchange=true in the Camel Script URI. See the Script section of Smile Camel Processors for details of how this works.

Added payertopayer as a valid option for the exportType parameter of a $davinci-data-export operation request. This enables the PDEX exchange as defined in the specification.

The Module Config page of the Web Application Console now displays the interceptors that are registered on that module for the local node.

The CDS Hooks module now allows you to select which version of the CDS Hooks specification you would like to use, via the [cds_hooks_version configuration property](/docs/configuration_categories/cds_hooks_definitions .html#property-cds-hooks-version). Currently, 1.1, and [2.0] (https://cds-hooks.hl7.org/2.0/) are supported.

Implemented the Subscriptions R5 Backport so that SubscriptionTopic resources can now be created in R4 via a Basic resource with extensions. This makes all of the R5 Subscription Topic capabilities available in R4.

Added support for SusbcriptionTopic.notificationShape so includes and reverse includes can be included in the subscription notification.

Added a new CLIENT_AUTH_PRE_TOKEN_REQUEST pointcut to allow overriding of the oauth token for P2P $member-match and $export calls. The pointcut receives an HttpRequestBase to be called to get the token using the default client-secret method. The implementation of this pointcut, that can be configured under the system-to-system module configuration, allows users to redefine the tokens that will be used for $member-match and $export. A sample implementation of the pointcut can be found on the System-to-System Data Exchange page

Adding a new apis section to the product portal custom application configuration. It will contain configuration information for built-in apps and will enable prior-auth configuration. This will mean that administrators will have to manually enable the configuration for prior-auth admin to appear.

A new partition mode named REQUEST_HEADER has been added. This mode allows the storage partition IDs to be specified in a request header called X-Request-Partition-IDs.

Enhance the Provenance resource with the source insurer details when doing an $invoke-export operation. See System to System Data Exchange Module for more information.

The security context is now available when each work chunk of a batch job is being processed.

Archived OIC Clients were unable to be viewed in the web admin console. Moreover, saving a client as 'archived' resulted in errors. These have now been fixed.

Added new JSON APIs to the Package Registry module, to inspect and help mitigate duplicate resources among different NPM packages.

PriorAuth CRD module now allows registering multiple CDS hooks.

Add the new SMART 2.0 capabilities to the defaults: authorize-post, permission-v1, and permission-v2.

The System to System Data Exchange Module is no longer feature flagged and is available for selection from the Web Admin Console.

The Apache Camel version used in the Camel module has been upgraded from 4.8.2 to 4.8.6. See the Apache Camel 4.X Upgrade Guide for more details.

Update CQIS libraries to 2025.04.R01, and clinical-reasoning to 3.19.0

A new cdr-api-public-test-utils module has been added, with the goal of allowing users to write their own integration tests. Please see the documentation for a tutorial on how to use this new tooling.

The XPath evaluator used in the Javascript Execution Environment had an inefficient namespace lookup which is now cached for better performance. This also allows the xpath evaluator to be used on child nodes containing namespaces.

Previously, when a custom $member-match script returned null instead of a Patient, the system would use its default $member-match logic. This has now been changed to throw a 422 Unprocessable Entity exception. This will ensure that implementations do not accidentally use the default logic when they do not intend to.

The AWS V1 SDK has been removed, and replaced with the AWS V2 SDK. This brings in with it new functionality surrounding database connections to RDS. More information can be found in the documentation.

Previously, the CDA Exchange+ module was mapping the FHIR Observation.performer field to the CDA Observation/author field. This has been changed to map to CDA Observation/performer for both import and export.

Previously, in the CDA Exchange+ module, an Observation in the Social History section was linked to a supporting Assessment Scale Observation using the hasMember reference. This has been changed to use the derivedFrom reference.

Rename Davinci Data Exchange module and remove feature flag

Prior Auth CRD (Coverage Requirement Discovery) now uses a Camel route to evaluate the incoming request instead of directly calling $apply.

Previously, if a Kafka send operation failed, the message would be dropped with a log message. Now the send operation waits 60 seconds for the send to succeed. If the send fails, the Kafka send service throws a BrokerSendFailureException so the caller can recover from the sending failure.

The ENDPOINT_P2P Module has been deprecated.

The default document ingestion mode for the CDA Exchange+ module has changed from transactional bundle to document bundle.

The default de-duplication algorithm in the CDA Exchange+ module has changed. Please refer to the documentation for more details.

PlanDefinition ID configuration in PriorAuth CRD module is now part of the CrdApplyProcessor route parameter.

The CDA import transformation will now merge generated Practitioner resources if they have any identifiers in common, instead of requiring all identifiers to match. This will reduce duplicate resources and improve performance in cases where a national provider registry identifier is assigned in addition to other identifiers.

Previously, the SMART Discovery Document returned by a SMART on FHIR enabled endpoint did not include elements grant_types_supported and code_challenge_methods_supported which are required in version 2.1.0 of the SMART on FHIR specification. This issue is fixed.

Fixed an issue where the FHIR Gateway would accidentally block responses containing an OperationOutcome in a search. OperationOutcomes that are returned as part of search results are now implicitly authorized based on the authorization of the original search.

Kafka installs configured with SASL were previously unable to make calls to the broker. This has been corrected, and SASL authentication now works.

Previously, the startup log would not properly report the operating environment type(e.g. DEV, STAGING) after migrating from versions older than 2024.08.R01. This has been fixed.

Previously, enabling Mass Ingestion Mode while simultaneously using Javascript callbacks could prevent an HL7v2 endpoint module from booting. This combination of configuration now works as expected.

Fixed a regression introduced in version 2023.05.R01 where assigning an empty value to a DecimalType field in a resource within the JavaScript Execution Environment resulted in an exception.

Previously in some situations when exporting a CDA document that contained a Vital Signs section, an additional component entry with an empty observation element was created. This has been fixed.

Previously, passing in invalid XML Camel routes would sometimes result in Camel successfully starting with no logged errors. This has now been fixed, and XML validation has been made more strict.

Previously, the Observation resources generated by the CDA Exchange+ module were not following the guidance in the FHIR specification regarding the Assertion pattern. This has been fixed. Now, when the Assertion pattern is encountered in a CDA document, the generated Observation will represent it as a clinical finding using the Case 4 pattern from the guidance.

Fixed a Camel Module startup exception that occurred when a route included an Hl7v2 javascript function processor.

Previously, if a search occurred against the FHIR Gateway that used a custom Search Parameter for sorting, and this Search Parameter was not defined on a target, a 500 error would be returned. This has been corrected.

Previously, when exporting a CDA document based in US Core 5 conformance mode, the CDA Exchange+ module would throw an exception if the Medications section contained any MedicationStatement resources. Now, the MedicationStatement resources will be skipped and rendering will continue with the next resource.

A regression was fixed related to failures when saving or editing modules in the Web Admin Console while using the Safari browser.

Previously, when ingesting an HL7v2 message with validation enabled, the transaction log would only log the first validation issue in the 'Processing' step. This has been changed to now include the entire OperationOutcome, comprising all validation issues.

Previously, during the CDA Exchange Plus $docref operation, Provenance resources were being queried that did not need to be queried. In certain extreme cases, this was causing a failure to generate the CDA export. This has been corrected.

Previously, the CDA Exchange+ module was rendering empty <originalText> elements within some coded fields in a generated CDA document. These unnecessary elements have been removed.

Manually exported configurations would previously include S3 access information, this is now redacted like all other sensitive data.

Previously, properties related to Inbound SMART on FHIR configured on a FHIR endpoint would not be propagated in the response to a capabilities discovery (GET /.well-known/smart-configuration). This issue is fixed.

The db.connectionpool.default_query_timeout_seconds configuration was not being respected for Mongo DB persistence modules. This has been corrected.

The CDA Exchange+ module will now populate Quantity.unit to match Quantity.code when configured to produce resources conforming to the US Core IG.

Fixed a CDR documentation issue to ensure proper page navigation and display when the user navigates from left-side bar.

In the CDA Exchange+ module, several mapping errors related to MedicationStatement.medicationCodeableConcept and MedicationStatement.dosage.timing.repeat.period have been fixed.

Previously, the CDA Exchange+ module was representing an unknown Procedure.status code in two different ways depending on what entry type the data originated from in the source CDA document. This has been normalized.

Previously, the CDA Exchange+ module only supported effective time as a Period in the DiagnosticReport, MedicationStatement and Procedure resources. The module now supports both Period and DateTime data types in these contexts.

The CDA Exchange+ mappings have been updated to enforce correct minimum cardinality constraints for DocumentReference resources.

Previously, the CDA Exchange+ module would fail to parse FamilyMemberHistory.deceasedBoolean in the second or subsequent entry of the section. This has been fixed.

Previously, in the CDA Exchange+ module, some mandatory fields were not being populated with data-absent-reason extensions if they were derived from a deeply nested field in the source CDA document and the containing element was absent. This has been fixed.

Deprecated property eidSystem has been replaced with new eidSystems property in MDM Rules Script default value.

Previously, when importing a CDA document, if the Mental Status section contained Mental Status Observation entries or Assessment Scale Observation entries at the root of the section, these observations would be parsed correctly, but not linked from the Composition. This has been corrected.

Previously, mapping of an OBX segment would fail if optional field OBX-5 was not populated. This has now been fixed.

Previously, the CDA Exchange+ module would fail to export a CDA document if the source bundle contained an Encounter resource with a hospitalization element, but that hospitalization did not contain a dischargeDisposition code. This has been fixed.

Previously, the CDA Exchange+ module was not respecting minimum cardinality constraints on Observation resources derived from the Assessment Scale Supporting Observation template. This has been fixed.

Previously, when parsing an unknown field of a HL7v2 message, if only one component is in the field and it is requested as the first component, e.g. as 'OBX-23-1' the parser would throw an error. Now it correctly returns the value.

Previously, updating an existing OIDC client through the Web Admin JSON API could result in having two clients with the same client ID. This is now fixed, and the duplicate will be rejected.

Previously, the CDA Exchange+ module was transforming the contents of Admission Medications, Medications Administered, and Discharge Medications sections to MedicationStatement resources when conforming to a US Core or USCDI IG. This has been changed to produce MedicationRequest resources instead, to better align with IG guidance.

Previously, when attempting to add additional JSON to a Transaction Log, if that JSON contained a FHIR resource, it would fail to serialize. This has been corrected.

Previously, calling XmlDocumentProxy#getXPathElements(xpath) in the JSEE would return an empty list even if matching nodes existed, if the XML document contained an unqualified xmlns attribute anywhere but the root of the document. This has been corrected.

Previously, when conforming to the US Core IG (any version), the CDA Exchange+ module would create an incomplete extension in the FHIR model if the representation of patient race and ethnic code in the CDA source document did not conform exactly to the specification. It would also throw an exception trying to re-export these incomplete extensions. Both problems have been fixed.

Previously, the Web Admin UI for viewing Transaction Logs and Audit Logs would default to viewing logs from the clustermgr module, even if it was not configured to store logs. This has been corrected, and the UI will default to the first module it finds which provides the correct type of log.

Usage of internal parameters created during tokenization in a search request are now prohibited.

Users used to be able to update existing oauth2 servers for a module such that they would then have the same issuer as an existing oauth2 server (an action blocked on create). This bug has been fixed, and these updates are now rejected.

Corrected an error in the published example Channel Import Camel route in our documentation. The example was missing choice tags around the when and otherwise tags.

Previously, the CDA Exchange+ module was not correctly mapping the AllergyIntolerance no known allergies pattern in cases where the participating substance has a nullFlavor code in the source CDA document. This has been fixed.

Previously, if a configuration key matched a System Environment variable, then the environment variable value would be used in place of the default value, overriding it. For example, if a Smile CDR instance has an ENDPOINT_HL7V2_OUT module with id 'hl7v2_sender' and module.hl7v2_sender.config.path was not defined in the properties file, then the System Environment $path value would be substituted instead of the default value of '/'. This has been corrected. Note that this does not change Smile's support for Environment Variable Substitution using #{env['key']}.

The connection pools now always test idle connections to keep the connections alive, and to detect connection failures. This fixes an issue where the first request after a period of inactivity would fail, because of a stale network connection.

Previously, performing $sdh.s2s.invoke-export multiple times against same source system failed. This behaviour has now fixed.

Fixed an issue with the additionalJson property not getting serialized in Transaction Log entries.

Previously, issues that occurred when creating or updating an OIDC client in the Web Admin Console(WAC) were not reported to the user, causing the WAC UI to freeze. This has now been fixed.

Fixed an issue where multiple identical oauth servers can be saved and archived, resulting in errors.

Fixed a bug in the Web Admin Console where when editing an oicclient, the 'Go Back' button would not function.

Fixed a bug where loading kafka configs from a configuration file (kafka.consumer.properties.file) or text block (kafka.consumer.properties.text) as fall-throughs were not being respected.

Previously, there was an unclear and convoluted error message when providing incorrect input to Package Registry API /npm/-/v1/findPackageAsset. For example, if providing a non-existent package ID. This has been fixed by instead returning a clear, uncluttered error message.

Previously, requesting the download of the result from an $export operation through the FHIR Gateway would fail when the downloading requester differed from the export requester even when access restrictions were removed. This issue is now fixed.

Configuration diagnostics have been added for the register_with_persistence property in the Consent Module.

Changed 'Archived' toggle on the OIC Clients page in admin console to display only archived clients when toggled on.

Previously, using the $binary-access-write operation to upload any data to a MinIO server would fail with a 500 Server Error. This has now been fixed.

Previously, the CDA Exchange+ module was not populating the serviceProvider organization of an Encounter. This has been fixed.

Previously, restarting the PriorAuth CRD module would fail when using the default crdApplyProcessor in the camel route configuration. This has been fixed.

A refactoring in the cdr-broker module has introduced a regression where specific security configurations would cause an exception at boot up time. This issue is resolved.

Previously, the CDA Exchange+ module would fail to import a document if it included an immunization record with a reaction child entry whose effective time was expressed as a point in time rather than a range. This has been fixed.

Errors within the Camel exchange for the PriorAuth CRD module were previously ignored but are now returned to the user.

Adjust gateway $export and associated operations ($export-poll-status and $proxy-link) to work also for fhir context versions dstu3 and r5.

Previously, the Bundle/[id]/$smile-generate-cda operation was assuming that the provided Bundle represented its internal references in the format ResourceType/id, and would throw an exception if it encountered a different format, such as urn:uuid:[uuid]. This restriction has been removed.

Update $member-match response to conform with HRex Member Match Operation. Return MemberIdentifier as Identifier resource and MemberId as Reference as specified in https://build.fhir.org/ig/HL7/davinci-ehrx/OperationDefinition-member-match.html

Update $invoke-export to handle the case where the $member-match response does not return a memberId.

Removed hashIdentity values of active Search Parameters from the Capability Statement (/metadata) endpoint. If Optimize index storage is enabled, the new HFJ_SPIDX_IDENTITY table can be used to reconstruct sp_name and res_type values for active Search Parameters. This is part of an effort to reduce database size by removing duplicate strings from database columns.

0.1.4Smile CDR 2025.02.R01 (Transfiguration)

 

0.1.4.1Release Information

Released 2025-02-17
Codename Transfiguration
HAPI FHIR Smile CDR 2025.02.R01 is based on HAPI FHIR 8.0.0, and includes all changes and fixes included in this version. Please see the HAPI FHIR ChangeLog for details about what has changed.

0.1.4.2Upgrade Instructions

Upgrade Notes

The way that data in the Resource.meta.source element is stored has been changed since Smile CDR 2023.08.R01. Users of systems which used this element prior to that release may need to perform a data migration. See Resource Meta Source Migration for more information.

CDA Exchange+ module API changes

A new $smile-generate-cda endpoint has been introduced in the CDA Exchange+ module. See the documentation for more details.

The endpoints template/{template_id}/apply and {resource_type}/{resource_id}/apply have been removed from the JSON Admin API. All uses of these endpoints should be replaced with calls to the new $smile-generate-cda endpoint. See this migration guide for detailed instructions.

Use of the DocumentReference/$docref endpoint to generate CDA documents is still supported, but discouraged, as the behaviour of this endpoint may change in a future release.

AWS Healthlake Module

This module has been removed from Smile CDR. Installations with this module configured will no longer boot this module.

Smile Metric Tables Removal

Smile CDR stopped collecting internal metrics in 2024.02.R01 in favour of using OpenTelemetry. In 2024.11.R01, the entities and services related to this metric collection have been removed. As of 2025.02.R01, the following tables, indexes, and generators have been removed:

Tables:

  • CDR_METRIC_GAUGE
  • CDR_METRIC_TIMER
  • CDR_METRIC_HC

Indexes:

  • IDX_METRICHC_NODEP_HID

ID Generators:

  • SEQ_METRICHC_PID

0.1.4.3Changes

Previously, the hl7v2 inbound mapper would not create an issue when processing a coded element with a missing code system or a missing required code (conversion from CE, CWE or IS to Coding or CodeableConceot). Two new properties have been introduced for the hl7v2 listener module which will issue error/warning for these cases. The properties are disabled by default.

Added $replace-references operation to change resource pointed by references.

This feature introduces method hasDeceasedBooleanType() and hasDeceasedDateTimeType() invokable on a Patient resource within the JavaScript environment. We have provided the methods to eliminate the need for redundant boiler place code commonly required to assess the element type of property patient.deceased. Please see documentation for further details and examples.

Added documentation for module dependencies. See an example here and see a full list of module dependencies here.

A new Consent Module has been added to the list of Experimental Features. This module adds a Consent resource-driven framework on top of the existing code-driven Consent Service. See the Consent Module Overview page for more details.

Default templates have been created for each resource type to generate narrative for every section within the CDA Exchange+ module. To use the generative narrative feature see the documentation here.

Gateway consent has been added, allowing to apply consent to routes before sending requests to targets.

The following OpenTelemetry metrics have been added to monitor the number of successful and failed authentication attempts: smilecdr.authentication.success_count, smilecdr.authentication.failure_count

The HL7 v2.x inbound processor now supports mapping AL1-6 (Identification Date) to AllergyIntolerance.onsetDateTime.

A new experimental option has been added to the FHIR Endpoint module which provides a virtualized view of an MDM-enabled repository. See MDM Virtualized Endpoint for more information.

The Package Registry Endpoint module now supports searching for packages by author.

In the CDA Exchange+ module, new parsing of Encounter and Note resources has been added for entryRelationship nodes in the Immunization section.

A new setting has been added to the FHIR Storage (RDBMS) module which allows full resource contents to not be indexed by the Full-Text engine when Full-Text indexing is enabled. Disabling this setting can save space if the Full-Text engine is only required for terminology purposes.

Added the FHIRGW_TRANSACTION_POST_SELECT_ROUTE pointcut to the Gateway Interceptor template in the CDR Interceptor Starter Project.

Introduce new custom interceptor PRIOR_AUTH_CRD_GATHER_CONTEXT to determine/identifier payer memberId for Prior Auth CRD module.

Added configuration property to Cluster Manager configuration that allows to specify optional prefix for the broker channels (ActiveMQ Queues and Kafka Topics). This will cause the given prefix to be prepended to the names of non-customizable channels being used by Smile CDR.

MegaScale search now supports searching multiple partitions at once provided all of those partitions map to the same database.

When performing a Federated OAuth2/OIDC Login, Smile CDR will now supply PKCE parameters to the federated provider, providing an additional element of security to this exchange.

CDS Hooks Prefetch Requests are now being logged in transaction logs.

A new MDM mode configuration item was added (default MATCH_AND_LINK). When the MDM module is run in MATCH_ONLY mode then MDM operations are disabled and no MDM processing occurs. This is useful if, for example, you want to use the Patient/$match operation without having the overhead of creating links and golden resources.

The CDA Exchange+ module allows the default narrative templates to be overridden by providing a set of custom Thymeleaf templates in the Narrative Generator module. See the documentation for more details.

Two new settings have been added which can be used to configure the timeout and size of the Validation Support Cache. This cache now also exports OpenTelemetry metrics around its current size.

Changed the CDA Exchange+ narrative templates selection criteria to use the coding that is provided in Composition.section.code. See the documentation for more details.

Changed the CDA Exchange+ section narrative generator to flatten subsection resources into the list of resources used when generating narrative content.

Functionality has been added to filter transaction logs by module id. See the Optional Module ID Filtering section of the Transaction Log page for more details.

The CDA Exchange+ module now supports exporting C-CDA Discharge Summary documents.

The CDA Exchange+ module now provides the operation $smile-generate-cda for generating CDA documents from document Bundles, from Compositions, or through the use of JS scripts. See the documentation for details.

The CDA Exchange+ module now provides configuration parameters to allow fine-grain control of which generated resources get persisted during the cda export process.

Upgraded the Clinical Reasoning module to the latest release of 3.15.0. Many caregaps request errors that previously resulted in HTTP status code of 500 now result in 400 instead.

Upgrade the Clinical Reasoning module to the latest release of 3.15.0. CMPI now supports the delete operation

Upgrade the Clinical Reasoning module to the latest release of 3.15.0. Please review associated ticket for detailed list of changes which including changes to error handling, measure scoring and support for Organization subjects.

The Apache Camel version used in the Camel module has been upgraded from 4.4.1 to 4.8.2. See the Apache Camel 4.X Upgrade Guide for more details.

Adds a Development Forecast section to the docs page.

The JvmStatsMonitor which emits occasional status updates to the system log will now include details about the HTTP and FHIR Storage throughput across the entire cluster.

When starting the Cluster Manager module, the FHIR Storage (RDBMS) module, or any other module using a database, the system logs will now include a statement describing the connection pool sizes and a few other useful troubleshooting details.

Several improvements have been made to the /endpoint-health endpoint exposed by HTTP endpoint modules such as the FHIR Endpoint module:

  • The response will only indicate a failure if multiple HTTP 5xx failures have been retreturned and no successful responses have been returned over a 5 minute period. The previous behavior returned a failure if a single HTTP 5xx response had been returned, which was overly sensitive.
  • The response will include the ID of any failing health checks
  • A system log entry will be written any time this endpoint returns a non-successful response

Ensure that $qpp-build always downloads a QPP spec file from github CMSgov if the file has not been added to the cdr binary build. This means no need for an explicit release once a QPP spec file becomes available for a new year, such as 2026.

The CDA Exchange+ module now offers the option of importing a CDA document as a single FHIR document Bundle. See the documentation for more details.

Added pointcut AUDIT_EVENT_PRE_PERSIST to the CDR Interceptor framework. It allows clients to provide key/value pairs as additional information to be logged with a specific audit event. Upon returning from the pointcut invocation, the key/value pairs are serialized onto a JSON string and attached to the audit event before submission to the persistence and/or broker layer. User provided information is made available for viewing through the web and admin console. Refer to our documentation for an example of the pointcut implementation.

Add a new pointcut CONSENT_ACTIVE_CONSENT_RESOURCES_RESOLVE to contribute Consent resources to the Consent Module from arbitrary sources.

Prior Auth CRD now generates transaction logs before and after $apply operation for more traceability.

A new processor has been added to the Camel module which provides manual commits to Kafka-based routes. This can be used to achieve guaranteed delivery of data. Documentation examples have been provided showing how to achieve this.

Clinical Reasoning version bump to 3.17. Introduction of new feature that allows for containing dQM $evaluate-measure and $evaluate-measures operations to not fail on a single encountered processing error, enabling users to get visibility on results of successfully processable resources and sources of encountered errors to follow up on.

The CDA Exchange module has been deprecated, and replaced by the CDA Exchange+ module.

Previously, directly accessing array resource.contained from the JavaScript environment would generate an internal error if the element was not instantiated. This issue is fixed.

Resolved a number of No prototype for... warning messages that would appear in the Smile logs upon startup. Also clarified the wording of and added more details to a few warning messages.

Fixed an issue where transaction log entries relating to performing a create/read/update/search using the JSEE Fhir API would previously always have event type ETL_IMPORTER, regardless of which context the script was executed in. This has been corrected.

Previously, the $submit-attachment operation required a client-assigned ID for the DocumentReference attachment. This has now been changed such that the server will generate an ID when no ID is provided.

The Fhir interface, which provides access to persistence module functionality, will now be exposed to JavaScript environments in modules that extend or depend on persistence module. Specifically, the following JS functions have now been fixed to provide access to Fhir API: onAuthenticationSuccess, authenticate, authenticateAnonymous, onTokenGenerating, onTokenGenerated, onPostAuthorize, onSmartLoginPreContextSelection, getUserName, repositoryValidationProvideRules

Prior to this change, Gateway DELETE operations would return the OperationOutcome of the delete called on the first target, irrespective of the success/failure of the delete operation. This means that a SUCCESSFUL_DELETE_NOT_FOUND result was often returned when the resource actually was found and deleted. Now, if the resource was actually deleted on one of the targets, the OperationOutcome of that target is returned to the caller with the proper SUCCESSFUL_DELETE result so that the caller can detect the resource was successfully deleted.

Prior to this change, Gateway target http headers added by FHIRGW_XXX_TARGET_PREINVOKE interceptors would persist between targets, so if the interceptor added an http-header for one target call, that header would still be present in calls to subsequent target calls. This has been corrected so each target call has an independent set of additional headers.

Previously, if the payload of rest-hook subscription message exceeded the broker's maximum message size, an exception would be thrown. Now, the message is delivered successfully.

Previously, HTTP 400 - Bad Request exceptions thrown in Hybrid Providers were not propagated back to Gateway Clients. Additionally, HTTP 401 - Unauthorized responses from Gateway Search targets would return the incorrect status code. These have both been fixed.

Previously, when performing a Gateway Read, if two targets return the same HTTP status code but have different error messages, then only the first message was returned. This has been fixed so that all error messages are returned as issues in the Operation Outcome. Additionally, when Gateway Read targets return an Authorization exception, the OperationOutcome resource associated with the exception was returned to the client. The associated OperationOutcome resource will no longer be returned to prevent leaking target details to the client.

Hl7V2 library was updated to version 2.6.0, which allows to define client socket timeout.

Prior to this change, hypertext links to JSON examples would return an error page when invoked from the Web Admin documentation. This issue has been fixed.

Prior to this change, exporting the Plan of Treatment section in the CDA Exchange+ module the ServiceRequest resources were being exported as Planned Observations templates. This issue has been fixed to export as Planned Act now.

Previously, attempting to restart the Persistence module would result in a NullPointerException when partition selection mode was set to PATIENT_ID, mass ingestion was enabled, and at least one Search Parameter was disabled. This has now been fixed.

Updated bootstrap (frontend) dependency due to vulnerabilities.

Previously, the CDA Exchange+ mappings for the Note Activity entry contained some errors that were causing generated documents to fail validation. These errors have been fixed.

Mapping errors in the CDA Exchange+ module that were resulting in empty <entryRelationship> elements in the Medication and Procedure sections of an exported C-CDA document have been fixed.

Previously, when use_standalone_medications_with_component_code was configured in Hl7v2_in module, and input message contained RXC and RXE matching records, a dangling medication ingredient reference was created. This has been fixed in the following way: 1. When RCX and RXE records match, no medication component or medication ingredient reference is created. 2. When RCX and RXE records don't match (even by the display field), a medication component is created for the ingredient and the medication references it from the medication ingredient.

Add configuration for hapi-fhir storage property bundleBatchPoolSize.

Fixed a regression where an OAuth token request with an invalid token would incorrectly return a 401 Unauthorized error. It now correctly returns a 400 Bad Request error.

Previously, $evaluate-measure without an async header with reportType SUBJECT and a null subject failed with a 500 status code and a cryptic error message. This has been fixed with a 400 status code and a clear error message.

When partition mode by URL is enabled, requests to {fhir_endpoint}/.well-known/smart-configuration would not work, ignoring DEFAULT partitions. Ie, {fhir_endpoint}/DEFAULT/.well-known/smart-configuration and {fhir_endpoint}/.well-known/smart-configuration both should work, but neither did. This has been fixed.

The error message for an invalid module ID has now been improved to include the expected module ID pattern. Additionally, using a module ID with the '-' character would throw an error in the WAC, but be allowed from the .properties file. This has now been fixed by allowing module IDs with the '-' character from the Web UI.

Previously in the CDA Exchange+ module when importing an id node that only contains a root attribute value no code system was being added to the FHIR resource. This has been fixed by adding the system urn:ietf:rfc:3986 as defined by the FHIR specification.

Previously in the CDA Exchange+ module, when exporting CodeableConcept data that has both a coding and a data absent reason extension the export would not render the translation of code. This has now been fixed.

Previously, environment variables similar to a configuration setting could override the property file. E.g. the issuer.url for the Smart Outbound Security module was being overwritten by a ISSUER_URL environment variable. This has been corrected.

The smile documentation main header navigation menu has been updated to reflect the navigation items seen on the Smile Digital Health website

As of this release, the Device resource is now in the Patient compartment via the field Device.patient for the FHIR R4 release and below. This is a deviation from the official HL7 FHIR specification, but has been made in response to many customer requests. This means that Device resources will be included when adding compartment based user permissions, search narrowing, and patient-scoped bulk exports.

The fields <manufacturerModelName> and <softwareName> have been set as mandatory when exporting a C-CDA document with a Device for its author.

Previously, the CDA Exchange+ module was not mapping the address associated with an authoring device. This address will now be captured in a contained Location resource.

A previous documentation update incorrectly marked the JSON Admin API endpoints for creating, updating, viewing and deleting CDA template scripts as deprecated. These endpoints are still supported, and the deprecation warning has been removed.

Previously, when invoking the $docref operation, the version of the CDA document in the returned DocumentReference would not include any changes that were carried out by the post-processing script, although the version of the document persisted to the repository as a Binary resource would. This has been fixed so that the post-processing changes are included in both versions of the document.

Corrected a bug in the PartitionSecurityInterceptor which was causing custom default partition IDs to fail to validate. This only affected people running in CUSTOM and PATIENT_ID partitioning modes.

Previously, in the Composition resource created during the CDA export process, the field Composition.section.code.coding.system was being populated with an OID rather than the expected URI. This has been fixed.

Fixed demoskin html field definitions which were unaligned after bootstrap migration.

Previously, running $evaluate-measures with evaluate_measure.use_part_of_organizations enabled in non-async (low latency) for subject or subject-list mode would fail to retrieve patients related to organizations related to organizations by partOf. This has been fixed.

Stopped modules used to show up as 'healthy' during health checks. This has been change so that stopped modules are 'unhealthy'.

Previously, the CDA Exchange+ module would use a nullFlavor attribute to mark the absence of narrative in an otherwise empty section. This has been replaced with human readable placeholder text.

Update property settings in PAS module

Fixed an issue where using the $apply-codesystem-delta-add operation fails when hibernate search is enabled.

Fixed gateway failure to sort when null sort fields were present.

QueryDsl dependency has been changed to a new fork, and updated to 6.10.1, to remediate CVE-2024-49203.

Previously, the CDA Exchange+ module would fail to import a document if one of the sections was lacking any templateId elements. This has been fixed.

On the site documentation, redirect user to versioned table of contents if the page they are navigating from does not exist in the requested version.

Previously, the CDA Exchange+ module might fail to import a document if it contained a Medication Activity entry where the effectiveTime field had nullFlavor for both the start and end times of the interval. This has been fixed.

Previously, the CDA Exchange+ module would fail to import a CDA file having a list of <entryRelationship> elements with multiple nested entries of the same type, where those nested entries also contain lists of <entryRelationship> elements. This has been fixed.

Previously, the CDA Exchange+ module would fail to populate the subject of some Encounter resources. This has been fixed.

Fixed broken documentation links.

The endpoints template/{template_id}/apply and {resource_type}/{resource_id}/apply have been removed from the JSON Admin API. The functionality previously offered through those endpoints is now available through the $smile-generate-cda operation.

The AWS Healthlake Module has been removed from Smile CDR. Installations which have this module configured will no longer boot this module.

Smile CDR stopped collecting internal metrics in 2024.02.R01 in favour of using OpenTelemetry. As of 2025.02.R01, the tables used for built-in metrics collection have been removed.