Releases: datasharingframework/dsf
1.7.0 - Simplified Configuration and Duplicate Resources Fix
General remarks:
- This is an update for the 1.x DSF and not compatible with 0.9.x and older versions developed at highmed/highmed-dsf.
- To Update an existing 1.x installation, please see the 1.x -> 1.7.0 Upgrade Guide. Note: Upgrading to 1.7.0 requires additional work beyond updating the version number.
- For a fresh deployment, follow the installation instructions.
- With this release, library dependencies have been updated, a bug regarding duplicate FHIR resources fixed and a few features implemented to simplify the configuration.
Features:
- The default organization bookmarks in the FHIR server UI have been updated to reflect parent organizations supported by the allow list management application.
- New uniqueness criteria have been implemented for draft Task resources, enforcing unique resources based on identifiers.
- The integrated list of valid media types (CodeSystem urn:ietf:bcp:13) has been updated to reflect all published types by the IANA and extended with the non standard mimetype
application/x-ndjson
. - Default trusted root certificate authorities, previously published as part of the install guide resources, have been moved into the docker images. This simplifies the setup for MII/NUM users and still leaves the existing options to set custom CAs. For more details, see the Default Root Certificates page. Note: If not explicitly configured, optional connections to the OIDC provider and mail server previously used the default certificate trust store of the Java Virtual Machine (JVM). The new default trusts a limited number of certificate authorities only and thus may need to be manually overridden.
- The docker secrets reader has been extended to also work with environment variables ending in
_SECRET
enabling definition of these values via files. For additional information, see the Passwords and Secrets page.
Bug Fixes:
- Duplicate ActivityDefinition resources (same url and version) prevent processes from being executed in version 1.6.0. If inserts into the FHIR server fail during BPE startup (for example due to read timeouts), duplicate metadata resources like ActivityDefinition from process plugins can be created if the BPE container restarts too fast. Constraint trigger based unique criteria have been implemented for the database in 1.7.0 to prevent duplicate resources. The default transaction isolation level for modifying transactions was changed from "repeatable read" to "read committed", enabling dirty reads needed to allow constraint triggers to see inserts/updates executed by parallel running transactions. Serial execution of constraint triggers is realized by using exclusive transaction level advisory locks before executing the constraint trigger function.
Docker containers for this release can be access via the GitHub Docker registry - ghcr.io:
- bpe: ghcr.io/datasharingframework/bpe:1.7.0
- bpe_proxy: ghcr.io/datasharingframework/bpe_proxy:1.7.0
- fhir: ghcr.io/datasharingframework/fhir:1.7.0
- fhir_proxy: ghcr.io/datasharingframework/fhir_proxy:1.7.0
Issues closed:
- Extend Secrets Reader for Environment Variables Ending in _SECRET_FILE #261
- Add Default Root CAs to Docker Images #259
- Update CodeSystem urn:ietf:bcp:13 #256
- Upgrade Dependencies maintenance #253
- Update Default Organization Bookmark List #248
- Duplicate ActivityDefinition Resources Prevent Processes From Being Executed #247
- Start New Development Cycle #245
This release contains contributions from @hhund, @schwzr and @wetret.
First Release Candidate for 1.7.0
General remarks:
- This is a pre-release for DSF 1.7.0, do not use in production.
Features:
- The default organization bookmarks in the FHIR server UI have been updated to reflect parent organizations supported by the allow list management application.
- New uniqueness criteria have been implemented for draft Task resources, enforcing unique resources based on identifiers.
Bug Fixes:
- Duplicate ActivityDefinition resources (same url and version) prevent processes from being executed in version 1.6.0. If inserts into the FHIR server fail during BPE startup (for example due to read timeouts), duplicate metadata resources like ActivityDefinition from process plugins can be created if the BPE container restarts too fast. Constraint trigger based unique criteria have been implemented for the database in 1.7.0 to prevent duplicate resources. The default transaction isolation level for modifying transactions was changed from "repeatable read" to "read committed", enabling dirty reads needed to allow constraint triggers to see inserts/updates executed by parallel running transactions. Serial execution of constraint triggers is realized by using exclusive transaction level advisory locks before executing the constraint trigger function.
Docker containers for this release can be access via the GitHub Docker registry - ghcr.io:
- bpe: ghcr.io/datasharingframework/bpe:1.7.0-RC1
- bpe_proxy: ghcr.io/datasharingframework/bpe_proxy:1.7.0-RC1
- fhir: ghcr.io/datasharingframework/fhir:1.7.0-RC1
- fhir_proxy: ghcr.io/datasharingframework/fhir_proxy:1.7.0-RC1
Issues closed:
- Upgrade Dependencies maintenance #253
- Update Default Organization Bookmark List #248
- Duplicate ActivityDefinition Resources Prevent Processes From Being Executed #247
- Start New Development Cycle #245
This release contains contributions from @hhund, @schwzr and @wetret.
1.6.0 - Improved Update Performance
General remarks:
- This is an update for the 1.x DSF and not compatible with 0.9.x and older version developed at highmed/highmed-dsf.
- To Update an existing 1.x installation, please see the 1.x -> 1.6.0 Upgrade Guide.
- For a fresh deployment, follow the installation instructions.
- With this release, library dependencies have been updated, a number of bugs fixed and the execution of FHIR update operations for
Organization
andOrganizationAffiliation
improved.
Known Issue:
- Duplicate
ActivityDefinition
resources in DSF FHIR server prevent processes from being executed, for more infos and a workaround see #247
Features:
- The execution performance of FHIR rest update operations for
Organization
andOrganizationAffiliation
resource has been improved.
Bug Fixes:
- The DSF BPE missed
Task
andQuestionnaireResponse
resources received by the DSF FHIR server during a connection outage between the DSF FHIR and DSF BPE servers. MissedTask
andQuestionnaireResponse
are now always downloded after the connection is reestablished. See #233 - The OIDC provider URL could not be configured as a "no proxy" URL if a general forward proxy was configured for the DSF FHIR or DSF BPE servers. The responsible logic error in the code was fixed. See #232
QuestionnaireResponse
and correspondingQuestionnaire
resource could not be created together in atransaction
Bundle
. The reference check for theQuestionnaireResponse.questionnaire
canoncial reference was move to the correcttransaction
Bundle
execution phase. See #226- A wrong resource type in the
getLocalVersionlessAbsoluteUrl
method of the plugin API classQuestionnaireResponseHelperImpl
was fixed. See #224
Known Compatible Process Plugins:
- DSF Allow List v1.0.0.1
- DSF Ping Pong v1.0.1.0
- MII Report v1.1.0.1
- MII Feasibility v1.0.0.7
- MII Data Transfer v1.0.1.0
- MII Data Sharing v1.0.0.1
Docker containers for this release can be access via the GitHub Docker registry - ghcr.io:
- bpe: ghcr.io/datasharingframework/bpe:1.6.0
- bpe_proxy: ghcr.io/datasharingframework/bpe_proxy:1.6.0
- fhir: ghcr.io/datasharingframework/fhir:1.6.0
- fhir_proxy: ghcr.io/datasharingframework/fhir_proxy:1.6.0
Issues closed:
- Upgrade Dependencies #236
- BPE Misses Task and QuestionnaireResponse Resources if Network Disconnects #233
- OIDC Provider Can’t Be Excluded From Configured Forwarding-Proxy #232
- Improve Performance of Organization and OrganizationAffiliation Updates #230
- A Questionnaire and corresponding QuestionnaireResponse resource cannot be posted to the FHIR server at the same time in a transaction Bundle #226
- QuestionnaireResponseHelperImpl Uses Wrong Resource Type in getLocalVersionlessAbsoluteUrl Method #224
- Start New Development Cycle #219
This release contains contributions from @hhund, @jaboehri, @schwzr and @wetret.
First Release Candidate for 1.6.0
General remarks:
- This is a pre-release for DSF 1.6.0, do not use in production.
Features:
- The execution performance of FHIR rest update operations for
Organization
andOrganizationAffiliation
resource has been improved.
Bug Fixes:
- The DSF BPE missed
Task
andQuestionnaireResponse
resources received by the DSF FHIR server during a connection outage between the DSF FHIR and DSF BPE servers. MissedTask
andQuestionnaireResponse
are now always downloded after the connection is reestablished. See #233. - The OIDC provider URL could not be configured as a "no proxy" URL if a general forward proxy was configured for the DSF FHIR or DSF BPE servers. The responsible logic error in the code was fixed. See #232
QuestionnaireResponse
and correspondingQuestionnaire
resource could not be created together in atransaction
Bundle
. The reference check for theQuestionnaireResponse.questionnaire
canoncial reference was move to the correcttransaction
Bundle
execution phase. See #226- A wrong resource type in the
getLocalVersionlessAbsoluteUrl
method of the plugin API classQuestionnaireResponseHelperImpl
was fixed. See #224
Docker containers for this release can be access via the GitHub Docker registry - ghcr.io:
- bpe: ghcr.io/datasharingframework/bpe:1.6.0-RC1
- bpe_proxy: ghcr.io/datasharingframework/bpe_proxy:1.6.0-RC1
- fhir: ghcr.io/datasharingframework/fhir:1.6.0-RC1
- fhir_proxy: ghcr.io/datasharingframework/fhir_proxy:1.6.0-RC1
Issues closed:
- Upgrade Dependencies #236
- BPE Misses Task and QuestionnaireResponse Resources if Network Disconnects #233
- OIDC Provider Can’t Be Excluded From Configured Forwarding-Proxy #232
- Improve Performance of Organization and OrganizationAffiliation Updates #230
- A Questionnaire and corresponding QuestionnaireResponse resource cannot be posted to the FHIR server at the same time in a transaction Bundle #226
- QuestionnaireResponseHelperImpl Uses Wrong Resource Type in getLocalVersionlessAbsoluteUrl Method #224
- Start New Development Cycle #219
This release contains contributions from @hhund, @jaboehri, @schwzr and @wetret.
1.5.2 - Maintenance Release
General remarks:
- This is an update for the 1.x DSF and not compatible with 0.9.x and older version developed at highmed/highmed-dsf.
- DSF v1.5.2 is not compatible with DSF Ping Pong v1.0.0.0, upgrade/use the Ping Pong plugin v1.0.1.0 if your are upgrading/using this version.
- To Update an existing 1.x installation, please see the 1.x -> 1.5.2 Upgrade Guide.
- For a fresh deployment, follow the installation instructions.
- With this maintenance release, library dependencies have been updated. The new builds of the bpe_proxy and fhir_proxy docker images are now based on Apache httpd 2.4.61 with amongst others a fix for CVE-2024-38477 mitigating potential denial-of-service attacks.
Bug Fixes:
- Forms for FHIR Task and QuestionnaireResponse resource can now be submitted using the
Enter
-key.
Known Compatible Process Plugins:
- DSF Allow List v1.0.0.1
- DSF Ping Pong v1.0.1.0
- MII Report v1.0.0.0
- MII Report v1.1.0.1
- MII Feasibility v1.0.0.5
- MII Data Transfer v1.0.1.0
- MII Data Sharing v1.0.0.1
- NUM Data Transfer v1.0.0.0
Docker containers for this release can be access via the GitHub Docker registry - ghcr.io:
- bpe: ghcr.io/datasharingframework/bpe:1.5.2
- bpe_proxy: ghcr.io/datasharingframework/bpe_proxy:1.5.2
- fhir: ghcr.io/datasharingframework/fhir:1.5.2
- fhir_proxy: ghcr.io/datasharingframework/fhir_proxy:1.5.2
Issues closed:
- Upgrade Dependencies #215
- fhir-proxy | 9 apache vulnerabilities fixed in apache 2.4.61 #214
- Fix "onSubmit" action on Task forms #213
- Start New Development Cycle #198
This release contains contributions from @hhund and @wetret.
1.5.1 - Maintenance Release
General remarks:
- This is an update for the 1.x DSF and not compatible with 0.9.x and older version developed at highmed/highmed-dsf.
- DSF v1.5.1 is not compatible with DSF Ping Pong v1.0.0.0, upgrade/use the Ping Pong plugin v1.0.1.0 if your are upgrading/using this version.
- To Update an existing 1.x installation, please see the 1.x -> 1.5.1 Upgrade Guide.
- For a fresh deployment, follow the installation instructions.
- With this maintenance release, library dependencies have been updated.
Bug Fixes:
- The DSF FHIR server now correctly shows the recipient organization within the Task details view.
Known Compatible Process Plugins:
- DSF Allow List v1.0.0.1
- DSF Ping Pong v1.0.1.0
- MII Report v1.0.0.0
- MII Feasibility v1.0.0.4
- MII Data Transfer v1.0.0.0
- NUM Data Transfer v1.0.0.0
Docker containers for this release can be access via the GitHub Docker registry - ghcr.io:
- bpe: ghcr.io/datasharingframework/bpe:1.5.1
- bpe_proxy: ghcr.io/datasharingframework/bpe_proxy:1.5.1
- fhir: ghcr.io/datasharingframework/fhir:1.5.1
- fhir_proxy: ghcr.io/datasharingframework/fhir_proxy:1.5.1
Issues closed:
- Upgrade Dependencies #193
- Start New Development Cycle #191
- fhir-proxy | 3 apache vulnerabilities fixed in apache 2.4.59 #190
- FHIR Server GUI: Fix recipient in Task view #189
This release contains contributions from @EmteZogaf, @hhund, @schwzr and @wetret.
1.5.0 - UI and Questionnaire Improvements
General remarks:
- This is an update for the 1.x DSF and not compatible with 0.9.x and older version developed at highmed/highmed-dsf.
- DSF v1.5.0 is not compatible with DSF Ping Pong v1.0.0.0, upgrade/use the Ping Pong plugin v1.0.1.0 if your are upgrading/using this version.
- To Update an existing 1.x installation, please see the 1.x -> 1.5.0 Upgrade Guide.
- For a fresh deployment, follow the installation instructions.
- GitHub's CodeQL scanner was added to the suite of tools we used to regularly scan the repository for security vulnerabilities, inefficiencies and other bugs in Java and JavaScript code.
- Community guidelines including feature, issue and pull-request templates as well as security information and contribution guidelines have been added to the repository.
Features:
- Debug logging of DB queries, webservice request headers and the current (authenticated) user are now disabled by default and can be activated using config options.
- To improve the maintainability and robustness of the HTML generation code base, the DSF user interface is now generated using the Thymeleaf templating engine.
- A visual indicator to differentiate between development, test and production environments can now be configured using the DEV_DSF_FHIR_SERVER_UI_THEME and DEV_DSF_BPE_SERVER_UI_THEME environment variables. Additionally, the look and feel of the user interface can now be customized via CSS overrides.
- To show deployed processes and their BPMN diagrams as well as active process instances a user interface (UI) was added to the DSF BPE server application. The BPE UI is in beta state and may change significantly in future releases.
- A database migration script has been added to cleanup old orphaned entries in the
read_access
table of the DSF FHIR database. In order to remove future corresponding entries from theread_access
table ,if resources are permanently deleted,BEFORE DELETE
database triggers have been added to resource tables. - Questionnaire resources can now have optional items for BPMN user-tasks. The UI for displaying Task and QuestionnaireReponse Resources has been improved and now supports data-absent-reason extensions to create inputs without default values.
- Library dependencies were upgraded where possible and applicable.
Bug Fixes:
- The file-system readability of the client certificate private-key file in the BPE is now checked correctly.
- The
:below
name modifier has been configured for the ActivityDefinition.url search parameter.
Known Compatible Process Plugins:
- DSF Allow List v1.0.0.1
- DSF Ping Pong v1.0.1.0
- MII Report v1.0.0.0
- MII Feasibility v1.0.0.4
- MII Data Transfer v1.0.0.0
- NUM Data Transfer v1.0.0.0
Docker containers for this release can be access via the GitHub Docker registry - ghcr.io:
- bpe: ghcr.io/datasharingframework/bpe:1.5.0
- bpe_proxy: ghcr.io/datasharingframework/bpe_proxy:1.5.0
- fhir: ghcr.io/datasharingframework/fhir:1.5.0
- fhir_proxy: ghcr.io/datasharingframework/fhir_proxy:1.5.0
Issues closed:
- Add Config Options to Enable Debug Logging of DB Queries, Webservice Request Headers and the Current User #183
- Upgrade Dependencies #178
- Template Engine for HTML UIs #175
- Cleanup and Prevent Orphaned read_access Entries for Permanently Deleted Resources #170
- Readability of Client Certificate PrivateKey Not Checked Correctly in BPE #169
- :below Modifier Not Configured for Search Parameter ActivityDefinition.url #165
- Enable GitHub CodeQL #164
- Allow Optional Elements in Questionnaire #160
- Start New Development Cycle #158
- Add community guidelines #152
This release contains contributions from @EmteZogaf, @hhund, @jbellmann, @schwzr and @wetret.
1.4.0 - General Improvements and Bug Fixes
General remarks:
- This is an update for the new 1.x DSF and not compatible with 0.9.x and older version developed at highmed/highmed-dsf.
- DSF v1.4.0 is not compatible with DSF Ping Pong v1.0.0.0, upgrade/use the Ping Pong plugin v1.0.1.0 if your are upgrading/using this version.
- To Update an existing 1.x installation, please see the 1.x -> 1.4.0 Upgrade Guide.
- For a fresh deployment, follow the installation instructions.
Features:
- HTML views for ActivityDefinition resources and searchset Bundle results have been added.
- The
name
search parameter was implemented for resources: CodeSystem, HealthcareService, Library, Location, Measure, Questionnaire, StructureDefinition and ValueSet. Thename
search parameter for Organization is now fully implemented and also works with theOrganization.alias
property. - The Apache module
mod_proxy_wstunnel
is no longer needed and was removed from the fhir_proxy docker image. - The maven
site
goal was configured to generate pmd, cpd and spotbugs with slf4j bug patterns static code analysis reports as well as javadoc html views. The maven goalmvn site site:stage
can be used to create a combined report with working links at\target\staging
. - Changes suggested by static code analysis tools were implemented and a general code base cleanup was performed.
- Parallel maven builds with parallel execution of tests can now be performed, for example using
mvn install -T2C -DforkCount=4
. - Release-candidate and milestone releases of process plugins are now treated like snapshot releases. During deployment metadata resources from these plugin types are created with status
draft
and updated on every startup.
Bug Fixes:
- Binary resources in JSON format exceeding length 20.000.000 previously resulted in a
ca.uhn.fhir.parser.DataFormatException
. Resources can now be up to max integer length (i.e. 2,14 GB) in size. - A missing SLF4J placeholder was added to circumvent a
java.lang.IllegalArgumentException
. - Reading a resource with the version after the current version, resulted in a HTTP 500 status code. The REST API now correctly answers with a HTTP 404 status code.
Known Compatible Process Plugins:
- DSF Allow List v1.0.0.0
- DSF Ping Pong v1.0.1.0
- MII Report v1.0.0.0
- MII Feasibility v1.0.0.1
- MII Data Transfer v1.0.0.0
- NUM Data Transfer v1.0.0.0
Docker containers for this release can be access via the GitHub Docker registry - ghcr.io:
- bpe: ghcr.io/datasharingframework/bpe:1.4.0
- fhir: ghcr.io/datasharingframework/fhir:1.4.0
- fhir_proxy: ghcr.io/datasharingframework/fhir_proxy:1.4.0
Issues closed:
- Upgrade Dependencies #155
- Add HTML Views for ActivityDefinitions #151
- Remove mod_proxy_wstunnel From Apache Reverse Proxy #145
- Configure Maven Site Goal #142
- Increase maximum string length #138
- Exception when logging audit information for resource without entity #137
- Enable Parallel Maven Builds #135
- Start New Development Cycle #133
- Prevent HTTP 500 Statuscode on non existent history element #132
- Treat RC releases similar to SNAPSHOT releases #131
This release contains contributions from @EmteZogaf, @hhund, @schwzr and @wetret.
1.3.2 - Maintenance Release
General remarks:
- This is an update for the new 1.x DSF and not compatible with 0.9.x and older version developed at highmed/highmed-dsf.
- DSF v1.3.2 is not compatible with DSF Ping Pong v1.0.0.0, upgrade/use the Ping Pong plugin v1.0.1.0 if your are upgrading/using this version.
- To Update an existing 1.x installation, please see the 1.x -> 1.3.2 Upgrade Guide.
- For a fresh deployment, follow the installation instructions.
Bug Fixes:
- Switches the database ID generation strategy for the BPE from
DbIdGenerator
toStrongUuidGenerator
, as described in the camunda documentation.
Known Compatible Process Plugins:
- DSF Allow List v1.0.0.0
- DSF Ping Pong v1.0.1.0
- MII Report v1.0.0.0
- MII Feasibility v1.0.0.1
- NUM Data Transfer v1.0.0.0
Docker containers for this release can be access via the GitHub Docker registry - ghcr.io:
- bpe: ghcr.io/datasharingframework/bpe:1.3.2
- fhir: ghcr.io/datasharingframework/fhir:1.3.2
- fhir_proxy: ghcr.io/datasharingframework/fhir_proxy:1.3.2
Issues closed:
- Use UUID generator instead of database id generator #139
This release contains contributions from @EmteZogaf, @wetret, @schwzr and @hhund.
1.3.1 - Maintenance Release
General remarks:
- This is an update for the new 1.x DSF and not compatible with 0.9.x and older version developed at highmed/highmed-dsf.
- DSF v1.3.1 is not compatible with DSF Ping Pong v1.0.0.0, upgrade/use the Ping Pong plugin v1.0.1.0 if your are upgrading/using this version.
- To Update an existing 1.x installation, please see the 1.x -> 1.3.1 Upgrade Guide.
- For a fresh deployment, follow the installation instructions.
Features:
- Removes insecure TLS cipher suites from the apache httpd reverse proxy Docker image.
- Adds browser security policy headers for
text/html
requests and requests for/static/...
resources. - Removes in-line css
style
and javascript event-handler definitions. - Reorganized
commons-logging
excludes, added Dependency ban rule. - Only sends the
X-ClientCert
header if the variableSSL_CLIENT_CERT
is not empty. The value is empty if a users is not authenticated with a client certificate and client certificate authentication is optional. - Adds generated mail address based on the
iss
(issuer) andsub
(subject) values from the access token to the currently logged in Practitioner object if the token does not contain anemail
claim.
Bug Fixes:
- The OrganizationAffiliation page showed the
Participation Organization
identifier in the columnParent Organization
. The expectedParent Organization
identifier is now shown. - The apache httpd reverse proxy did not set the required
X-Forwarded-Proto
header, leading to "faulty" redirect URLs when using OIDC logins. TheX-Forwarded-Proto
header for proxy request to the FHIR App server is now set.
Known Compatible Process Plugins:
- DSF Allow List v1.0.0.0
- DSF Ping Pong v1.0.1.0
- MII Report v1.0.0.0
- MII Feasibility v1.0.0.0
- NUM Data Transfer v1.0.0.0
Docker containers for this release can be access via the GitHub Docker registry - ghcr.io:
- bpe: ghcr.io/datasharingframework/bpe:1.3.1
- fhir: ghcr.io/datasharingframework/fhir:1.3.1
- fhir_proxy: ghcr.io/datasharingframework/fhir_proxy:1.3.1
Issues closed:
- Upgrade Dependencies #127
- Improve Some Logging for OIDC Logins #125
- Redirect URI for OIDC Login is Http #124
- Start New Development Cycle #120
- Remove Not Needed commons-logging Dependencies and Enforce Non Use #119
- WebUI: Bug on OrganizationAffiliation page #118
- Unsafe 3DES Cipher Suite in FHIR Proxy #117
This release contains contributions from @wetret, @schwzr and @hhund.