Releases: datasharingframework/dsf
1.6.0 - Improved Update Performance
General remarks:
- This is an update for the 1.x DSF and not compatible with 0.9.x and older version developed at highmed/highmed-dsf.
- To Update an existing 1.x installation, please see the 1.x -> 1.6.0 Upgrade Guide.
- For a fresh deployment, follow the installation instructions.
- With this release, library dependencies have been updated, a number of bugs fixed and the execution of FHIR update operations for
Organization
andOrganizationAffiliation
improved.
Known Issue:
- Duplicate
ActivityDefinition
resources in DSF FHIR server prevent processes from being executed, for more infos and a workaround see #247
Features:
- The execution performance of FHIR rest update operations for
Organization
andOrganizationAffiliation
resource has been improved.
Bug Fixes:
- The DSF BPE missed
Task
andQuestionnaireResponse
resources received by the DSF FHIR server during a connection outage between the DSF FHIR and DSF BPE servers. MissedTask
andQuestionnaireResponse
are now always downloded after the connection is reestablished. See #233 - The OIDC provider URL could not be configured as a "no proxy" URL if a general forward proxy was configured for the DSF FHIR or DSF BPE servers. The responsible logic error in the code was fixed. See #232
QuestionnaireResponse
and correspondingQuestionnaire
resource could not be created together in atransaction
Bundle
. The reference check for theQuestionnaireResponse.questionnaire
canoncial reference was move to the correcttransaction
Bundle
execution phase. See #226- A wrong resource type in the
getLocalVersionlessAbsoluteUrl
method of the plugin API classQuestionnaireResponseHelperImpl
was fixed. See #224
Known Compatible Process Plugins:
- DSF Allow List v1.0.0.1
- DSF Ping Pong v1.0.1.0
- MII Report v1.1.0.1
- MII Feasibility v1.0.0.7
- MII Data Transfer v1.0.1.0
- MII Data Sharing v1.0.0.1
Docker containers for this release can be access via the GitHub Docker registry - ghcr.io:
- bpe: ghcr.io/datasharingframework/bpe:1.6.0
- bpe_proxy: ghcr.io/datasharingframework/bpe_proxy:1.6.0
- fhir: ghcr.io/datasharingframework/fhir:1.6.0
- fhir_proxy: ghcr.io/datasharingframework/fhir_proxy:1.6.0
Issues closed:
- Upgrade Dependencies #236
- BPE Misses Task and QuestionnaireResponse Resources if Network Disconnects #233
- OIDC Provider Can’t Be Excluded From Configured Forwarding-Proxy #232
- Improve Performance of Organization and OrganizationAffiliation Updates #230
- A Questionnaire and corresponding QuestionnaireResponse resource cannot be posted to the FHIR server at the same time in a transaction Bundle #226
- QuestionnaireResponseHelperImpl Uses Wrong Resource Type in getLocalVersionlessAbsoluteUrl Method #224
- Start New Development Cycle #219
This release contains contributions from @hhund, @jaboehri, @schwzr and @wetret.
First Release Candidate for 1.6.0
General remarks:
- This is a pre-release for DSF 1.6.0, do not use in production.
Features:
- The execution performance of FHIR rest update operations for
Organization
andOrganizationAffiliation
resource has been improved.
Bug Fixes:
- The DSF BPE missed
Task
andQuestionnaireResponse
resources received by the DSF FHIR server during a connection outage between the DSF FHIR and DSF BPE servers. MissedTask
andQuestionnaireResponse
are now always downloded after the connection is reestablished. See #233. - The OIDC provider URL could not be configured as a "no proxy" URL if a general forward proxy was configured for the DSF FHIR or DSF BPE servers. The responsible logic error in the code was fixed. See #232
QuestionnaireResponse
and correspondingQuestionnaire
resource could not be created together in atransaction
Bundle
. The reference check for theQuestionnaireResponse.questionnaire
canoncial reference was move to the correcttransaction
Bundle
execution phase. See #226- A wrong resource type in the
getLocalVersionlessAbsoluteUrl
method of the plugin API classQuestionnaireResponseHelperImpl
was fixed. See #224
Docker containers for this release can be access via the GitHub Docker registry - ghcr.io:
- bpe: ghcr.io/datasharingframework/bpe:1.6.0-RC1
- bpe_proxy: ghcr.io/datasharingframework/bpe_proxy:1.6.0-RC1
- fhir: ghcr.io/datasharingframework/fhir:1.6.0-RC1
- fhir_proxy: ghcr.io/datasharingframework/fhir_proxy:1.6.0-RC1
Issues closed:
- Upgrade Dependencies #236
- BPE Misses Task and QuestionnaireResponse Resources if Network Disconnects #233
- OIDC Provider Can’t Be Excluded From Configured Forwarding-Proxy #232
- Improve Performance of Organization and OrganizationAffiliation Updates #230
- A Questionnaire and corresponding QuestionnaireResponse resource cannot be posted to the FHIR server at the same time in a transaction Bundle #226
- QuestionnaireResponseHelperImpl Uses Wrong Resource Type in getLocalVersionlessAbsoluteUrl Method #224
- Start New Development Cycle #219
This release contains contributions from @hhund, @jaboehri, @schwzr and @wetret.
1.5.2 - Maintenance Release
General remarks:
- This is an update for the 1.x DSF and not compatible with 0.9.x and older version developed at highmed/highmed-dsf.
- DSF v1.5.2 is not compatible with DSF Ping Pong v1.0.0.0, upgrade/use the Ping Pong plugin v1.0.1.0 if your are upgrading/using this version.
- To Update an existing 1.x installation, please see the 1.x -> 1.5.2 Upgrade Guide.
- For a fresh deployment, follow the installation instructions.
- With this maintenance release, library dependencies have been updated. The new builds of the bpe_proxy and fhir_proxy docker images are now based on Apache httpd 2.4.61 with amongst others a fix for CVE-2024-38477 mitigating potential denial-of-service attacks.
Bug Fixes:
- Forms for FHIR Task and QuestionnaireResponse resource can now be submitted using the
Enter
-key.
Known Compatible Process Plugins:
- DSF Allow List v1.0.0.1
- DSF Ping Pong v1.0.1.0
- MII Report v1.0.0.0
- MII Report v1.1.0.1
- MII Feasibility v1.0.0.5
- MII Data Transfer v1.0.1.0
- MII Data Sharing v1.0.0.1
- NUM Data Transfer v1.0.0.0
Docker containers for this release can be access via the GitHub Docker registry - ghcr.io:
- bpe: ghcr.io/datasharingframework/bpe:1.5.2
- bpe_proxy: ghcr.io/datasharingframework/bpe_proxy:1.5.2
- fhir: ghcr.io/datasharingframework/fhir:1.5.2
- fhir_proxy: ghcr.io/datasharingframework/fhir_proxy:1.5.2
Issues closed:
- Upgrade Dependencies #215
- fhir-proxy | 9 apache vulnerabilities fixed in apache 2.4.61 #214
- Fix "onSubmit" action on Task forms #213
- Start New Development Cycle #198
This release contains contributions from @hhund and @wetret.
1.5.1 - Maintenance Release
General remarks:
- This is an update for the 1.x DSF and not compatible with 0.9.x and older version developed at highmed/highmed-dsf.
- DSF v1.5.1 is not compatible with DSF Ping Pong v1.0.0.0, upgrade/use the Ping Pong plugin v1.0.1.0 if your are upgrading/using this version.
- To Update an existing 1.x installation, please see the 1.x -> 1.5.1 Upgrade Guide.
- For a fresh deployment, follow the installation instructions.
- With this maintenance release, library dependencies have been updated.
Bug Fixes:
- The DSF FHIR server now correctly shows the recipient organization within the Task details view.
Known Compatible Process Plugins:
- DSF Allow List v1.0.0.1
- DSF Ping Pong v1.0.1.0
- MII Report v1.0.0.0
- MII Feasibility v1.0.0.4
- MII Data Transfer v1.0.0.0
- NUM Data Transfer v1.0.0.0
Docker containers for this release can be access via the GitHub Docker registry - ghcr.io:
- bpe: ghcr.io/datasharingframework/bpe:1.5.1
- bpe_proxy: ghcr.io/datasharingframework/bpe_proxy:1.5.1
- fhir: ghcr.io/datasharingframework/fhir:1.5.1
- fhir_proxy: ghcr.io/datasharingframework/fhir_proxy:1.5.1
Issues closed:
- Upgrade Dependencies #193
- Start New Development Cycle #191
- fhir-proxy | 3 apache vulnerabilities fixed in apache 2.4.59 #190
- FHIR Server GUI: Fix recipient in Task view #189
This release contains contributions from @EmteZogaf, @hhund, @schwzr and @wetret.
1.5.0 - UI and Questionnaire Improvements
General remarks:
- This is an update for the 1.x DSF and not compatible with 0.9.x and older version developed at highmed/highmed-dsf.
- DSF v1.5.0 is not compatible with DSF Ping Pong v1.0.0.0, upgrade/use the Ping Pong plugin v1.0.1.0 if your are upgrading/using this version.
- To Update an existing 1.x installation, please see the 1.x -> 1.5.0 Upgrade Guide.
- For a fresh deployment, follow the installation instructions.
- GitHub's CodeQL scanner was added to the suite of tools we used to regularly scan the repository for security vulnerabilities, inefficiencies and other bugs in Java and JavaScript code.
- Community guidelines including feature, issue and pull-request templates as well as security information and contribution guidelines have been added to the repository.
Features:
- Debug logging of DB queries, webservice request headers and the current (authenticated) user are now disabled by default and can be activated using config options.
- To improve the maintainability and robustness of the HTML generation code base, the DSF user interface is now generated using the Thymeleaf templating engine.
- A visual indicator to differentiate between development, test and production environments can now be configured using the DEV_DSF_FHIR_SERVER_UI_THEME and DEV_DSF_BPE_SERVER_UI_THEME environment variables. Additionally, the look and feel of the user interface can now be customized via CSS overrides.
- To show deployed processes and their BPMN diagrams as well as active process instances a user interface (UI) was added to the DSF BPE server application. The BPE UI is in beta state and may change significantly in future releases.
- A database migration script has been added to cleanup old orphaned entries in the
read_access
table of the DSF FHIR database. In order to remove future corresponding entries from theread_access
table ,if resources are permanently deleted,BEFORE DELETE
database triggers have been added to resource tables. - Questionnaire resources can now have optional items for BPMN user-tasks. The UI for displaying Task and QuestionnaireReponse Resources has been improved and now supports data-absent-reason extensions to create inputs without default values.
- Library dependencies were upgraded where possible and applicable.
Bug Fixes:
- The file-system readability of the client certificate private-key file in the BPE is now checked correctly.
- The
:below
name modifier has been configured for the ActivityDefinition.url search parameter.
Known Compatible Process Plugins:
- DSF Allow List v1.0.0.1
- DSF Ping Pong v1.0.1.0
- MII Report v1.0.0.0
- MII Feasibility v1.0.0.4
- MII Data Transfer v1.0.0.0
- NUM Data Transfer v1.0.0.0
Docker containers for this release can be access via the GitHub Docker registry - ghcr.io:
- bpe: ghcr.io/datasharingframework/bpe:1.5.0
- bpe_proxy: ghcr.io/datasharingframework/bpe_proxy:1.5.0
- fhir: ghcr.io/datasharingframework/fhir:1.5.0
- fhir_proxy: ghcr.io/datasharingframework/fhir_proxy:1.5.0
Issues closed:
- Add Config Options to Enable Debug Logging of DB Queries, Webservice Request Headers and the Current User #183
- Upgrade Dependencies #178
- Template Engine for HTML UIs #175
- Cleanup and Prevent Orphaned read_access Entries for Permanently Deleted Resources #170
- Readability of Client Certificate PrivateKey Not Checked Correctly in BPE #169
- :below Modifier Not Configured for Search Parameter ActivityDefinition.url #165
- Enable GitHub CodeQL #164
- Allow Optional Elements in Questionnaire #160
- Start New Development Cycle #158
- Add community guidelines #152
This release contains contributions from @EmteZogaf, @hhund, @jbellmann, @schwzr and @wetret.
1.4.0 - General Improvements and Bug Fixes
General remarks:
- This is an update for the new 1.x DSF and not compatible with 0.9.x and older version developed at highmed/highmed-dsf.
- DSF v1.4.0 is not compatible with DSF Ping Pong v1.0.0.0, upgrade/use the Ping Pong plugin v1.0.1.0 if your are upgrading/using this version.
- To Update an existing 1.x installation, please see the 1.x -> 1.4.0 Upgrade Guide.
- For a fresh deployment, follow the installation instructions.
Features:
- HTML views for ActivityDefinition resources and searchset Bundle results have been added.
- The
name
search parameter was implemented for resources: CodeSystem, HealthcareService, Library, Location, Measure, Questionnaire, StructureDefinition and ValueSet. Thename
search parameter for Organization is now fully implemented and also works with theOrganization.alias
property. - The Apache module
mod_proxy_wstunnel
is no longer needed and was removed from the fhir_proxy docker image. - The maven
site
goal was configured to generate pmd, cpd and spotbugs with slf4j bug patterns static code analysis reports as well as javadoc html views. The maven goalmvn site site:stage
can be used to create a combined report with working links at\target\staging
. - Changes suggested by static code analysis tools were implemented and a general code base cleanup was performed.
- Parallel maven builds with parallel execution of tests can now be performed, for example using
mvn install -T2C -DforkCount=4
. - Release-candidate and milestone releases of process plugins are now treated like snapshot releases. During deployment metadata resources from these plugin types are created with status
draft
and updated on every startup.
Bug Fixes:
- Binary resources in JSON format exceeding length 20.000.000 previously resulted in a
ca.uhn.fhir.parser.DataFormatException
. Resources can now be up to max integer length (i.e. 2,14 GB) in size. - A missing SLF4J placeholder was added to circumvent a
java.lang.IllegalArgumentException
. - Reading a resource with the version after the current version, resulted in a HTTP 500 status code. The REST API now correctly answers with a HTTP 404 status code.
Known Compatible Process Plugins:
- DSF Allow List v1.0.0.0
- DSF Ping Pong v1.0.1.0
- MII Report v1.0.0.0
- MII Feasibility v1.0.0.1
- MII Data Transfer v1.0.0.0
- NUM Data Transfer v1.0.0.0
Docker containers for this release can be access via the GitHub Docker registry - ghcr.io:
- bpe: ghcr.io/datasharingframework/bpe:1.4.0
- fhir: ghcr.io/datasharingframework/fhir:1.4.0
- fhir_proxy: ghcr.io/datasharingframework/fhir_proxy:1.4.0
Issues closed:
- Upgrade Dependencies #155
- Add HTML Views for ActivityDefinitions #151
- Remove mod_proxy_wstunnel From Apache Reverse Proxy #145
- Configure Maven Site Goal #142
- Increase maximum string length #138
- Exception when logging audit information for resource without entity #137
- Enable Parallel Maven Builds #135
- Start New Development Cycle #133
- Prevent HTTP 500 Statuscode on non existent history element #132
- Treat RC releases similar to SNAPSHOT releases #131
This release contains contributions from @EmteZogaf, @hhund, @schwzr and @wetret.
1.3.2 - Maintenance Release
General remarks:
- This is an update for the new 1.x DSF and not compatible with 0.9.x and older version developed at highmed/highmed-dsf.
- DSF v1.3.2 is not compatible with DSF Ping Pong v1.0.0.0, upgrade/use the Ping Pong plugin v1.0.1.0 if your are upgrading/using this version.
- To Update an existing 1.x installation, please see the 1.x -> 1.3.2 Upgrade Guide.
- For a fresh deployment, follow the installation instructions.
Bug Fixes:
- Switches the database ID generation strategy for the BPE from
DbIdGenerator
toStrongUuidGenerator
, as described in the camunda documentation.
Known Compatible Process Plugins:
- DSF Allow List v1.0.0.0
- DSF Ping Pong v1.0.1.0
- MII Report v1.0.0.0
- MII Feasibility v1.0.0.1
- NUM Data Transfer v1.0.0.0
Docker containers for this release can be access via the GitHub Docker registry - ghcr.io:
- bpe: ghcr.io/datasharingframework/bpe:1.3.2
- fhir: ghcr.io/datasharingframework/fhir:1.3.2
- fhir_proxy: ghcr.io/datasharingframework/fhir_proxy:1.3.2
Issues closed:
- Use UUID generator instead of database id generator #139
This release contains contributions from @EmteZogaf, @wetret, @schwzr and @hhund.
1.3.1 - Maintenance Release
General remarks:
- This is an update for the new 1.x DSF and not compatible with 0.9.x and older version developed at highmed/highmed-dsf.
- DSF v1.3.1 is not compatible with DSF Ping Pong v1.0.0.0, upgrade/use the Ping Pong plugin v1.0.1.0 if your are upgrading/using this version.
- To Update an existing 1.x installation, please see the 1.x -> 1.3.1 Upgrade Guide.
- For a fresh deployment, follow the installation instructions.
Features:
- Removes insecure TLS cipher suites from the apache httpd reverse proxy Docker image.
- Adds browser security policy headers for
text/html
requests and requests for/static/...
resources. - Removes in-line css
style
and javascript event-handler definitions. - Reorganized
commons-logging
excludes, added Dependency ban rule. - Only sends the
X-ClientCert
header if the variableSSL_CLIENT_CERT
is not empty. The value is empty if a users is not authenticated with a client certificate and client certificate authentication is optional. - Adds generated mail address based on the
iss
(issuer) andsub
(subject) values from the access token to the currently logged in Practitioner object if the token does not contain anemail
claim.
Bug Fixes:
- The OrganizationAffiliation page showed the
Participation Organization
identifier in the columnParent Organization
. The expectedParent Organization
identifier is now shown. - The apache httpd reverse proxy did not set the required
X-Forwarded-Proto
header, leading to "faulty" redirect URLs when using OIDC logins. TheX-Forwarded-Proto
header for proxy request to the FHIR App server is now set.
Known Compatible Process Plugins:
- DSF Allow List v1.0.0.0
- DSF Ping Pong v1.0.1.0
- MII Report v1.0.0.0
- MII Feasibility v1.0.0.0
- NUM Data Transfer v1.0.0.0
Docker containers for this release can be access via the GitHub Docker registry - ghcr.io:
- bpe: ghcr.io/datasharingframework/bpe:1.3.1
- fhir: ghcr.io/datasharingframework/fhir:1.3.1
- fhir_proxy: ghcr.io/datasharingframework/fhir_proxy:1.3.1
Issues closed:
- Upgrade Dependencies #127
- Improve Some Logging for OIDC Logins #125
- Redirect URI for OIDC Login is Http #124
- Start New Development Cycle #120
- Remove Not Needed commons-logging Dependencies and Enforce Non Use #119
- WebUI: Bug on OrganizationAffiliation page #118
- Unsafe 3DES Cipher Suite in FHIR Proxy #117
This release contains contributions from @wetret, @schwzr and @hhund.
1.3.0 - Validation Support
General remarks:
- This is an update for the new 1.x DSF and not compatible with 0.9.x and older version developed at highmed/highmed-dsf.
- DSF v1.3.0 is not compatible with DSF Ping Pong v1.0.0.0, upgrade/use the Ping Pong plugin v1.0.1.0 if your are upgrading/using this version.
- To Update an existing 1.x installation, please see the 1.x -> 1.3.0 Upgrade Guide.
- For a fresh deployment, follow the installation instructions.
Features:
- Necessary library dependencies were added to the BPE to support for FHIR resource validation in process plugins.
- HTML views for Organization, OrganizationAffiliation and Endpoint resources and their search Bundles have been added.
Bug Fixes:
- An infinite loop condition in the OrganizationProvider class used by process plugins was fixed. #104
- For reverse proxies configured with a non standard context URL, an invalid redirect from the root url without a trailing slash was corrected. #85
Known Compatible Process Plugins:
Docker containers for this release can be access via the GitHub Docker registry - ghcr.io:
- bpe: ghcr.io/datasharingframework/bpe:1.3.0
- fhir: ghcr.io/datasharingframework/fhir:1.3.0
- fhir_proxy: ghcr.io/datasharingframework/fhir_proxy:1.3.0
Issues closed:
- Upgrade Dependencies #114
- Add Validation Dependencies to BPE #111
- Create HTML Views for Organization, OrganizationAffiliation and Endpoint Search Bundles #107
- Search for organizations by parent organization and member role hangs in infinite loop #104
- Make FHIR proxy server context path customizable #85
This release contains contributions from @EmteZogaf, @wetret and @hhund.
1.2.0 - Improved Concurrency Support
General remarks:
- This is an update for the new 1.x DSF and not compatible with 0.9.x and older version developed at highmed/highmed-dsf.
- DSF v1.2.0 is not compatible with DSF Ping Pong v1.0.0.0, upgrade/use the Ping Pong plugin v1.0.1.0 if your are upgrading/using this version.
- To Update an existing 1.x installation, please see the 1.x -> 1.2.0 Upgrade Guide.
- For a fresh deployment, follow the installation instructions.
Features:
- The BPE server config parameter
dev.dsf.bpe.fhir.server.organization.identifier.value
(environment variableDEV_DSF_BPE_FHIR_SERVER_ORGANIZATION_IDENTIFIER_VALUE
) was not needed and has been removed. - Start and continue events for processes are now executed on a separate thread pool enabling concurrent execution of processes using "non async" process tasks.
- Support for "async" processes has been improved and config parameter / environment variables have been added to configure the process engine job executor.
- The special java StatusClient used for docker health checks has been replaced with
curl
. - A new environment variable
SERVER_CONTEXT_PATH
was added to the reverse proxy docker image. The new environment variable can be used to configure the reverse-proxy path that gets delegated to the DSF FHIR app server. - The FHIR server config parameter
dev.dsf.fhir.server.roleConfig
(environment variableDEV_DSF_FHIR_SERVER_ROLECONFIG
is now optional and the validation of the config YAML has been improved. - Java dependency have been upgraded where possible.
Bug Fixes:
- Literal block scalars can now be used with the environment variable
DEV_DSF_PROXY_NOPROXY
. - The websocket connection to the DSF FHIR server no longer disconnects if long-running "non async" process tasks are executed. By handing over incoming Task and QuenstionnaireResponse resources to a separate thread-pool, the websocket client thread is immediately freed and able respond to websocket ping-frames keeping the connection from timing out.
Known Compatible Process Plugins:
Docker containers for this release can be access via the GitHub Docker registry - ghcr.io:
- bpe: ghcr.io/datasharingframework/bpe:1.2.0
- fhir: ghcr.io/datasharingframework/fhir:1.2.0
- fhir_proxy: ghcr.io/datasharingframework/fhir_proxy:1.2.0
Issues closed:
- Increase Camunda DefaultJobExecutor Queue Size and Expose Config Options #101
- Make FHIR Server Role Config Optional, Improve Role Config Validation #96
- Replace Java StatusClient With curl #93
- Modify the BPE to Enable Parallel Execution of Non Async Processes #91
- BPE Task Websocket Connection Fails During Long Running Processes #90
- Remove Not Needed Organization Identifier Config Parameter From BPE #89
- DEV_DSF_PROXY_NOPROXY Not Working With Literal Block Scalar #87
- Start New Development Cycle #86
- Make FHIR proxy server context path customizable #85
This release contains contributions from @wetret and @hhund.