It's August, so it's time for our next quarterly relese: HAPI FHIR 5.2.0 (Codename: Manticore).

Notable changes in this release include:

• An XSS vulnerability has been fixed in the testpage overlay project. This issue affects only the testpage overlay module, but users of this module should upgrade immediately. A CVE number for this issue has been requested and will be updated here when it is assigned.

• Support for the new FHIR NPM Package spec has been added. Currently this support is limited to JPA servers, and support should be added to plain servers in the next release. Packages can be imported on startup, either by supplying NPM files locally or by downloading them automatically from an NPM server such as packages.fhir.org. Package contents (the StructureDefinition, CodeSystem, ValueSet, etc. resources in the package) can be installed into the repository, or can be stored in a dedicated set of tables and made available to the validator without actually being installed in the repository.

• Support for the Observation/$lastn operation has been implemented thanks to a partnership with LHNCBC/NIH. This operation uses ElasticSearch to support querying for recent Observations over a set of test codes for one or more patients in a very efficient way.

• The FHIR PATCH operation now supports FHIRPatch in addition to the already supported XML and JSON Patch specs. FHIRPatch is a very expressive mechanism for creating patches and can be used to supply very precise patches.

• A new operatiion called $diff has been added. Diff can be used too generate a FHIRPatch diff between two resrouces, or between two versions of the same resource. For example: http://hapi.fhir.org/baseR4/Patient/example/$diff

• Several performance problems and occasional failures in the resource expunge operation have been corrected

• The memory use for Subscription delivery queues has been reduced

• Snapshot generaton now uses a single snapshot generator codebase for generating snapshots across all versions of FHIR. This makes ongoing maintenance much easier and fixes a number of version specific bugs.

• The maximum cascade depth for cascading deletes is now configurable.

• AuthorizationInterceptor can now fully authorize GraphQL calls, including allowing/blocking individual resources returned by the graph.

• GraphQL now supports POST form (thanks to Kholilul Islam!)

• The LOINC uploader now supports LOINC 2.68

• A new batch job framework has been introduced, leveraging the Spring Batch library. Initial jobs to use this new framework are the Bulk Export and EMPI modules, but eventually all long processes will be adapted to use this new framework.

• TThe HAPI FHIR built-in Terminology Server now includes support for validating UCUM (units of measure), BCP-13 (mimetypes), ISO 4217 (currencies), ISO 3166 (countries), and USPS State Codes.

• It is now possible to disable referential integrity for delete operations for speciific reference paths.

• A regression has been fixed that significantly degraded validation performance in the JPA server for validation of large numbers of resources.

• Unit tests have been migrated to JUnit 5. This change has no user visible impacts, but will help us continue to improve ongoing maintenance of our test suites.

As always, see the changelog for a full list of changes.

Thanks to everyone who contributed to this release!

A second point release of the HAPI FHIR 5.0 (Labrador) release cycle has been pushed to Maven Central.

This release corrects only two issues:

• A snapshot dependency was accidentally left into the POM for HAPI FHIR 5.0.1. This has been corrected.

• The default setting for the new partitioning feature "Add Partition to Search Indexes" was incorrectly set to enabled (true). It has been set to false, which was the intended default for this setting.

It's time for another release of HAPI FHIR!

This release brings some good stuff, including:

• A new feature called Partitioning has been added to the JPA server. This can be used to implement multitenancy, as well as other partitioned/segregated/sharded use cases.

• The IValidationSupport interface has been completely redesigned for better flexibility, extensibility and to enable future use cases. Any existing implementations of this interface will need to be adjusted.

• Many improvements to performance have been implemented

• FHIR R5 draft definitions have been updated to the latest FHIR 4.2.0 (Preview 2) definitions

• The Gson JSON parser has been replaced with Jackson for better flexibility and performance

As always, see the changelog for a full list of changes.

Thanks to everyone who contributed to this release!