Welcome to a new major release of HAPI FHIR! Since there are many breaking changes, we are making this a major release.

Breaking Changes

• Support for Java 8 has been dropped. A minimum of Java 11 is now required for HAPI FHIR. Java 17 is also supported.
• Database indexes have been completely reworked for Search Index tables. This should result in significantly faster searches in most use cases.
• A new batch operation framework for executing long running background jobs has been created. This new framework is called 'Batch2', and will eventually replace Spring Batch. This framework is intended to be much more resilient to failures as well as much more paralellized than Spring Batch job.

Security Changes

• Previously, it was possible to update a resource with wrong tenantID. This issue has been fixed.
• User was permitted to bulk export all groups/patients when they were unauthorized. This issue has been fixed.
• The Spring Framework library was upgraded to version 5.3.18 in order to avoid depending on a version known to be vulnerable to CVE-2022-22965, known as Spring4Shell. HAPI FHIR is not believed to be vulnerable to this issue, but the library has been bumped as a precaution.

General Client/Server/Parser Changes

• Added search parameter modifier :nickname that can be used with 'name' or 'given' search parameters.
• Added a new pointcut: STORAGE_PRESTORAGE_CLIENT_ASSIGNED_ID which is invoked when a user attempts to create a resource with a client-assigned ID.
• The XML and JSON Parsers are now encoding narratives of contained resources. Narratives were skipped before for contained resources.
• Include property regex operation was not working when expanding ValueSet. This is now fixed
• When performing a search with a _revinclude. the results sometimes incorrectly included resources that were reverse included by other search parameters with the same name. Thanks to GitHub user @vivektk84 for reporting and to Jean-Francois Briere for proposing a fix.
• The HAPI FHIR server GraphQL endpoints now support GraphQL introspection, making them much easier to use with GraphQL-capable IDEs.
• Support has been added to the JPA server for token :not-in queries.
• SearchNarrowingInterceptor can now be used to automatically narrow searches to include a code:in or code:not-in expression, for mandating that results must be in a specified list of codes.
• Support has now (finally!) been added for the FHIR Bulk Import ($import) operation.
• A consent service implementation that enforces search narrowing rules specified by the SearchNarrowingInterceptor has been added.
• GET resource with _total=accurate and _summary=count if consent service enabled should throw an InvalidRequestException. This issue has been fixed.
• Reindexing jobs were not respecting the passed in date range in SearchParams. We now take date these date ranges into account when running re-indexing jobs.
• The server now supports date searches with the NOT_EQUALS (ne) prefix.
• Previously the Fhir parser would only set the resource type on the resource ID for resources which implemented IDomainResource. This caused a few resource types to be missed. This has been corrected, and resource type is now set on the id element for all IBaseResource instances instead.

CLI Tool changes:

• Previously there was no way to recreate freetext indexes for terminology entities. A new CLI operation, reindex-terminology now exists for this purpose.

JPA Server General Changes

• _include now supports canonicals as well as standard references.
• The resource JSON can now be stored and retrieved in the Lucene/Elasticsearch index. This enables some queries to provide results without using the database. This is enabled via DaoConfig.setStoreResourceInLuceneIndex()
• An occasional concurrency failure in AuthorizationInterceptor has been resolved. Thanks to Martin Visser for reporting and providing a reproducible test case!
• When cross-partition reference Mode is used, the rest-hook subscriptions on a partition enabled server would cause a NPE. This has been resolved.
• Group Bulk Export (e.g. Group/123/$export) now additionally supports Organization and Practitioner as valid _type parameters. This works internally by querying using a _has parameter

JPA Server Performance Changes

• When deleting a large ValueSet operation was timing out. This issue has been fixed.
• Performance for JPA Server ValueSet expansion has been significantly optimized in order to minimize database lookups, especially with large expansions.
• When using JPA persistence with Hibernate Search (Lucene or Elasticsearch), simple FHIR queries that can be satisfied completely by Hibernate Search no longer query the database.
• Added a new setting to BinaryStorageInterceptor which allows you to disable binary de-externalization during resource reads.

Database-specific Changes

• When searching for date search parameters on Postgres, ordinals could sometimes be represented as strings, causing a search failure. This has been corrected.
• A regression in HAPI FHIR 5.5.0 meant that very large transactions where the bundle contained over 1000 distinct client-assigned resource IDs could fail on MSSQL and Oracle due to SQL parameter count limitations.

Terminology Server and Validation Changes

• ValueSet pre-expansion was failing when number of concepts was larger than configured BooleanQuery.maxClauseCount value (default is 1024). This is now fixed.
• A regression in HAPI FHIR 5.7.0 meant that when UnknownCodeSystemWarningValidationSupport was configured for WARNING behaviour, validating a field with an implicit code system could incorrectly result in an error.
• We now Provide a Remote Terminology Service implementation for the $translate operation.
• The JPA server terminology service can now process IS-A filters in ValueSet expansion on servers with Hibernate Search disabled.
• HAPI-FHIR no longer performs Repository Validation on resources that are implicitly created, e.g. placeholder resources.

Welcome to the winter-ish release of HAPI-FHIR 5.6.0!

HAPI FHIR 5.6.0 (Codename: Raccoon) brings a whole bunch of great new features, bugfixes, and more.

Highlights of this release are shown below. See the Changelog for a complete list. There will be a live Webinar (recording available on-demand afterward) on August 18 2021. Details available here: https://www.smilecdr.com/quarterly-product-release-webinar-reminder

Security Changes

• Add new RuleBuilder options which allow you to specify additional resources and search parameters which match a given compartment. More explanations of the enhancements can be found in the documentation.
• Previously, when a search query explicitly includes a search parameter that is for the same resource type but a different resource instance from the one(s) specified on the authorized list, the search narrowing interceptor would include both search parameters in the final query, resulting in an empty bundle being returned to the caller. Now, such a call will result in a 403 Forbidden error, making it more clear why no resources were returned.
• Inline match URL searches (e.g. search URLs for conditional creates, conditional updates, etc.) are now subject to the same security and access control checks as other searches.

General Client/Server/Parser Changes

• HAPI-FHIR will now index canonical references if the base url is set via property.
• Added displayLanguage support for CodeSystem $lookup operation.
• Loosened BCP47 validation to permit languages that are without region, e.g. nl instead of nl-DE or nl-NL.
• Previously, % symbol was causing searches to fail to return results. This has been corrected.
• Added an NDJSON parser.
• Previously, the package registry would not work correctly when externalized binary storage was enabled. This has been corrected.

CLI Tool changes:

• This PR eliminates the search coordinator threadpool, and executes searches synchronously on the HTTP client thread.

JPA Server General Changes

• Improved ordinal date searches to handle lower granularity MONTH and YEAR searches.
• Support for the _language search parameter has been dropped.
• FHIR Batch transaction GET operations are now executed in parallel where applicable.
• Fixed a regression which causes transactions with multiple identical ifNoneExist clauses to create duplicate data.
• Added the ability for Hibernate Search to prefix all elasticsearch tables it creates, allowing you to have multiple HAPI-FHIR's using the same elasticsearch instance.
• Support has been added for chained searches traversing contained resources much more effectively.
• Experimental additions have been made to search parameter indexing in lucene. These can be enabled via advanced property.
• Fixed a critical bug with Postgresql database which caused the VACUUMLO tool to delete data.
• A new _id parameter has been added to the Patient/$everything type-level operation so you can narrow down a specific list of patient IDs to export.

JPA Server Partitioning Changes

• Swagger UI is now supported in partitioned servers

Terminology Server and Validation Changes

• Provided a Remote Terminology Service implementation for the $lookup Operation.
• Support added for uploading non-current versions of LOINC ValueSets

JPA Server MDM Enhancements

• _mdm parameter support has been added to the $everything operation.
• Modified the MDM_AFTER_PERSISTED_RESOURCE_CHECKED pointcut to include additional information.
• The $mdm-clear operation has been refactor to use spring batch.
• Added $mdm-create-link operation.

Another quarter gone by, another HAPI-FHIR release.

HAPI FHIR 5.5.0 (Codename: Pangolin) brings a whole bunch of great new features, bugfixes, and more.

Highlights of this release are shown below. See the Changelog for a complete list. There will be a live Webinar (recording available on-demand afterward) on August 18 2021. Details available here: https://www.smilecdr.com/quarterly-product-release-webinar-reminder

Security Changes

• Resolved multiple vulnerabilities by updating dependencies.

General Client/Server/Parser Changes

• Added configuration to enable/disable various scheduled tasks.
• Support for qualified * for _include and _revinclude has been added, e.g. _include=Observation:*.
• Flyway migration used to enforce order by default. This has been changed so now the default behaviour is out of order migrations are permitted. Strict order can be enforced via the new strict-order flag if required.

CLI Tool changes:

• Support for multiple header-passthrough option using -hp or --header-passthroughparameter has been added to hapi-fhir-cli commands: example-data-uploader, export-conceptmap-to-csv, import-csv-to-conceptmap and upload-terminology

JPA Server General Changes

• DELETE _expunge=true has been converted to a Spring Batch job.
• Added a new setting to DaoConfig called Tag Versioning Mode, which determines how tags are maintained.
• A new tag storage mode called Inline Tag Mode tas been added. In this mode, all tags are stored directly in the serialized resource body in the database, instead of using dedicated tables. This has significant performance advantages when storing resources with many distinct tags (i.e. many tags that are unique to each resource, as opposed to being reused across multiple resources).
• A new interceptor has been addeed to the JPA server called ForceOffsetSearchModeInterceptor. This interceptor forces all searches to be offset searches, instead of relying on the query cache.
• Added a new $reindex operation which creates a Spring Batch job to reindex selected resources.

JPA Server Performance Changes

• A new setting has been added to the DaoConfig that allows the maximum number of _include and _revinclude resources to be added to a single search page result. In addition, the include/revinclue processor have been redesigned to avoid accidentally overloading the server if an include/revinclude would return unexpected massive amounts of data.
• When performing non-query cache JPA searches (i.e. searches with Cache-Control: no-store) the loading of _include and _revinclude will now factor the maximum include count."
• Subscriptions will no longer be triggered on unversioned changes.
• A new DaoConfig setting called Mass Ingestion Mode has been added. This mode enables rapid data ingestion by skipping a number of unnecessary checks during backloading.
• FHIR Transactions with writes in them will now aggressively pre-fetch as many entities as possible at the start of processing. This reduces the number of database roundtrips.
• A new interceptor has been added for JPA servers that uses semaphores to avoid multiple concurrent FHIR transactions from trying to create/update the same resource at the same time. This can improve overall performance when writing many concurrent transactions since it avoids the need for retries.

JPA Server Partitioning Changes

• PatientIdPartitionInterceptor now supports conditional creates of resources where the resource is in the patient compartment but the conditional URL does not contain a patietn reference.
• The $evaluate-measure now works on a partitioned server.

Terminology Server and Validation Changes

• Added support for ICD-10-CM.
• A new interceptor ValidationMessageSuppressingInterceptor has been added. This interceptor can be used to selectively suppress specific vaLidation messages.
• Support for LOINC 2.70 has been added.
• Fixed a bug where ValueSet expansion did not correctly preserve order if multiple codes were included in a single inclusion block.
• A new Validation Support Module has been added that can use NPM Packages to supply validation conformance artifacts programatically to the validator."

JPA Server MDM Enhancements

• Too many MDM candidates matching could result in an OutOfMemoryError. Candidate matching is now limited to the value of IMdmSettings.getCandidateSearchLimit(), default 10000.
• Searches for mdm-expanded references such as Observation?subject:mdm=123 were getting denied by access rules that did not recognize the :mdm suffix. This has been corrected.
• $mdm-submit operation was only submitting 100 resources and then stopping. It now correctly submits all requested resources.