HAPI FHIR 5.1.0 (Manticore)

Published: 2020-08-13T12:00:00
By: James
 

It's August, so it's time for our next quarterly relese: HAPI FHIR 5.2.0 (Codename: Manticore).

Notable changes in this release include:

  • An XSS vulnerability has been fixed in the testpage overlay project. This issue affects only the testpage overlay module, but users of this module should upgrade immediately. A CVE number for this issue has been requested and will be updated here when it is assigned.

  • Support for the new FHIR NPM Package spec has been added. Currently this support is limited to JPA servers, and support should be added to plain servers in the next release. Packages can be imported on startup, either by supplying NPM files locally or by downloading them automatically from an NPM server such as packages.fhir.org. Package contents (the StructureDefinition, CodeSystem, ValueSet, etc. resources in the package) can be installed into the repository, or can be stored in a dedicated set of tables and made available to the validator without actually being installed in the repository.

  • Support for the Observation/$lastn operation has been implemented thanks to a partnership with LHNCBC/NIH. This operation uses ElasticSearch to support querying for recent Observations over a set of test codes for one or more patients in a very efficient way.

  • The FHIR PATCH operation now supports FHIRPatch in addition to the already supported XML and JSON Patch specs. FHIRPatch is a very expressive mechanism for creating patches and can be used to supply very precise patches.

  • A new operatiion called $diff has been added. Diff can be used too generate a FHIRPatch diff between two resrouces, or between two versions of the same resource. For example: http://hapi.fhir.org/baseR4/Patient/example/$diff

  • Several performance problems and occasional failures in the resource expunge operation have been corrected

  • The memory use for Subscription delivery queues has been reduced

  • Snapshot generaton now uses a single snapshot generator codebase for generating snapshots across all versions of FHIR. This makes ongoing maintenance much easier and fixes a number of version specific bugs.

  • The maximum cascade depth for cascading deletes is now configurable.

  • AuthorizationInterceptor can now fully authorize GraphQL calls, including allowing/blocking individual resources returned by the graph.

  • GraphQL now supports POST form (thanks to Kholilul Islam!)

  • The LOINC uploader now supports LOINC 2.68

  • A new batch job framework has been introduced, leveraging the Spring Batch library. Initial jobs to use this new framework are the Bulk Export and EMPI modules, but eventually all long processes will be adapted to use this new framework.

  • TThe HAPI FHIR built-in Terminology Server now includes support for validating UCUM (units of measure), BCP-13 (mimetypes), ISO 4217 (currencies), ISO 3166 (countries), and USPS State Codes.

  • It is now possible to disable referential integrity for delete operations for speciific reference paths.

  • A regression has been fixed that significantly degraded validation performance in the JPA server for validation of large numbers of resources.

  • Unit tests have been migrated to JUnit 5. This change has no user visible impacts, but will help us continue to improve ongoing maintenance of our test suites.

As always, see the changelog for a full list of changes.

Thanks to everyone who contributed to this release!

Tags: #Release