The version of a few dependencies have been bumped to the latest versions (dependent HAPI modules listed in brackets):

• Commons-Lang3 (Core): 3.9 -> 3.12.0
• Commons-Text (Core): 1.7 -> 1.9
• Commons-Codec (Core): 1.14 -> 1.15
• Commons-IO (Core): 2.6 -> 2.8.0
• Guava (Core): 30.1-jre -> 30.1.1-jre
• Jackson (Core): 2.12.1 -> 2.12.3
• Woodstox (Core): 6.2.3 -> 6.2.5
• Apache Jena (Core/RDF): 3.16.0 -> 3.17.0
• Gson (JPA): 2.8.5 -> 2.8.6
• Caffeine (JPA): 2.7.0 -> 3.0.1
• Hibernate (JPA): 5.4.26.Final -> 5.4.30.Final
• Hibernate Search (JPA): 6.0.0.Final -> 6.0.3.Final
• Spring (JPA): 5.3.3 -> 5.3.6
• Spring Batch (JPA): 4.2.3.RELEASE -> 4.3.2
• Spring Data (JPA): 2.4.2 -> 2.5.0
• Commons DBCP2 (JPA): 2.7.0 -> 2.8.0
• ElasticSearch Client (JPA): 7.10.2 -> 7.12.1
• Thymeleaf (Testpage Overlay): 3.0.11.RELEASE -> 3.0.12.RELEASE
• JAnsi (CLI): 2.1.1 -> 2.3.2
• JArchivelib (CLI): 1.0.0 -> 1.1.0

Support for the FHIR _list search parameter.

Terminology storage is now skipped for placeholder ValueSet and ConceptMap resources.

When a REST server returns a failure because no method matched the request parameters, the resulting OperationOutcome will now correctly set the issue type to not-supported. Thanks to Jari Maijenburg for the pull request!

Group Bulk exports are now supported. You can export all data for a Group of Patients via the /Group/[id]/$export endpoint for any resource type which contains a patient compartment. The _typeFilter and _since criteria are currently not supported at this level, but may eventually be

Optionally support '_contained' resource search by enabling the indexing on the contained resources in the ModelConfig.

When using the JPA server in partitioned mode with a partition interceptor, the interceptor is now called even for resource types that can not be placed in a non-default partition (e.g. SearchParameter, CodeSystem, etc.). The interceptor may return null or default in this case, but can include a non-null partition date if needed.

In MDM matching rules, support has been added for using FHIRPath expressions instead of Resource Path expressions via the fhirPath field in a field matcher

Support has been added for MDM expansion during Group bulk export. Calling a group export via /Group/123/$export?_mdm=true will cause Bulk Export to not only match group members, but also any MDM-matched patients, and their related golden record patients

Support has been added to the JPA server for indexing and searching using the _contained parameter, which allows searching using chained parameters that chain into contained resources. This feature is disabled by default but can be enabled via a setting on the ModelConfig object.

Support has been added for patient level Bulk export. This can be done via the /Patient/$export endpoint. Also, support has been added for setting Cache-Control header to no-cache for Bulk Export requests.

Auto-created placeholder reference targets now have an extension with the URL http://hapifhir.io/fhir/StructureDefinition/resource-placeholder and a value of true.

Adds interceptors for the following functionality:

• Data normalization (n11n) - removing unwanted characters (control, etc. as defined by the requirements)
• Data standardization (s13n) - normalizing data by ensuring word spacing and character cases are uniform
• Data validation - making sure that addresses / emails are validated

Added matching based on extension, when given the path to a fhir resource the matcher will take the extensions and match if the url and string value are the same

Two new server interceptors have been added that can be used to map codes and populate code display names respectively using the server terminology services.

When using the _mdm parameter during Group Bulk Export, resources written out will now contain an extension with the url https://hapifhir.org/associated-patient-golden-resource/ identifying which golden resource the target resource belongs to.

The server generated CapabilityStatment will now include supported Profile declarations for FHIR R4+.

A new server interceptor has been added that allows servers to implement lenient search mode, where unknown search parameters are ignored if an optional HTTP Prefer header is provided.

Add support for :mdm search parameter qualifier on reference search parameters. Details about enabling this feature can be found in the documentation.

The automatically generated CapabilityStatement for R4+ will now incude the list of supported revinclude values.

The server generated CapabilityStatement now reflects whether RDF/Turtle is supported by the server. In addition, the ResponseHighlightingInterceptor will now provide some TTL support.

A new Validation Support Module has been added called UnknownCodeSystemWarningValidationSupport. This module allows validation to produce a warning but not an error if a code being validated references an unknown code system.

A new optional parameter has been added to the ValueSet/$expand operation. When provided a value of true, the operation will include the concept hierarchy in the expansion response.

Add new pointcut STORAGE_TRANSACTION_PROCESSED, which fires after all operations in a transaction have executed.

It is now possible t create narrative generator templates that apply to any custom strucures including custom extension structures.

Added new NUMERIC mdm matcher for matching phone numbers. Also added NUMERIC phonetic encoder to support adding NUMERIC encoded search parameter (e.g. if searching for matching phone numbers is required by mdm candidate searching).

A new interceptor called OpenApiInterceptor has been added. This interceptor can be registered against FHIR Servers to automatically add support for OpenAPI / Swagger.

A new header called X-Upsert-Extistence-Check can now be added to JPA server Create with Client-Assigned ID operations (aka Upsert) in order to improve performance when loading data that is known to not exist by skipping the resource existence check.

When using the JPA server in offset mode, the count+offset information is now passed to the SQL query, resulting in better performance. Thanks to Tuomo Ala-Vannesluoma for the pull request!

When automatically creating a placeholder reference that is set to auto-populate identifiers, logic has been improved. If the reference does not contain an identifier, but the inline match URL does, the identifier found in the match URL will be added to the target. If both are populated, they will both be added to the target.

When resources are created using package load, the new resources will use the same IDs as were provided in with the resource definitions in the package, if they exist. If the ids are numeric, a prefix of 'npm-' will be added.

Several optimizations have been made to the JPA server transaction processor that should result in improved performance, particularly when processing large transaction Bundles, such as transactions containing many entries, or transactions containing very large entries.

The HAPI FHIR parser will now preserve the order of contained resources across round-trip parse/serialize passes.

A new PID-to-forced-ID cache, and a new optional Match-URL-to-PID cache have been added. These can improve write performance when doing large loads.

The generated search SQL statements have been optimized for simple JPA server searches containing only one parameter. In this case, an unnecessary JOIN has been removed.

DaoConfig setting for Populate Identifier In Auto Created Placeholder Reference Targets now defaults to true.

PointCutLatch now works with IPointcut instead of Pointcut.

support Oracle specific syntax when using a TermValueSetConceptView

When storing resources in the JPA server, extensions in Resource.meta were not preserved, nor were any contents in Bundle.entry.resource.meta. Both of these things are now correctly persisted and returned. Thanks to Sean McIlvenna for reporting!

A crash was fixed when performing a FHIR read on a partitioned server, where the requested ID is not known. Thanks to Umberto Cappellini for reporting!

Supplementary characters in the parameters might cause errors when calculating hash values

A NullPointerException was corrected when indexing resources containing an indexed Period field that had a start but not an end defined.

When using the Generic Client, search invocations where the parameters are supplied using .where(Map) did not include search modifiers such as :exact in the search URL. Thanks to GitHub user @granadacoder for reporting this issue!

HasParam#doGetQueryParameterQualifier() returned a malformed modifier. For example, the modifier for _has:Observation:patient:code=123 was returned as Observation:code:123 when it should be :Observation:patient:code. This has been corrected.

References from a contained resource to the containing resource are now possible in the JPA server.

When performainfg a search using a date search parameter, invalid values (e.g. date=foo) resulted in a confusing error message. This has been improved.

Running a manual reindex of data failed on a partitioned server with an interceptor error. This has been corrected. Thanks to Ajay Shekar for reporting!

An NPE was fixed when performing highly concurrent system requests while using the ResourceVersionConflictResolutionStrategy interceptor.

the create-package command of the HAPI FHIR CLI was not correctly adding the fhirVersions section to the generated package.json. This has been fixed

A database deadlock in Postgresql was observed when uploading large terminology CodeSystems using deferred uploading. Thanks to Tyge Folke Nielsen for reporting and suggesting a fix!

An incorrect path caused the select2 library to fail to load in the HAPI FHIR testpage overlay modue. Thanks to Ari Ruotsalainen for reporting!

Fixed issues with application of survivorship rules when matching golden record to a single resource

Added Operation section to Conformance Statement.

An issue with compartment definitions in R5 models was fixed. This issue caused some authorization rules to reject valid requests. Thanks to Patrick Palacin for reporting!

When issuing a request for a specific Resource and also specifying an _include param, the referenced resource is not returned when there is only 1 version of the referenced resource available. When there are more than 1 versions available, the referenced resource is returned in the response bundle.

An issue with package installer involving logical StructureDefinition resources was fixed. Package registry will no longer attempt to generate a snapshot for logical StructureDefinition resources if one is not already provided in the resource definition.

When issuing a request for a specific Resource and also specifying an _include param, the proper historical referenced resource is not returned when there are more than 1 versions of the referenced resource available, after the reference has been changed from the original version 1 to some other version. When there are more than 1 versions available, and the referring resource had previously referred to version 1 but now refers to version 4, the resource returned in the response bundle is for version 1.

Fixed a bug which would cause Bulk Export to fail when run in a partitioned environment.

Added support for deleting resources to BundleBuilder via method addTransactionDeleteEntry.

When running the $apply-codesystem-delta-add operation, code properties were not correctly saved. Thanks to Hanan Awwad for the pull request!

When creating resources in a JPA server under highly concurrent conditions, creating a new tag across multiple threads could result in a race condition leaving an invalid entry in the tag cache. This resulted in new instances of this tag being unavailable for creation.

In the JPA server, if a tag was defined with the exact same system and code as a security label on a different resource, the tag would be incorrectly filed as a security label (and vice versa). This has been corrected.

When performing a search via GraphQL, token search parameters were not properly parsed. Thanks to Jari Maijenburg for the pull request!

The Testpage Overlay now suppresses authorization headers from the output headers. Thanks to Tuomo Ala-Vannesluoma for the pull request!

Addressed the following CVE report by bumping the minor version for Jetty in the root POM:

• CVE-2020-27223

A NullPointerException was corrected when indexing resources containing an indexed Period field that had a start but not an end defined.

When issuing a request for a specific Resource and also specifying an _include param, the referenced resource is not returned when there is only 1 version of the referenced resource available. When there are more than 1 versions available, the referenced resource is returned in the response bundle.

When issuing a request for a specific Resource and also specifying an _include param, the proper historical referenced resource is not returned when there are more than 1 versions of the referenced resource available, after the reference has been changed from the original version 1 to some other version. When there are more than 1 versions available, and the referring resource had previously referred to version 1 but now refers to version 4, the resource returned in the response bundle is for version 1.

When using the JPA server in partitioned mode with a partition interceptor, the interceptor is now called even for resource types that can not be placed in a non-default partition (e.g. SearchParameter, CodeSystem, etc.). The interceptor may return null or default in this case, but can include a non-null partition date if needed.

The version of a few dependencies have been bumped to the latest versions (dependent HAPI modules listed in brackets):

• SLF4j (All Modules): 1.7.28 -> 1.7.30
• Jackson (All Modules): 2.11.2 -> 2.12.1
• Woodstox (XML FHIR Parser): 4.4.1 -> 6.2.3 (Note that the Maven groupId has changed from org.codehaus.woodstox to com.fasterxml.woodstox and the Maven artifactId has changed from woodstox-core-asl to woodstox-core for this library)
• Spring (JPA): 5.2.3.RELEASE -> 5.2.9.RELEASE
• Datasource-Proxy (JPA): 1.5.1 -> 1.7
• Apache Commons Collections4 (JPA): 4.3 -> 4.4
• Jetty (JPA Starter): 9.4.30.v20200611 -> 9.4.35.v20201120
• Guava (JP): 29.0-jre -> 30.1-jre
• Hibernate ORM (JPA Server): 5.4.22.FINAL -> 5.4.26.FINAL
• Spring (JPA Server): 5.2.9.RELEASE -> 5.3.3
• Spring Data (JPA Server): 2.2.0.RELEASE -> 2.4.2
• Hibernate Search (JPA Server): 5.11.5.FINAL -> 6.0.0.Final
• Lucene(HAPI FHIR JPA Server): 5.5.5 -> 8.7.0
• Spring Boot (JPA Starter): 2.2.6.RELEASE -> 2.4.1
• JANSI (CLI): 1.18 -> 2.1.1
• PH-Schematron (SCH Validator): 5.2.0 -> 5.6.5
• PH-Commons (SCH Validator): 5.3.8 -> 9.5.4

Two new switches have neen added to FhirInstanceValidator to suppress optional warning messages. Thanks to Anders Havn for the pull request!

Redesigning the Enterprise Master Patient Index solution to a Master Data Management solution. The new MDM solution supports other FHIR resources where EMPI only allowed Person resource to be used. For example, if MDM is occurring on a patient, we will create a new Patient, and tag that patient as a Golden Record. This means that several things have changed:

• Provider methods that pointed to type of Person are now server-level operations in which you specify a resource type.
• Link updating and querying no longer rely on Person IDs, but instead on arbitrary resource ids, depending on the resource type you are referring to in MDM.
• Change to the EMPI config to require a list of mdmTypes.

• hapi-fhir-server-empi and hapi-fhir-jpaserver-empi Maven projects were renamed to hapi-fhir-server-mdm and hapi-fhir-jpaserver-mdm
• All classes were refactored to use correct terms, e.g. Golden Resource in place of Person
• Message channel was renamed from empi to mdm
• Subscriptions were renamed to mdm-RESOURCE_TYPE, where RESOURCE_TYPE is an MDM type configured in mdmTypes section of the configuration file
• Configuration file was renamed from empi-rules.json to mdm-rules.json
• Log file was changed from empi-troubleshooting.log to mdm-troubleshooting.log

When a unique index SearchParameter violation is blocked, the error message will now include the ID of the relevant SearchParameter, in order to make troubleshooting easier.

Added a new IResourceChangeListenerRegistry service and modified SearchParamRegistry and SubscriptionRegistry to use it. This service contains an in-memory list of all registered {@link IResourceChangeListener} instances along with their caches and other details needed to maintain those caches. Register an {@link IResourceChangeListener} instance with this service to be notified when resources you care about are changed. This service quickly notifies listeners of changes that happened on the local process and also eventually notifies listeners of changes that were made by remote processes.

It is now possible for read operations (read/history/search/etc) in a partitioned server to read across more than one partition if the partitioning interceptor indicates multiple partitions.

Non release (i.e. SNAPSHOT) builds of HAPI FHIR will now include the Git revision hash as well as the build date in the version string that is logged on initialization, and included in the default server X-Powered-By string. Release builds are not affected by this change.

The error message returned by the transaction processor has been improved for the case where a transaction uses an unsupported/disabled resource types.

When performing a conditional create/update containing the email search parameter, any + characters will now be interpreted as actually being a plus symbol instead of being unescaped into a space character. This is technically a deviation from how URLs should be parsed, but allows for a sensible behaviour in a spot where no spaces are allowed.

It is now possible to use a parameter of type IBaseResource or IBaseBundle as the parameter on a @Transaction method in a plain server.

Optionally supports storage and search in canonical form of the quantity value which is defined by 'http://unitsofmeasure.org'; please check ModelConfig for the configuration. No changes were made to the existing behaviour.

The interceptor framework will now recognize and invoke @Hook methods that have an access level of public, protected, or default. Previously only public methods were recognized.

A new interceptor called the Repository Validating Interceptor has been added. This new interceptor allows a HAPI FHIR JPA Server to declare rules about mandatory profiles that all resources stored to the server must declare conformance and/or correctly validate against.

When performing a ValueSet expansion where the valueset to be expanded includes a display name for concepts it is explicitly including, this display name will be propagated to the expansion if no other display is available. Thanks to Hanan Awwad for the contribution!

A new utility called FHIRPathResourceGeneratorR4 has been added. This class can be used to build and populate a resource model object using FHIRPath expressions. Thanks to Marcel P for the contribution!

The JPA server has a new setting on the ModelConfig bean called "AutoVersionReferencesAtPaths". Using this setting, the server can be configured to add the current target resource version ID to any resource references found in a resource being stored. In addition, a new setting has been added to the JPA ModelConfig bean that allows _include statements to respect versioned references, and actually include the correct version for the reference.

Added support for the $evaluate-measure Operation as part of adding CQL support.

The JPA server generated SQL for date search parameters has been streamlined to avoid the use of redundant OR expressions that slow down performance in some cases.

Updates to Hibernate Search require a full reindexing of all indexed fulltext data, which is held in Lucene or Elasticsearch. Users using elasticsearch for fulltext indexing must upgrade to Elasticsearch 7.10.0.

The resource IDs for several LOINC resources were corrected. Thanks to Steven Wagers for the pull request!

The experimental TransactionBuilder helper class has been renamed to BundleBuilder as it now has utility methods for working with other types of Bundles too.

In the JPA server. the SQL datatype used to index quantities has been changed from NUMBER(19,2) to double precision (or equivalents depending on platform). This improves the query support for ssearching on very small quantities.

The @ResourceDef annotation has been marked as inheritable, so it does not need to be explicitly added to custom structures that extend built-in structures. Thanks to Marcelo Avancini for the pull request!

ElasticsearchHibernatePropertiesBuilder will now reject any REST url which is protocol-aware. Protocol information should be set in the protocol field of the builder.

Expanding a ValueSet using a filter now evaluates the display with left-matching by string token, case-insensitive.

Loading a package without a description was causing a null pointer exception. This has been fixed.

The CodeSystem/$subsumes operation inadvertantly reversed the meanings of the CodeA and CodeB parameters, resulting in subsumes and subsumed-by responses being reversed. This has been corrected. Thanks to Rob Hausam for reporting!

ApacheRestfulClientFactory now uses system properties for proxy configuration. Thanks to Vladimir Nemergut for the pull request!

When performing a ValueSet expansion with a filter a large pre-expanded ValueSet (more than 1000 codes), the filter failed to find concepts appearing after the first thousand. This has been corrected.

The new JPA SearchBuilder failed to perform FHIR Searches on Oracle DB with an invalid SQL error. This has been corrected.

When performing a JPA server search on a partitioned server, searches with only the _id parameter and no other parameters did not include the partition selector in the generated SQL, resulting in leakage across partitions. Thanks to GitHub user @jtheory for reporting!

The recent EMPI project accidentally caused a split package in ca.uhn.fhir.rest.server. This has been corrected. Thanks to Bill Denton for the pull request!

When using the validator from within the JPA server, validating CapabilityStatement resources failed with an error when trying to load linked SearchParameter resources. This has been corrected.

When using a partitioned JPA server, auto-create placeholder targets did not work if the partition interceptor was registered against the server (e.g. for a multitenancy configuration). This has been corrected. Thanks to Rob Whelan for reporting!

Sorting of search results was not working for MySQL, MSSQL and MariaDB due to recent changes made to handle sorting of nullable columns. This has now been fixed.

The new optimized SQL Generator introduced in HAPI FHIR 5.2.0 did not correctly bind variables for SQL Server queries, making the search functionality unusable. This has been corrected.

A database index in the JPA server was added in HAPI FHIR 5.2.0 and Smile CDR 2020.11 that exceeded the maximum index length in MySQL, preventing server upgrades on that database platform. This has been corrected.

Attempts to load IG packs when partitioning was enabled, resulted in nullpointer exceptions. This has now been fixed and IG packs and conformance resources will be loaded to the DEFAULT partition.

An incorrect HTML resource path led to a utility JavaScript library failing to load in the TestPage Overlay module. Thanks to Alejandro Medina for the pull request!

When performing a FHIR create using the HAPI FHIR client, if the payload is a Bundle resource the individual resources in the Bundle had their IDs removed by the client during payload serialization. This has been corrected.

A recent change inadvertently caused an issue with DB migration utility such that it would attempt to drop indexes even when the dry-run option was specified. This has been fixed.

The BulkExportDaoSvc bean was forgotten from the BaseConfig context. It has been added.

In the JPA server, HumanName.name.text was not being indexed and therefore was not searchable. This has been corrected.

The $expand filter parameter was not matching the ValueSet display value in all cases. E.g. a ValueSet with name 'abc def ghi' would match 'abc def' and 'def' but not 'def ghi'. This has been corrected so the ValueSet will match the filter if any substring of the ValueSet display value matches the $expand filter.

Unrecognized search param prefix strings were silently discarded. This is now an error.

A bug in the InMemoryResourceMatcher caused AND clauses to be treated as OR clauses. Thanks to Jari Maijenburg for the report and pull request!

When using the Consent Interceptor, the startOperation method was not invoked for search paging requests. This has been corrected. Thanks to Tue Toft Nørgård for reporting!

As of version 2.69, the LOINC Top2000CommonLabResultsSi.csv and Top2000CommonLabResultsUs.csv became optional. The Terminology Loader Service has been updated to reflect this change.

An important security issue with the JPA Server was solved. This issue applies only to JPA servers running in partitioned mode. When performing searches on a partitioned server, search results from previously cached searches against different partitions may be returned, potentially leaking data across partitions. This issue has been resolved.

Remove support for the upload-igpack command. This command is no longer supported, as the IGPack format has been withdrawn and replaced with the FHIR NPM Package specification, which is also supported by HAPI FHIR

A recent change inadvertently caused an issue with DB migration utility such that it would attempt to drop indexes even when the dry-run option was specified. This has been fixed.