1.1Changelog

 

1.1.1HAPI FHIR 5.3.0 (Prerelease)

 

Release Information

Note: This version of HAPI FHIR is a SNAPSHOT (prerelease), meaning that it has not yet been released, but all changes and fixes listed here are available to try out as Snapshot Builds.

Changes

The version of a few dependencies have been bumped to the latest versions (dependent HAPI modules listed in brackets):

  • Woodstox (XML FHIR Parser): 4.4.1 -> 6.2.3 (Note that the Maven groupId has changed from org.codehaus.woodstox to com.fasterxml.woodstox and the Maven artifactId has changed from woodstox-core-asl to woodstox-core for this library)
  • Jetty (JPA Starter): 9.4.30.v20200611 -> 9.4.34.v20201102

#2182

When a unique index SearchParametr violation is blocked, the error message will now include the ID of the relevant SearchParameter, in order to make troubleshooting easier.

#2191

Added a new IResourceChangeListenerRegistry service and modified SearchParamRegistry and SubscriptionRegistry to use it. This service contains an in-memory list of all registered {@link IResourceChangeListener} instances along with their caches and other details needed to maintain those caches. Register an {@link IResourceChangeListener} instance with this service to be notified when resources you care about are changed. This service quickly notifies listeners of changes that happened on the local process and also eventually notifies listeners of changes that were made by remote processes.

#2198

It is now possible for read operations (read/history/search/etc) in a partitioned server to read across more than one partition if the partitioning interceptor indicates multiple partitions.

#2197

The resource IDs for several LOINC resources were corrected. Thanks to Steven Wagers for the pull request!

#2175

Expanding a ValueSet using a filter now evaluates the display with left-matching by string token, case-insensitive.

#2180

Loading a package without a description was causing a null pointer exception. This has been fixed.

#2183

The CodeSystem/$subsumes operation inadvertantly reversed the meanings of the CodeA and CodeB parameters, resulting in subsumes and subsumed-by responses being reversed. This has been corrected. Thanks to Rob Hausam for reporting!

#2195

When performing a ValueSet expansion with a filter a large pre-expanded ValueSet (more than 1000 codes), the filter failed to find concepts appearing after the first thousand. This has been corrected.

#2205

The new JPA SearchBuilder failed to perform FHIR Searches on Oracle DB with an invalid SQL error. This has been corrected.

1.1.2HAPI FHIR 5.2.0 (Numbat)

 

Release Information

Released: 2020-11-19

Codename: (Numbat)

Changes

The version of a few dependencies have been bumped to the latest versions (dependent HAPI modules listed in brackets):

  • Jackson (Base): 2.10.0 -> 2.11.2
  • Flyway (JPA): 6.4.1 -> 6.5.4
  • JQuery (Testpage Overlay): 3.3.1 -> 3.5.1
  • UCUM (JPA): 1.0.2 -> 1.0.3
  • HttpClient (Client): 4.5.12 -> 4.5.13
  • Awesome Bootstrap Checkbos (Testpage Overlay): 1.0.1 -> 1.0.2
  • MomentJS (Testpage Overlay): 2.15.1 -> 2.27.0
  • Select2 (Testpage Overlay): 4.0.3 -> 4.0.13

The JPA Server SQL generator for handling FHIR search operations has been completely rewritten to no longer depend on the Hibernate QueryBuilder APIs. This rewrite produces much more efficient SQL in many cases and should dramatically increase performance in such cases. For example, a 10x speedup has been observed on Postgresql when searching a very large database where the search URL has multiple chained search params.

This new SQL builder will be disabled by default in HAPI FHIR 5.2.0 and Smile CDR 2020.11.R01, and can be enabled via a setting in the DaoConfig (HAPI FHIR) and Storage Module config (Smile CDR). Snapshot/prerelease builds will ship with this new SQL builder enabled by default, and the intention is to make this the default and ultimately remove the legacy SQL builder in the next quarterly release.

We highly encourage testing of this new feature, and welcome feedback on how it performs in your environment.

#2041

A new class called TransactionBuilder has been added. This class can be used to build FHIR Transaction Bundles easily.

#2045

The RemoteTerminologyServiceValidationSupport class used for connecting to a remote terminology service will no longer attempt to perform code validation for fields where the code system is implied, since there is no FHIR operation allowing this style of validation to be performed remotely.

#2051

The FHIR Client will now accept an HTTP 204 NO CONTENT as a response to a write operation such as a create/update/transaction/etc.

#2059

In the JPA server, when performing synchronous searches it is now possible to specify a limit and offset using a new (nonstandard) parameter called _offset. Thanks to Tuomo Ala-Vannesluoma for the pull request!

#2078

When using package support to install a package with STORE_AND_INSTALL mode, resources that are already present in the database will now be updated to the contents of the version in the package.

#2081

Terminology loader for LOINC will now support specifying version and loading multiple versions of LOINC.

#2081

Operations for CodeSystem, ValueSet and ConceptMap will now support multiple CodeSystem versions.

#2081

An implementation of CodeSystem validate-code operation has been added for R4 and R5.

#2083

The JPA search coordinator will now use worker threads sourced from a ThreadPoolTaskExecutor, in order to simplify the addition of decorators to those threads. Thanks to Tue Toft Nørgård for the pull requets!

#2087

Added new DaoConfig parameter called maximumTransactionBundleSize that if not-null will throw a PayloadTooLarge exception when the number of resources in a transaction bundle exceeds this size.

#2099

Stored SearchParameter resources with a status of DRAFT will no longer override and disable existing built-in search parameters. This is done in order to avoid issues caused by uploading NPM packages such as US Core that contain a large number of draft parameters.

#2104

EMPI enhancements. Added new IDENTIFIER matcher rule type that defines a matcher where two resources share the same value for a particular identifier system, or if no system is indicated, defines a matcher where two resources share any matching system,values identifier. Improved channel and batch troubleshooting logging. Added new controller layer to support non-fhir apis. Changed rule json format; replaced 'metric' with either matcher or simiarity that now have their own distinct subkeys.

#2118

Support for RDF Turle parsing and encoding has now been added. This support was previously partially implemented, but did not work correctly. A huge thanks to Josh Collins and Eric Prud'hommeaux of Janeiro Digital for the pull request!

#2131

A new _expunge parameter has been added to the DELETE operation when deleting multiple resources via a URL. For example DELETE http://www.example.com:8000/Observation?_expunge=true or DELETE http://www.example.com:8000/Observation?status=cancelled&_expunge=true. When the _expunge parameter is provided to DELETE then the matched resources and all of their history will be both deleted and expunged from the database. This will perform considerably faster than doing the delete and expunge separately. Note that Expunge must be enabled on the server for this to work.

#2141

The Package Installer has been enhanced to allow resources that do not have a url element to be loaded from a package. Resources without url will instead use identifier element.

#2142

A null check was added to the R4 CapabilityStatement generator, in order to improve the error message when a mandatory parameter is missed. Thanks to GitHub user @blangley28 for the contribution!

#2128

The version of Bootstrap used by the Testpage Overlay project has been upgraded from 3.4.0 to 4.5.2. Note that this is a major release upgrade, so any overlay implementations may require some modification to deal with changes to the Bootstrap framework.

#2145

In HAPI FHIR 5.1.0 JPA Server, if partitioning was enabled, but no interceptor was registered to the STORAGE_PARTITION_IDENTIFY_READ pointcut, the system would simply default to 'All Partitions'. This was not the intended behaviour, so this will now result in an error.

#1607

A performance bottleneck was fixed in the datetime datatypes that caused lock contention when parsing resources in heavily multithreaded environments. Thanks to GitHub user @abrsystematic for the pull request!

#2043

The JPA SearchParameetr validator did not reject custom Search Parameetrs with an invalid path expression consisting of only a resource type and no element name. Creating such a search parameter could cause strange indexing issues, so this has been added to the validator.

#2049

A potential NPE in the JPA server was fixed. This error could be triggered by searching for resources with unresolvable references. Thanks to Anders Havn for the pull request!

#2050

An issue was fixed where multiple JPA server updates to the same resource within the same database transaction would fail with a database constraint error.

#2062

A deadlock was fixed where the Database-backed Binary Storage service could lock the system up when running under very high contention.

#2097

A crash in the JPA server was fixed when performing a search containined two chained search parameters to date target types.

#2099

When using an NPM package spec in STORE_AND_INSTALL mode, conformance resources will only be stored if they have a status of active. This fixes a bug wgere installing the US Core IG caused searches to stop working due to draft Search Parameters.

#2101

In some circumstances when using a Plain Server, the generated CapabilityStatement could have duplciate Search Parameter definitions. This has been corrected.

#2104

EMPI bug fixes. Special characters in search param values (e.g. space) led to missed matches; these are now properly escaped so matches are accurately found. Candidates were failing to match when candidateSearchParams was empty; matches now work properly with empty candidateSearchParams. matchResultMap entries were incorrectly resolving if any named matchFields matched; they now correctly resolve only when ALL matchFields match.

#2112

When parsing XML encoded resources, if an xml:lang attribute was present in the narrative HTML, it would incorrectly have its prefix omitted. Thanks to Oliver Egger for the pull request!

#2113

When performing a _lastUpdated search in the JPA server where the parameter value(s) are supplied with date (not time) precision, a timezone bug could cause some resources to not be included. This has been corrected.

#2147

The _typeFilter parameter did not correctly work for JPA Bulk Export jobs. This has been corrected.

#2150

The In Memory search matcher (used for Subscriptions) could crash if a subscription was registered using the _source search parameter, and a resource was processed with no source value. This has been corrected.

#2162

When expanding a pre-expanded ValueSet using a filter, the filter was ignored and the pre-expansion was not used resulting in an inefficient and potentially incorrect expansion. This has been corrected.

#2164

The JPA Package loader was failing if the package had a description longer than 200 characters. This has been fixed.

1.1.3HAPI FHIR 5.1.0 (Manticore)

 

Release Information

Released: 2020-08-13

Codename: (Manticore)

Changes

The version of a few dependencies have been bumped to the latest versions (dependent HAPI modules listed in brackets):

  • Guava (JPA): 28.2-jre -> 29.0-jre
  • Jetty (CLI): 9.4.24.v20191120 -> 9.4.30.v20200611

#1637

An index has been added on the TRM_CONCEPT table. This index was previously missing, meaning that rebuilding large code systems took an abnormally long amount of time. Thanks to Jacob Stampe Mikkelsen for the pull request!

#1666

The email sender used by email subscriptions can now be configured with TLS parameters.

#1826

A new service has been added to the JPA server that fetches FHIR Implementation Guide NPM packages and installs the contained conformance resources into the JPA repository. Thanks to Martin Zacho Grønhøj for the pull request!

#1862

The Snapshot Generator now uses the R5 codebase for all versions of FHIR (similar to how the validator already worked). This means that the snapshot generator will be much more feature complete and hopefully have fewer bugs given the single codebase.

#1864

AuthorizationInterceptor can now fully secure GraphQL operations in the JPA server, meaning that it is possible to use compartment and type rules to restrict the specific data that is available through the GraphQL interface.

#1865

The validator will now correctly issue a warning instead of an error if a code can't be found when validating a code in a CodeSystem where the content mode (CodeSystem.content) has a value of fragment.

#1867

Initial implementation of lastn operation that uses an Elasticsearch v6 server to index observations.

#1871

In the JPA server, when indexing Date SearchParameters where the value being indexed is a FHIR Period that is missing either a lower bound or an upper bound, a default value representing an extreme 'beginning of time' or 'end of time' is now used. This allows range searches to return more accurate results.

#1893

Support for the :of-type modifier has been added to TokenParamModifier. Thanks to Alexander Lukyanchikov for the pull request!

#1896

Support has been added for GraphQL querying using an HTTP POST (with the query in the body). Thanks to Ibrohim Kholilul Islam for the pull request implementing this new feature!

#1911

Support for FHIR NPM Packages has been added to the JPA server. This new functionality allows packages to be installed to special tables within the FHIR JPA schema, and conformance resources used for validation.

#1917

The LOINC importer has been updated to support the file format used by the LOINC 2.68 release.

#1921

A new optional type parameter has been added to the $mark-all-resources-for-reindexing operation, allowing resources of a specific type to be marked.

#1926

Spring Batch has been added to HAPI FHIR in the hapi-fhir-jpaserver-batch project. hapi-fhir-jpaserver-base will make use of it for batch jobs

#1932

A new configuration bean called ValidationSettings has been added to the JPA server. This can be used to enable validation of reference target resources if necessary.

#1934

The RemoteTerminologyServiceValidationSupport validation support module, which is used to connect to external/remote terminology services, has been significantly enhanced to provide testing for supported CodeSystems and ValueSets. It will also now validate codes in fields that are not bound to a specific ValueSet.

#1936

Phonetic name search is now supported via ISearchParamRegistry.setStringEncoder().

#1939

The JPA server is now able to support _has queries where the linked search expression on the right hand side of the _has parameter is a second _has query.

#1951

REST Hook subscriptions may now specify a search expression to be used to fetch a collection of resources to deliver when a subscription matches.

#1966

The GraphQL module can now accept arrays of arguments as input to searches, and will treat them as OR'ed parameters. Thanks to Ibrohim Kholilul Isla for the pull request!

#1967

The HAPI FHIR CommonCodeSystemsTerminologyService validation support module now includes support for ISO 3166 (country codes).

#1971

A new interceptor called UserRequestRetryVersionConflictsInterceptor has been added to the JPA server. This interceptor allows clients to instruct the server to attempt to avoid returning an HTTP 409 (Version Conflict) if two concurrent client requests try to update the same resource at the same time.

#1982

The validator will now accept codes that are defined in a ValueSet where the valueset contains an enumeration of codes, and the CodeSystem URL refers to an unknown CodeSystem. This allows successful validation of ValueSets in several IGs that rely on the existence of grammar based systems.

#1984

Two new operations have been added for EMPI: $empi-clear and $empi-submit. $empi-clear will delete EMPI links, and related Person objects. $empi-submit will submit all matching resources for EMPI processing.

#1994

A few issues in the migrator when applying migrations against some versions of MSSQL were resolved

#2023

The JPA server maintains a cache of active SearchParameeter resources that can cause misleading results if a SearchParameter is changed and other resources that would be indexed by the changed SearchParameter are updated before the cache refreshes. A new interceptor has been added that should force a refresh sooner, especially on non-clustered systems.

#2025

A new interceptor has been added for the JPA server that selectively allows resource deletions to proceed even if there are valid references to the candidate for deletion from other resources that are not being deleted.

#1899

When submitting a transaction bundle containing a large number of resources being written, where the resources had tags or profile definitions, a number of redundant database calls have been optimized out. This should significantly improve performance for these scenarios.

#1937

Due to an inefficient SQL statement when performing searches with large numbers of _revincludes where the resources have tags, a large number of database roundtrips were produced when searching. This has been streamlined, greatly improving the response times for some searches.

#1963

When performing a search in the JPA server using a chained search parameter, an unnecessary resource type predicate was previously added to the generated SQL and has now been removed. This should improve performance on some queries.

#1945

When performing a JPA 'upsert' (a PUT to an ID that may or may not already exist) on a partitioned system, the partition interceptor will now be called once to determine the READ partition in order to find the candidate resource to update, and possibly a second time to determine the CREATE partition if a new row is actually being created. Previously only the CREATE partition was checked and used to perform the initial read.

#1952

HAPI FHIR has been migrated to use JUnit 5 (from JUnit 4) for unit testing. This change does not affect users of the library, but helps to make tests more maintainable.

#1857

Breaking Change: The method FhirContext#getResourceNames() has been renamed to FhirContext#getResourceTypes(). HAPI currently goes back and forth between the two, but is consolidating on Types.

#237

The R5 structure methods for working with extensions on arbitrary fields, e.g. getExtensionByUrl(String), removeExtension(String), getExtensionsByUrl(String) hasExtension(String), and getExtensionString(String) have been enhanced so that they now return modifier extensions as well as the non-modifier extensions they previously returned.

#1862

Breaking Change: The IValidationSupport interface has had one further change after the rewrite in HAPI FHIR 5.0.0. Instead of passing an IValidationSupport object as an argument to many methods on the interface, a context object is now used instead.

#1848

When parsing a resource into a custom structure (e.g. a custom class extended a built-in FHIR resource class), inter-resouirce references could contain invaliud java refeences to other resources. Thanks to Christian Ohr for reporting and fixing!

#1850

The FHIR Patch format is now supported for patching resources, in addition to the previously supported JSON Patch and XML Patch.

#1850

When serializing a resource, the JSON Parser will now ignore any extensions that are present on an element if they do not have a URL or any children populated.

#1850

A new operation has been added to the JPA server called $diff. This operation can generate a FHIR Patch diff showing the changes between two versions of a resource, or even two separate resources. See Diff for more information.

#1851

In HAPI FHIR 5.0.0, partitioned JPA servers were introduced. The documentation claimed that an interceptor implementing the STORAGE_PARTITION_IDENTIFY_READ was optional, but the server incorrectly made this mandatory. This has been corrected.

#1853

The @Interceptor annotation was not marked as inheritable, meaning that the order attribute was lost when using Spring proxies. Thanks to Tue Toft Nørgård for the pull request!

#1854

When using a SearchParameter with uniqueness enabled, the $expunge operation sometimes failed to expunge resources with a database constraint error. This has been fixed.

#1856

The subscription delivery queue in the JPA server was erroneously keeping both a copy of the serialized and the deserialized payload in memory for each entry in the queue, doubling the memory requirements. This also caused failures when delivering XML payloads in some configurations. This has been corrected.

#1863

Cascade deletes were failing in cases where the resource being deleted had more than 600 conflicts due to a hard-coded limit on the number of conflicts that the CascadingDeleteInterceptor was allowed to process at a time. This hard-coded limit has been replaced with an optional configuration parameter.

#1878

Several duplicate classes were removed from the testpage overlay, avoiding a warning on startup. Thanks to Joel Schneider for the pull request!

#1895

HAPI FHIR 5.0.0 introduced a regression in JPA validator performance, where a number of unnecessary database lookups were introduced. This has been corrected.

#1933

BaseValidationSupportWrapper.expandValueSet(...) and ValidationSupportChain.expandValueSet(...) were incorrectly replacing expansion options (i.e. offset and count) with null, causing these parameters to be ignored when invoking the ValueSet$expand operation. This has been corrected.

#1948

When validating resources containing codes in a ValueSet that included UCUM codes, the validator would incorrectly report that the code was valid even if it was not in the ValueSet. This has been corrected.

#1971

The create-package CLI command failed with a NPE if no package dependencies were specified. This has been corrected.

#1983

ConceptMap resources were blocked from uploading into the JPA server if the ConceptMap had a source and/or target URL defined at the ConceptMap level but not at the group level. This prevented some US Core resources from being successfully uploaded. This has been corrected.

#2003

In HAPI FHIR 4.2.0 and before, due to the lenient Gson parser it was possible to store data in the JPA server that contained invalid decimal numbers with no leading digits, e.g. .123 and -.123. When we moved to Jackson as a JSON parser, these values could no longer be parsed due to Jackson's more strict (and correct) interpretation of the JSON specification. Unfortunately this led to data previously stored in the database being unusable. A fix has been implemented that automatically adds a leading zero to any decimals that were previously saved in invalid state. New data will still be blocked from being added if it contains invalid JSON numbers.

#2005

When generating a snapshot for a StructureDefinition that extends another non-base StructureDefinition, if the parent SD did not have a snapshot itself, the child snapshot would be empty. This has been corrected.

#2006

When updating a resource with links that change, to reduce database operations, hapi-fhir reuses link index records. However, all the columns were being properly updated except for the source path column which was accidentally missed and continued to hold the previous value. This resulted in mismatched source paths and values. This has been corrected.

#2012

In some cases, the Bundle total was not getting filtered from search results when using the consent interceptor. Thanks to Jens Kristian Villadsen for reporting!

#2022

When performing a resource $expunge in the JPA server, in-memory caches caused issues if a forced ID was reused quickly enough (as can be the case in some testing scenarios). Thanks to GitHub user @janvdpol for reporting!"

#2026

An XSS vulnerability was reported in the HAPI FHIR Testpage Overlay module. Thanks to Will Davison of NCC Group (Manchester UK) for disclosing this vulnerability. Users of the HAPI FHIR Testpage Overlay can use a specially crafted URL to exploit an XSS vulnerability in this module, allowing arbitrary JavaScript to be executed in the user's browser. The impact of this vulnerability is believed to be low, as this module is intended for testing and not believed to be widely used for any production purposes. Nonetheless, we recommend all users of the affected module upgrade immediately. A complete audit of the affected codebase has been completed in order to detect and resolve any similar issues.

#1855

A very old feature that is not believed to be used anywhere has been removed: The ServerProfileProvider is a special resource provider that was automatically registered to HAPI FHIR REST servers, and served up StructureDefinitions that were registered to the FhirContext. Registering custom StructureDefinitions against the FhirContext for exposure through the REST API (as what was then the /Profile endpoint) was planned to be a common feature during the DSTU1 lifecycle but did not turn out to be a useful approach. This feature was mostly forgotten about until the logic for selecting resource provider handler methods was revamped and the old mechanism suddenly became the default resource provider for StructureDefinition resources in the JPA server. We don't expect any negative impact by this change, please post in our mailing list if you disagree.

1.1.4HAPI FHIR 5.0.2 (Labrador)

 

Release Information

Released: 2020-06-02

Codename: (Labrador)

Changes

This release corrects a snapshot dependency on org.hl7.fhir.core that was accidentally left in HAPI FHIR 5.0.1.

The default setting for the partition mode's Include Hashes in Search Indexes setting was incorrectly set to true in HAPI FHIR 5.0.0 and has now been changed to false, as this is a more sensible default. Note that this wil affect existing systems that are trying this feature out. A manual reindex of data may be required.

1.1.5HAPI FHIR 5.0.1 (Labrador)

 

Release Information

Released: 2020-05-15

Codename: (Labrador)

Changes

#1842

When performing queries with multiple chained search parameters, such as 'Observation?subject.identifier=FOO&specimen.identifier=BAR', an unnecessary SQL join was introduced into the resulting query. This was inefficient, and made it particularly hard for the RDBMS optimizer to pick an efficient query plan in some cases. This is not fixing a regression (this issue has always existed in HAPI FHIR JPA) but it was deemed sufficiently important to merit a dedicated point release.

#1847

Issue #1849 added two new search columns for date SearchParameters that are used to provide searching at the day granularity in a timezone independent way. These new columns require a new database index that was missed in the original merge.

1.1.6HAPI FHIR 5.0.0 (Labrador)

 

Release Information

Released: 2020-05-13

Codename: (Labrador)

Changes

The version of a few dependencies have been bumped to the latest versions (dependent HAPI modules listed in brackets):

  • Hibernate ORM (JPA): 5.4.6 -> 5.4.14
  • Hibernate Search (JPA): 5.11.3 -> 5.11.5
  • Hibernate Validator (JPA): 5.4.2.Final -> 6.1.3.Final
  • Guava (JPA): 28.0 -> 28.2
  • Spring Boot (Boot): 2.2.0.RELEASE -> 2.2.6.RELEASE
  • FlywayDB (JPA) 6.1.0 -> 6.4.1
  • Apache HTTPCliient (JPA): 4.5.9 -> 4.5.12
  • Apache HTTPCore (JPA): 4.4.11 -> 4.4.14
  • Commons Compress (All): 1.19 -> 1.20

#1710

The classes BaseOrListParam and BaseParam now have public visibility in order to make it easier to create more generic APIs. Thanks to GitHub user @ibacher for the pull request!

#1728

Fields of type canonical were not previously indexed by the JPA server, meaning that some default search parameters could not be honoured (e.g. StructureDefinition:valueset). This is now corrected.

#1736

When performing large terminology concept additions via the delta addition service, concepts will now be added via the deferred storage service, meaning that they will be added in small incremental batches instead of as a part of one large transaction. This helps to avoid timeouts and memory issues when uploading large collections of concepts.

#1742

When performing a terminology delta ADD operation, if the number of codes being added is large the codes will be added in small batches via an asynchronous scheduled task in order to avoid overwhelming the database with a large operation.

#1749

A new constructor has been added to RestfulServer that accepts an InterceptorService. Thanks to gematik FuE for the pull request!

#1760

Adds support for chained parameters in a _has query. For example GET /Patient?_has:Observation:subject:device.identifier=1234-5. Adds a performance warning on any queries that use an unqualified resource in a chain which ends up resolving to 2 or more candidate target types. Thanks to Jean-Francois Briere for the patch.

#1769

A new built-in server interceptor called FhirPathFilterInterceptor has been added. This interceptor evaluates an arbitrary FHIRPath expression against the resource being returned and replaces the response with a Parameters resource containing the results of the evaluation.

#1772

The JPA server now allows chained searches on the _type parameter. For example, the following could be used to find all Encounters with a context of type Group: Encounter?subject._type=Group.

#1774

The REST Server will now raise an error if a client tries to perform a FHIR read operation while using URL paramaters that are specific to FHIR search operations. This should help clients who are mistaking the semantics between the two operations, as previously the search parameters were simply ignored leading to confusion. Thanks to Jafer Khan for implementing this!

#1776

A new server interceptor called ResponseSizeCapturingInterceptor has been added. This interceptor captures and makes available the number of characters written (pre-compression if Gzip compression is being used) to the HTTP response stream for FHIR responses.

#1783

A new client interceptor called UrlTenantSelectionInterceptor has been added. This interceptor allows the dynamic selection of a tenant ID on servers that are using URL Base Tenant Selection.

#1783

The client interceptor pointcuts CLIENT_REQUEST and CLIENT_RESPONSE now allow a parameter of type IRestfulClient to be injected, containing a reference to the client making the request. In addition, CLIENT_REQUEST interceptors are now able to modify the URL of the request before it is performed.

#1783

In the JPA server, the ModelConfig setting 'DefaultSearchParamsCanBeOverridden' now has a default value of true (previously this was false). In addition, when creating/updating a SearchParameter resource, the system will now raise an error if the client is attempting to override a built-in SearchParameter when this setting is disabled (previously this was silently ignored).

#1783

In the JPA sevrer, if overriding built-in search parameters is not enabled, the server will now return an error if a client tries to create a SearchParameter that is trying to override one. Previously, the SearchParameter would be stored but silently ignored, which was confusing.

#1788

The ApacheProxyAddressStrategy has been improved to add support for additional proxy headers inclusing X-Forwarded-Host, X-Forwarded-Proto, X-Forwarded-Port, and X-Forwarded-Prefix. Thanks to Thomas Papke for the pull request!

#1793

When parsing JSON resources, if an element contains an invalid value, the Parser Error Handler did not have access to the actual name of the element being parsed. This meant that errors lacked useful detail in order to diagnose the issue. This has been corrected. Thanks to GitHub user @jwalter for reporting!

#1797

The HAPI FHIR instance validator now includes validation for currency types (ISO 4217)

#1798

New mthods have been added to DateClientParam allowing searching at MILLIS precision. Thanks to David Gileadi for the pull request!

#1802

In a plain server, if a Resource Provider class had two methods with the same parameter names (as specified in the @OptionalParam or @RequiredParam) but different cardinalities, the server could sometimes pick the incorrect method to execute. The selection algorithm has been improved to no longer have this issue, and to be more consistent and predictable in terms of which resource provider method is selected when the choice is somewhat ambiguous.

#1804

Support for HAPI FHIR cascading deletes has been added to the Generic Client.

#1812

The JAX-RS server will now scan and serve ResourceProvider methods defined in super-classes as well. Thanks to Zhe Wang for the pull request!

#1824

Native support for UCUM has been added to the validation stack, meaning that UCUM codes can be validated at runtime without the need for any external validation.

#1831

Indexing for the :text modifier can now be globally or selectively disabled in the JPA server. This can have a measurable impact on index sizes and write speed in servers with large numbers of token indexes.

#1836

In HAPI FHIR 4.2.0, when performing a Bulk Export on a server with Binary Storage enabled, the bulk export files were not able to take advantage of the externalized binary stroage and would be stored in the relational DB. This has now been enhanced to allow bulk export files to store externally.

#1838

Date searches can be performed relative to 'now' using the %now parameter value. For example, to search for Procedures with a date later than now, you can search for /Procedure?date=ge%now. Note the '%' will need to be URL escaped so the actual URL will be /Procedure?date=ge%25now. The way this works is the server substitutes %now with the current date and time in the standard FHIR format yyyy-MM-ddTHH:mm:ss before submitting it to the FHIR Storage module. Similarly date searches can be performed relative to 'today' using the '%today' parameter value. '%today' works the same as '%now' except that it searches as a 'date' type as opposed to a 'dateTime' type.

#1702

Loading of _include and _revinclude values has been optimized to be slightly faster

#1726

When performing date range searches in the JPA server, the server was generating extra unneccessary joins in the generated SQL. This has been streamlined, which should result in faster searches when performing date ranges.

#1813

History operations in the JPA server have been significantly optimized to remove the number of SQL SELECT statements, and to completely eliminate any INSERT statements. This should have a positive effect on heavy users of history operations. In addition, history operations will no longer write an entry in the query cache (HFJ_SEARCH) table which should further improve performance of this operation.

#1693

Adjusted schema definitions for Resource and Resource History tables to eliminate circular dependencies with Forced ID table and to improve performance when expunging large numbers of resources.

#1698

Removed the SEARCH_LAST_RETURNED column of the HFJ_SEARCH table. HAPI FHIR updated the HFJ_SEARCH table with every request, but this led to unecessary database load. The purpose of this column was to ensure that search results were kept around long enough for systems that needed them for paging (default one hour). When expiring search results, we used to add one hour to SEARCH_LAST_RETURNED to determine the expiry time. However, the length of time where a search result could be updated was relatively small (default one minute). So rather than keeping track of the expiry time to expire exactly one hour after the last returned time, hapi now simply expires after the maximum possible length of time (default one hour plus one minute). This eliminates the need to update the HFJ_SEARCH table with every search.

#1715

The version converters for all versions except R4/R5 have been reworked to be split into individual classes per resource type (the R4/R5 converters were already organized this way). Thanks to Mark Iantorno for a huge effort to write a Java source parser/serializer to acomplish this task.

#1769

Breaking Change: The IFluentPath interface has been renamed to IFhirPath, and the FhirContext#newFluentPath() method has been replaced with an equivalent FhirContext.newFhirPath(). The FhirPath expression language was initially called FluentPath before being renamed, so this change brings HAPI FHIR inline with the correct naming.

#1790

Breaking Change: Several classes in the JPA server have been moved to new packages, including the DaoConfig and IDao interfaces. These classes have not changed in terms of functionality, but existing projects may need to adjust some package import statements.

#1804

Breaking Change: The Generic/Fluent delete() operation now returns a MethodOutcome object instead of an OperationOutcome. The OperationOutcomoe is still available direcly by querying the MethodOutcome object, but this change makes the delete() method more consistent with other similar methods in the API.

Breaking Change: Some R4 and R5 structure fields containing a code value with a Required (closed) binding did not use the java Enum type that was generated for the given field. These have been changed to use the Enum values where possible. This change does not remove any functionality from the model but may require a small amount of re-coding to deal with new setter/getter types on a few fields.

#1807

New Feature: A new feature has been added to the JPA server called **Partitioning. This feature allows data to be segregated using a user defined partitioning strategy. This can be leveraged to take advantags of native RDBMS partition strategies, and also to implement multitenant servers.

#1841

Breaking Change: The FHIR R5 draft definitions have been updated to the current 'Preview 2' definitions (FHIR 4.4.0).

#1583

Breaking Change: The HAPI FHIR Validation infrastructure has changed significantly under the hood. Existing users of the validator may need to change package declarations (as FhirInstanceValidator and several other related classes have been moved) and potentially add new modules to their Validation Support Chain. See Migrating to HAPI FHIR 5.x for details on how to account for this change in your code.

DSTU3 searches using near-distance only worked on Location resources directly. It now works on chained searches on resources with a location. E.g. PractitionerRole?location.near-distance=1.0 now works properly.

#1499

When performing a search with a DateParam that has DAY precision, rely on new ordinal date field for comparison instead of attempting to find oldest and newest instant that could be valid.

#1717

ValueSet expansions containing lists of terms did not correctly expand when backed by ElasticSearch due to the use of a feature not supported in ES. Thanks to Jens Villadsen for reporting!

#1721

When performing a terminology delta ADD operation, existing parent-child links were often deleted and recrreated needlessly during operations, which could result in a deadlock. This has been resolved.

#1732

In the JPA server, quickly deleting a resource and then performing a query that had recently returned that search result could cause a cached stub resource (containing no data but with an ID and metadata populated) to be returned. This has been corrected.

#1734

The Pointcut JavaDoc had an incorrect link from one pointcut to another and has been fixed. Thanks to Bert Roos for the pull request!

#1742

When validating a resource, the validator will now report an error if the resource declares conformance to an unknown or invalid profile URL via the Resource.meta.profile declaration. Previously this was a warning and did not block successful validation.

#1742

When performing a search in the JPA server where the only parameter was a _has parameter, the server did not respect the resource typename being searched for, causing false positive search results. This has been corrected.

#1759

When deleting searches from the query cache where a large number of searches with a large number of results were present, the system would repeatedly mark the same rows as deletion candidates. This put unneccessary pressure on the database and has been corrected.

#1761

A minor regression in 4.2.0 was introduced, where JPA searches using the _id search parameter often had a duplicate SQL predicate in their where clause. This issue may not have caused any bad effects on some environments, but it did look strange in SQL logs and has been corrected.

#1763

In servers, when requesting _summary=count, the response Bundle.type value was filtered, leading to an invalid response bundle. This has been corrected. Thanks to GitHub user @Legi429 for reporting!

#1770

When parsing Bundles, contained resoures from other entries in the Bundle could incorrecly be stitched into a target resource if they had the same local ID. Thanks to August Langhout for the pull request!

#1778

When encoding a resource, a crash could occur if the resource had a contained Bundle resource. This is not commonly done, but there are valid scenarios for doing so.

#1791

The GraphQL Expression parser sometimes fails and reports unhelpful error messages when using search arguments. Thanks to Ibrohim Kholilul Islam for the pull request!

#1794

A bug in the JPA server prevented Client Resource ID mode from being set to NOT_ALLOWED when Server Resource ID mode was set to UUID. Thanks to GitHub user @G-2-Z for reporting!

#1801

In previous versions of HAPI FHIR, the server incorrectly silently accepted decimal numbers in JSON with no leading numbers (e.g. .123), as well as decimal numbers with more than one leading zero (e.g. 00.123). These will now be rejected by the JSON parser. Any values with this string that have previously been stored in the JPA server database will now automatically normalize the value to 0.123.

#1801

When invoking JPA DAO methods programatically to store a resource (as opposed to using the FHIR REST API), if the resource being stored had any contained resources, these would sometimes not be visible to the search parameter indexer, leading to missing search params. This is a very fringe use case, but a workaround has been put in place to solve it.

#1806

The JPA server ElasticSearch provider failed to initialize if username/password credentials were not explicitly provided, meaning it could not run on AWS-supplied ElasticSearch. Thanks to Maciej Kucharek for the pull request!

#1810

The text styling on the Testpage Overlay homepage has been improved to use native Bootstrap warning colours. Thanks to Joel Schneider for the pull request!

#1829

In the JPA server, performing a search where the only search parameter was the _tag parameter could cause resources of the wrong type to be included in search results. This has been corrected.

#1837

The FHIR R4 validation resources (StructureDefintion, ValueSet, etc) were not updated to the R4 4.0.1 technical correction versions in HAPI FHIR 4.2.0. This has been corrected.

1.1.7HAPI FHIR 4.2.0 (Koala)

 

Release Information

Released: 2020-02-15

Codename: (Koala)

Changes

The version of a few dependencies have been bumped to the latest versions (dependent HAPI modules listed in brackets):

  • Jetty (CLI): 9.4.14.v20181114 -> 9.4.23.v20191118
  • Spring (JPA, Testpage): 5.2.1 -> 5.2.3 (addresses CVE-2020-5398 and CVE-2020-5397)

#1588

Support for several new operators has been added to the _filter support in the JPA server. Thanks to Anthony Sute for the Pull Request!

#1649

Support for LOINC 2.67 file format changes has been added to the JPA Server LOINC uploader. Thanks to Dan Vreeman for reporting!

In the JPA server, a new setting called setPopulateIdentifierInAutoCreatedPlaceholderReferenceTargets(boolean) has been added to the DaoConfig. If this setting is enabled, when creating placeholder resources, the Reference.identifier value is copied to the target resource if possible.

#1694

It is now possible to specify resource provider method annotations on interface methods implemented by resource provider classes, as opposed to needing to specify them directly on the concrete class. Thanks to Tue Toft Nørgård for the pull request!

Searching Location.position by latitude, longitude and distance for DSTU3, R4 and R5 is now supported using a simple 'box' search. Locations falling within a box with length and width of 2 * distance, centred on specified latitude,longitude are matched. If no distance is provided, the coordinates must match exactly.

Chained searches using the _has search parameter as the chain value are now supported by the JPA server.

#981

Support has been added to the server (plain and JPA) for querying with _count=0 as a URL parameter.

#1660

A significant performance improvement was added to the Json and XML parsers when parsing large Bundle resources. Throughput for parsing these resources has been improved by roughly 50%. Thanks to Rok Bertoncelj and Bogdan Solga for providing analysis and insight that triggered this change.

When parsing Bundle resources containing other resources, XML/JSON parsers have an option called "override resource ID with bundle entry fullUrl". This option previously caused any value found in Bundle.entry.fullUrl to override any value found in Bundle.entry.resource.id (meaning that the parsed resource would take its ID from the fullUrl even if that ID disagreed with the ID found in the resource itself. As of HAPI FHIR 4.1.0 the value in Bundle.entry.fullUrl will only be used to set the parsed resource ID if the resource has no ID present.

Changed database migration to use flyway. This adds a new table called FLY_HFJ_MIGRATION that records all database migration tasks that have already been applied. The hapi-fhir-cli migrate tool has been changed to use flyway. Learn more about flyway here: https://flywaydb.org/.

The IRestfulClient#registerInterceptor and IRestfulClient#unregisterInterceptor methods now take Object as an argument instead of IClientInterceptor, allowing client interceptors to now be migrated to the new interceptor framework.

#1583

As of FHIR R4, some fields that were previously of type reference are now of type canonical. One example is QuestionnaireResponse.questionnaire. Technically this means that this field should no longer contain a relative reference, but as they are sometimes used that way, HAPI FHIR will now try to be permissive and will index relative link canonical fields such as (Questionnaire/123) as though it actually was a local relative link. Thanks to Dean Atchley for reporting and providing a test case!

#1610

A missing mandatory was added to the SNOMED CT CodeSystem that is uploaded when SCT is uploaded to the JPA server. Thanks to Anders Havn for the pull request!

#1643

When validating resources containing custom valuesets defined in PrePopulatedValidationSupport outside of the JPA server, sometimes code systems could not be found resulting in false negative errors.

#1650

Several misleading comments in documentation code snippets were fixed. Thanks to Jafer Khan for the pull request!

#1603

The client threw a NullPointerException in some circumstances when it received an HTTP 201 No Content response from the server. This has been corrected. Thanks to Petro Mykhailysyn for the pull request!

#1671

When performing the $expunge operation in the JPA server, the operation sometimes failed if a resource being expunged had historical versions that did not contain any tags. This has been corrected.

#1676

When validating an XML resource, the validatin failed if the resource contained an xsi:schemaLocation declaration. This has been corrected. Thanks to Brian Kaney for reporting!

#1679

An issue with the new flyway migrator hashCode generation was resolved. Thanks to Jafer Khan for the pull request!

#1658

When parsing HTML Narratives, the lang attribute was stripped from the outer DIV tag if present. Thanks to Sean McIlvenna for reporting!

#1655

When using a custom structure that changes the cardinality from 0..* to 0..1, the Parser was encoding a plain field instead of an array (as required by the FHIR specification). Thanks to Petro Mykhailysyn for the pull request!

A memory leak was resolved in the JPA terminology service delta upload operations.

ValueSet PreCalculation did not successfully expand valuesets when Lucene was not enabled in the JPA server. This has been corrected.

#1689

A correction was made to the narrative generation documentation. Thanks to GitHub user dionmcm for the pull request!

#1613

ValueSet Precalculation sometimes failed on Oracle DBs due to an invalid SQL function. This has been corrected.

A ConcurrentModificationException was sometimes thrown when performing a cascading delete. This has been corrected.

#1624

The constructor for Verdict.java was inadvertantly made private, preventing custom rules from being written. Thanks to Jafer Khan for the pull request!

1.1.8HAPI FHIR 4.1.0 (Jitterbug)

 

Release Information

Released: 2019-11-13

Codename: (Jitterbug)

Changes

The version of a few dependencies have been bumped to the latest versions (dependent HAPI modules listed in brackets):

  • SLF4j (All): 1.7.25 -> 1.7.28
  • Spring (JPA): 5.1.8.Final -> 5.2.0.Final
  • Hibernate Core (JPA): 5.4.2.Final -> 5.4.6.Final
  • Hibernate Search (JPA): 5.11.1.Final -> 5.11.3.Final
  • Jackson Databind (JPA): 2.9.9 -> 2.9.10 (CVE-2019-16335, CVE-2019-14540)
  • Commons-DBCP2 (JPA): 2.6.0 -> 2.7.0
  • Postgresql JDBC Driver (JPA): 42.2.6.jre7 -> 42.2.8
  • MSSQL JDBC Driver (JPA): 7.0.0.jre8 -> 7.4.1.jre8
  • Spring Boot (Boot): 2.1.1 -> 2.2.0
  • Phloc Schematron (Validator): 5.0.4 -> 5.2.0
  • Phloc Commons (Validator): 9.1.1 -> 9.3.8

New Feature: The JPA server now saves and supports searching on Resource.meta.source via the _source search parameter. The server automatically appends the Request ID as a hash value on the URI as well in order to provide request level tracking. Searches can use either the source URI, the request ID, or both.

When using the AuthorizationInterceptor with a rule to allow all reads by resource type, the server will now reject requests for other resource types earlier in the processing cycle. Thanks to Anders Havn for the suggestion!

New Feature: Support for the FHIR Bulk Data Export specification has been added to the JPA server. See the specification for information on how this works. Note that only system level export is currently supported but others will follow.

It is now possible to submit a PATCH request as a part of a FHIR transaction in DSTU3 (previously this was only supported in R4+). This is not officially part of the DSTU3 spec, but it can now be performed by leaving the Bundle.entry.request.method blank in DSTU3 transactions and setting the request payload as a Binary resource containing a valid patch.

#1443

LOINC concepts now include multiaxial hierarchical properties (e.g. parent and child , which identify parent and child concepts.

#1445

When loading LOINC terminology, a new ValueSet is automatically created with a single include element that identifies the LOINC CodeSystem in ValueSet.compose.include.system . This ValueSet includes all LOINC codes.

#1461

A note has been added to the downloads page explaning the removal of the hapi-fhir-utilities module. Thanks to Andrew Fitzgerald for the PR!

Added support for comparing resource dates to the current time via a new variable %now. E.g. Procedure?date=gt%now would match future procedures.

New Feature: Support for ElasticSearch has been added to the JPA server directly (i.e. without needing a separate module) and a new class called "ElasticsearchHibernatePropertiesBuilder" has been added to facilitate the creation of relevant properties. Instructions have been added to the hapi-fhir-jpaserver-starter project to get started with Elasticsearch. It is likely we will switch our default recommendation to Elastic in the future.

Add support for in-memory matching on date comparisons ge,gt,eq,lt,le.

The JPA server now uses the Quartz scheduling library as a lob scheduling mechanism

A new flag has been added to the JPA migrator tool that causes the migrator to not try to reduce the length of existing columns in the schema.

#1366

The ValueSet operation $expand has been optimized for large ValueSets. ValueSets are now persistence-backed by the terminology tables, which are populated by a scheduled pre-expansion process. A ValueSet previously stored in an existing FHIR repository will need to be re-created or updated to make it a candidate for pre-expansion. ValueSets that have yet to be pre-expanded will continue to be expanded in-memory.

#1431

The ValueSet operation $validate-code has been optimized for large ValueSets. Codes in ValueSets that have yet to be pre-expanded will continue to be validated in-memory.

#1447

LOINC filenames for terminology upload are now configurable using the loincupload.properties file.

#1451

Support for the LOINC EXTERNAL_COPYRIGHT_NOTICE property and copyright filter has been added.

#1453

Support for the LOINC parent and child filters has been added. Both filters can be used with either of the = or in operators.

#1454

Support for the LOINC ancestor and descendant filters has been added. The descendant filter can be used with either of the = or in operators. At present, the ancestor filter can only be used with the = operator.

#1512

Support for the LOINC ancestor filter with the in operator has been added.

#1517

Support for concept property values with a length exceeding 500 characters has been added in the terminology tables. In particular, this was added to facilitate the LOINC EXTERNAL_COPYRIGHT_NOTICE property, for which values can be quite long.

The AuthorizationInterceptor has been enhanced so that a user can be authorized to perform create operations specifically, without authorizing all write operations. Also, conditional creates can now be authorized even if they are happening inside a FHIR transaction.

A docker compose script for the hapi-fhir-jpaserver-starter project was added. Thanks to Long Nguyen for the pull request!

#1476

A number of overridden methods in the HAPI FHIR codebase did not have the @Override annotation. Thanks to Clayton Bodendein for cleaning this up!

#1373

Plain server resource providers were not correctly matching methods that had the _id search parameter if a client performed a request using a modifier such as :not or :exact. Thanks to Petro Mykhailyshyn for the pull request!

Auto generated transaction IDs will now use both upper- and lowercase letters for more uniqueness in the same amount of space.

#1489

Performance Improvement: A significant performance improvement was made to the parsers (particularly the Json Parser) when serializing resources. This work yields improvements of 20-50% in raw encode speed when encoding large resources. Thanks to David Maplesden for the pull request!

#1541

The server CapabilityStatement (/metadata) endpoint now respects the Cache-Control header. Thanks to Jens Villadsen for the pull request!

The @Metadata annotation now has an attribute that can be used to control the cache timeout

#1489

Performance Improvement: When running inside a JPA server, The DSTU3+ validator now performs code validations by directly testing ValueSet membership against a pre-calculated copy of the ValueSet, instead of first expanding the ValueSet and then examining the expanded contents. This can yield a significant improvement in validation speed in many cases.

Validation errors will now include details about the line number where the issue was found

A new built-in server interceptor called CaptureResourceSourceFromHeaderInterceptor has been added. This interceptor can be used to capture an incoming source system URI in an HTTP Request Header and automatically place it in Resource.meta.source

#1357

The email Subscription deliverer now respects the payload property of the subscription when deciding how to encode the resource being sent. Thanks to Sean McIlvenna for the pull request!

#1088

The CapabilityStatement generator will now determine supported profiles by navigating the complete hierarchy of supported resource types, instead of just using the root resource for each type. Thanks to Stig Døssing for the pull request!

Two foreign keys have been dropped from the HFJ_SEARCH_RESULT table used by the FHIR search query cache. These constraints did not add value and caused unneccessary contention when used under high load.

An inefficient regex expression in UrlUtil was replaced with a much more efficient hand-written checker. This regex was causing a noticable performance drop when feeding large numbers of transactions into the JPA server at the same time (i.e. when loading Synthea data).

The HAPI FHIR CLI server now uses H2 as its database platform instead of Derby. Note that this means that data in any existing installations will need to be re-uploaded to the new database platform.

REST servers will no longer try to guess the content type for HTTP requests where a body is provided but no Content-Type header is included. These requests are invalid, and will now result in an HTTP 400. This change corrects an error where some interceptors (notably the RequestValidatingInterceptor, but not including any HAPI FHIR security interceptors) could be bypassed if a Content Type was not included.

The Testpage Overlay has been upgraded to use FontAwesome 5.x, and now supports being deployed to a servlet path other than "/".

The hapi-fhir-jaxrs-server module now lists dependencies on structures JARs as optional dependencies, in order to avoid automatically importing all versions. This means that implementers of JAX-RS servers may now need to add an explicit dependency on one or more structures JARs to their own project.

The IValidationSupport#validateCode(...) method has been modified to add an additional parameter (String theValueSetUrl). Most users will be unaffected by this change as HAPI FHIR provides a number of built-in implementations of this interface, but any direct user implementations of this interface will need to add the new parameter.

The hapi-fhir-testpage-overlay project now uses WebJars for importing JavaScript dependency libraries. This reduces our Git repository size and should make it easier to stay up-to-date.

The JPA server in DST2 mode previously automatically validated submitted QuestionnaireResponse resource against their corresponding Questionnaires and rejected non-conformant QuestionnaireResponse resources from being stored. This was in contrast to every other version where the RequestValidatingInterceptor has to be registered in order to achieve this specific behaviour. This behaviour has been removed from the JPA server, and the same interceptor must be used for QR validation in the DSTU2 JPA server as in all other versions of FHIR.

DSTU2.1 profile validation now uses the same R5 validation as all other versions of FHIR.

When using the _filter search parameter, string comparisons using the "eq" operator were incorrectly performing a partial match. This has been corrected. Thanks to Marc Sandberg for pointing this out!

Reference search parameters did not work via the _filter parameter

Transaction entries with a resource URL starting with a leading slash (e.g. /Organization?identifier=foo instead of Organization?identifier=foo did not work. These are now supported.

SubscriptionDstu2Config incorrectly pointed to a DSTU3 configuration file. This has been corrected.

When using the VersionedApiConverterInterceptor, GraphQL responses failed with an HTTP 500 error.

Cascading deletes now correctly handle circular references. Previously this failed with an HTTP 500 error.

The informational message returned in an OperationOutcome when a delete failed due to cascades not being enabled contained an incorrect example. This has been corrected.

In some cases, deleting a CodeSystem resource would fail because the underlying codes were not correctly deleted from the terminology service tables. This is fixed.

The FHIRPath engine used to parse search parameters in the JPA R4/R5 server is now reused across requests, as it is somewhat expensive to create and is thread safe.

The GraphQL provider did not wrap the respone in a "data" element as described in the FHIR specification. This has been corrected.

When using the Consent Service and denying a resource via the "Will See Resource" method, the resource ID and version were still returned to the user. This has been corrected so that no details about the resource are leaked.

Fix a failure in FhirTerser#visit when fields in model classes being visited contain custom subclasses of the expected type.

Updating an existing CodeSystem resource with a content mode of COMPLETE did not cause the terminology service to accurately reflect the new CodeSystem URL and/or concepts. This is now corrected.

#1495

A NullPointerException when using the AuthorizationInterceptor RuleBuilder to build a conditional rule with a custom tester has been corrected. Thanks to Tue Toft Nørgård for reporting!

#1494

The R4+ client and server modules did not recognize the new _include:iterate syntax that replaces the previous _include:recurse syntax. Both are now supported on all servers in order to avoid breaking backwards compatibility, with the new syntax now being emitted in R4+ clients.

#1482

The LOINC terminology distribution includes multiple copies of the same files. Uploading LOINC terminology resulted in some ValueSets with duplicate codes. This has been corrected by specifying a path with each filename.

New Feature: A new set of operations have been added to the JPA server that allow CodeSystem deltas to be uploaded. A CodeSystem Delta consists of a set of codes and relationships that are added or removed incrementally to the live CodeSystem without requiring a downtime or a complete upload of the contents. Deltas may be specified using either a custom CSV format or a partial CodeSystem resource.
In addition, the HAPI FHIR CLI upload-terminology command has been modified to support this new functionality.

A corner case bug in the JPA server was solved: When performing a search that contained chained reference searches where the value contained slashes (e.g. Observation?derived-from:DocumentReference.contenttype=application/vnd.mfer ) the server could fail to load later pages in the search results.

#1483

Some resource IDs and URLs for LOINC ValueSets and ConceptMaps were inconsistently populated by the terminology uploader. This has been corrected.

When a resource was updated with a meta.source containing a request id, the meta.source was getting appended with the new request id, resulting in an ever growing source.meta value. E.g. after the first update, it looks like "#9f0a901387128111#5f37835ee38a89e2" when it should only be "#5f37835ee38a89e2". This has been corrected.

#1421

The Plain Server method selector was incorrectly allowing client requests with _include statements to be handled by method implementations that did not have any @IncludeParam defined. This is now corrected. Thanks to Tuomo Ala-Vannesluoma for reporting and providing a test case!

New Feature: When using Externalized Binary Storage in the JPA server, the system will now automatically externalize Binary and Attachment payloads, meaning that these will automatically not be stored in the RDBMS.

The JPA server failed to find codes defined in not-present codesystems in some cases, and reported that the CodeSystem did not exist. This has been corrected.

#402

When encoding a Composition resource in XML, the section narrative blocks were incorrectly replaced by the main resource narrative. Thanks to Mirjam Baltus for reporting!

#1473

AN issue with date pickers not working in the hapi-fhir-testpage-overlay project has been fixed. Thanks to GitHub user @jaferkhan for the pull request!

Model Update: The DSTU3 structures have been upgraded to the new 3.0.2 (Technical Correction) release.
The R4 structures have been upgraded to the new 4.0.1 (Technical Correction) release.
The R5 structure have been upgraded to the current (October) snapshot.

The JPA server contained a restriction on the columns used to hold a resource's type name that was too short to hold the longest name from the final R4 definitions. This has been corrected to account for names up to 40 characters long.

The subscription triggering operation was not able to handle commas within search URLs being used to trigger resources for subscription checking. This has been corrected.

In some cases where resources were recently expunged, null entries could be passed to JPA interceptors registered against the STORAGE_PRESHOW_RESOURCES hook.

In issue was fixed in the JPA server where a previously failed search would be reused, immediately returning an error rather than retrying the search.

The JPA server did not correctly process _has queries where the linked search parameter was the _id parameter.

#1529

HAPI FHIR allows transactions in DSTU3 to contain a JSON/XML Patch in a Binary resource without specifying a verb in Bundle.entry.request.method, since the valueset defined in DSTU3 for that field does not include the PATCH verb. The AuthorizationInterceptor however did not understand this and would reject these requests. This is now corrected.

#1530

A potential XXE vulnerability in the validator was corrected. The XML parser used for validating XML payloads (i.e. FHIR resources) will no longer read from DTD declarations.

Paging requests that are incorrectly executed at the type level were interpreted by the plain server as search requests with no search parameters, leading to confusing search results. These will now result in an HTTP 400 error with a meaningful error message.

#1544

QuestionnaireResponse validation in the JPA server was not able to load Questionnaire resources that were referenced using a canonical URI instead of a local reference. Thanks to Vu Vuong for reporting!

#848

When validating JSON payloads, the JSON structure was parsed by Gson instead of passing the raw JSON to the validator. This meant that the validator was unable to catch certain structural errors that are ignored by Gson. Thanks to Michael Lawley for reporting!

#1546

The JPA server exposed a number of duplicate entries in the CapabilityStatement's list of supported _include values for a given resource. Thanks to Jens Villadsen for reporting!

#1481

An unintended dependency from hapi-fhir-base on Jetty was introduced in HAPI FHIR 4.0.0. This has been removed.

The JPA migrator tool was not able to correctly drop tables containing foreign key references in some cases. This has been corrected.

#1547

An issue was fixed where the JPA server would occasionally fail to save a resource because it contained a string containing characters that change length when normalized. Thanks to Tuomo Ala-Vannesluoma for the pull request!

In the (fairly unlikely) circumstance that a JPA server was called with a parameter where the parameter name referenced a custom search parameter with an invalid chain attached, and the value was missing entirely (e.g. ProcedureRequest?someCustomParameter.BAD_NAME= , the server would ignore this parameter instead of incorrectly returning an error. This has been corrected.

#1526

Several issues with HAPI FHIR's annotation scanner that prevented use with Kotlin based resource providers have been corrected. Thanks to Jelmer ter Wal for the pull request!

Search parameters of type URI did not work in the hapi-fhir-testpage-overlay. This has been corrected.

#1568

JPA servers accidentally stripped the type attribute from the server-exported CapabilityStatement when search parameters of type "special" were found. This has been corrected.

When running the JPA server without Lucene indexing enabled and performing ValueSet expansion, the server would incorrectly ignore inclusion rules that specified a system but no codes (i.e. include the whole system). This has been corrected.

#1538

The hapi-fhir-testpage-overlay has been updated to support R5 endpoints. Thanks to Dazhi Jiao for the pull request!

A NullPointerException in the XML Parser was fixed when serializing a resource containing an extension on a primitive datatype that was missing a URL declaration.

When using the _filter search parameter in the JPA server with an untyped resource ID, the filter could bring in search results of the wrong type. Thanks to Anthony Sute for the Pull Request and Jens Villadsen for reporting!

#1300

In some cases where where a single search parameter matches the same resource many times with different distinct values (e.g. a search by Patient:name where there are hundreds of patients having hundreds of distinct names each) the Search Coordinator would end up in an infinite loop and never return all of the possible results. Thanks to @imranmoezkhan for reporting, and to Tim Shaffer for providing a reproducible test case!

The method IVersionSpecificBundleFactory#initializeBundleFromResourceList has been deprecated, as it provided duplicate functionality to other methods and had an outdated argument list based on the Bundle needs in DSTU1. We are not aware of any public use of this API, please let us know if this deprecation causes any issues.

HTTP PUT (resource update) operations will no longer allow the version to be specified in a Content-Location header. This behaviour was allowed in DSTU1 and was never removed from HAPI even though it hasn't been permitted in the spec for a very long time. Hopefully this change will not impact anyone!

The @ProvidesResources annotation has been removed from HAPI FHIR, as it was not documented and did not do anything useful. Please get in touch if this causes any issues.

1.1.9HAPI FHIR 4.0.3 (Igloo (Point Release))

 

Release Information

Released: 2019-09-03

Codename: (Igloo (Point Release))

Changes

This release contains no new or updated functionality, but addressed a dependency version that was left incorrectly requiring a SNAPSHOT maven build of the org.hl7.fhir.utilities module. Users who are successfully using HAPI FHIR 4.0.0 do not need to upgrade, but any users who were blocked from upgrading due to snapshot dependency issues are advised to upgrade immediately.

1.1.10HAPI FHIR 4.0.0 (Igloo)

 

Release Information

Released: 2019-08-14

Codename: (Igloo)

Changes

The version of a few dependencies have been bumped to the latest versions (dependent HAPI modules listed in brackets):

  • Commons Codec (Core): 1.11 -> 1.12
  • Apache HTTPClient (Client): 4.5.3 -> 4.5.9
  • Apache HTTPCore (Client>: 4.4.6 -> 4.4.11
  • Spring (JPA): 5.1.6.RELEASE -> 5.1.8.RELEASE
  • Spring-Data (JPA): 2.1.6.RELEASE -> 2.1.8.RELEASE
  • JANSI (CLI): 1.17.1 -> 1.18
  • json-patch (JPA): 1.10 -> 1.15 (see changelog entry about this change)
  • Jackson-Databind (JPA): 2.9.9 -> 2.9.9.1 (due to a Jackson vulnerability CVE-2019-12384)
  • commons-collections4 (Server/JPA): 4.1 -> 4.3
  • commons-dbcp2 (JPA): 2.5.0 -> 2.6.0
  • commons-lang3 (Core): 3.8.1 -> 3.9
  • commons-text (Core): 1.6 -> 1.7
  • Guava (JPA): 27.1-jre -> 28.0-jre

New Feature: A new interceptor called CascadingDeleteInterceptor has been added to the JPA project. This interceptor allows deletes to cascade when a specific URL parameter or header is added to the request. Cascading deletes can also be controlled by a new flag in the AuthorizationIntereptor RuleBuilder, in order to ensure that cascading deletes are only available to users with sufficient permission.

Several enhancements have been made to the AuthorizationInterceptor :

  • The interceptor now registers against the STORAGE_PRESHOW_RESOURCES interceptor hook, which allows it to successfully authorize JPA operations that don't actually return resource content, such as GraphQL responses, and resources that have been filtered using the _elements parameter.
  • The rule list is now cached on a per-request basis, which should improve performance

The $expunge global everything operation has been refactored to do deletes in small batches. This change will likely reduce performance, but does allow for the operation to succeed without timing out in larger systems.

Added some experimental version-independent model classes to ca.uhn.fhir.jpa.model.any. They permit writing code that is version independent.

Added new subclass of HashMapResourceProvider called SearchableHashMapResourceProvider that uses the in-memory matcher to search the HashMap (using a full table scan). This allows rudimentary testing without a database.

Added a new interceptor hook called STORAGE_PRESTORAGE_DELETE_CONFLICTS that is invoked when a resource delete operation is about to fail due to referential integrity conflicts. Hooks have access to the list of resources that have references to the resource being deleted and can delete them. The boolean return value of the hook indicates whether the server should try checking for conflicts again (true means try again).

#1336

The HAPI FHIR unit test suite has been refactored to no longer rely on PortUtil to assign a free port. This should theoretically result in fewer failed builds resulting from port conflicts. Thanks to Stig Døssing for the pull request!

#1348

JPA server now supports conditional PATCH operation (i.e. performing a patch with a syntax such as /Patient?identifier=sys|val )

#1347

The json-patch library used in the JPA server has been changed from java-json-tools.json-patch to a more active fork of the same project: crate-metadata.json-patch. Thanks to Jens Villadsen for the suggestion and pull request!

#1343

Support has been implemented in the JPA server for the CodeSystem $subsumes operation.

A new pointcut has been added to the JPA server called JPA_PERFTRACE_RAW_SQL that can be used to capture the raw SQL statements that are sent to the underlying database.

The JPA server now rejects subscriptions being submitted with no value in Subscription.status (this field is mandatory, but the subscription was previously ignored if no value was provided)

The JSON and XML parsers will now raise a warning or error with the Parser Error Handler if an extension is being encoded that is missing a URL, or has both a value and nested extensions on the same parent extension.

#1330

Support in the JPA Terminology Service terminology uploader has been added for uploading the IMGT HLA Nomenclature distribution files as a FHIR CodeSystem. Thanks to Joel Schneider for the contribution!

#1354

A BOM POM has been added to the HAPI FHIR distribution, allowing users to import the HAPI FHIR library with all of its submodules automatically sharing the same version. Thanks to Stig Døssing for the pull request!

AuthorizationInterceptor will now try to block delete operations sooner in the processing lifecycle if there is no chance they will be permitted later (i.e. because the type is not authorized at all)

The HAPI FHIR server will now generate a random transaction ID to every request and add it to the response headers. Clients may supply the transaction header via the X-Request-ID header.

When attempting to read a resource that is deleted, a Location header is now returned that includes the resource ID and the version ID for the deleted resource.

IBundleProvider now has an isEmpty() method that can be used to check whether any results exist. A default implementation has been provided, so this is not a breaking change.

A new server interceptor hook called PROCESSING_COMPLETED has been added. This hook is called by the server at the end of processing every request (success and failure).

Added a new Pointcut STORAGE_PRESTORAGE_EXPUNGE_EVERYTHING that is called at the start of the expungeEverything operation.

The JPA server now has the ability to generate snapshot profiles from differential profiles via the $snapshot operation, and will automatically generate a snapshot when needed for validation.

Creating/updating CodeSystems now persist CodeSystem.concept.designation to the terminology tables.

Expanded ValueSets now populate ValueSet.expansion.contains.designation.language .

@Operation methods can now declare that they will manually process the request body and/or manually generate a response instead of letting the HAPI FHIR framework take care of these things. This is useful for situations where direct access to the low-level servlet streaming API is needed.

@Operation methods can now declare that they are global, meaning that they will apply to all resource types (or instances of all resource types) if they are found on a plain provider.

@Operation method parameters may now declare their type via a String name such as "code" or "Coding" in an attribute in @OperationParam. This is useful if you want to make operation methods that can operate across different versions of FHIR.

A new resource provider for JPA servers called BinaryAccessProvider has been added. This provider serves two custom operations called $binary-access-read and $binary-access-write that can be used to request binary data in Attachments as raw binary content instead of as base 64 encoded content.

New Feature: Support for the new R5 draft resources has been added. This support includes the client, server, and JPA server. Note that these definitions will change as the R5 standard is modified until it is released, so use with caution!

Support for PATCH operations performed within a transaction (using a Binary resource as the resource type in order to hold a JSONPatch or XMLPatch body) has been added to the JPA server.

A new attribute has been added to the @Operation annotation called typeName . This annotation can be used to specify a type for an operation declared on a plain provider without needing to use a specific version of the FHIR structures.

The $upload-external-code-system operation and the corresponding HAPI FHIR CLI command can now be used to upload custom vocabulary that has been converted into a standard file format defined by HAPI FHIR. This is useful for uploading large organizational code systems.

#1388

When performing a read-if-newer operation on a plain server, the resource ID in Resource.meta.versionId is now used if a version isn't found in the resource ID itself. Thanks to Stig Døssing for the pull request!

New Feature: A new interceptor called ConsentInterceptor has been added. This interceptor allows JPA based servers to make appropriate consent decisions related to resources that and operations that are being returned. See Server Security for more information.

New Feature: The JPA server now supports GraphQL for DSTU3 / R4 / R5 servers.

#1220

New Feature: The JPA server now supports the _filter search parameter when configured to do so. The filter search parameter is an extremely flexible and powerful feature, allowing for advanced grouping and order of operations on searches. It can be dangerous however, as it potentially allows users to create queries for which no database indexes exist in the default configuration so it is disabled by default. Thanks to Anthony Sute for the pull request and all of his support in what turned out to be a lengthy merge!

Breaking Change: The HL7.org DSTU2 structures (and ONLY the HL7.org DSTU2 structures) have been moved to a new package. Where they were previously found in org.hl7.fhir.instance.model they are now found in org.hl7.fhir.dstu2.model. This was done in order to complete the harmonization between the HAPI FHIR GitHub repository and the org.hl7.fhir.core GitHub repository. This is the kind of change we don't make lightly, as we do know that it will be annoying for users of the existing library. It is a change however that will allow us to apply validator fixes much more quickly, and will greatly reduce the amount of effort required to keep up with R5 changes as they come out, so we're hoping it is worth it. Note that no classes are removed, they have only been moved, so it should be fairly straightforward to migrate existing code with an IDE.

Moved in-memory matcher from Subscription module to SearchParam module and renamed the result type from SubscriptionMatchResult to InMemoryMatchResult.

Breaking Change: The IPagingProvider interface has been modified so that the retrieveResultList method now takes one additional parameter of type RequestDetails. If you have created a custom implementation of this interface, you can add this parameter and ignore it if needed. The use of the method has not changed, so this should be an easy fix to existing code.

Breaking Change: The HAPI FHIR REST client and server will now default to using JSON encoding instead of XML when the user has not explicitly configured a preference.

Breaking Change: The JPA $upload-external-code-system operation has been moved from being a server level operation (i.e. called on the root of the server) to being a type level operation (i.e. called on the CodeSystem type).

Server CapabilityStatement/Conformance repsonses from the /metadata endpoint will now be cached for 60 seconds always. This was previously a configurable setting on the ServerConformanceProvider, but it is now handled directly by the method binding so the provider now has no responsibility for caching.

The JPA server now uses the H2 database instead of the derby database to run its unit tests. We are hoping that this cuts down on the number of false test failures we get due to mysterious derby failures.

Breaking Change: The FhirValidator#validate(IResource) method has been removed. It was deprecated in HAPI FHIR 0.7 and replaced with FhirValidator#validateWithResults(IBaseResource) so it is unlikely anyone is still depending on the old method.

The Base64Binary types for DSTU3+ now use a byte array internally to represent their content, which is more efficient than storing base 64 encoded text to represent the binary as was previously done.

A few columns named 'CODE' in the JPA terminology services tables have been renamed to 'CODEVAL' to avoid any possibility of conflicting with reserved words in MySQL. The database migrator tool has been updated to handle this change.

Two new operations, $apply-codesystem-delta-add and $apply-codesystem-delta-remove have been added to the terminology server. These methods allow codes to be dynamically added and removed from external (notpresent) codesystems.

The JPA server did not correctly index Timing fields where the timing contained a period but no individual events. This has been corrected.

#1320

The HAPI FHIR CLI import-csv-to-conceptmap command was not accounting for byte order marks in CSV files (e.g. some Excel CSV files). This has been fixed.

#1241

A bug was fixed where deleting resources within a transaction did not always correctly enforce referential integrity even if referential integrity was enabled. Thanks to Tuomo Ala-Vannesluoma for reporting!

In the JPA server, the _total=accurate was not always respected if a previous search already existed in the query cache that matched the same search parameters.

#1337

Improved stability of concurrency test framework. Thanks to Stig Døssing for the pull request!

AuthorizationInterceptor sometimes failed with a 500 error when checking compartment membership on a resource that has a contained subject (Patient).

Uploading the LOINC/RSNA Radiology Playbook would occasionally fail when evaluating part type names due to case sensitivity. This has been corrected.

#1355

Invoking the transaction or batch operation on the JPA server would fail with a NullPointerException if the Bundle passed in did not contain a resource in an entry that required a resource (e.g. a POST). Thanks to GitHub user @lytvynenko-dmitriy for reporting!

#1250

HAPI FHIR Server (plain, JPA, and JAX-RS) all populated Bundle.entry.result on search result bundles, even though the FHIR specification states that this should not be populated. This has been corrected. Thanks to GitHub user @gitrust for reporting!

#1352

Creating R4 Observation resources with a value type of SampledData failed in the JPA server because of an indexing error. Thanks to Brian Reinhold for reporting!

#1361

Fix a build failure thanks to Maven pom errors. Thanks to Gary Teichrow for the pull request!

#1362

The JPA server did not correctly process searches with a _tag:not expression containing more than one comma separated value.

FHIR model classes have a method called hasPrimitiveValue() which previously returned true if the type was a primitive datatype (e.g. StringType). This method now only returns true if the type is a primitive datatype AND the type actually has a value.

A number of columns in the JPA Terminology Services ConceptMap tables were not explicitly annotated with @Column, so the DB columns that were generated had Java ugly field names as their SQL column names. These have been renamed, and entries in the JPA migrator tool have been added for anyone upgrading.

Field values with a datatype of canonical were indexed as though they were explicit resource references by the JPA server. This led to errors about external references not being supported when uploading various resources (e.g. Questionnaires with HL7-defined ValueSet references). This has been corrected. Note that at this time, we do not index canonical references at all (as we were previously doing it incorrectly). This will be improved soon.

#1370

The OkHttp client did not correctly apply the connection timeout and socket timeout settings to client requests. Thanks to Petro Mykhailyshyn for the pull request!

The _summary element was not always respected when encoding JSON resources.

#1390

Two issues in the Thymeleaf Narrative Template which caused an error when generating a narrative on an untitled DiagnosticReport were fixed. Thanks to GitHub user @navyflower for reporting!

#1404

In the JAX-RS server, the resource type history and instance vread operations had ambiguous paths that could lead to the wrong method being called. Thanks to Seth Rylan Gainey for the pull request!

#1414

The profile validator (FhirInstanceValidator) can now be used to validate a resource using an explicit profile declaration rather than simply relying on the declared URL in the resource itself.

When using the ResponseHighlighterInterceptor, some invalid requests that would normally generate an HTTP 400 response (e.g. an invalid _elements value) would cause an HTTP 500 crash.

#1375

An example datatype was corrected in the DSTU2 Identifier datatype StructureDefinition. Thanks to Nick Robison for the pull request!

1.1.11HAPI FHIR 3.8.0 (Hippo)

 

Release Information

Released: 2019-05-30

Codename: (Hippo)

Changes

The version of a few dependencies have been bumped to the latest versions (dependent HAPI modules listed in brackets):

  • Guava (base): 25-jre -> 27.1-jre
  • Hibernate (JPA): 5.4.1 -> 5.4.2
  • Jackson (JPA): 2.9.7 -> 2.9.8
  • Spring (JPA): 5.1.3.RELEASE -> 5.1.6.RELEASE
  • Spring-Data (JPA): 2.1.3.RELEASE -> 2.1.6.RELEASE
  • Caffeine (JPA): 2.6.2 -> 2.7.0
  • JANSI (CLI): 1.16 -> 1.17.1

ParametersUtil now has a utility method that can be used to add parameter values using the string name of the datatype (e.g. "dateTime") in order to help building Parameters resources in a version-independent way.

In the JPA server, a much more readable error message is now returned returned when two client threads collide while trying to simultaneously create a resource with the same client-assigned ID. In addition, better error messages are now returned when conflicts such as this one are hit within a FHIR transaction operation.

The JPA query builder has been optimized to take better advantage of SQL IN (..) expressions when performing token searches with multiple OR values.

The JPA server transaction processor will now automatically detect if the request Bundle contains multiple entries having identical conditional create operations, and collapse these into a single operation. This is done as a convenience, since many conversion algorithms can accidentally generate such duplicates.

A new config setting has been added to the JPA DaoConfig that disables validation of the resource type for target resources in references.

HapiLocalizer can now handle message patterns with braces that aren't a part of a message format expression. E.g. "Here is an {example}".

JPA searches using a Composite Unique Index will now use that index for faster searching even if the search has _includes and/or _sorts. Previously these two features caused the search builder to skip using the index.

In Servers that are configured to support extended mode _elements parameters, it is now possible to use the :exclude modifier to exclude entire resource types.

When performing a search in the JPA server where one of the parameters is a reference with multiple values (e.g. Patient?organization=A,B) the generated SQL was previously a set of OR clauses and this has been collapsed into a single IN clause for better performance.

RequestDetails now has methods called getAttribute and setAttribute that can be used by interceptors to pass arbitrary data between requests.

Added new configuration parameter to DaoConfig and ModelConfig to specify the websocket context path. (Before it was hardcoded to "/websocket").

Added new IRemovableChannel interface. If a SubscriptionChannel implements this, then when a subscription channel is destroyed (because its subscription is deleted) then the remove() method will be called on that channel.

When performing a JSON Patch in JPA server, the post-patched document is now validated to ensure that the patch was valid for the candidate resource. This means that invalid patches are caught and not just silently ignored.

Expunges are now done in batches in multiple threads. Both the number of expunge threads and batch size are configurable in DaoConfig.

ValidationSupportChain will now call isCodeSystemSupported() on each entry in the chain before calling fetchCodeSystem() in order to reduce the work required by chain entries. Thanks to Anders Havn for the suggestion!

The hapi-fhir-jpaserver-starter project has been updated to use a properties file for configuration, making it much easier to get started with this project. Thanks to Sean McIlvenna for the pull request!

#1228

The InstanceValidator now supports validating QuestionnairResponses with empty items for disabled questions. Thanks to Matti Uusitalo for the pull request!

#1152

A new method has been added to the client that allows arbitrary headers to be easily added to the request. Thanks to Christian Ohr for the pull request!

#1213

VersionConverter for R2-R3 has been modified to correectly handle the renamed basedOn field. Thanks to Gary Graham for the pull request!

#1244

Add a missing @Deprecated tag. Thanks to Drew Mitchell for the pull request!

#1303

The JSON parser has removed a few unneeded super keywords that prevented overriding behaviour. Thanks to Anders Havn for the pull request!

#1179

The DSTU2/3 version converter now converts Specimen resources. Thanks to Gary Graham for the pull request!

The JPA terminology service can now detect when Hibernate Search (Lucene) is not enabled, and will perform simple ValueSet expansions without relying on Hibenrate Search in such cases.

The hapi-fhir-testpage-overlay project no longer includes any library JARs in the built WAR, in order to prevent duplicates and conflicts in implementing projects.

The JSON Patch provider has been switched to use the provider from the Java JSON Tools project, as it is much more robust and fault tolerant.

Re-use subscription channel and handlers when a subscription is updated (unless the channel type changed).

#1209

A Google Analytics script fragment was leftover in the hapi-fhir-jpaserver example and starter projects. Thanks to Patrick Werner for removing these!

A potential security vulnerability in the hapi-fhir-testpage-overlay project was corrected: A URL parameter was not being correctly escaped, leading to a potential XSS vulnerability. A big thanks to Mudit Punia and Dushyant Garg for reporting this.

When performing a search using the JPA server, if a search returned between 1500 and 2000 results, a query for the final page of results would timeout due to a page calculation error. This has been corrected.

#1223

Searching the JPA server with multiple instances of the same token search parameter (e.g. "Patient?identifier=&identifier=b" returned no results even if resources should have matched. Thanks to @mingdatacom for reporting!

JPA searches using a Composite Unique Index did not return the correct results if a REFERENCE search parameter was used with arguments that consisted of unqualified resource IDs.

A non-threadsafe use of DateFormat was cleaned up in the StopWatch class.

When returning the results of a history operation from a HAPI FHIR server, any entries with a method of DELETE contained a stub resource in Bundle.entry.resource, even though the FHIR spec states that this field should be empty. This was corrected.

Two expunge bug fixes: The first bug is that the expunge operation wasn't bailing once it hit its limit. This resulted in a "Page size must not be less than one!" error. The second bug is that one case wasn't properly handled: when a resourceId with no version is provided. This executed the case where only resource type is provided.

When updating a resource in the JPA server, if the contents have not actually changed the resource version is not updated and no new version is created. In this situation, the update time was modified however. It will no longer be updated.

When running the JPA server in Resource Client ID strategy mode of "ANY", using the _id search parameter could return incorrect results. This has been corrected.

Performing a PUT or POST against a HAPI FHIR Server with no request body caused an HTTP 500 to be returned instead of a more appropriate HTTP 400. This has been corrected.

#1255

The fetchValueSet method on IValidationSupport implementation was not visible and could not be overridden. Thanks to Patrick Werner for the pull reuqest!

#1280

The JPA server failed to index R4 reources with search parameters pointing to the Money data type. Thanks to GitHub user @navyflower for reporting!

When validating DSTU3 QuestionnaireResponses that leverage the "enableWhen" functionality available in Questionnaire resources, the validation could sometimes fail incorrectly.

Ensure that database cursors are closed immediately after performing a FHIR search.

Validation errors were fixed when using a Questionnaire with enableWhen on a question that contains sub-items.

Fixed "because at least one resource has a reference to this resource" delete error message that mistakingly reported the target instead of the source with the reference.

#1299

In JPA server when updating a resource using a client assigned ID, if the resource was previously deleted (meaning that the operation is actually a create), the server will now return an HTTP 201 instead of an HTTP 200. Thanks to Mario Hyland for reporting!

The HAPI FHIR CLI was unable to start a server in R4 mode in HAPI FHIR 3.7.0. This has been corrected.

#1311

When encoding resources, profile declarations on contained resources will now be preserved. Thanks to Anders Havn for the pull request!

#1305

Two incorrect package declarations in unit tests were corrected. Thanks to github user @zaewonyx for the PR!

#1141

The JPA database migration tool has been enhanced to support migration from HAPI FHIR 2.5. Thanks to Gary Graham for the pull request!

The hapi-fhir-jpaserver-example did not have Subscription capabilities enabled after the refactoring of how Subscriptions are enabled that occurred in HAPI FHIR 3.7.0. Thanks to Volker Schmidt for the pull request!

When using the _elements parameter on searches and reads, requesting extensions to be included caused the extensions to be included but not any values contained within. This has been corrected.

1.1.12HAPI FHIR 3.7.0 (Gale)

 

Release Information

Released: 2019-02-06

Codename: (Gale)

Changes

HAPI FHIR is now built using OpenJDK 11. Users are recommended to upgrade to this version of Java if this is feasible. We are not yet dropping support for Java 8 (aka 1.8), but users are recommended to upgrade if possible.

The version of a few dependencies have been bumped to the latest versions (dependent HAPI modules listed in brackets):

  • Spring (JPA): 5.0.8.RELEASE -> 5.1.3.RELEASE
  • Spring-Data (JPA): 2.0.7.RELEASE -> 2.1.3.RELEASE
  • Hibernate-Core (JPA): 5.3.6.FINAL -> 5.4.1.FINAL
  • Hibernate-Search (JPA): 5.10.3.FINAL -> 5.11.1.FINAL
  • Thymeleaf (JPA): 3.0.9.RELEASE -> 3.0.11.RELEASE
  • thymeleaf-spring4 (Testpage Overlay) has been replaced with thymeleaf-spring5
  • Commons-Lang3: 3.8 -> 3.8.1
  • Commons-Text: 1.4 -> 1.4
  • Spring Boot: 1.5.6.RELEASE -> 2.1.1.RELEASE

FHIR Parser now has an additional overload of the parseResource method that accepts an InputStream instead of a Reader as the source.

FHIR Fluent/Generic Client now has a new return option called returnMethodOutcome which can be used to return a raw response. This is handy for invoking operations that might return arbitrary binary content.

Moved state and functionality out of BaseHapiFhirDao.java into new classes: LogicalReferenceHelper, ResourceIndexedSearchParams, IdHelperService, SearcchParamExtractorService, and MatchUrlService.

Replaced explicit @Bean construction in BaseConfig.java with @ComponentScan. Beans with state are annotated with @Component and stateless beans are annotated as @Service. Also changed SearchBuilder.java and the three Subscriber classes into @Scope("protoype") so their dependencies can be @Autowired injected as opposed to constructor parameters.

AuthorizationInterceptor now allows arbitrary FHIR $operations to be authorized, including support for either allowing the operation response to proceed unchallenged, or authorizing the contents of the response.

JPA Migrator tool enhancements: An invalid SQL syntax issue has been fixed when running the CLI JPA Migrator tool against Oracle or SQL Server. In addition, when using the "Dry Run" option, all generated SQL statements will be logged at the end of the run. Also, a case sensitivity issue when running against some Postgres databases has been corrected.

In the JPA server, when performing a chained reference search on a search parameter with a target type of Reference(Any) , the search failed with an incomprehensible error. This has been corrected to return an error message indicating that the chain must be qualified with a resource type for such a field. For example, QuestionnaireResponse?subject:Patient.name=smith instead of QuestionnaireResponse?subject.name=smith .

Changed subscription processing, if the subscription criteria are straightforward (i.e. no chained references, qualifiers or prefixes) then attempt to match the incoming resource against the criteria in-memory. If the subscription criteria can't be matched in-memory, then the server falls back to the original subscription matching process of querying the database. The in-memory matcher can be disabled by setting isEnableInMemorySubscriptionMatching to "false" in DaoConfig (by default it is true). If isEnableInMemorySubscriptionMatching is "false", then all subscription matching will query the database as before.

The LOINC uploader has been updated to suport the LOINC 2.65 release file format.

The resource reindexer can now detect when a resource's current version no longer exists in the database (e.g. because it was manually expunged), and can automatically adjust the most recent version to account for this.

When updating existing resources, the JPA server will now attempt to reuse/update rows in the index tables if one row is being removed and one row is being added (e.g. because a Patient's name is changing from "A" to "B"). This has the net effect of reducing the number

Plain Server ResourceProvider classes are no longer required to be public classes. This limitation has always been enforced, but did not actually serve any real purpose so it has been removed.

A new interceptor called ServeMediaResourceRawInterceptor has been added. This interceptor causes Media resources to be served as raw content if the client explicitly requests the correct content type cia the Accept header.

#917

A new configuration item has been added to the FhirInstanceValidator that allows you to specify additional "known extension domains", meaning domains in which the validator will not complain about when it encounters new extensions. Thanks to Heinz-Dieter Conradi for the pull request!

Added 3 interfaces for services required by the standalone subscription server. The standalone subscription server doesn't have access to a database and so needs to get its resources using a FhirClient. Thus for each of these interfaces, there are two implementations: a Dao implementaiton and a FhirClient implementation. The interfaces thus introduced are ISubscriptionProvider (used to load subscriptions into the SubscriptionRegistry), the IResourceProvider (used to get the latest version of a resource if the "get latest version" flag is set on the subscription) and ISearchParamProvider used to load custom search parameters.

#1051

FHIR Servers now support the HTTP HEAD method for FHIR read operations. Thanks to GitHub user Cory00 for the pull request!

It is now possible in a plain or JPA server to specify the default return type for create/update operations when no Prefer header has been provided by the client.

It is now possible in a JPA server to specify the _total calculation behaviour if no parameter is supplied by the client. This is done using a new setting on the DaoConfig. This can be used to force a total to always be calculated for searches, including large ones.

AuthorizationInterceptor now rejects transactions with an invalid or unset request using an HTTP 422 response Bundle type instead of silently refusing to authorize them.

AuthorizationInterceptor is now able to authorize DELETE operations performed via a transaction operation. Previously these were always denied.

#1065

OperationDefinitions are now created for named queries in server module. Thanks to Stig Døssing for the pull request!

A new server interceptor has been added called "SearchNarrowingInterceptor". This interceptor can be used to automatically narrow the scope of searches performed by the user to limit them to specific resources or compartments that the user should have access to.

In a DSTU2 server, if search parameters are expressed with chains directly in the parameter name (e.g. @RequiredParam(name="subject.name.family") ) the second part of the chain was lost when the chain was described in the server CapabilityStatement. This has been corrected.

A wrapper script for Maven has been added, enabling new users to use Maven without having to install it beforehand. Thanks to Ari Ruotsalainen for the Pull Request!

AuthorizationInterceptor can now allow a user to perform a search that is scoped to a particular resource (e.g. Patient?_id=123) if the user has read access for that specific instance.

Changed behaviour of FHIR Server to reject subscriptions with invalid criteria. If a Subscription is submitted with invalid criteria, the server returns HTTP 422 "Unprocessable Entity" and the Subscription is not persisted.

HAPI FHIR will now log the Git revision when it first starts up (on the ame line as the version number that it already logs).

Added support for _id in in-memory matcher

Add a "subscription-matching-strategy" meta tag to incoming subscriptions with value of IN_MEMORY or DATABASE indicating whether the subscription can be matched against new resources in-memory or whether a call out to the database may be required. I say "may" because subscription matches fail fast so a negative match may be performed in-memory, but a positive match will require a database call.

#1148

Support for validating enableWhen in Questionnaires has been added to the Validator. Thanks to Eeva Turkka and Matti Uutsitalo for the pull request!

#1117

A badly formatted log message when handing exceptions was cleaned up. Thanks to Magnus Watn for the pull request!

AuthorizationInterceptor now allows the GraphQL operation to be authorized. Note that this is an all-or-nothing grant for now, it is not yet possible to specify individual resource security when using GraphQL.

The JPA stale search deletion service now deletes cached search results in much larger batches (20000 instead of 500) in order to reduce the amount of noise in the logs.

In example-projects/README.md and hapi-fhir-jpaserver-example/README.md, incidate that these examples projects are no longer maintained. The README.md points users to a starter project they should use for examples.

Replaced use of BeanFactory with custom factory classes that Spring @Lookup the @Scope("prototype") beans (e.g. SearchBuilderFactory).

Removed BaseSubscriptionInterceptor and all its subclasses (RestHook, EMail, WebSocket). These are replaced by two new interceptors: SubscriptionActivatingInterceptor that is responsible for activating subscriptions and SubscriptionMatchingInterceptor that is responsible for matching incoming resources against activated subscriptions. Call DaoConfig.addSupportedSubscriptionType(type) to configure which subscription types are supported in your environment. If you are processing subscriptions on a separate server and only want to activate subscriptions on this server, you should set DaoConfig.setSubscriptionMatchingEnabled to false. The helper method SubscriptionInterceptorLoader.registerInterceptors() will check if any subscription types are supported, and if so then load active subscriptions into the SubscriptionRegistry and register the subscription activating interceptor. This method also registers the subscription matching interceptor (that matches incoming resources and sends matches to subscription channels) only if DaoConfig.isSubscriptionMatchingEnabled is true. See https://github.com/jamesagnew/hapi-fhir/wiki/Proposed-Subscription-Design-Change for more details.

Moved e-mail from address configuration from EmailInterceptor (which doesn't exist any more) to DaoConfig.

Separated active subscription cache from the interceptors into a new Spring component called the SubscriptionRegistry. This component maintains a cache of ActiveSubscriptions. An ActiveSubscription contains the subscription, it's delivery channel, and a list of delivery handlers.

Introduced a new Spring factory interface ISubscribableChannelFactory that is used to create delivery channels and handlers. By default, HAPI FHIR ships with a LinkedBlockingQueue implementation of the delivery channel factory. If a different type of channel factory is required (e.g. JMS or Kafka), add it to your application context and mark it as @Primary.

Added support for matching subscriptions in a separate server from the REST Server. To do this, run the SubscriptionActivatingInterceptor on the REST server and the SubscriptionMatchingInterceptor in the standalone server. Classes required to support running a standalone subscription server are in the ca.uhn.fhir.jpa.subscription.module.standalone package. These classes are excluded by default from the JPA ApplicationContext (that package is explicitly filtered out in the BaseConfig.java @ComponentScan).

The ResponseHighlighterInterceptor now declines to handle Binary responses provided as a response from extended operations. In other words if the operation $foo returns a Binary resource, the ResponseHighliterInterceptor will not provide syntax highlighting on the response. This was previously the case for the /Binary endpoint, but not for other binary responses.

A bug in the JPA resource reindexer was fixed: In many cases the reindexer would mark reindexing jobs as deleted before they had actually completed, leading to some resources not actually being reindexed.

An issue was corrected with the JPA reindexer, where String index columns do not always get reindexed if they did not have an identity hash value in the HASH_IDENTITY column.

Under some circumstances, when a custom search parameter was added to the JPA server resources could start reindexing before the new search parameter had been saved, meaning that it was not applied to all resources. This has been corrected.

#980

When using the HL7.org DSTU2 structures, a QuestionnaireResponse with a value of type reference would fail to parse. Thanks to David Gileadi for the pull request!

When running the JPA server on Oracle, certain search queries that return a very large number of _included resources failed with an SQL exception stating that too many parameters were used. Search include logic has been reworked to avoid this.

JPA Subscription deliveries did not always include the accurate versionId if the Subscription module was configured to use an external queuing engine. This has been corrected.

In the JPA server, search/read operations being performed within a transaction bundle did not pass the client request HTTP headers to the sub-request. This meant that AuthorizationInterceptor could not authorize these requests if it was depending on headers being present.

When using a client in DSTU3/R4 mode, if the client attempted to validate the server CapabilityStatement but was not able to parse the response, the client would throw an exception with a misleading error about the Conformance resource not existing. This has been corrected. Thanks to Shayaan Munshi for reporting and providing a test case!

It is now possible to upload a ConceptMap to the JPA server containing mappings where the source or target is a StructureDefinition canonical URI. This was previously blocked, as the system could not apply these mappings. It is now permitted to be stored, although the system will still not apply these mappings.

#1084

In JPA Server REST Hook Subscriptions, any Headers defined in the Subscription resource are now applied to the outgoing HTTP request. Thanks to Volker Schmidt for the pull request!

When fetching a page of search results, if a page offset beyond the total number of available result was requested, a single result was still returned (e.g. requesting a page beginning at index 1000 when there are only 10 results would result in the 10th result being returned). This will now result in an empty response Bundle as would be expected.

The casing of the base64Binary datatype was incorrect in the DSTU3 and R4 model classes. This has been corrected.

When performing a JPA search with a chained :text modifier (e.g. MedicationStatement?medication.code:text=aspirin,tylenol) a series of unneccesary joins were introduced to the generated SQL query, harming performance. This has been fixed.

A serialization error when performing some searches in the JPA server using data parameters has been fixed. Thanks to GitHub user @PickOneFish for reporting!

#1135

An issue with outdated syntax in the Vagrant file that prevent it from being used was corrected. Thanks to Steve Lewis for the pull requst!

#1130

The HAPI FHIR tutorial server project had outdated versions of HAPI FHIR in its pom file. Thanks to Ricardo Estevez for the pull request!

The JPA server $expunge operation could sometimes fail to expunge if another resource linked to a resource that was being expunged. This has been corrected. In addition, the $expunge operation has been refactored to use smaller chunks of work within a single DB transaction. This improves performance and reduces contention when performing large expunge workloads.

#1114

A NullPointerException during validation was fixed. Thanks to GitHub user zilin375 for the pull request!

#944

A NullPointerException has been fixed when using custom resource classes that have a @Block class as a child element. Thanks to Lars Gram Mathiasen for reporting and providing a test case!

1.1.13HAPI FHIR 3.6.0 (Food)

 

Release Information

Released: 2018-11-12

Codename: (Food)

Changes

The version of a few dependencies have been bumped to the latest versions (dependent HAPI modules listed in brackets):

  • Karaf (OSGi): 4.1.4 -> 4.1.6
  • Commons-Compress (JPA): 1.14 -> 1.18
  • Jackson (JPA): 2.9.2 -> 2.9.7

The JPA server SearchCoordinator has been refactored to make searches more efficient: When a search is performed, the SearchCoordinator loads multiple pages of results even if the user has only requested a small number. This is done in order to prevent needing to re-run the search for every page of results that is loaded. In previous versions of HAPI FHIR, when a search was made the SearchCoordinator would prefetch as many results as the user could possibly request across all pages (even if this meant prefetching thousands or millions of resources). As of this version, a new option has been added to DaoConfig that specifies how many resources to prefetch. This can have a significant impact on performance for servers with a large number of resources, where users often only want the first page of results. See DatConfig#setSearchPreFetchThresholds() for configuration of this feature.

When performing a JPA server using a date parameter, if a time is not specified in the query URL, the date range is expanded slightly to include all possible timezones where the date that could apply. This makes the search slightly more inclusive, which errs on the side of caution.

A new setting has been added to the JPA server DaoConfig that causes the server to keep certain searches "warm" in the cache. This means that the search will be performed periodically in the background in order to keep a reasonably fresh copy of the results in the query cache.

The JPA server now automatically supplies several appropriate hibernate performance settings as long as the JPA EntityManagerFactory was created using HAPI FHIR's built-in method for creating it.

Existing JPA projects should consider using super.entityManagerFactory() as shown in the example project if they are not already.

The FhirTerser getValues(...) methods have been overloaded. The terser can now be used to create a null-valued element where none exists. Additionally, the terser can now add a null-valued extension where one or more such extensions already exist. These changes allow better population of FHIR elements provided an arbitrary FHIR path.

The @Operation annotation used to declare operations on the Plain Server now has a wildcard constant which may be used for the operation name. This allows you to create a server that supports operations that are not known to the server when it starts up. This is generally not advisable but can be useful for some circumstances.

When using an @Operation method in the Plain Server, it is now possible to use a parameter annotated with @ResourceParam to receive the Parameters (or other) resource supplied by the client as the request body.

The JPA server version migrator tool now runs in a multithreaded way, allowing it to upgrade th database faster when migration tasks require data updates.

A new setting has been added to the JPA Server DopConfig that controls the behaviour when a client-assigned ID is encountered (i.e. the client performs an HTTP PUT to a resource ID that doesn't already exist on the server). It is now possible to disallow this action, to only allow alphanumeric IDs (the default and only option previously) or allow any IDs including alphanumeric.

#1103

It is now possible to use your own IMessageResolver instance in the narrative generator. Thanks to Ruth Alkema for the pull request!

The REST client now allows for configurable behaviour as to whether a _format parameter should be included in requests.

JPA server R4 SearchParameter custom expression validation is now done using the actual FHIRPath evaluator, meaning it is more rigorous in what it can find.

The module which deletes stale searches has been modified so that it deletes very large searches (searches with 10000+ results in the query cache) in smaller batches, in order to avoid having very long running delete operations occupying database connections for a long time or timing out.

A new operation has been added to the JPA server called $trigger-subscription . This can be used to cause a transaction to redeliver a resource that previously triggered. See this link for a description of how this feature works. Note that you must add the SubscriptionRetriggeringProvider as shown in the sample project.

When operating in R4 mode, the HAPI FHIR server will now populate Bundle.entry.response for history and search results, which is did not previously do.

The JPA database migrator tool has been enhanced so that it now supports migrations from HAPI FHIR 3.3.0 to HAPI FHIR 3.4.0 / 3.5.0+ as well.

A bug in the JPA migration tasks from 3.4.0 to 3.5.0 caused a failure if the HFJ_SEARCH_PARM table did not exist. This table existed in previous versions of HAPI FHIR but was dropped in 3.5.0, meaning that migrations would fail if the database was created using a snapshot version of 3.5.0.

A bug was fixed in the JPA server $expunge operation where a database connection could sometimes be opened and not returned to the pool immediately, leading to pool starvation if the operation was called many times in a row.

When using the testpage overlay to delete a resource, currently a crash can occur if an unqualified ID is placed in the ID text box. This has been corrected.

AuthorizationInterceptor did not allow FHIR batch operations when the transaction() permission is granted. This has been corrected so that transaction() allows both batch and transaction requests to proceed.

The FhirTerser getValues(...) methods were not properly handling modifier extensions for verions of FHIR prior to DSTU3. This has been corrected.

When updating resources in the JPA server, a bug caused index table entries to be refreshed sometimes even though the index value hadn't changed. This issue did not cause incorrect search results but had an effect on write performance. This has been corrected.

Automatic ID generation for contained resources (in cases where the user hasn't manually specified an ID) has been streamlined to generate more predictable IDs in some cases.

A bug in the JPA server was fixed: When a resource was previously deleted, a transaction could not be posted that both restored the deleted resource but also contained references to the now-restored resource.

The $expunge operation could sometimes fail to delete resources if a resource to be deleted had recently been returned in a search result. This has been corrected.

#1071

When restful reponses tried to return multiple instances of the same response header, some instances were discarded. Thanks to Volker Schmidt for the pull request!

An issue in the HAPI FHIR CLI database migrator command has been resolved, where some database drivers did not automatically register and had to be manually added to the classpath.

#1047

A NullPointerException in DateRangeParam when a client URL conrtained a malformed date was corrected. Thanks Heinz-Dieter Conradi for the Pull Request!

When invoking an operation using the fluent client on an instance, the operation would accidentally invoke against the server if the provided ID did not include a type. This has been corrected so that an IllegalArgumentException is now thrown.

When using the HAPI FHIR CLI, user-prompted passwords were not correctly encoded, meaning that the "--basic-auth PROMPT" action was not usable. This has been corrected.

1.1.14HAPI FHIR 3.5.0

 

Release Information

Released: 2018-09-17

Changes

HAPI FHIR now supports JDK 9 and JDK 10, both for building HAPI FHIR as well as for use. JDK 8 remains supported and is the minimum requirement in order to build or use HAPI FHIR.

A new command has been added to the HAPI FHIR CLI tool: "migrate-database". This command performs the schema modifications required when upgrading HAPI FHIR JPA to a new version (previously this was a manual process involving running scripts and reindexing everything).

See the command documentation for more information on how to use this tool. Please post in the HAPI FHIR Google Group if you run into issues, as this is a brand new framework and we still need lots of help with testing.

#1000

LOINC uploader has been updated to support the new LOINC filename scheme introduced in LOINC 2.64. Thanks to Rob Hausam for the pull request!

In the JPA server, it is now possible for a custom search parameter to use the resolve() function in its path to descend into contained resources and index fields within them.

A new IValidationSupport implementation has been added, named CachingValidationSupport. This module wraps another implementation and provides short-term caching. This can have a dramatic performance improvement on servers that are validating or executing FHIRPath repeatedly under load. This module is used by default in the JPA server.

A new method has been added to AuthorizationInterceptor that can be used to create rules allowing FHIR patch operations. See Authorizing Patch Operations for more information.

#1018

A new view has been added to the JPA server, reducing the number of database calls required when reading resources back. This causes an improvement in performance. Thanks to Frank Tao for the pull request!

The version of a few dependencies have been bumped to the latest versions (dependent HAPI modules listed in brackets):

  • Gson (JSON Parser): 2.8.1 -> 2.8.5
  • Spring Framework (JPA): 5.0.3.RELEASE -> 5.0.8.RELEASE
  • Hibernate ORM (JPA): 5.2.16.Final -> 5.3.6.Final
  • Hibernate Search (JPA): 5.7.1.Final -> 5.10.3.Final
  • Jetty (CLI): 9.4.8.v20171121 -> 9.4.12.v20180830
  • Commons-Codec (All): 1.10 -> 1.11
  • Commons-Lang (All): 3.7 -> 3.8
  • Commons-IO (All): 2.5 -> 2.6
  • Spring-Data (JPA): 1.11.6.RELEASE -> 2.0.7.RELEASE

#912

The generic/fluent client now supports the :contains modifier on string search params. Thanks to Clayton Bodendein for the pull request!

The REST Server module now allows more than one Resource Provider (i.e. more than one implementation of IResourceProvider) to be registered to the RestfulServer for the same resource type. Previous versions of HAPI FHIR have always limited support to a single resource provider, but this limitation did not serve any purpose so it has been removed.

The HashMapResourceProvider now supports the type and instance history operations. In addition, the search method for the _id search parameter now has the search parameter marked as "required". This means that additional search methods can be added in subclasses without their intended searches being routed to the searchById method. Also, the resource map now uses a LinkedHashMap, so searches return a predictable order for unit tests.

The generic client history operations (history-instance, history-type, and history-server) now support the _at parameter.

A new mnandatory library depdendency has been added to hapi-fhir-base, meaning that all applications using HAPI FHIR must import ti: commons-text. This library has been added as a few utility methods used by HAPI FHIR that were formerly in the commons-lang3 project have been moved into commons-text. This library has been added as a non-optional dependency in the hapi-fhir-base POM, so Maven/Gradle users should not have to make any changes.

In the plain server, many resource provider method parameters may now use a generic IPrimitiveType<String> or IPrimitiveType<Date> at the parameter type. This is handy if you are trying to write code that works across versions of FHIR.

Several convenience methods have been added to the fluent/generic client interfaces. These methods allow the adding of a sort via a SortSpec object, as well as specifying search parameters via a plain Map of Strings.

A new client interceptor called ThreadLocalCapturingInterceptor has been added. This interceptor works the same way as CapturingInterceptor in that it captures requests and responses for later processing, but it uses a ThreadLocal object to store them in order to facilitate use in multithreaded environments.

A new constructor has been added to the client BasicAuthInterceptor allowing credentials to be specified in the form "username:password" as an alternate to specifying them as two discrete strings.

SimpleBundleProvider has been modified to optionally allow calling code to specify a search UUID, and a field to allow the preferred page size to be configured.

The JPA server search UUID column has been reduced in length from 40 chars to 36, in order to align with the actual length of the generated UUIDs.

Plain servers using paging may now specify an ID/name for individual pages being returned, avoiding the need to respond to arbitrary offset/index requests from the server. In this mode, page links in search result bundles simply include the ID to the next page.

JPA subscription delivery queues no longer store the resource body in the queue (only the ID), which should reduce the memory/disk footprint of the queue when it grows long.

The JPA server now has a configuration item in the DaoConfig to specify which bundle types may be stored as-is on the /Bundle endpoint. By default the following types are allowed: collection, document, message.

When performing a ConceptMap/$translate operation with reverse="true" in the arguments, the equivalency flag is now set on the response just as it is for a non-reverse lookup.

When executing a FHIR transaction in JPA server, if the request bundle contains placeholder IDs references (i.e. "urn:uuid:*" references) that can not be resolved anywhere else in the bundle, a user friendly error is now returned. Previously, a cryptic error containing only the UUID was returned. As a part of this change, transaction processing has now been consolidated into a single codebase for DSTU3 / R4 (and future) versions of FHIR. This should greatly improve maintainability and consistency for transaction processing.

ResponseHighlighterInterceptor now displays the total size of the output and an estimate of the transfer time at the bottom of the response.

#1022

The Prefer header is now honoured for HTTP PATCH requests. Thanks to Alin Leonard for the Pull Request!

The Composition operation $document has been implemented. Thanks to Patrick Werner for the Pull Request!

HAPI FHIR CLI commands that allow Basic Auth credentials or a Bearer Token may now use a value of "PROMPT" to cause the CLI to prompt the user for credentials using an interactive prompt.

The maximum length for codes in the JPA server terminology service have been increased to 500 in order to better accomodate code systems with very long codes.

CapabilityStatements generated by the server module will now include the server base URL in the CapabilityStatement.implementation.url field.

The JPA server now performs a count query instead of a more expensive data query when searches using _summary=count . This means that a total will always be returned in the Bundle (this isn't always guaranteed otherwise, since the Search Controller can result in data being returned before the total number of results is known).

The JPA server SearchCoordinator now prefetches only a smaller and configurable number of results during the initial search request, and more may be requested in subsequent page requests. This change may have a significant improvement on performance: in previous versions of HAPI FHIR, even if the user only wanted the first page of 10 results, many many more might be prefetched, consuming database resources and server time.

#974

Spring-data (used by the JPA server) has been upgraded to version 2.0.7 (from version 1.11.6). Thanks to Roman Doboni for the pull request!

AuthorizationInterceptor now examines requests more closely in order to block requests early that are not possibly going to return allowable results when compartment rules are used. For example, if an AuthorizationInterceptor is configured to allow only read access to compartment Patient/123 , a search for Observation?subject=987 will now be blocked before the method handler is called. Previously the search was performed and the results were examined in order to determine whether they were all in the appropriate compartment, but this incurs a performance cost, and means that this search would successfully return an empty Bundle if no matches were present.

A new setting on AuthorizationInterceptor called setFlags(flags) can be used to maintain the previous behaviour.

JPA server loading logic has been improved to enhance performance when loading a large number of results in a page, or when loading multiple search results with tags. Thanks to Frank Tao for the pull request! This change was introduced as a part of a collaboration between HAPI FHIR and the US National Institiutes for Health (NIH).

#1010

Resource loading logic for the JPA server has been optimized to reduce the number of database round trips required when loading search results where many of the entries have a "forced ID" (an alphanumeric client-assigned resource ID). Thanks to Frank Tao for the pull request! This change was introduced as a part of a collaboration between HAPI FHIR and the US National Institiutes for Health (NIH).

An index in the JPA server on the HFJ_FORCED_ID table was incorrectly not marked as unique. This meant that under heavy load it was possible to create two resources with the same client-assigned ID.

The JPA server $expunge operation deleted components of an individual resource record in separate database transactions, meaning that if an operation failed unexpectedly resources could be left in a weird state. This has been corrected.

#1015

A bug was fixed in the JPA terminology uploader, where it was possible in some cases for some ValueSets and ConceptMaps to not be saved because of a premature short circuit during deferred uploading. Thanks to Joel Schneider for the pull request!

#969

A bug in the HAPI FHIR CLI was fixed, where uploading terminology for R4 could cause an error about the incorrect FHIR version. Thanks to Rob Hausam for the pull request!

A crash was fixed when deleting a ConceptMap resource in the JPA server. This crash was a regression in HAPI FHIR 3.4.0.

A crash in the JPA server when performing a manual reindex of a deleted resource was fixed.

Using the generic/fluent client, it is now possible to invoke the $process-message method using a standard client.operation() call. Previously this caused a strange NullPointerException.

The REST Server now sanitizes URL path components and query parameter names to escape several reserved characters (e.g. " and <) in order to prevent HTML injection attacks via maliciously crafted URLs.

#996

The HAPI FHIR Server has been updated to correctly reflect the current FHIR specification behaviour for the Prefer header. This means that the server will no longer return an OperationOutcome by default, but that one may be requested via a Prefer header, using the newly implemented "Repreentation: OperationOutcome" value. Thanks to Ana Maria Radu for the pul request!

Fixed a bug when creating a custom search parameter in the JPA server: if the SearchParameter resource contained an invalid expression, create/update operations for the given resource would fail with a cryptic error. SearchParameter expressions are now validated upon storage, and the SearchParameter will be rejected if the expression can not be processed.

#965

An issue was fixed in BundleUtil#toListOfEntries, where sometimes a resource could be associated with the wrong entry in the response. Thanks to GitHub user @jbalbien for the pull request!

#1053

A bug was fixed in JPA server searches: When performing a search with a _lastUpdate filter, the filter was applied to any _include values, which it should not have been. Thanks to Deepak Garg for reporting!

A crash was fixed when using the ConceptMap/$translate operation to translate a mapping where the equivalence was not specified.

A bug in the DSTU3 validator was fixed where validation resources such as StructureDefinitions and Questionnaires were cached in a cache that never expired, leading to validations against stale versions of resources.

In the REST server, if an incoming request has the Content-Encoding header, the server will not try to read request parameters from the content stream. This avoids an incompatibility with new versions of Jetty.

#1050

Custom profile names when not matching standard FHIR profile names, are now handled properly by the validator. Thanks to Anthony Sute for the Pull Request!

A crash in the validator was fixed: Validating a Bundle that did not have Bundle.fullUrl populated could cause a NullPointerException.

The experimental "dynamic mode" for search parameter registration has been removed. This mode was never published or documented and was labelled as experimental, so I am hoping it was never depended on by anyone. Please post on the HAPI FHIR mailing list if this change affects you.

1.1.15HAPI FHIR 3.4.0

 

Release Information

Released: 2018-05-28

Changes

The version of a few dependencies have been bumped to the latest versions (dependent HAPI modules listed in brackets):

  • Commons-Lang3 (All): 3.6 -> 3.7
  • Hibernate (JPA): 5.2.12.Final -> 5.2.16.Final
  • Javassist (JPA): 3.20.0-GA -> 3.22.0-GA

Several enhancements have been made to the JPA server index tables. These enhancements consist of new colums that will be used in a future version of HAPI FHIR to significantly decrease the amount of space required for indexes on token and string index types.

These new columns are not yet used in HAPI FHIR 3.4.0 but will be enabled in HAPI FHIR 3.5.0. Anyone upgrading to HAPI FHIR 3.4.0 (or above) is recommended to invoke the following SQL statement on their database in order to reindex all data in a background job:
update HFJ_RESOURCE set SP_INDEX_STATUS = null;
Note that if you do this reindex now, you will not have any downtime while you upgrade to HAPI FHIR 3.5.0. If you need to perform the reindex at the time that you upgrade to HAPI FHIR 3.5.0 some indexes may not be available.
In addition, the following schema changes should be made while upgrading:
update table TRM_CODESYSTEM_VER drop column RES_VERSION_ID;
alter table TRM_CODESYSTEM_VER drop constraint IDX_CSV_RESOURCEPID_AND_VER

A new operation has been added to the JPA server called "$expunge". This operation can be used to physically delete old versions of resources, logically deleted resources, or even all resources in the database.

An experimental new feature has been added to AuthorizationInterceptor which allows user-supplied checkers to add additional checking logic to determine whether a particular rule applies. This could be used for example to restrict an auth rule to particular source IPs, or to only allow operations with specific parameter values.

A new qualifier has been added to the AuthorizationInterceptor RuleBuilder that allows a rule on an operation to match atAnyLevel() , meaning that the rule applies to the operation by name whether it is at the server, type, or instance level.

Calling IdType#withVersion(String) with a null/blank parameter will now return a copy of the ID with the version removed. Previously this call would deliberately cause an IllegalArgumentException.

The JPA server CapabilityStatement generator has been tuned so that resource counts are no longer calculated synchronously as a part of building the CapabilityStatement response. With this change, counts are calculated in the background and cached which can yield significant performance improvements on hevaily loaded servers.

#903

Fix a bug in the DSTU2 QuestionnaireResponseValidator which prevented validation on groups with only one question. Thanks David Gileadi for the pull request!

#709

The ConceptMap operation $translate has been implemented.

R4 structures have been updated to the latest definitions (SVN 13732)

#927

HAPI-FHIR_CLI now includes two new commands: one for importing and populating a ConceptMap resource from a CSV; and one for exporting a ConceptMap resource to a CSV.

Operation methods on a plain server may now use parameters of type String (i.e. plain Java strings), and any FHIR primitive datatype will be automatically coerced into a String.

The HAPI FHIR CLI now supports importing an IGPack file as an import to the validation process.

When two threads attempt to update the same resource at the same time, previously an unspecified error was thrown by the JPA server. An HTTP 409 (Conflict) with an informative error message is now thrown.

StructureDefinitions for the FHIR standard extensions have been added to the hapi-fhir-validation-resources-XXXX modules. Thanks to Patrick Werner for the pull request! These have also been added to the list of definitions uploaded by the CLI "upload-definitions" command.

#926

The HAPI FHIR CLI is now available for installation on OSX using the (really excellent) Homebrew package manager thanks to an effort by John Grimes to get it added. Thanks John!

#953

When the REST Server experiences an expected error (such as a NullPointerException) in a resource provider class, a simple message of "Failed to call access method" is returned to the user. This has been enhanced to also include the message from the underlying exception.

#857

DateRangeParameter was enhanced to support convenient method chanining, and the parameter validation was improved to only change state after validating that parameters were valid. Thanks to Gaetano Gallo for the pull request!

#875

An issue in the narrative generator template for the CodeableConcept datatype was corrected. Thanks to @RuthAlk for the pull request!

The JPA server automatic reindexing process has been tweaked so that it no longer runs once per minute (this was a heavy strain on large databases) but will instead run once an hour unless triggered for some reason. In addition, the number of threads allocated to reindexing may now be adjusted via a setting in the DaoConfig.

#880

Several tests were added to ensure accurate validation of QuestionnaireResponse resources. Thanks to Heinz-Dieter Conradi for the pull request!

#886

A NullPointerException when validating some QuestionnaireResponse reousrces was fixed in the validator. Thanks to Heinz-Dieter Conradi for the pull request!

#892

QuestionnaireResponse answers of type "text" may now be validated by the FhirInstanceValidator. Thanks to Heinz-Dieter Conradi for the pull request!

The DSTU2 validator has been refactored to use the same codebase as the DSTU3/R4 validator (which were harmonized in HAPI FHIR 3.3.0). This means that we now have a single codebase for all validators, which improves maintainability and brings a number of improvements to the accuracy of DSTU2 resource validation.

The REST Generic Client now supports invoking an operation on a specific version of a resource instance.

When updating resources on the JPA server, tags did not always consistently follow FHIR's recommended rules for tag retention. According to FHIR's rules, if a tag is not explicitly present on an update but was present on the previous version, it should be carried forward anyhow. Due to a bug, this happened when more than one tag was present but not when only one was present. This has been corrected. In addition, a new request header called X-Meta-Snapshot-Mode has been added that can be used by the client to override this behaviour.

The JPA server's resource counts query has been optimized to give the database a bit more flexibility to optimize, which should increase performance for this query.

Fix a significant performance regression in 3.3.0 when validating DSTU3 content using the InstanceValidator. From 3.3.0 onward, StructureDefinitions are converted to FHIR R4 content on the fly in order to reduct duplication in the codebase. These conversions happened upon every validation however, instead of only happening once which adversely affected performance. A cache has been added.

A bug in the JPA server's DSTU2 transaction processing routine caused it to occasionally consume two database connections, which could lead to deadlocks under heavy load. This has been fixed.

AuthorizationInterceptor sometimes incorrectly identified an operation invocation at the type level as being at the instance level if the method indicated that the IdParam parameter was optional. This has been fixed.

A workaround for an invalid search parameter path in the R4 consent resource has been implemented. This path was preventing some Consent resources from successfully being uploaded to the JPA server. Thanks to Anthony Sute for identifying this.

#937

A hard-to-understand validation message was fixed in the validator when validating against profiles that declare some elements as mustSupport but have others used but not declared as mustSupport. Thanks to Patrick Werner for the PR!

#846

When calling a getter on a DSTU3/R4 structure for a choice type (e.g. Observation#getValueString()), a NullPointerException was thrown if there was no value in this field, and the NPE had no useful error message. Now this method call will simply return null. method

#836

A bug in the plain server was fixed that prevented some includes from correctly causing their targets to be included in the response bundle. Thanks to GitHub user @RuthAlk for the pull request!

#867

The HumanName DSTU3+ datatype had convenience methods for testing whether the name has a specific given name or not, but these methods did not work. Thanks to Jason Owen for reporting and providing a test case!

#874

An issue was corrected in the validator where Questionnaire references that used contained resources caused an unexpected crash. Thanks to Heinz-Dieter Conradi for the pull request!

AuthorizationInterceptor did not correctly grant access to resources by compartment when the reference on the target resource that pointed to the compartment owner was defined using a resource object (ResourceReference#setResource) instead of a reference (ResourceReference#setReference).

When performing a FHIR resource update in the JPA server where the update happens within a transaction, and the resource being updated contains placeholder IDs, and the resource has not actually changed, a new version was created even though there was not actually any change. This particular combination of circumstances seems very specific and improbable, but it is quite common for some types of solutions (e.g. mapping HL7v2 data) so this fix can prevent significant wasted space in some cases.

The REST server has been modified so that the Location header is no longer returned by the server on read or update responses. This header was returned in the past, but this header is actually inappropriate for any response that is not a create operation. The Content-Location will still be returned, and will hold the same contents.

The Postgres sample JPA project was fixed to use the current version of HAPI FHIR (it was previously stuck on 2.2). Thanks to Kai Liu for the pull request!

JPA server index tables did not have a column length specified on the resource type column. This caused the default of 255 to be used, which wasted a lot of space since resource names are all less than 30 chars long and a single resource can have 10-100+ index rows depending on configuration. This has now been set to a much more sensible 30.

The LOINC uploader for the JPA Terminology Server has been significantly beefed up so that it now takes in the full set of LOINC distribution artifacts, and creates not only the LOINC CodeSystem but a complete set of concept properties, a number of LOINC ValueSets, and a number of LOINC ConceptMaps. This work was sponsored by the Regenstrief Institute. Thanks to Regenstrief for their support!

When encoding a resource that had contained resources with user-supplied local IDs (e.g. resource.setId("#1")) as well as contained resources with no IDs (meaning HAPI should automatically assign a local ID for these resources) it was possible for HAPI to generate a local ID that already existed, making the resulting serialization invalid. This has been corrected.

1.1.16HAPI FHIR 3.3.0

 

Release Information

Released: 2018-03-29

Changes

This release corrects an inefficiency in the JPA Server, but requires a schema change in order to update. Prior to this version of HAPI FHIR, a CLOB column containing the complete resource body was stored in two tables: HFJ_RESOURCE and HFJ_RES_VER. Because the same content was stored in two places, the database consumed more space than is needed to.

In order to reduce this duplication, the RES_TEXT and RES_ENCODING columns have been dropped from the HFJ_RESOURCE table, and the RES_TEXT and RES_ENCODING columns have been made NULLABLE on the HFJ_RES_VER table.

The following migration script may be used to apply these changes to your database. Naturally you should back your database up prior to making this change.
ALTER TABLE hfj_resource DROP COLUMN res_text;
ALTER TABLE hfj_resource DROP COLUMN res_encoding;
ALTER TABLE hfj_res_ver ALTER COLUMN res_encoding DROP NOT NULL;
ALTER TABLE hfj_res_ver ALTER COLUMN res_text DROP NOT NULL;

An experimental interceptor called VersionedApiConverterInterceptor has been added, which automaticaly converts response payloads to a client-specified version according to transforms built into FHIR.

ResponseHighlightingInterceptor now properly parses _format parameters that include additional content (e.g. _format=html/json;fhirVersion=1.0 )

Stale search deleting routine on JPA server has been adjusted to delete one search per transaction instead of batching 1000 searches per transaction. This should make the deletion logic more tolerant of deleting very large search result sets.

Avoid refreshing the search parameter cache from an incoming client request thread, which caused unneccesary delays for clients.

The version of a few dependencies have been bumped to the latest versions (dependent HAPI modules listed in brackets):

  • Hibernate (JPA): 5.2.10.Final -> 5.2.12.Final
  • Spring (JPA): 5.0.0 -> 5.0.3
  • Thymeleaf (Web Tespage Overlay): 3.0.7.RELEASE -> 3.0.9.RELEASE

#854

JPA server now performs temporary/placeholder ID substitution processing on elements in resources which are of type "URI" in addition to the current substitution for elements of type "Reference". Thanks to GitHub user @t4deon for supplying a testcase!

A new IResourceProvider implementation called HashMapResourceProvider has been added. This is a complete resource provider implementation that uses a HashMap as a backing store. This class is probably of limited use in real production systems, but it cam be useful for tests or for static servers with small amounts of data.

#868

DateParam class now has equals() and hashCode() implementations. Thanks to Gaetano Gallo for the pull request!

The client LoggingInterceptor now includes the number of milliseconds spent performing each call that is logged.

#871

A number of HAPI FHIR modules have been converted so that they now work as OSGi modules. Unlike the previous OSGi module, which was a mega-JAR with all of HAPI FHIR in it, this is simply the appropriate OSGi manifest inside the existing JARs. Thanks to John Poth for the Pull Request!

Note that this does not cover all modules in the project. Current support includes:

  • HAPI-FHIR structures DSTU2, HL7ORGDSTU2, DSTU2.1, DSTU3, R4
  • HAPI-FHIR Resource validation DSTU2, HL7ORGDSTU2, DSTU2.1, DSTU3, R4
  • Apache Karaf features for all the above
  • Integration Tests
Remaining work includes:
  • HAPI-FHIR Server support
  • HAPI-FHIR narrative support. This might be tricky as Thymeleaf doesn't support OSGi.

#786

ReferenceParam has been enhanced to properly return the resource type to user code in a server via the ReferenceType#getResourceType() method if the client has specified a reference parameter with a resource type. Thanks to @CarthageKing for the pull request!

#776

An entry has been added to ResourceMetadataKeyEnum which allows extensions to be placed in the resource metadata section in DSTU2 resource (this is possible already in DSTU3+ resources as Meta is a normal model type, but the older structures worked a bit differently. Thanks to GitHub user sjanic for the contribution!

#791

An example project has een contributed which shows how to use the CQL framework in a server with HAPI FHIR JPA. Thanks to Chris Schuler for the pull request!

#798

A new module has been contributed called hapi-fhir-jpaserver-elasticsearch which adds support for Elasticsearch instead of raw Lucene for fulltext indexing. Testing help on this would be appreciated! Thanks to Jiajing Liang for the pull request!

#812

REST HOOK subscriptions in the JPA server now support having an empty/missing Subscription.channel.payload value, which is supported according to the FHIR specification. Thanks to Jeff Chung for the pull request!

#817

A new example project has been added called hapi-fhir-jpaserver-dynamic, which uses application/environment properties to configure which version of FHIR the server supports and other configuration. Thanks to Anoush Mouradian for the pull request!

#581

A new example project showing the use of JAX-RS Server Side Events has been added. Thanks to Jens Kristian Villadsen for the pull request!

#819

Support has been added to the JPA server for the :not modifier. Thanks to Łukasz Dywicki for the pull request!

#877

Suport for the :contains string search parameter modifier has been added to the JPA server. Thanks to Anthony Sute for the pull request!

A new method overload has been added to IServerInterceptor: outgoingResponse(RequestDetails, ResponseDetails, HttpServletRequest, HttpServletResponse) . This new method allows an interceptor to completely replace the resource being returned with a different resource instance, or to modify the HTTP Status Code being returned. All other "outgoingResponse" methods have been deprecated and are recommended to be migrated to the new method. This new method (with its RequestDetails and ResponseDetails parameters) should be flexible enough to accommodate future needs which means that this should be the last time we have to change it.

The validation module has been refactored to use the R4 (currently maintained) validator even for DSTU3 validation. This is done by using an automatic converter which converts StructureDefinition/ValueSet/CodeSystem resources which are used as inputs to the validator. This change should fix a number of known issues with the validator, as they have been fixed in R4 but not in DSTU3. This also makes our validator much more maintainable since it is now one codebase.

#822

Searches which were embedded in a Bundle as a transaction or batch operation did not respect any chained method parameters (e.g. MedicationRequest?medication.code=123). Thanks to @manjusampath for reporting!

A few fixes went into the build which should now allow HAPI FHIR to build correctly on JDK 9.0. Currently building is supported on JDK 8.x and 9.x only.

#837

Client requests with an Accept header value of application/json will now be served with the non-legacy content type of application/fhir+json instead of the legacy application/json+fhir . Thanks to John Grimes for reporting!

Fixed a regression in server where a count parameter in the form @Count IntegerType theCount caused an exception if the client made a request with no count parameter included. Thanks to Viviana Sanz for reporting!

A bug in the JPA server was fixed where a Subscription incorrectly created without a status or with invalid criteria would cause a crash during startup.

An occasional crash in the JPA was fixed when using unique search parameters and updating a resource to no longer match one of these search parameters.

Avoid an endless loop of reindexing in JPA if a SearchParameter is created which indexed the SearchParameter resource itself

Deleting a resource from the testpage overlay resulted in an error page after clicking "delete", even though the delete succeeded.

#863

JPA server now correctly indexes custom search parameters which have multiple base resource types. Previously, the indexing could cause resources of the wrong type to be returned in a search if a parameter being used also matched that type. Thanks to Dave Carlson for reporting!

#872

An issue in the JPA server was corrected where searching using URI search parameters would sometimes not include the resource type in the criteria. This meant, for example, that a search for ValueSet?url=http://foo would also match any CodeSystem resource that happened to also have that URL as the value for the "url" search parameter. Thanks to Josh Mandel for reporting and supplying a test case!

#814

Fix a bug where under certain circumstances, duplicate contained resources could be output by the parser's encode methods. Thanks to Frank Tao for supplying a test case!

#800

JAX-RS server now supports R4 and DSTU2_1 FHIR versions, which were previously missing. Thanks to Clayton Bodendein for the pull request!

#806

AuthorizationInterceptor did not correctly handle authorization against against a compartment where the compartment owner was specified as a list of IDs. Thanks to Jiajing Liang for the pull request!

JPA Server Operation Interceptor create/update methods will now no longer be fired if the create/update operation being performed is a no-op (e.g. a conditional create that did not need to perform any action, or an update where the contents didn't actually change)

#879

JPA server sometimes updated resources even though the client supplied an update with no actual changes in it, due to changes in the metadata section being considered content changes. Thanks to Kyle Meadows for the pull request!

Fix a crash in the JSON parser when parsing extensions on repeatable elements (e.g. Patient.address.line) where there is an extension on the first repetition but not on subsequent repetitions of the repeatable primitive. Thanks to Igor Sirkovich for providing a test case!

All instances of DefaultProfileValidationSupport (i.e. one for each version of FHIR) have been fixed so that they explicitly close any InputStreams they open in order to read the built-in profile resources. Leaving these open caused resource starvation in some cases under heavy load.

#832

Fix an issue where the JPA server crashed while attempting to normalize string values containing Korean text. Thanks to GitHub user @JoonggeonLee for reporting!

An issue was solved where it was possible for server interceptors to have both processingCompletedNormally and handleException called if the stream.close() method threw an exception. Thanks to Carlos Eduardo Lara Augusto for investigating!

#838

The HAPI-FHIR-CLI now explicitly includes JAXB dependencies in its combined JAR file. These were not neccesary prior to Java 9, but the JDK (mercifully) does not include JAXB in the default classpath as of Java 9. This means that it is possible to perform Schematron validation on Java 9. Thanks to John Grimes for reporting and suggesting a fix!

A number of info level log lines have been reduced to debug level in the JPA server, in order to reduce contention during heavy loads and reduce the amount of noise in log files overall. A typical server should now see far less logging coming from HAPI, at least at the INFO level.

#864

An unneccesary reference to the Javassist library has been removed from the build. Thanks to Łukasz Dywicki for the pull request!

#831

The @TagListParam annotation has been removed. This annotation had no use after DSTU1 but never got deleted and was misleading. Thanks to Angelo Kastroulis for reporting!

1.1.17HAPI FHIR 3.2.0

 

Release Information

Released: 2018-01-13

Changes

Support for custom search parameters has been backported in the JPA server from DSTU3 back to DSTU2. As of this release of HAPI, full support for custom search parameters exists in all supported versions of FHIR.

A new set of methods have been added to IServerOperationInterceptor called resourcePreCreate , resourcePreUpdate , and resourcePreDelete . These methods are called within the database transaction (just as the existing methods were) but are invoked prior to the contents being saved to the database. This can be useful in order to allow interceptors to change payload contents being saved.

The HAPI FHIR Server framework now has initial support for multitenancy. At this time the support is limited to the server framework (not the client, JPA, or JAX-RS frameworks). See Server Documentation for more information.

A new method has been added to RequestDetails called setRequestContents() which can be used by interceptors to modify the request body before it is parsed by the server.

A new configuration option has been added to DaoConfig which allows newly created resources to be assigned a UUID by the server instead of a sequential ID

#810

Fix an issue in JPA server where updating a resource sometimes caused date search indexes to be incorrectly deleted. Thanks to Kyle Meadows for the pull request!

#808

Servers did not return an ETag if the version was provided on a DSTU3/R4 structure in the getMeta() version field instead of in the getIdElement() ID. Thanks to GitHub user @Chrisjobling for reporting!

A bug was fixed in the JPA server when performing a validate operation with a mode of DELETE on a server with referential integrity disabled, the validate operation would delete resource reference indexes as though the delete was actually happening, which negatively affected searching for the resource being validated.

Fix a crash in JPA server when performing a recursive _include which doesn't actually find any matches.

#796

When encoding URL parameter values, HAPI FHIR would incorrectly escape a space (" ") as a plus ("+") insetad of as "%20" as required by RFC 3986. This affects client calls, as well as URLs generated by the server (e.g. REST HOOK calls). Thanks to James Daily for reporting!

Searching in JPA server using a combination of _content and _id parameters failed. Thanks to Jeff Weyer for reporting!

An unneccesary column called "MYHASHCODE" was added to the HFJ_TAG_DEF table in the JPA server schema

A few log entries emitted by the JPA server suring every search have been reduced from INFO to DEBUG in order to reduce log noise

A few redundant and no longer useful methods have been marked as deprecated in IServerInterceptor . If you have implemented custom interceptors you are recommended to migrate to the recommended methods.

1.1.18HAPI FHIR 3.1.0

 

Release Information

Released: 2017-11-23

Changes

The version of a few dependencies have been bumped to the latest versions (dependent HAPI modules listed in brackets):

  • Spring (JPA): 4.3.10 -> 5.0.0
  • Jackson (JPA): 2.8.1 -> 2.9.2

In Apache client, remove a log message at WARN level when the response does not specify a charset. This log line often showed up any time a server was not supplying a response, making client logs quite noisy

A new configuration item has been added to the JPA server DaoConfig called getCountSearchResultsUpTo() . This setting governs how many search results the search coordinator should try to find before returning an initial search response to the user, which has an effect on whether the Bundle.total field is always populated in search responses. This has now been set to 20000 on out public server (fhirtest.uhn.ca) so most search results should now include a total.

The DSTU2 XhtmlDt type has been modified so that it no longer uses the StAX XMLEvent type as its internal model, and instead simply uses a String. New methods called "parse" and "encode" have been added to HAPI FHIR's XmlUtil class, which can be used to convert between a String and an XML representation. This should allow HAPI FHIR to run in environments where StAX is not available, such as Android phones.

#761

Restored the org.hl7.fhir.r4.model.codesystem.* classes (which are Java Enums for the various FHIR codesystems). These were accidentally removed in HAPI FHIR 3.0.0. Thanks to GitHub user @CarthageKing for reporting!

#711

Client logic for checking the version of the connected server to ensure it is for the correct version of FHIR now includes a check for R4 servers. Thanks to Clayton Bodendein for the pull request, including a number of great tests!

#714

JAX-RS client framework now supports the ability to register your own JAX-RS Component Classes against the client, as well as better documentation about thread safety. Thanks to Sébastien Rivière for the pull request!

A performance to the JPA server has been made which reduces the number of writes to index tables when updating a resource with contents that only make minor changes to the resource content. In many cases this can noticeably improve update performance.

Add Prefer and Cache-Control to the list of headers which are declared as being acceptable for CORS requests in CorsInterceptor, CLI, and JPA Example. Thanks to Patrick Werner for the pull request!

Bundle resources did not have their version encoded when serializing in FHIR resource (XML/JSON) format.

The Binary resource endpoint now supports the X-Security-Context header when reading or writing Binary contents using their native Content-Type (i.e exchanging the raw binary with the server, as opposed to exchanging a FHIR resource).

#743

Add support for Spring Boot for initializing a number of parts of the library, as well as several examples. See the Spring Boot samples for examples of how this works. Thanks to Mathieu Ouellet for the contribution!

#747

JPA server now has lucene index support moved to separate classes from the entity classes in order to facilitate support for ElasticSearch. Thanks to Jiang Liang for the pull request! Note that any existing JPA projects will need to add an additional property in their Spring config called hibernate.search.model_mapping. See this line in the example project.

#755

A new client interceptor has been added called AdditionalRequestHeadersInterceptor, which allows a developer to add additional custom headers to a client requests. Thanks to Clayton Bodendein for the pull request!

#767

JAX-RS server module was not able to generate server CapabilityStatement for some versions of FHIR (DSTU2_HL7ORG, DSTU2_1, or R4). Thanks to Clayton Bodendein for the Pull Request!

#769

When a server method throws a DataFormatException, the error will now be converted into an HTTP 400 instead of an HTTP 500 when returned to the client (and a stack trace will now be returned to the client for JAX-RS server if configured to do so). Thanks to Clayton Bodendein for the pull request!

#762

Prevent a crash in AuthorizationInterceptor when processing transactions if the interceptor has rules declared which allow resources to be read/written by "any ID of a given type". Thanks to GitHub user @dconlan for the pull request!

JPA server now supports the use of the Cache-Control header in order to allow the client to selectively disable the search result cache. This directive can also be used to disable result paging and return results faster when only a small number of results is needed. See the JPA Page for more information.

JPA Server search/history results now set the ID of the returned Bundle to the ID of the search, meaning that if a search returns results from the Query cache, it will reuse the ID of the previously returned Bundle

The JPA server transaction operation (DSTU3/R4) did not correctly process the If-Match header when passed in via Bundle.entry.request.ifMatch value

The Android client module has been restored to working order, and no longer requires a special classifier or an XML parser to be present in order to work. This means that the hapi-fhir-android library is much less likely to cause conflicts with other libraries imported into an Android application via Gradle.

See the HAPI FHIR Android Documentation for more information. As a part of this fix, all dependencies on the StAX API have been removed in environments where StAX is not present (such as Android). The client will now detect this case, and explicitly request JSON payloads from servers, meaning that Android clients no longer need to include two parser stacks

Remove a bunch of exceptions in the org.hl7.fhir.exception package from the hapi-fhir-base module, as they were also duplicated in the hapi-fhir-utilities module.

The resource Profile Validator has been enhanced to not try to validate bound fields where the binding strength is "example", and a crash was resolved when validating QuestionnaireResponse answers with a type of "choice" where the choice was bound to a ValueSet.

Remove the fake "Test" resource from DSTU2 structures. This was not a real resource type, and caused conflicts with the .NET client. Thanks to Vlad Ignatov for reporting!

#720

Parsing a DSTU3/R4 custom structure which contained a field of a custom type caused a crash during parsing. Thanks to GitHub user @mosaic-hgw for reporting!

#717

Processing of the If-Modified-Since header on FHIR read operations was reversed, returning a 304 when the resource had been modified recently. Thanks to Michael Lawley for the pull request!

#725

DSTU2-hl7org and DSTU2.1 structures did not copy resource IDs when invoking copyValues(). Thanks to Clayton Bodendein for the pull request!

#734

When encoding a Binary resource, the Binary.securityContext field was not encoded correctly. Thanks to Malcolm McRoberts for the pull request with fix and test case!

When paging through multiple pages of search results, if the client had requested a subset of resources to be returned using the _elements parameter, the elements list was lost after the first page of results. In addition, elements will not remove elements from search/history Bundles (i.e. elements from the Bundle itself, as opposed to elements in the entry resources) unless the Bundle elements are explicitly listed, e.g. _include=Bundle.total . Thanks to @parisni for reporting!

In FHIR DSTU3 the ValueSet/$expand?identifier=foo and ValueSet/$validate-code?identifier=foo parameters were changed to ValueSet/$expand?url=foo and ValueSet/$validate-code?url=foo respectively, but the JPA server had not caught up. The JPA DSTU3 server has been adjusted to accept either "identifier" or "url" (with "url" taking precedence), and the JPA R4 server has been changed to only accept "url". Thanks to Avinash Shanbhag for reporting!

An issue was fixed in JPA server where extensions on primitives which are nestedt several layers deep are lost when resources are retrieved

#756

Conditional deletes in JPA server were incorrectly denied by AuthorizationInterceptor if the delete was permitted via a compartment rule. Thanks to Alvin Leonard for the pull request!

#770

JAX-RS server conformance provider in the example module passed in the server description, server name, and server version in the incorrect order. Thanks to Clayton Bodendein for the pull request!

#774

The learn more links on the website home page had broken links. Thanks to James Daily for the pull request to fix this!

#744

Fix an error in JPA server when using Derby Database, where search queries with a search URL longer than 255 characters caused a mysterious failure. Thanks to Chris Schuler and Bryn Rhodes for all of their help in reproducing this issue.

In certain cases in the JPA server, if multiple threads all attempted to update the same resource simultaneously, the optimistic lock failure caused a "gap" in the history numbers to occur. This would then cause a mysterious failure when trying to update this resource further. This has been resolved.

Fix a NullPointerException when validating a Bundle (in DSTU3/R4) with no Bundle.type value

1.1.19HAPI FHIR 3.0.0

 

Release Information

Released: 2017-09-27

Changes

Support for FHIR R4 (current working draft) has been added (in a new module called hapi-fhir-structures-r4 ) and support for FHIR DSTU1 ( hapi-fhir-structures-dstu ) has been removed . Removing support for the legacy DSTU1 FHIR version was a difficult decision, but it allows us the opportunitity to clean up the codebase quite a bit, and remove some confusing legacy parts of the API (such as the legacy Atom Bundle class).

A new redesigned table of HAPI FHIR versions to FHIR version support has been added to the Download Page

HAPI FHIR's modules have been restructured for more consistency and less coupling between unrelated parts of the API.

A new complete list of HAPI FHIR modules has been added to the Download Page. Key changes include:

  • HAPI FHIR's client codebase has been moved out of hapi-fhir-base and in to a new module called hapi-fhir-client. Client users now need to explicitly add this JAR to their project (and non-client users now no longer need to depend on it)
  • HAPI FHIR's server codebase has been moved out of hapi-fhir-base and in to a new module called hapi-fhir-server. Server users now need to explicitly add this JAR to their project (and non-server users now no longer need to depend on it)
  • As a result of the client and server changes above, we no longer need to produce a special Android JAR which contains the client, server (which added space but was not used) and structures. There is now a normal module called hapi-fhir-android which is added to your Android Gradle file along with whatever structures JARs you wish to add. See the Android Integration Test to see a sample project using HAPI FHIR 3.0.0. Note that this has been reported to work by some people but others are having issues with it! In order to avoid delaying this release any further we are releasing now despite these issues. If you are an Android guru and want to help iron things out please get in touch. If not, it might be a good idea to stay on HAPI FHIR 2.5 until the next point release of the 3.x series.
  • A new JAR containing FHIR utilities called hapi-fhir-utilities has been added. This JAR reflects the ongoing harmonization between HAPI FHIR and the FHIR RI codebases and is generally required in order to use HAPI at this point (if you are using a dependency manager such as Maven or Gradle it will be brought in to your project automatically as a dependency)

IServerOperationInterceptor now has a new method resourceUpdated(RequestDetails, IBaseResource, IBaseResource) which replaces the previous resourceUpdated(RequestDetails, IBaseResource) . This allows interceptors to be notified of resource updates, but also see what the resource looked like before the update. This change was made to support the change above, but seems like a useful feature all around.

JPA server transaction processing now honours the Prefer header and includes created and updated resource bodies in the response bundle if it is set appropriately.

Optimize queries in JPA server remove a few redundant select columns when performing searches. This provides a slight speed increase in some cases.

Add configuration to JPA server DaoConfig that allows a maximum number of search results to be specified. Queries will never return more than this number, which can be good for avoiding accidental performance problems in situations where large queries should not be needed

In order to allow the reoganizations and decoupling above to happen, a number of important classes and interfaces have been moved to new packages. A sample list of these changes is listed below. When upgrading to 3.0.0 your project may well show a number of compile errors related to missing classes. In most cases this can be resolved by simply removing the HAPI imports from your classes and asking your IDE to "Organize Imports" once again. This is an annoying change we do realize, but it is neccesary in order to allow the project to continue to grow.

  • IGenericClient moved from package ca.uhn.fhir.rest.client to package ca.uhn.fhir.rest.client.api
  • IRestfulClient moved from package ca.uhn.fhir.rest.client to package ca.uhn.fhir.rest.client.api
  • AddProfileTagEnum moved from package ca.uhn.fhir.rest.server to package ca.uhn.fhir.context.api
  • IVersionSpecificBundleFactory moved from package ca.uhn.fhir.rest.server to package ca.uhn.fhir.context.api
  • BundleInclusionRule moved from package ca.uhn.fhir.rest.server to package ca.uhn.fhir.context.api
  • RestSearchParameterTypeEnum moved from package ca.uhn.fhir.rest.server to package ca.uhn.fhir.rest.api
  • EncodingEnum moved from package ca.uhn.fhir.rest.server to package ca.uhn.fhir.rest.api
  • Constants moved from package ca.uhn.fhir.rest.server to package ca.uhn.fhir.rest.api
  • IClientInterceptor moved from package ca.uhn.fhir.rest.client to package ca.uhn.fhir.rest.client.api
  • ITestingUiClientFactory moved from package ca.uhn.fhir.util to package ca.uhn.fhir.rest.server.util

JPA search now uses hibernate ScrollableResults instead of plain JPA List. This should improve performance over large search results.

JPA servers with no paging provider configured, or with a paging provider other than DatabaseBackedPagingProvider will load all results in a single pass and keep them in memory. Using this setup is not a good idea unless you know for sure that you will never have very large queries since it means that all results will be loaded into memory, but there are valid reasons to need this and it will perform better than paging to the database in that case. This fix also resolves a NullPointerException when performing an $everything search. Thanks to Kamal Othman for reporting!

Add an optional and configurable hard limit on the total number of meta items (tags, profiles, and security labels) on an individual resource. The default is 1000.

When executing a search (HTTP GET) as a nested operation in in a transaction or batch operation, the search now returns a normal page of results with a link to the next page, like any other search would. Previously the search would return a small number of results with no paging performed, so this change brings transaction and batch processing in line with other types of search.

JPA server no longer returns an OperationOutcome resource as the first resource in the Bundle for a response to a batch operation. This behaviour was previously present, but was not specified in the FHIR specification so it caused confusion and was inconsistent with behaviour in other servers.

Because the Atom-based DSTU1 Bundle class has been removed from the library, users of the HAPI FHIR client must now always include a Bundle return type in search calls. For example, the following call would have worked previously:
Bundle bundle = client.search().forResource(Patient.class)
.where(new TokenClientParam("gender").exactly().code("unknown"))
.prettyPrint()
.execute();

This now needs an explicit returnBundle statement, as follows:
Bundle bundle = client.search().forResource(Patient.class)
.where(new TokenClientParam("gender").exactly().code("unknown"))
.prettyPrint()
.returnBundle(Bundle.class)
.execute();

JpaConformanceProvider now has a configuration setting to enable and disable adding resource counts to the server metadata.

#651

Enhancement to ResponseHighlighterInterceptor where links in the resource body are now converted to actual clickable hyperlinks. Thanks to Eugene Lubarsky for the pull request!

BanUnsupportedHttpMethodsInterceptor has been modified so that it now allows HTTP PATCH to proceed.

#651

Enhancement to ResponseHighlighterInterceptor so that it now can be configured to display the request headers and response headers, and individual lines may be highlighted.

The version of a few dependencies have been bumped to the latest versions (dependent HAPI modules listed in brackets):

  • Gson (JSON Parser): 2.8.0 -> 2.8.1
  • Commons-lang3 (Everywhere): 3.5 -> 3.6
  • Apache HttpClient (FHIR Client): 4.5.2 -> 4.5.3
  • Apache HttpCore (FHIR Client): 4.4.5 -> 4.4.6
  • Phloc Commons (Schematron Validator): 4.4.6 -> 4.4.11
  • Hibernate (JPA): 5.2.9 -> 5.2.10
  • Hibernate Search (JPA): 5.7.0 -> 5.7.1
  • Spring (JPA): 4.3.7 -> 4.3.10
  • Spring Data JPA (JPA): 1.10.4 -> 1.11.6
  • Guava (JPA): 22.0 -> 23.0
  • Thymeleaf (Testpage Overlay): 3.0.2 -> 3.0.7
  • OkHttp (Android): 3.4.1 -> 3.8.1

#689

Add a command line flag to the CLI tool to allow configuration of the server search result cache timeout period. Thanks to Eugene Lubarsky for the pull request!

JPA server transaction operations now put OperationOutcome resources resulting from actions in Bundle.entry.response.outcome instead of the previous Bundle.entry.resource

#701

Testing UI now has a dropdown for modifiers on token search. Thanks to GitHub user @dconlan for the pull request!

#688

When parsing an incomplete ID with the form http://my.org/Foo into IdDt and IdType objects, the Foo portion will now be treated as the resource type. Previously my.org was treated as the resource type and Foo was treated as the ID. Thanks to GitHub user @CarthageKing for the pull request!

JPA Subscription support has been refactored. A design contributed by Jeff Chung for the REST Hook subscription module has been ported so that Websocket subscriptions use it too. This design uses an interceptor to scan resources as they are processed to test whether they should be delivered to subscriptions, instead of using a polling design.

In addition, this scanning has been reworked to happen in a separate thread from the main storage thread, which should improve performance and scalability of systems with multiple subscriptions. Thanks to Jeff for all of his work on this!

Add a new constructor to SimpleRequestHeaderInterceptor which allows a complete header to be passed in (including name and value in one string)

REST Hook subscriptions now honour the Subscription.channel.header field

DSTU2 validator has been enhanced to do a better job handling ValueSets with expansions pointing to other ValueSets

#712

Add appropriate import statements for logging to JPA demo code. Thanks to Rob Hausam for the pull request!

#700

Add some browser performance logging to ResponseHighlightingInterceptor. Thanks to Eugene Lubarsky for the pull request, and for convincing James not to optimize something that did not need optimizing!

A new config property has been added to the JPA seerver DaoConfig called "setAutoCreatePlaceholderReferenceTargets". This property causes references to unknown resources in created/updated resources to have a placeholder target resource automatically created.

The server LoggingInterceptor has had a variable called processingTimeMillis which logs the number of milliseconds the server took to process a given request since HAPI FHIR 2.5, but this was not documented. This variable has now been documented as a part of the available features.

A new experimental feature has been added to the JPA server which allows you to define certain search parameter combinations as being resource keys, so that a database constraint will prevent more than one resource from having a matching pair

When using the client LoggingInterceptor in non-verbose mode, the log line showing the server's response HTTP status will now also include the returned Location header value as well

A new flag has been add to the CLI upload-definitions command "-e" which allows skipping particular resources

An issue in JPA server has been corrected where if a CodeSystem resource was deleted, it was not possible to create a new resource with the same URI as the previous one

Subscriptions in JPA server now support "email" delivery type through the use of a new interceptor which handles that type

JPA server can now be configured to not support :missing modifiers, which increases write performance since fewer indexes are written

A new JPA configuration option has been added to the DaoConfig which allows support for the :missing search parameter modifier to be enabled or disabled, and sets the default to DISABLED.

Support for this parameter causes many more index rows to be inserted in the database, which has a significant impact on write performance. A future HAPI update may allow these rows to be written asynchronously in order to improve this.

JPA server is now able to handle placeholder IDs (e.g. urn:uuid:00....000) being used in Bundle.entry.request.url as a part of the conditional URL within transactions.

#667

When using the AuthorizationInterceptor with the JPA server, when a client is updating a resource from A to B, the user now needs to have write permission for both A and B. This is particularly important for cases where (for example) an Observation is being updated from having a subject of Patient/A to Patient/B. If the user has write permission for Patient/B's compartment, this would previously have been allowed even if the user did not have access to write to Patient/A's compartment. Thanks to Eeva Turkka for reporting!

#604

Allow DateParam (used in servers) to handle values with MINUTE precision. Thanks to Christian Ohr for the pull request!

Fix HTTP 500 error in JPA server if a numeric search parameter was supplied with no value, e.g. GET /Observation?value-quantity=

#674

Prevent duplicates in $everything query response in JPA server. Thanks to @vlad-ignatov for reporting!

Fix issue in calling JPA server transactions programmatically where resources are linked by object reference and not by ID where indexes were not correctly generated. This should not affect most users.

#678

Fix issue in SubscriptionInterceptor that caused interceptor to only actually notify listeners of the first 10 subscriptions. Thanks to Jeff Chung for the pull request!

#693

Fix potential ConcurrentModificationException when adding subscriptions while running under heavy load. Thanks to Jeff Chung for the pull request!

Correct an issue in JPA server on Postgres where searches with a long search URL were not able to be automatically purged from the database after they were scheduled for deletion. Thanks to Ravi Kuchi for reporting!

Fix a regression in HAPI FHIR 2.5 JPA server where executing a search in a transaction or batch operation caused an exception. Thanks to Ravi Kuchi for reporting!

Correct an issue when processing transactions in JPA server where updates and creates to resources with tags caused the tags to be created twice in the database. These duplicates were utomatically filtered upon read so this issue was not user-visible, but it coule occasionally lead to performance issues if a resource containing multiple tags was updated many times via transactions.

JPA server should not allow creation of resources that have a reference to a resource ID that previously existed but is now deleted. Thanks to Artem Sopin for reporting!

Avoid a deadlock in JPA server when the RequestValidatingInterceptor is being used and a large number of resources are being created by clients at the same time.

Testpage Overlay's transaction method did not work if the response Bundle contained any entries that did not contain a resource (which is often the case in more recent versions of HAPI). Thanks to Sujay R for reporting!

When the server was returning a multi-page search result where the client did not explicitly request an encoding via the _format parameter, a _format parameter was incorrectly added to the paging links in the response Bundle. This would often explicitly request XML encoding because of the browser Accept header even though this was not what the client wanted.

AuthorizationInterceptor did not permit PATCH operations to proceed even if the user had write access for the resource being patched.

#682

Fix an issue in HapiWorkerContext where structure definitions are not able to be retrieved if they are referred to by their relative or logical ID. This affects profile tooling such as StructureMapUtilities. Thanks to Travis Lukach for reporting and providing a test case!

#679

Add link to DSTU3 JavaDocs from documentation index. Thanks to Vadim Peretokin for the pull request!

#680

Fix a typo in the documentation. Thanks to Saren Currie for the pull request!

#683

Correct an issue with the model classes for STU3 where any classes containing the @ChildOrder annotation (basically the conformance resources) will not correctly set the order if any of the elements are a choice type (i.e. named "foo[x]"). Thanks to GitHub user @CarthageKing for the pull request!

Fix potential deadlock in stale search deleting task in JPA server, as well as potential deadlock when executing transactions containing nested searches when operating under extremely heavy load.

#696

An issue was corrected where search parameters containing negative numbers were sometimes treated as positive numbers when processing the search. Thanks to Keith Boone for reporting and suggesting a fix!

#699

Fix an unfortunate typo in the custom structures documentation. Thanks to Jason Owen for the PR!

#686

Correct an issue in the validator (DSTU3/R4) where elements were not always correctly validated if the element contained only a profiled extension. Thanks to Sébastien Rivière for the pull request!

#695

Extensions on ID datatypes were not parsed or serialized correctly. Thanks to Stephen Rivière for the pull request!

#710

Fix a bug in REST Hook Subscription interceptors which prevented subscriptions from being activated. Thanks to Jeff Chung for the pull request!

#708

Fix broken links in usage pattern diagram on website. Thanks to Pascal Brandt for the pull request!

#706

Fix incorrect FHIR Version Strings that were being outputted and verified in the client for some versions of FHIR. Thanks to Clayton Bodendein for the pull request!

REST HOOK subscriptions now use HTTP PUT if there is a payload type specified, regardless of whether the source event was a create or an update

hapi-fhir-client-okhttp project POM had dependencies on both hapi-fhir-structures-dstu2 and hapi-fhir-structures-dstu3, which meant that any project using ookhttp would import both structures JARs. This has been removed.

When uploading a Bundle resource to the server (as a collection or document, not as a transaction) the ID was incorrectly stripped from resources being saved within the Bundle. This has been corrected.

Schematron validator now applies invariants to resources within a Bundle, not just to the outer Bundle resource itself

Server and Client both still included Category header for resource tags even though this feature was only present in FHIR DSTU1 and was removed from the specification in FHIR DSTU2. The presence of these headers sometimes caused parsed resource instances to contain duplicate tags

1.1.20HAPI FHIR 2.5

 

Release Information

Released: 2017-06-08

Changes

Server now respects the If-Modified-Since header and will return an HTTP 304 if appropriate for read operations.

JPA server now has configurable properties that allow referential integrity to be disabled for both writes and deletes. This is useful in some cases where data integrity is not wanted or not possible. It can also be useful if you want to delete large amounts of interconnected data quickly.

A corresponding flag has been added to the CLI tool as well.

Add configuration property to DSTU3 FhirInstanceValidator to allow client code to change unknown extension handling behaviour.

Add a check in JPA server that prevents completely blank tags, profiles, and security labels from being saved to the database. These were filtered out anyhow when the result was returned back to the client but they were persisted which just wasted space.

#656

Improve handling in JPA server when doing code:above and code:below searches to use a disjunction of AND and IN in order to avoid failures under certain conditions. Thanks to Michael Lawley for the pul request!

CLI now defaults to DSTU3 mode if no FHIR version is specified

Server and annotation-client @History annotation now allows DSTU3+ resource types in the type= property

DaoConfig#setInterceptors() has been un-deprecated. It was previously deprecated as we thought it was not useful, but uses have been identified so it turns out this method will live after all. Interceptors registered to this method will now be treated appropriately if they implement IServerOperationInterceptor too.

This release includes significant performance enhancements for the JPA server. Most importantly, the way that searches are performed has been re-written to allow the server to perform better when the database has a large number of results in it. The following enhancements have been made:

  • Searches with multiple search parameters of different datatypes (e.g. find patients by name and date of birth) were previously joined in Java code, now the join is performed by the database which is faster
  • Searches which returned lots of results previously has all results streamed into memory before anything was returned to the client. This is particularly slow if you do a search for (say) "get me all patients" since potentially thousands or even millions of patients' IDs were loaded into memory before anything gets returned to the client. HAPI FHIR now has a multithreaded search coordinator which returns results to the client as soon as they are available
  • Search results will be cached and reused (so that if a client does two searches for "get me all patients matching FOO" with the same FOO in short succession, we won't query the DB again but will instead reuse the cached results). Note that this can improve performance, but does mean that searches can return slightly out of date results. Essentially what this means is that the latest version of individual resources will always be returned despite this cacheing, but newly created resources that should match may not be returned until the cache expires. By default this cache has been set to one minute, which should be acceptable for most real-world usage, but this can be changed or disabled entirely.
  • Updates which do not actually change the contents of the resource can optionally be prevented from creating a new version of the resource in the database


Existing users should delete the HFJ_SEARCH, HFJ_SEARCH_INCLUDE, and HFJ_SEARCH_RESULT tables from your database before upgrading, as the structure of these tables has changed and old search results can not be reused.

#590

AuthorizationInterceptor did not correctly handle paging requests (e.g. requests for the second page of results for a search operation). Thanks to Eeva Turkka for reporting!

Fix issue where the JSON parser sometimes did not encode DSTU3 extensions on the root of a resource which have a value of type reference.

JPA server did not correctly process :missing qualifier on date parameters

#633

AppacheHttpClient did not always respect the charset in the response Content-Type header. Thanks to Gijsbert van den Brink for the pull request!

#636

Fix XhtmlParser to correctly handle hexadecimal escaped literals. Thanks to Gijsbert van den Brink for the Pull Request!

JPA server did not correctly support searching on a custom search parameter whose path pointed to an extension, where the client used a chained value.

Fix dependency on commons-codec 1.4 in hapi-fhir-structures-dstu3, which was preventing this library from being used on Android because Android includes an older version of commons-codec.

JPA server failed to index search parameters on paths containing a decimal data type

Validator incorrectly rejected references where only an identifier was populated

#649

Make error handler in the client more tolerant of errors where no response has been received by the client when the error happens. Thanks to GitHub user maclema for the pull request!

#664

Loading the build-in profile structures (StructureDefinition, ValueSet, etc) is now done in a synchronized block in order to prevent multiple loads happening if the server processes multiple validations in parallel threads right after startup. Previously a heavy load could cause the server to run out of memory and lock up. Thanks to Karl M Davis for analysis and help fixing this!

#652

Fix bad ValueSet URL in DeviceRequest profile definition for STU3 which was preventing the CLI from uploading definitions correctly. Thanks to Joel Schneider for the Pull Request!

#660

Fix an error where the JPA server sometimes failed occasional requests with a weird NullPointerException when running under very large concurrent loads. Thanks to Karl M. Davis for reporting, investigating, and ultimately finding a solution!

#630

Fix concurrency issues in FhirContext that were causing issues when starting a context up on Android. Thanks to GitHub issue @Jaypeg85 for the pull request!

Fix an issue in the JPA server if a resource has been previously saved containing vocabulary that is no longer valid. This only really happened if you were using a non-final version of FHIR (e.g. using DSTU3 before it was finalized) but if you were in this situation, upgrading HAPI could cause you to have old codes that no longer exist in your database. This fix prevents these from blocking you from accesing those resources.

#563

JSON Parser gave a very unhelpful error message (Unknown attribute 'value' found during parse) when a scalar value was found in a spot where an object is expected. This has been corrected to include much more information. Thanks to GitHub user @jasminas for reporting!

JPA server did not correctly support searching on a custom search parameter whose path pointed to an extension, where the client used a chained value.

1.1.21HAPI FHIR 2.4

 

Release Information

Released: 2017-04-19

Changes

This release brings the DSTU3 structures up to FHIR R3 (FHIR 3.0.1) definitions. Note that there are very few changes between the DSTU3 structures in HAPI FHIR 2.3 and the ones in HAPI FHIR 2.4 since the basis for the DSTU3 structures in HAPI FHIR 2.3 was the R3 QA FHIR version (1.9.0) but this is the first release of HAPI FHIR to support the final/complete R3 release.

Bump the version of a few dependencies to the latest versions (dependent HAPI modules listed in brackets):

  • Hibernate (JPA): 5.2.7 -> 5.2.9
  • Hibernate Search (JPA): 5.5.7.CR1 -> 5.2.7.Final
  • Hibernate Validator (JPA): 5.3.4 -> 5.4.1
  • Spring (JPA): 4.3.6 -> 4.3.7
  • Gson (Core): 2.7 -> 2.8.0
  • Guava (JPA): 19.0 -> 21.0
  • SLF4j (Core): 1.7.21 -> 1.7.25
  • Logback (Core): 1.1.7 -> 1.2.2

Add a utility method to JPA server: IFhirResourceDao#removeTag(IIdType, TagTypeEnum, String, String) . This allows client code to remove tags from a resource without having a servlet request object in context.

#624

Add an option to ParserOptions that specifies that when parsing a bundle, the ID found in the Bundle.entry.fullUrl should not override the ID found in the Resource.id field. Technically these fields must always supply the same ID in order for a server to be considered conformant, but this option allows you to deal with servers which are behaving badly. Thanks to GitHub user CarthageKing for the pul request!

#613

In JAX-RS server it is now possible to change the server exception handler at runtime without a server restart. Thanks to Sebastien Riviere for the pull request!

#602

hapi-fhir-jpaserver-example now includes the Prefer header in the list of CORS headers. Thanks to GitHub user @elnin0815 for the pull request!

AuthorizationInterceptor can now allow make read or write authorization decisions on a resource by instance ID

DaoConfig#setAllowInlineMatchUrlReferences() now defaults to true since inline conditional references are now a part of the FHIR specification. Thanks to Jan Dědek for pointing this out!

#609

hapi-fhir-jpaserver-base now exposes a FhirInstanceValidator bean named "myInstanceValidatorDstu2" for DSTU2. A similar bean for DSTU3 was previously implemented.

#453

hapi-fhir-jpaserver-example project now defaults to STU3 mode instead of the previous DSTU2. Thanks to Joel Schneider for the pull request!

#534

JPA server now has a setting on the DaoConfig to force it to treat certain reference URLs or reference URL patterns as logical URLs instead of literal ones, meaning that the server will not try to resolve these URLs. Thanks to Eeva Turkka for the suggestion!

JPA server was unable to process custom search parameters where the path pointed to an extension containing a reference. Thanks to Ravi Kuchi for reporting!

#623

Servers in DSTU2.1 mode were incorrectly using the legacy mimetypes instead of the new STU3 ones. Thanks to Michael Lawley for the pull request!

#617

Remove unneccesary whitespace in the text areas on the testing web UI. Thanks to GitHub user @elnin0815 for the pull request!

#610

Fix a potential race condition when the FhirContext is being accessed by many threads at the same time right as it is initializing. Thanks to Ben Spencer for the pull request!

#208

Remove SupportingDocumentation resource from DSTU2 structures. This isn't actually a resource in FHIR DSTU2 and its inclusion causes errors on clients that don't understand what it is. Thanks to Travis Cummings and Michele Mottini for pointing this out.

#607

Web testing UI displayed an error when a transaction was pasted into the UI for a DSTU2 server. Thanks to Suresh Kumar for reporting!

1.1.22HAPI FHIR 2.3

 

Release Information

Released: 2017-03-18

Changes

Bump the version of a few dependencies to the latest versions (dependent HAPI modules listed in brackets):

  • Hibernate (JPA): 5.1.0 -> 5.2.7
  • Hibernate Search (JPA): 5.5.4 -&gtp; 5.7.0.CR1
  • Hibernate Validator (JPA): 5.2.4 -&gtp; 5.3.4
  • Spring (JPA): 4.3.1 -> 4.3.6

The JPA server now supports custom search parameters in DSTU3 mode. This allows users to create search parameters which contain custom paths, or even override and disable existing search parameters.

Declared extensions with multiple type() options listed in the @Child annotation caused a crash on startup. Now this is supported.

STU3 XHTML parser for narrative choked if the narrative contained an &rsquot; entity string.

JPA server did not return an OperationOutcome in the response for a normal delete operation.

A post-processing hook for subclasses of BaseValidatingInterceptor is now available.

#585

AuthorizationInterceptor can now authorize (allow/deny) extended operations on instances and types by wildcard (on any type, or on any instance)

#595

When RequestValidatingInterceptor is used, the validation results are now populated into the OperationOutcome produced by create and update operations

#542

Add support for the $process-message operation to fluent client. Thanks to Hugo Soares for the pull request!

#543

Parser can now be configured when encoding to use a specific base URL for extensions. Thanks to Sebastien Riviere for the pull request!

#575

Remove an unneccesary database flush when saving large code systems to the JPA database, improving performance of this operation. Thanks to Joel Schneider for the pull request and analysis!

A new post-processing hook for subclasses of BaseValidatingInterceptor is now available. The hook exposes the request details on validation failure prior to throwing an UnprocessableEntityException.

#504

Custom resource types which extend Binary must not have declared extensions since this is invalid in FHIR (and HAPI would just ignore them anyhow). Thanks to Thomas S Berg for reporting!

Standard HAPI zip/tar distributions did not include the project sources and JavaDoc JARs. Thanks to Keith Boone for pointing this out!

JPA server terminology service was not correctly validating or expanding codes in SNOMED CT or LOINC code systems. Thanks to David Hay for reporting!

#539

Attempting to search for an invalid resource type (e.g. GET base/FooResource) should return an HTTP 404 and not a 400, per the HTTP spec. Thanks to GitHub user @CarthageKing for the pull request!

#544

When parsing a Bundle containing placeholder fullUrls and references (e.g. "urn:uuid:0000-0000") the resource reference targets did not get populated with the given resources. Note that as a part of this change, IdType and IdDt have been modified so that when parsing a placeholder ID, the complete placeholder including the "urn:uuid:" or "urn:oid:" prefix will be placed into the ID part. Previously, the prefix was treated as the base URL, which led to strange behaviour like the placeholder being treated as a real IDs. Thanks to GitHub user @jodue for reporting!

#538

When parsing a quantity parameter on the server with a value and units but no system (e.g. GET [base]/Observation?value=5.4||mg ) the unit was incorrectly treated as the system. Thanks to @CarthageKing for the pull request!

#533

Correct a typo in the JPA ValueSet ResourceProvider which prevented successful operation under Spring 4.3. Thanks to Robbert van Waveren for the pull request!

#547

CapturingInterceptor did not buffer the response meaning that in many circumstances it did not actually capture the response. Thanks to Jenny Syed of Cerner for the pull request and contribution!

#548

Clean up dependencies and remove Eclipse project files from git. Thanks to @sekaijin for the pull request!

CLI example uploader couldn't find STU3 examples after CI server was moved to build.fhir.org

When performing a conditional create in a transaction in JPA server, if a resource already existed matching the conditional expression, the server did not change the version of the resource but did update the body with the passed in body. Thanks to Artem Sopin for reporting and providing a test case for this!

Client revincludes did not include the :recurse modifier. Thanks to Jenny Meinsma for pointing this out on Zulip!

Fix an issue in JPA server where _history results were kept in memory instead of being spooled to the database as they should be. Note that as a part of this fix a new method was added to IBundleProvider called getUuid() . This method may return null in any current cases.

Expanding a ValueSet in JPA server did not correctly apply ?filter= parameter when the ValueSet being expanded had codes included explicitly (i.e. not by is-a relationship). Thanks to David Hay for reporting!

JPA validator incorrectly returned an HTTP 400 instead of an HTTP 422 when the resource ID was not present and required, or vice versa. Thanks to Brian Postlethwaite for reporting!

When using an annotation based client, a ClassCastException would occur under certain circumstances when the response contained contained resources

JPA server interceptor methods for create/update/delete provided the wrong version ID to the interceptors

Fix issue in JPA subscription module that prevented purging stale subscriptions when many were present on Postgres

#568

Correct the resource paths for the DSTU2.1 validation resources, allowing the validator to correctly work against those structures. Thanks to Michael Lawley for the pull request!

#551

XML Parser failed to parse large field values (greater than 512 Kb) on certain platforms where the StAX parser was overridden. Thanks to GitHub user @Jodue for the pull request!

#532

Server interceptor methods were being called twice unnecessarily by the JPA server, and the DaoConfig interceptor registration framework was not actually useful. Thanks to GitHub user @mattiuusitalo for reporting!

#503

AuthorizationInterceptor on JPA server did not correctly apply rules on deleting resources in a specific compartment because the resource metadata was stripped by the JPA server before the interceptor could see it. Thanks to Eeva Turkka for reporting!

#519

JPA server exported CapabilityStatement includes double entries for the _id parameter and uses the wrong type (string instead of token). Thanks to Robert Lichtenberger for reporting!

Server AuthorizationInterceptor always rejects history operation at the type level even if rules should allow it.

Deprecate the method ICompositeElement#getAllPopulatedChildElementsOfType(Class) as it is no longer used by HAPI and is just an annoying step in creating custom structures. Thanks to Allan Bro Hansen for pointing this out.

1.1.23HAPI FHIR 2.2

 

Release Information

Released: 2016-12-20

Changes

Bump the version of a few dependencies to the latest versions (dependent HAPI modules listed in brackets):

  • Derby (CLI): 10.12.1.1 -> 10.13.1.1
  • Jetty (CLI): 9.3.10.v20160621 -> 9.3.14.v20161028
  • JAnsi (CLI): 1.13 -> 1.14
  • Phloc Commons (SCH Validator): 4.4.5 -> 4.4.6

#525

When parsing invalid enum values in STU3, report errors through the parserErrorHandler, not by throwing an exception. Thanks to Michael Lawley for the pull request!

#516

When parsing DSTU3 resources with enumerated types that contain invalid values, the parser will now invoke the parserErrorHandler. For example, when parsing {"resourceType":"Patient", "gender":"foo"} the previous behaviour was to throw an InvalidArgumentException. Now, the parserErrorHandler is invoked. In addition, thw LenientErrorHandler has been modified so that this one case will result in a DataFormatException. This has the effect that servers which receive an invalid enum velue will return an HTTP 400 instead of an HTTP 500. Thanks to Jim Steel for reporting!

#520

DSTU3 context now pulls the FHIR version from the actual model classes. Thanks to Michael Lawley for the pull request!

Enhancements to the tinder-plugin's generic template features of the generate-multi-files and generate-single-file Maven goals as well as the Ant hapi-tinder task.

  • Provides the full Tinder data model by adding composites, valuesets, and profiles to resourcesw.
  • Supports generating files for resources, composites, valuesets, and profiles
  • Supports Velocimacro files outside the tinder-plugin JAR
  • Provides filename prefix as well as suffix properties
  • Can specify any of the Velocity configuration parameters such as macro.provide.scope.control which allows safe macro recursion
  • Templates can now drill down into the referenced children for a ResourceBlockCopy
  • Normalization of properties across all three generic tasks

#510

Add a docker configuration to the hapi-fhir-jpaservr-example module. Thanks to Gijsbert van den Brink for the pull request!

#507

Add utility constructors to MoneyDt. Thanks to James Ren for the contribution!

ErrorHandler is now called (resulting in a warning by default, but can also be an exception) when arsing JSON if the resource ID is not a JSON string, or an object is found where an array is expected (e.g. repeating field). Thanks to Jenni Syed of Cerner for providing a test case!

#504

Custom resource types which extend Binary must not have declared extensions since this is invalid in FHIR (and HAPI would just ignore them anyhow). Thanks to Thomas S Berg for reporting!

Add ability to JPA server for disabling stale search expiry. This is useful if you are deploying the server to a cluster.

Standard HAPI zip/tar distributions did not include the project sources and JavaDoc JARs. Thanks to Keith Boone for pointing this out!

Declared extensions with multiple type() options listed in the @Child annotation caused a crash on startup. Now this is supported.

STU3 XHTML parser for narrative choked if the narrative contained an &rsquot; entity string.

As the eBay CORS interceptor project has gone dormant, we have introduced a new HAPI server interceptor which can be used to implement CORS support instead of using the previously recommended Servlet Filter. All server examples as well as the CLI have been switched to use this new interceptor. See the CORS Documentation for more information.

#518

Allow client to gracefully handle running in DSTU3 mode but with a structures JAR that does not contain a CapabilityStatement resource. Thanks to Michael Lawley for the pull request!

Fix issue in AuthorizationIntetceptor where transactions are blocked even when they should not be

HAPI FHIR CLI failed to delete a file when uploading example resources while running under Windows.

#521

Server should reject update if the resource body does not contain an ID, or the ID does not match the request URL. Thanks to Jim Steel for reporting!

#500

Web Testing UI's next and previous buttons for paging through paged results did not work after the migration to using Thymeleaf 3. Thanks to GitHub user @gsureshkumar for reporting!

#523

Fix ordering of validator property handling when an element has a name that is similar to a shorter name[x] style name. Thanks to CarthageKing for the pull request!

Fix regression in HAPI FHIR 2.1 JPA server where some search parameters on metadata resources did not appear (e.g. "StructureDefinition.url"). Thanks to David Hay for reporting!

#528

AuthorizationInterceptor was failing to allow read requests to pass when a rule authorized those resources by compartment. Thanks to GitHub user @mattiuusitalo for reporting and supplying a test case!

Correct a typo in client IHttpRequest class: "bufferEntitity" should be "bufferEntity".

Fix Web Testing UI to be able to handle STU3 servers which return CapabilityStatement instead of the previously used "Conformance" resource

CLI example uploader couldn't find STU3 examples after CI server was moved to build.fhir.org

Fix issue in JPA subscription module that prevented purging stale subscriptions when many were present on Postgres

#532

Server interceptor methods were being called twice unnecessarily by the JPA server, and the DaoConfig interceptor registration framework was not actually useful. Thanks to GitHub user @mattiuusitalo for reporting!

#503

AuthorizationInterceptor on JPA server did not correctly apply rules on deleting resources in a specific compartment because the resource metadata was stripped by the JPA server before the interceptor could see it. Thanks to Eeva Turkka for reporting!

#519

JPA server exported CapabilityStatement includes double entries for the _id parameter and uses the wrong type (string instead of token). Thanks to Robert Lichtenberger for reporting!

Server AuthorizationInterceptor always rejects history operation at the type level even if rules should allow it.

JPA server terminology service was not correctly validating or expanding codes in SNOMED CT or LOINC code systems. Thanks to David Hay for reporting!

#539

Attempting to search for an invalid resource type (e.g. GET base/FooResource) should return an HTTP 404 and not a 400, per the HTTP spec. Thanks to GitHub user @CarthageKing for the pull request!

#544

When parsing a Bundle containing placeholder fullUrls and references (e.g. "urn:uuid:0000-0000") the resource reference targets did not get populated with the given resources. Note that as a part of this change, IdType and IdDt have been modified so that when parsing a placeholder ID, the complete placeholder including the "urn:uuid:" or "urn:oid:" prefix will be placed into the ID part. Previously, the prefix was treated as the base URL, which led to strange behaviour like the placeholder being treated as a real IDs. Thanks to GitHub user @jodue for reporting!

#538

When parsing a quantity parameter on the server with a value and units but no system (e.g. GET [base]/Observation?value=5.4||mg ) the unit was incorrectly treated as the system. Thanks to @CarthageKing for the pull request!

#533

Correct a typo in the JPA ValueSet ResourceProvider which prevented successful operation under Spring 4.3. Thanks to Robbert van Waveren for the pull request!

#495

RestfulServer with no explicitly set FhirContext fails to detect the presents of DSTU3 structures. Thanks to GitHub user @vijayt27 for reporting!

#547

CapturingInterceptor did not buffer the response meaning that in many circumstances it did not actually capture the response. Thanks to Jenny Syed of Cerner for the pull request and contribution!

#480

Make the parser configurable so that when parsing an invalid empty value (e.g. {"status":""} ) the parser will either throw a meaningful exception or log a warning depending on the configured error handler.

#276

Fix issue when serializing resources that have contained resources which are referred to from multiple places. Sometimes when serializing these resources the contained resource section would contain duplicates. Thanks to Hugo Soares and Stefan Evinance for reporting and providing a test case!

Fix a crash in JPA server when searching using an _include if _include targets are external references (and therefore can't be loaded by the server). Thanks to Hannes Ulrich for reporting!

Deprecate the method ICompositeElement#getAllPopulatedChildElementsOfType(Class) as it is no longer used by HAPI and is just an annoying step in creating custom structures. Thanks to Allan Bro Hansen for pointing this out.

1.1.24HAPI FHIR 2.1

 

Release Information

Released: 2016-11-11

Changes

STU3 structure definitions have been updated to the STU3 latest definitions (1.7.0 - SVN 10129). In particular, this version supports the new CapabilityStatement resource which replaces the previous Conformance resource (in order to reduce upgrade pain, both resource types are included in this version of HAPI)

Bump the version of a few dependencies to the latest versions (dependent HAPI modules listed in brackets):

  • spring-data-orm (JPA): 1.10.2 -> 1.10.4

#440

Remove Maven dependency on Saxon library, as it is not actually used. Thanks to Lem Edmondson for the suggestion!

STU clients now use an Accept header which indicates support for both the old MimeTypes (e.g. application/xml+fhir ) and the new MimeTypes (e.g. application/fhir+xml )

Add a new method to the server interceptor framework which will be called after all other processing is complete (useful for performance tracking). The server LoggingInterceptor has been switched to using this method which means that log lines will be created when processing is finished, instead of when it started.

Client, Server, and JPA server now support experimental support for HTTP PATCH using the XML Patch and JSON Patch syntax as explored during the September 2016 Baltimore Connectathon. See this wiki page for a description of the syntax.
Thanks to Pater Girard for all of his help during the connectathon in implementing this feature!

Fluent client can now return types other than Parameters when invoking operations.

Add a new method to ReferenceClientParam which allows you to pass in a number of IDs by a collection of Strings. Thanks to Thomas Andersen for the pul request!

#469

Add a new JSON library abstraction layer to the JSON parser. This contribution shouldn't have any end-user impact but does make it easier to use the JSON parser to generate custom structures for other purposes, and should allow us to support RDF more easily at some point. Thanks to Bill Denton for the pull request and the contribution!

#455

DSTU1 Bundle encoder did not include the Bundle entry author in the generated bundle. Thanks to Hannes Venter for the pull request and contribution!

Android library now uses OkHttp client by default instead of Apache HttpClient. This should lead to much simpler support for Android in the future.

AuthorizationInterceptor is now a bit more aggressive at blocking read operations, stopping them on the way in if there is no way they will be accepted to the resource check on the way out. In addition it can now be configured to allow/deny operation invocations at the instance level on any instance of a given type

Remove an unneccesary database flush from JPA persistence operations

#470

Add method to fluent client to allow OR search across several profiles. Thanks to Thomas Andersen for the pull request!

Both client and server now use the new STU3 mime types by default if running in STU3 mode (in other words, using an STU3 FhirContext).

Conditional URLs in JPA server (e.g. for delete or update) did not support the _has parameter

#444

Times before 1970 with fractional milliseconds were parsed incorrectly. Thanks to GitHub user @CarthageKing for reporting!

#448

Prevent crash in parser when parsing resource with multiple profile declarations when default type for profile is used. Thanks to Filip Domazet for the pull request!

#445

STU3 servers were adding the old MimeType strings to the Conformance.format part of the generated server conformance statement

#446

When performing an update using the client on a resource that contains other resources (e.g. Bundle update), all child resources in the parent bundle were incorrectly given the ID of the parent. Thanks to Filip Domazet for reporting!

JPA server now sends correct HTTP 409 Version Conflict when a DELETE fails because of constraint issues, instead of HTTP 400 Invalid Request

Server history operation did not populate the Bundle.entry.request.url field, which is required in order for the bundle to pass validation. Thanks to Richard Ettema for spotting this!

Fix a fairly significant issue in JPA Server when using the DatabaseBackedPagingProvider : When paging over the results of a search / $everything operation, under certain circumstances resources may be missing from the last page of results that is returned. Thanks to David Hay for reporting!

STU3 clients were not sending the new mimetype values in the Content-Type header. Thanks to Claude Nanjo for pointing this out!

JAX-RS server was not able to handle the new mime types defined in STU3

JPA server did not handle custom types when being called programatically (I.e. not through HTTP interface). Thanks to Anthony Mei for pointing this out!

CLI was not correctly able to upload DSTU2 examples to any server

STU3 validator has been upgrated to include fixes made since the 1.6.0 ballot

Prevent JPA server from creating a bunch of FhirContext objects for versions of FHIR that aren't actually being used

#443

XhtmlNode.equalsDeep() contained a bug which caused resources containing a narrative to always return false for STU3 Resource#equalsDeep() . Thanks to GitHub user @XcrigX for reporting!

#441

JPA server did not correctly process searches for chained parameters where the chain passed across a field that was a choice between a reference and a non-reference type (e.g. MedicationAdministration.medication[x] . Thanks to GitHub user @Crudelus for reporting!

#414

Handle parsing an extension without a URL more gracefully. In HAPI FHIR 2.0 this caused a NullPointerException to be thrown. Now it will trigger a warning, or throw a DataFormatException if the StrictErrorHandler is configured on the parser.

Calling a HAPI server URL with a chain on a parameter that shouldn't accept chains (e.g. GET [base]/Patient?name.foo=smith ) did not return an error and instead just ignored the chained part and treated the parameter as though it did not have the chain. This led to confusing and potentially unsafe behaviour. This has been corrected to return an error to the client. Thanks to Kevin Tallevi for finding this!

#411

Fix #411 - Searching by POST [base]/_search with urlencoded parameters doesn't work correctly if interceptors are accessing the parameters and there is are also parameters on the URL. Thanks to Jim Steel for reporting!

JPA server shouldn't report a totalCount in Bundle of "-1" when there are no results

#454

JPA server was not correctly normalizing strings with non-latin characters (e.g. Chinese chars). Thanks to GitHub user @YinAqu for reporting and providing some great analysis of the issue!

#327

When encoding a resource in JSON where the resource has an extension with a value where the value is a reference to a contained resource, the reference value (e.g. "#1") did not get serialized. Thanks to GitHub user @fw060 for reporting!

#464

ResponseHighlighterInterceptor now pretty-prints responses by default unless the user has explicitly requested a non-pretty-printed response (ie. using ?_pretty=false . Thanks to Allan Brohansen and Jens Villadsen for the suggestion!

Remove unused field (myIsContained) from ResourceTable in JPA server.

#472

STU3 servers were incorrectly returning the Content-Location header instead of the Content header. The former has been removed from the FHIR specification in STU3, but the latter got removed in HAPI's code base. Thanks to Jim Steel for reporting!

Correct several documentation issues. Thanks to Vadim Peretokin for the pull requests!

In server, when returning a list of resources, the server sometimes failed to add _include resources to the response bundle if they were referred to by a contained resource. Thanks to Neal Acharya for reporting!

Fix regression in web testing UI where "prev" and "next" buttons don't work when showing a result bundle

JPA server should not attempt to resolve built-in FHIR StructureDefinitions from the database (this causes a significant performance hit when validating)

BanUnsupportedHttpMethodsInterceptor was erroring out when a client attempts HTTP HEAD requests

1.1.25HAPI FHIR 2.0

 

Release Information

Released: 2016-08-30

Changes

STU3 structure definitions have been updated to the STU3 ballot candidate versions (1.6.0 - SVN 9663)

#403

It is not possible to configure both the parser and the context to preserve versions in resource references (default behaviour is to strip versions from references). Thanks to GitHub user @cknaap for the suggestion!

#406

Allow servers to specify the authentication realm of their choosing when throwing an AuthenticationException. Thanks to GitHub user @allanbrohansen for the suggestion!

#416

Add a new client implementation which uses the OkHttp library as the HTTP client implementation (instead of Apache HttpClient). This is particularly useful for Android (where HttpClient is a pain) but could also be useful in other places too. Thanks to Matt Clarke of Orion Health for the contribution!

Both client and server now support the new Content Types decided in FHIR #10199 .

This means that the server now supports application/fhir+xml and application/fhir+json in addition to the older style application/xml+fhir and application/json+fhir . In order to facilitate migration by implementors, the old style remains the default for now, but the server will respond using the new style if the request contains it. The client now uses an Accept header value which requests both styles with a preference given to the new style when running in DSTU3 mode.

As a part of this change, the server has also been enhanced so that if a request contains a Content-Type header but no Accept header, the response will prefer the encoding specified by the Content-Type header.

hapi-fhir-cli upload-terminology command now has an argument "-b FOO" that lets you add an authorization header in the form Authorization: Bearer FOO

Inprove handling of _text and _content searches in JPA server to do better matching on partial strings

Servers in STU3 mode will now ignore any ID or VersionID found in the resource body provided by the client when processing FHIR update operations. This change has been made because the FHIR specification now requires servers to ignore these values. Note that as a result of this change, resources passed to @Update methods will always have null ID

Add new methods to AuthorizationInterceptor which allow user code to declare support for conditional create, update, and delete.

Add two new methods to the parser error handler that let users trap invalid contained resources with no ID, as well as references to contained resource that do not exist.

Improve performance when parsing resources containing contained resources by eliminating a step where references were woven twice

Bump the version of a few dependencies to the latest versions (dependent HAPI modules listed in brackets):

  • Logback (used in sample projects): 1.1.5 -> 1.1.7
  • Phloc Commons (used by schematron validator): 4.4.4 -> 4.4.5
  • Commons-IO: 2.4 -> 2.5
  • Apache HTTPClient: 4.5.1 -> 4.5.2
  • Apache HTTPCore: 4.4.4 -> 4.4.5
  • Jersey (JAX-RS tests): 2.22.2 -> 2.23.1
  • Spring (JPA, Web Tester): 4.3.0 -> 4.3.1
  • Hibernate Search (JPA): 5.5.2 -> 5.5.4
  • Thymeleaf (Narrative Generator / Web Tester): 2.1.4 ->3.0.1

HAPI root pom shouldn't include animal-sniffer plugin, since that causes any projects which extend this to be held to Java 6 compliance.

#150

Fluent client should ignore parameter values which are null instead of including them as ?foo=null

A new server interceptor "BanUnsupprtedHttpMethodsInterceptor" has been added which causes the server to return an HTTP 405 if an unsupported HTTP verb is received from the client

JSON parsing in HAPI FHIR has been switched from using JSR353 (javax.json) to using Google Gson. For this reason we are bumping the major release number to 2.0. Theoretically this should not affect projects in any major way, but Gson does have subtle differences. Two differences which popped up a fair bit in our own testing:

      A space is placed after the : in keys, e.g. what was previously encoded as "resourceType":"Patient" is now encoded as "resourceType": "Patient" (this broke a number of our unit tests with hardcoded resource definitions)
      Trailing content after a valid json resource is rejected by Gson (it was ignored by the Glassfish parser we were previously using even though it was invalid)

#404

Fix an issue where resource IDs were not correctly set when using DSTU2 HL7org structures with the JAX-RS module. Thanks to Carlo Mion for the pull request!

hapi-fhir-testpage-overlay project contained an unneccesary dependency on hapi-fhir-jpaserver-base module, which resulted in projects using the overlay having a large number of unnneded JARs included

#409

Tag#setCode(String) did not actually set the code it was supposed to set. Thanks to Tim Tschampel for reporting!

#401

JPA server's /Bundle endpoint cleared the Bundle.entry.fullUrl field on stored bundles, resulting in invalid content being saved. Thanks to Mirjam Baltus for reporting!

JPA server now returns HTTP 200 instead of HTTP 404 for conditional deletes which did not find any matches, per FHIR-I decision.

Client that declares explicitly that it is searching/reading/etc for a custom type did not automatically parse into that type.

Fix a regression when parsing resources that have contained resources, where the reference in the outer resource which links to the contained resource sometimes did does not get populated with the actual target resource instance. Thanks to Neal Acharya for reporting!

#423

Parser failed to successfully encode a custom resource if it contained custom fields that also used custom types. Thanks to GitHub user @sjanic for reporting!

When encoding a resource with a reference to another resource that has a placeholder ID (e.g. urn:uuid:foo), the urn prefix was incorrectly stripped from the reference.

Servers for STU3 (or newer) will no longer include a Location: header on responses for read operations. This header was required in earlier versions of FHIR but has been removed from the specification.

#428

Fix NullPointerException when encoding an extension containing CodeableConcept with log level set to TRACE. Thanks to Bill Denton for the report!

#426

Parser failed to parse resources containing an extension with a value type of "id". Thanks to Raphael Mäder for reporting!

When committing a transaction in JPA server where the transaction contained placeholder IDs for references between bundles, the placeholder IDs were not substituted with viewing resources using the _history operation

Fix issue in DSTU1 Bundle parsing where unexpected elements in the bundle resulted in a failure to parse.

DSTU2 QuestionnaireResponse validator failed with an exception if the QuestionnaireResponse contained certain groups with no content

When using _elements parameter on server, the server was not automatically adding the SUBSETTED tag as it should

JPA server should now automatically detect if Hibernate Search (Lucene) is configured to be disabled and will not attempt to use it. This prevents a crash for some operations.

1.1.26HAPI FHIR 1.6

 

Release Information

Released: 2016-07-07

Changes

Bump the version of a few dependencies to the latest versions (dependent HAPI modules listed in brackets):

  • Spring (JPA, Web Tester): 4.2.5 -> 4.3.0
  • Spring-Data (JPA): 1.9.2 -> 1.10.1
  • Hibernate Search (JPA): 5.5.2 -> 5.5.3
  • Jetty (CLI): 9.3.9 -> 9.3.10

#352

When performing a REST Client create or update with Prefer: return=representation set, if the server does not honour the Prefer header, the client will automatically fetch the resource before returning. Thanks to Ewout Kramer for the idea!

#354

DSTU3 structures now have setFoo(List) and setGetFooFirstRep() methods, bringing them back to parity with the HAPI DSTU2 structures. Thanks to Rahul Somasunderam and Claude Nanjo for the suggestions!

JPA server has now been refactored to use the new FluentPath search parameter definitions for DSTU3 resources.

RequestValidatingInterceptor and ResponseValidatingInterceptor both have new method setIgnoreValidatorExceptions which causes validator exceptions to be ignored, rather than causing processing to be aborted.

LoggingInterceptor on server has a new parameter ${requestBodyFhir} which logs the entire request body.

#355

JAX-RS server module now supports DSTU3 resources (previously it only supported DSTU2). Thanks to Phillip Warner for implementing this, and providing a pull request!

JPA server now supports composite search parameters where the type of the composite parameter is a quantity (e.g. Observation:component-code-component-value-quantity)

Add a new option to the CLI run-server command called --lowmem . This option disables some features (e.g. fulltext search) in order to allow the server to start in memory-constrained environments (e.g Raspberry Pi)

When updating a resource via an update operation on the server, if the ID of the resource is not present in the resource body but is present on the URL, this will now be treated as a warning instead of as a failure in order to be a bit more tolerant of errors. If the ID is present in the body but does not agree with the ID in the URL this remains an error.

#363

JPA server can now be configured to allow external references (i.e. references that point to resources on other servers). See JPA Documentation for information on how to use this. Thanks to Naminder Soorma for the suggestion!

#367

Sébastien Rivière contributed an excellent pull request which adds a number of enhancements to JAX-RS module:

  • Enable the conditional update and delete
  • Creation of a bundle provider, and support of the @Transaction
  • Bug fix on the exceptions handling as some exceptions throw outside bean context were not intercept.
  • Add the possibility to have the stacktrace in the jaxrsException

Update DSTU2 InstanceValidator to latest version from upstream

Improve error messages when the $validate operation is called but no resource is actually supplied to validate

Deprecate fluent client search operations without an explicit declaration of the bundle type being used. This also means that in a client .search() operation, the .returnBundle(Bundle.class) needs to be the last statement before .execute()

ResponseHighlightingInterceptor has been modified based on consensus on Zulip with Grahame that requests that have a parameter of _format=json or _format=xml will output raw FHIR content instead of HTML highlighting the content as they previously did. HTML content can now be forced via the (previously existing) _format=html or via the two newly added values _format=html/json and _format=html/xml . Because of this change, the custom _raw=true mode has been deprecated and will be removed at some point.

Server now supports the _at parameter (including multiple repetitions) for history operation

AuthorizationInterceptor can now allow or deny requests to extended operations (e.g. $everything)

#346

Server now respects the parameter _format=application/xml+fhir" which is technically invalid since the + should be escaped, but is likely to be used. Also, a parameter of _format=html can now be used, which forces SyntaxHighlightingInterceptor to use HTML even if the headers wouldn't otherwise trigger it. Thanks to Jim Steel for reporting!

JPA server now allows "forced IDs" (ids containing non-numeric, client assigned IDs) to use the same logical ID part on different resource types. E.g. A server may now have both Patient/foo and Obervation/foo on the same server.

Note that existing databases will need to modify index "IDX_FORCEDID" as it is no longer unique, and perform a reindexing pass.

Performance has been improved for the initial FhirContext object creation by avoiding a lot of unnecessary reflection. HAPI FHIR 1.5 had a regression compared to previous releases and this has been corrected, but other improvements have been made so that this release is faster than previous releases too.

In addition, a new "deferred scan" mode has been implemented for even faster initialization on slower environments (e.g. Android). See the performance documentation for more information.

The following shows our benchmarks for context initialization across several versions of HAPI:

  • Version 1.4: 560ms
  • Version 1.5: 800ms
  • Version 1.6: 340ms
  • Version 1.6 (deferred mode): 240ms

#350

When serializing/encoding custom types which replace exsting choice fields by fixing the choice to a single type, the parser would forget that the field was a choice and would use the wrong name (e.g. "abatement" instead of "abatementDateType"). Thanks to Yaroslav Kovbas for reporting and providing a unit test!

JPA server transactions sometimes created an incorrect resource reference if a resource being saved contained references that had a display value but not an actual reference. Thanks to David Hay for reporting!

#356

Generated conformance statements for DSTU3 servers did not properly reference their OperationDefinitions. Thanks to Phillip Warner for implementing this, and providing a pull request!

#359

Properly handle null arrays when parsing JSON resources. Thanks to Subhro for fixing this and providing a pull request!

STU3 validator failed to validate codes where the code was a child code within the code system that contained it (i.e. not a top level code). Thanks to Jon Zammit for reporting!

#361

Restore the setType method in the DSTU1 Bundle class, as it was accidentally commented out. Thanks to GitHub user @Virdulys for the pull request!

CLI tool cache feature (-c) for upload-example task sometimes failed to write cache file and exited with an exception.

Fix error message in web testing UI when loading pages in a search result for STU3 endpoints.

When encoding JSON resource, the parser will now always ensure that XHTML narrative content has an XHTML namespace declaration on the first DIV tag. This was preventing validation for some resources using the official validator rules.

Server failed to invoke operations when the name was escaped (%24execute instead of $execute). Thanks to Michael Lawley for reporting!

JPA server transactions containing a bundle that has multiple entries trying to delete the same resource caused a 500 internal error

JPA module failed to index search parameters that mapped to a Timing datatype, e.g. CarePlan:activitydate

#345

ResponseValidatingInterceptor threw an InternalErrorException (HTTP 500) for operations that do not return any content (e.g. delete). Thanks to Mohammad Jafari for reporting!

Server / JPA server date range search params (e.g. Encounter:date) now treat a single date with no comparator (or the eq comparator) as requiring that the value be completely contained by the range specified. Thanks to Chris Moesel for the suggestion.

In server, if a parameter was annotated with the @Count annotation, the count would not appear in the self/prev/next links and would not actually be applied to the search results by the server. Thanks to Jim Steele for letting us know!

Conditional update on server failed to process if the conditional URL did not have any search parameters that did not start with an underscore. E.g. "Patient?_id=1" failed even though this is a valid conditional reference.

#366

When posting a resource to a server that contains an invalid value in a boolean field (e.g. Patient with an active value of "1") the server should return an HTTP 400, not an HTTP 500. Thanks to Jim Steel for reporting!

#364

Enable parsers to parse and serialize custom resources that contain custom datatypes. An example has been added which shows how to do this in the docs.

JSON parser was incorrectly encoding resource language attribute in JSON as an array instead of a string. Thanks to David Hay for reporting!

#342

REST server now throws an HTTP 400 instead of an HTTP 500 if an operation which takes a FHIR resource in the request body (e.g. create, update) contains invalid content that the parser is unable to parse. Thanks to Jim Steel for the suggestion!

#369

FhirTerser.cloneInto method failed to clone correctly if the source had any extensions. Thanks to GitHub user @Virdulys for submitting and providing a test case!

Web Testing UI was not able to correctly post an STU3 transaction

DateTime parser incorrectly parsed times where more than 3 digits of precision were provided on the seconds after the decimal point

#374

Create and Update operations in server did not include ETag or Last-Modified headers even though the spec says they should. Thanks to Jim Steel for reporting!

#371

Update STU3 client and server to use the new sort parameter style (param1,-param2,param). Thanks to GitHub user @euz1e4r for reporting!

QuantityClientParam#withUnit(String) put the unit into the system part of the parameter value

Fluent client searches with date parameters were not correctly using new prefix style (e.g. gt) instead of old one (e.g. >)

#370

Some built-in v3 code systems for STU3 resources were missing certain codes, which caused false failures when validating resources. Thanks to GitHub user @Xoude for reporting!

#365

Some methods on DSTU2 model structures have JavaDocs that incorrectly claim that the method will not return null when in fact it can. Thanks to Rick Riemer for reporting!

#267

Operation definitions (e.g. for $everything operation) in the generated server conformance statement should not include the $ prefix in the operation name or code. Thanks to Dion McMurtrie for reporting!

#378

Server generated OperationDefinition resources did not validate due to some missing elements (kind, status, etc.). Thanks to Michael Lawley for reporting!

#379

Operations that are defined on multiple resource provider types with the same name (e.g. "$everything") are now automatically exposed by the server as separate OperationDefinition resources per resource type. Thanks to Michael Lawley for reporting!

#380

OperationDefinition resources generated automatically by the server for operations that are defined within resource/plain providers incorrectly stated that the maximum cardinality was "*" for non-collection types with no explicit maximum stated, which is not the behaviour that the JavaDoc on the @OperationParam annotation describes. Thanks to Michael Lawley for reporting!

Server parameters annotated with @Since or @Count which are of a FHIR type such as IntegerDt or DateTimeType will now be set to null if the client's URL does not contain this parameter. Previously they would be populated with an empty instance of the FHIR type, which was inconsistent with the way other server parameters worked.

DecimalType used BigDecimal constructor instead of valueOf method to create a BigDecimal from a double, resulting in weird floating point conversions. Thanks to Craig McClendon for reporting!

#394

Remove the depdendency on a method from commons-lang3 3.3 which was causing issues on some Android phones which come with an older version of this library bundled. Thanks to Paolo Perliti for reporting!

Parser is now better able to handle encoding fields which have been populated with a class that extends the expected class

When declaring a child with order=Child.REPLACE_PARENT the serialized form still put the element at the end of the resource instead of in the correct order

Fix STU3 JPA resource providers to allow validate operation at instance level

Improve performance when parsing large bundles by fixing a loop over all of the entries inthe bundle to stitch together cross-references, which was happening once per entry instead of once overall. Thanks to Erick on the HAPI FHIR Google Group for noticing that this was an issue!

Remove some clases that were deprecated over a year ago and have suitable replacements:

  • QualifiedDateParam has been removed, but DateParam may be used instead
  • PathSpecification has been removedm but Include may be used instead

Remove the Remittance resource from DSTU2 structures, as it is not a real resource and was causing issues with interoperability with the .NET client.

DSTU2+ servers no longer return the Category header, as this has been removed from the FHIR specification (and tags are now available in the resource body so the header was duplication/wasted bandwidth)

JSON parser no longer allows the resource ID to be specified in an element called "_id" (the correct one is "id"). Previously _id was allowed because some early FHIR examples used that form, but this was never actually valid so it is now being removed.

1.1.27HAPI FHIR 1.5

 

Release Information

Released: 2016-04-20

Changes

Bump the version of a few dependencies to the latest versions (dependent HAPI modules listed in brackets):

  • Hibernate (JPA, Web Tester): 5.0.7 -> 5.1.0
  • Spring (JPA, Web Tester): 4.2.4 -> 4.2.5
  • SLF4j (All): 1.7.14 -> 1.7.21

The RequestDetails and ActionRequestDetails objects which are passed to server interceptor methods and may also be used as server provider method arguments now has a new method Map<String, String> getUserData() which can be used to pass data and objects between interceptor methods to to providers. This can be useful, for instance, if an authorization interceptor wants to pass the logged in user's details to other parts of the server.

Support comments when parsing and encoding both JSON and XML. Comments are retrieved and added to the newly created methods IBase#getFormatCommentsPre() and IBase#getFormatCommentsPost()

#304

Improve error message if incorrect type is placed in a list field in the data model. Java uses generics to prevent this at compile time, but if someone is in an environment without generics this helps improve the error message at runtime. Thanks to Hugo Soares for suggesting.

Per discussion on the FHIR implementer chat, the JPA server no longer includes _revinclude matches in the Bundle.total count, or the page size limit.

JPA server now persists search results to the database in a new table where they can be temporaily preserved. This makes the JPA server much more scalable, since it no longer needs to store large lists of pages in memory between search invocations.

Old searches are deleted after an hour by default, but this can be changed via a setting in the DaoConfig.

JPA servers' resource version history mechanism has been adjusted so that the history table keeps a record of all versions including the current version. This has the very helpful side effect that history no longer needs to be paged into memory as a complete set. Previously history had a hard limit of only being able to page the most recent 20000 entries. Now it has no limit.

#293

Added options to the CLI upload-examples command which allow it to cache the downloaded content file, or use an arbitrary one. Thanks to Adam Carbone for the pull request!

JPA server applies _lastUpdated filter inline with other searches wherever possible instead of applying this filter as a second query against the results of the first query. This should improve performance when searching against large datasets.

Parsers have new method setDontEncodeElements which can be used to force the parser to not encode certain elements in a resource when serializing. For example this can be used to omit sensitive data or skip the resource metadata.

JPA server database design has been adjusted so that different tables use different sequences to generate their indexes, resulting in more sequential resource IDs being assigned by the server

DSTU2 resources now have a getMeta() method which returns a modifiable view of the resource metadata for convenience. This matches the equivalent method in the DSTU3 structures.

#315

Add a new method to FhirContext called setDefaultTypeForProfile which can be used to specify that when recources are received which declare support for specific profiles, a specific custom structures should be used instead of the default. For example, if you have created a custom Observation class for a specific profile, you could use this method to cause your custom type to be used by the parser for resources in a search bundle you receive.

See the documentation page on Profiles and Extensions for more information.

#321

Set up the tinder plugin to work as an ant task as well as a Maven plugin, and to use external sources. Thanks to Bill Denton for the pull request!

Introduce a JAX-RS client provider which can be used instead of the default Apache HTTP Client provider to provide low level HTTP services to HAPI's REST client. See JAX-RS & Alternate HTTP Client Providers for more information.

This is useful in cases where you have other non-FHIR REST clients using a JAX-RS provider and want to take advantage of the rest of the framework.

Thanks to Peter Van Houte from Agfa for the amazing work!

Operations methods defined using @Operation will now infer the maximum number of repetitions of their parameters by the type of the parameter. Previously if a default max() value was not specified in the @OperationParam annotation on a parameter, the maximum was assumed to be 1. Now, if a max value is not explicitly specified and the type of the parameter is a basic type (e.g. StringDt) the max will be 1. If the parameter is a collection type (e.g. List<StringDt>) the max will be *

#317

Operation methods defined using @Operation may now use search parameter types, such as TokenParam and TokenAndListParam as values. Thanks to Christian Ohr for reporting!

Add databases indexes to JPA module search index tables for the RES_ID column on each. This should help performance when searching over large datasets. Thanks to Emmanuel Duviviers for the suggestion!

JPA server number and quantity search params now follow the rules for the use of precision in search terms outlined in the search page of the FHIR specification. For example, previously a 1% tolerance was applied for all searches (10% for approximate search). Now, a tolerance which respects the precision of the search term is used (but still 10% for approximate search).

JPA server now supports searching for _tag:not=[tag] which enables finding resources that to not have a given tag/profile/security tag. Thanks to Lars Kristian Roland for the suggestion!

Improve CLI error message if the tool can't bind to the requested port. Thanks to Claude Nanjo for the suggestion!

RestfulServer now manually parses URL parameters instead of relying on the container's parsed parameters. This is useful because many Java servlet containers (e.g. Tomcat, Glassfish) default to ISO-8859-1 encoding for URLs insetad of the UTF-8 encoding specified by FHIR.

ResponseHighlightingInterceptor now doesn't highlight if the request has an Origin header, since this probably denotes an AJAX request.

JPA server now supports :above and :below qualifiers on URI search params

Add optional support (disabled by default for now) to JPA server to support inline references containing search URLs. These URLs will be resolved when a resource is being created/updated and replaced with the single matching resource. This is being used as a part of the May 2016 Connectathon for a testing scenario.

The server no longer adds a WWW-Authenticate header to the response if any resource provider code throws an AuthenticationException . This header is used for interactive authentication, which isn't generally appropriate for FHIR. We added code to add this header a long time ago for testing purposes and it never got removed. Please let us know if you need the ability to add this header automatically. Thanks to Lars Kristian Roland for pointing this out.

#339

Security Fix: XML parser was vulnerable to XXE (XML External Entity) processing, which could result in local files on disk being disclosed. See this page for more information. Thanks to Jim Steel for reporting!

In the client, the create/update operations on a Binary resource (which use the raw binary's content type as opposed to the FHIR content type) were not including any request headers (Content-Type, User-Agent, etc.) Thanks to Peter Van Houte of Agfa Healthcare for reporting!

Handling of Binary resources containing embedded FHIR resources for create/update/etc operations has been corrected per the FHIR rules outlined at Binary Resource in both the client and server.

Essentially, if the Binary contains something that isn't FHIR (e.g. an image with an image content-type) the client will send the raw data with the image content type to the server. The server will place the content type and raw data into a Binary resource instance and pass those to the resource provider. This part was already correct previous to 1.5.

On the other hand, if the Binary contains a FHIR content type, the Binary is now sent by the client to the server as a Binary resource with a FHIR content-type, and the embedded FHIR content is contained in the appropriate fields. The server will pass this "outer" Binary resource to the resource provider code.

#297

When IServerInterceptor#incomingRequestPreHandled() is called for a @Validate method, the resource was not populated in the ActionRequestDetails argument. Thanks to Ravi Kuchi for reporting!

#298

Request to server at [baseUrl]/metadata with an HTTP method other than GET (e.g. POST, PUT) should result in an HTTP 405. Thanks to Michael Lawley for reporting!

#302

Fix a server exception when trying to automatically add the profile tag to a resource which already has one or more profiles set. Thanks to Magnus Vinther for reporting!

#296

QuantityParam parameters being used in the RESTful server were ignoring the :missing qualifier. Thanks to Alexander Takacs for reporting!

#299

Annotation client failed with an exception if the response contained extensions on fields in the resonse Bundle (e.g. Bundle.entry.search). Thanks to GitHub user am202 for reporting!

#274

Primitive elements with no value but an extension were sometimes not encoded correctly in XML, and sometimes not parsed correctly in JSON. Thanks to Bill de Beaubien for reporting!

#280

The Web Testing UI has long had an issue where if you click on a button which navigates to a new page (e.g. search, read, etc) and then click the back button to return to the original page, the button you clicked remains disabled and can't be clicked again (on Firefox and Safari). This is now fixed. Unfortunately the fix means that the buttom will no longer show a "loading" spinner, but there doesn't seem to be another way of fixing this. Thanks to Mark Scrimshire for reporting!

Extensions found while parsing an object that doesn't support extensions are now reported using the IParserErrorHandler framework in the same way that other similar errors are handled. This allows the parser to be more lenient when needed.

#308

Prevent an unneeded warning when parsing a resource containing a declared extension. Thanks to Matt Blanchette for reporting!

Web Tester UI did not invoke VRead even if a version ID was specified. Thanks to Poseidon for reporting!

JPA server returned the wrong Bundle.type value (COLLECTION, should be SEARCHSET) for $everything operation responses. Thanks to Sonali Somase for reporting!

#305

REST and JPA server should reject update requests where the resource body does not contain an ID, or contains an ID which does not match the URL. Previously these were accepted (the URL ID was trusted) which is incorrect according to the FHIR specification. Thanks to GitHub user ametke for reporting!

As a part of this change, server error messages were also improved for requests where the URL does not contain an ID but needs to (e.g. for an update) or contains an ID but shouldn't (e.g. for a create)

When fields of type BoundCodeDt (e.g. Patient.gender) are serialized and deserialized using Java's native object serialization, the enum binder was not serialized too. This meant that values for the field in the deserialized object could not be modified. Thanks to Thomas Andersen for reporting!

#313

REST Server responded to HTTP OPTIONS requests with any URI as being a request for the server's Conformance statement. This is incorrect, as only a request for OPTIONS [base url] should be treated as such. Thanks to Michael Lawley for reporting!

REST annotation style client was not able to handle extended operations ($foo) where the response from the server was a raw resource instead of a Parameters resource. Thanks to Andrew Michael Martin for reporting!

Server now correctly serves up Binary resources using their native content type (instead of as a FHIR resource) if the request contains an accept header containing "application/xml" as some browsers do.

#315

Parsing/Encoding a custom resource type which extends a base type sometimes caused the FhirContext to treat all future parses of the same resource as using the custom type even when this was not wanted.

Custom structures may now be explicitly declared by profile using the setDefaultTypeForProfile method.

This issue was discovered and fixed as a part of the implementation of issue #315.

REST search parameters with a prefix/comparator had not been updated to use the DSTU2 style prefixes (gt2011-01-10) instead of the DSTU1 style prefixes (>2011-01-01). The client has been updated so that it uses the new prefixes if the client has a DSTU2+ context. The server has been updated so that it now supports both styles.

As a part of this change, a new enum called ParamPrefixEnum has been introduced. This enum replaces the old QuantityCompararatorEnum which has a typo in its name and can not represent several new prefixes added since DSTU1.

JPA server now allows searching by token parameter using a system only and no code, giving a search for any tokens which match the given token with any code. Previously the expected behaviour for this search was not clear in the spec and HAPI had different behaviour from the other reference servers.

#312

Parser failed with a NPE while encoding resources if the resource contained a null extension. Thanks to steve1medix for reporting!

#320

In generated model classes (DSTU1/2) don't use BoundCodeDt and BoundCodeableConceptDt for coded fields which use example bindings. Thanks to GitHub user Ricq for reporting!

DateTimeType should fail to parse 1974-12-25+10:00 as this is not a valid time in FHIR. Thanks to Grahame Grieve for reporting!

When parsing a Bundle resource, if the Bundle.entry.request.url contains a UUID but the resource body has no ID, the Resource.id will be populated with the ID from the Bundle.entry.request.url. This is helpful when round tripping Bundles containing UUIDs.

When parsing a DSTU3 bundle, references between resources did not have the actual resource instance populated into the reference if the IDs matched as they did in DSTU1/2.

#326

Contained resource references on DSTU3 resources were not serialized correctly when using the Json Parser. Thanks to GitHub user @fw060 for reporting and supplying a patch which corrects the issue!

#325

DSTU3 model classes equalsShallow and equalsDeep both did not work correctly if a field was null in one object, but contained an empty object in the other (e.g. a StringType with no actual value in it). These two should be considered equal, since they would produce the exact same wire format.

Thanks to GitHub user @ipropper for reporting and providing a test case!

Extensions containing resource references did not get encoded correctly some of the time. Thanks to Poseidon for reporting!

Parsers (both XML and JSON) encoded the first few elements of DSTU3 structures in the wrong order: Extensions were placed before any other content, which is incorrect (several elements come first: meta, text, etc.)

In server implementations, the Bundle.entry.fullUrl was not getting correctly populated on Hl7OrgDstu2 servers. Thanks to Christian Ohr for reporting!

#335

Ensure that element IDs within resources (i.e. IDs on elements other than the resource itself) get serialized and parsed correctly. Previously, these didn't get serialized in a bunch of circumstances. Thanks to Vadim Peretokin for reporting and providing test cases!

Server param of _summary=text did not include mandatory elements in return as well as the text element, even though the FHIR specification required it.

Remove invalid resource type "Documentation" from DSTU2 structures.

#291

Fix a failure starting the REST server if a method returns an untyped List, which among other things prevented resource provider added to the server as CDI beans in a JBoss enviroment. Thanks to GitHub user fw060 (Fei) for reporting and figuring out exactly why this wasn't working!

JPA server did not respect target types for search parameters. E.g. Appointment:patient has a path of "Appointment.participant.actor" and a target type of "Patient". The search path was being correctly handled, but the target type was being ignored.

1.1.28HAPI FHIR 1.4

 

Release Information

Released: 2016-02-04

Changes

Bump the version of a few dependencies to the latest versions (dependent HAPI modules listed in brackets):

  • Hibernate (JPA, Web Tester): 5.0.3 -> 5.0.7
  • Springframework (JPA, Web Tester): 4.2.2 -> 4.2.4
  • Phloc-Commons (Schematron Validator): 4.3.6 -> 4.4.4
  • Apache httpclient (Client): 4.4 -> 4.5.1
  • Apache httpcore (Client): 4.4 -> 4.4.4
  • SLF4j (All): 1.7.13 -> 1.7.14

#265

Add a constraint that the Maven build will only run in JDK 8+. HAPI remains committed to supporting JDK 6+ in the compiled library, but these days it can only be built using JDK 8. Thanks to joelsch for the PR!

#240

Support target parameter type in _include / _revinclude values, e.g. _include=Patient:careProvider:Organization. Thanks to Joe Portner for reporting!

Use ResponseHighlighterInterceptor in the hapi-fhir-jpaserver-example project to provide nice syntax highlighting. Thanks to Rob Hausam for noting that this wasn't there.

Introduce custom @CoverageIgnore annotation to hapi-fhir-base in order to remove dependency on cobertura during build and in runtime.

JsonParser has been changed so that when serializing numbers it will use plain format (0.001) instead of scientific format (1e-3). The latter is valid JSON, and the parser will still correctly parse either format (all clients should be prepared to) but this change makes serialized resources appear more consistent between XML and JSON. As a result of this change, trailing zeros will now be preserved when serializing as well.

#278

Add DSTU3 example to hapi-fhir-jpaserver-example. Thanks to Karl Davis for the Pull Request!

RestfulServer#setUseBrowserFriendlyContentTypes has been deprecated and its functionality removed. The intention of this feature was that if it detected a request coming in from a browser, it would serve up JSON/XML using content types that caused the browsers to pretty print. But each browser has different rules for when to pretty print, and after we wrote that feature both Chrome and FF changed their rules to break it anyhow. ResponseHighlightingInterceptor provides a better implementation of this functionality and should be used instead.

Add two new server interceptors: RequestValidatingInterceptor and ResponseValidatingInterceptor which can be used to validate incoming requests or outgoing responses using the standard FHIR validation tools. See the Server Validation Page for examples of how to use these interceptors. These intereptors have both been enabled on the public test page.

#288

Add new methods to RestfulClientFactory allowing you to configure the size of the client pool used by Apache HttpClient. Thanks to Matt Blanchette for the pull request!

Add support for new modifier types on Token search params in Server and annotation client.

#289

Allow server to correctly figure out it's own address even if the container provides a Servlet Context Path which does not include the root. Thanks to Petro Mykhaylyshyn for the pull request!

#251

Introduce a JAX-RS version of the REST server, which can be used to deploy the same resource provider implementations which work on the existing REST server into a JAX-RS (e.g. Jersey) environment. Thanks to Peter Van Houte from Agfa for the amazing work!

CLI now supports writing to file:// URL for 'upload-examples' command

GZipped content is now supported for client-to-server uploads (create, update, transaction, etc.). The server will not automatically detect compressed incoming content and decompress it (this can be disabled using a RestfulServer configuration setting). A new client interceptor has been added which compresses outgoing content from the client.

Add a new method to the generic/fluent client for searching: .count(int)
This replaces the existing ".limitTo(int)" method which has now been deprocated because it was badly named and undocumented.

Profile validator has been configured to allow extensions even if they aren't explicitly declared in the profile.

Remove a dependency on a Java 1.7 class (ReflectiveOperationException) in several spots in the codebase. This dependency was accidentally introduced in 1.3, and animal-sniffer-plugin failed to detect it (sigh).

When serializing a value[x] field, if the value type was a profiled type (e.g. markdown is a profile of string) HAPI 1.3 would use the base type in the element name, e.g. valueString instead of valueMarkdown. After discussion with Grahame, this appears to be incorrect behaviour so it has been fixed.

Server-generated conformance statements incorrectly used /Profile/ instead of /StructureDefinition/ in URL links to structures.

#283

Remove dependency on Servlet-API 3.0+ by using methods available in 2.5 where possible. Note that we continue to use Servlet-API 3.0+ features in some parts of the JPA API, so running in an old serlvet container should be tested well before use. Thanks to Bill Denton for reporting!

#286

Server conformance statement should include search parameter chains if the chains are explicitly defined via @Search(whitelist={....}). Thanks to lcamilo15 for reporting!

Remove afterPropertiesSet() call in Java config for JPA server's EntityManagerFactory. This doesn't need to be called manually, the the manual call led to a warning about the EntityManager being created twice.

#259

Make IBoundCodeableConcept and IValueSetEnumBinder serializable, fixing an issue when trying to serialize model classes containing bound codes. Thanks to Nick Peterson for the Pull Request!

JPA server transaction attempted to validate resources twice each, with one of these times being before anything had been committed to the database. This meant that if a transaction contained both a Questionnaire and a QuestionnaireResponse, it would fail because the QuestionnaireResponse validator wouldn't be able to find the questionnaire. This is now corrected.

Narrative generator framework has removed the ability to generate resource titles. This functionality was only useful for DSTU1 implementations and wasn't compatible with coming changes to that API.

1.1.29HAPI FHIR 1.3

 

Release Information

Released: 2015-11-14

Changes

Bump the version of a few dependencies to the latest versions (dependent HAPI modules listed in brackets):

  • Commons-lang3 (Core): 3.3.2 -> 3.4
  • Logback (Core): 1.1.2 -> 1.1.3
  • SLF4j (Core): 1.7.102 -> 1.7.12
  • Springframework (JPA, Web Tester): 4.1.5 -> 4.2.2
  • Hibernate (JPA, Web Tester): 4.2.17 -> 5."
  • Hibernate Validator (JPA, Web Tester): 5.2.1 -> 5.2.2
  • Derby (JPA, CLI, Public Server): 10.11.1.1 -> 10.12.1.1
  • Jetty (JPA, CLI, Public Server): 9.2.6.v20141205 -> 9.3.4.v20151007

JPA and Tester Overlay now use Spring Java config files instead of the older XML config files. All example projects have been updated.

#250

Clients (generic and annotation) did not populate the Accept header on outgoing requests. This is now populated to indicate that the client supports both XML and JSON unless the user has explicitly requested one or the other (in which case the appropriate type only will be send in the accept header). Thanks to Avinash Shanbhag for reporting!

QuestionnaireResponse validator now allows responses to questions of type OPENCHOICE to be of type 'string'

JPA server now supports searching with sort by token, quantity, number, Uri, and _lastUpdated (previously only string, date, and _id were supported)

JPA server Patient/[id]/$everything operation now supports _lastUpdated filtering and _sort'ing of results.

JPA server removes duplicate resource index entries before storing them (e.g. if a patient has the same name twice, only one index entry is created for that name)

JPA server now supports $everything on Patient and Encounter types (patient and encounter instance was already supported)

Generic client operation invocations now have an additional inline method for generating the input Parameters using chained method calls instead of by passing a Parameters resource in

Generic/fluent client search can now be performed using a complete URL supplied by user code. Thanks to Simone Heckmann pointing out that this was needed!

Refactor JPA $everything operations so that they perform better

Server operation methods can now declare the ID optional, via @IdParam(optional=true) meaning that the same operation can also be invoked at the type level.

Make JPA search queries with _lastUpdated parameter a bit more efficient

#239

Clean up Android project to make it more lightweight and remove a number of unneeded dependencies. Thanks to Thomas Andersen for the pull request!

JPA server maximumn length for a URI search parameter has been reduced from 256 to 255 in order to accomodate MySQL's indexing requirements

Introduce IJpaServerInterceptor interceptors for JPA server which can be used for more fine grained operations.

Add ability for a server REST resource provider @Search method to declare that it should allow even parameters it doesn't understand.

JPA $everything operations now support new parameters _content and _text, which work the same way as the same parameters on a search. This is experimental, since it is not a part of the core FHIR specification.

#250

Process "Accept: text/xml" and "Accept: text/json" headers was wanting the equivalent FHIR encoding styles. These are not correct, but the intention is clear so we will honour them just to be helpful.

#254

Add the ability to wire JPA conformance providers using Spring (basically, add default constructors and setters to the conformance providers). Thanks to C. Mike Bylund for the pull request!

#225

Support AND/OR on _id search parameter in JPA

JPA server gave an unhelpful error message if $meta-add or $meta-delete were called with no meta elements in the input Parameters

#227

JPA server should reject resources with a reference that points to an incorrectly typed resource (e.g. points to Patient/123 but resource 123 is actually an Observation) or points to a resource that is not valid in the location it is found in (e.g. points to Patient/123 but the field supposed to reference an Organization). Thanks to Bill de Beaubien for reporting!

In server, if a client request is received and it has an Accept header indicating that it supports both XML and JSON with equal weight, the server's default is used instead of the first entry in the list.

Fix issue in JPA where a search with a _lastUpdated filter which matches no results would crash if the search also had a _sort

Fix several cases where invalid requests would cause an HTTP 500 instead of a more appropriate 400/404 in the JPA server (vread on invalid version, delete with no ID, etc.)

Fix narrative generation for DSTU2 Medication resource

Profile validator now works for valuesets which use v2 tables

#233

Fix parser issue where profiled choice element datatypes (e.g. value[x] where one allowable type is Duration, which is a profile of Quantity) get incorrectly encoded using the profiled datatype name instead of the base datatype name as required by the FHIR spec. Thanks to Nehashri Puttu Lokesh for reporting!

Some generated Enum types in DSTU2 HAPI structures did not have latest valueset definitions applied. Thanks to Bill de Beaubien for reporting!

JPA server can now successfully search for tokens pointing at code values (values with no explicit system but an implied one, such as Patient.gender) even if the system is supplied in the query.

#235

Correct issues with Android library. Thanks to Thomas Andersen for the submission!

JPA server incorrectly rejected match URLs if they did not contain a question mark. Thanks to Bill de Beaubien for reporting!

#234

Remove invalid entries in OSGi Manifest. Thanks to Alexander Kley for the fix!

Parsing an XML resource where the XHTML namespace was declared before the beginning of the narrative section caused an invalid re-encoding when encoding to JSON.

Conditional deletes in JPA did not correctly process if the condition had a chain or a qualifier, e.g. "Patient?organization.name" or "Patient.identifier:missing"

JPA server did not correctly index search parameters of type "reference" where the path had multiple entries (i.e. "Resource.path1 | Resource.path2")

Fix a crash when encoding a Binary resource in JSON encoding if the resource has no content-type

JPA server now supports read/history/search in transaction entries by calling the actual implementing method in the server (previously the call was simulated, which meant that many features did not work)

ResourceReferenceDt#loadResource(IRestfulClient) did not use the client's read functionality, so it did not handle JSON responses or use interceptors. Thanks to JT for reporting!

#242

Server failed to respond correctly to compartment search operations if the same provider also contained a read operation. Thanks to GitHub user @am202 for reporting!

JPA server _history operations (server, type, instance) not correctly set the Bundle.entry.request.method to POST or PUT for create and updates of the resource.

#245

Fix issue in testpage-overlay's new Java configuration where only the first configured server actually gets used.

#241

Parser (XML and JSON) shouldn't encode an ID tag in resources which are part of a bundle when the resource has a UUID/OID ID.

#247

Correctly set the Bundle.type value on all pages of a search result in the server, and correcltly set the same value in JPA server $everything results.

Generated Enum types for some ValueSets did not include all codes (specifically, ValueSets which defined concepts containing child concepts did not result in Enum values for the child concepts)

#253

In the JPA server, order of transaction processing should be DELETE, POST, PUT, GET, and the order should not matter within entries with the same verb. Thanks to Bill de Beaubien for reporting!

Constructor for DateRanfeParam which dates in two DateParam instances was ignoring comparators on the DateParam.

In JSON parsing, finding an object where an array was expected led to an unhelpful error message. Thanks to Avinash Shanbhag for reporting!

Narrative generator did not include OperationOutcome.issue.diagnostics in the generated narrative.

1.1.30HAPI FHIR 1.2

 

Release Information

Released: 2015-09-18

Changes

JPA server now validates QuestionnaireAnswers for conformance to their respective Questionnaire if one is declared.

SyntaxHighlightingInterceptor now also highlights OperationOutcome responses for errors/exceptions.

Switch REST server to using HttpServletRequest#getContextPath() to get the servlet's context path. This means that the server should behave more predictably, and should work in servlet 2.4 environments. Thanks to Ken Zeisset for the suggestion!

#200

Vagrant environment now has an apt recipt to ensure that package lists are up to date. Thanks to GitHub user Brian S. Corbin (@corbinbs) for thr contribution!

JPA server and generic client now both support the _tag search parameter

Add support for BATCH mode to JPA server transaction operation

Create new android specialty libraries for DSTU1 and DSTU2

JPA server now implements the $validate-code operation

#125

HAPI-FHIR now has support for _summary and _elements parameters, in server, client, and JPA server.

Resource references using resource instance objects instead of resource IDs will correctly qualify the IDs with the resource type if they aren't already qualified

#211

Testpage Overlay project now properly allows a custom client factory to be used (e.g. for custom authentication, etc.) Thanks to Chin Huang (@pukkaone) for the pull request!

_include parameters now support the new _include:recurse=FOO syntax that has been introduced in DSTU2 in the Client, Server, and JPA Server modules. Non-recursive behaviour is now the default (previously it was recursive) and :recurse needs to be explicitly stated in order to support recursion.

New operations added to JPA server to force re-indexing of all resources (really only useful after indexes change or bugs are fixed)

Server now exports operations as separate resources instead of as contained resources within Conformance

JPA server can now store Conformance resources, per a request from David Hay

ResponseHighlightingInterceptor now skips handling responses if it finds a URL parameter of _raw=true (in other words, if this parameter is found, the response won't be returned as HTML even if the request is detected as coming from a browser.

RestfulServer now supports dynamically adding and removing resource providers at runtime. Thanks to Bill Denton for adding this.

JPA server now correctly suppresses contents of deleted resources in history

Add new operation $get-resource-counts which will replace the resource count extensions exported in the Conformance statement by the JPA server.

JPA server now supports $validate operation completely, including delete mode and profile validation using the RI InstanceValidator

Add another method to IServerInterceptor which converts an exception generated on the server into a BaseServerResponseException. This is useful so that servers using ResponseHighlighterInterceptor will highlight exceptions even if they aren't created with an OperationOutcome.

Resources and datatypes are now serializable. This is an experimental feature which hasn't yet been extensively tested. Please test and give us your feedback!

#192

Server was not correctly unescaping URL parameter values with a trailing comma or an escaped backslash. Thanks to GitHub user @SherryH for all of her help in diagnosing this issue!

Avoid crash when parsing if an invalid child element is found in a resource reference.

Throwing a server exception (e.g. AuthenticationException) in a server interceptor's incomingRequestPreProcessed method resulted in the server returning an HTTP 500 instead of the appropriate error code for the exception being thrown. Thanks to Nagesh Bashyam for reporting!

#207

Fix issue in JSON parser where invalid contained resources (missing a resourceType element) fail to parse with a confusing NullPointerException. Thanks to GitHub user @hugosoares for reporting!

#126

Model classes do not use BoundCodeableConcept for example bindings that do not actually point to any codes (e.g. Observation.interpretation). Thanks to GitHub user @steve1medix for reporting!

#209

_revinclude results from JPA server should have a Bundle.entry.search.mode of "include" and not "match". Thanks to Josh Mandel for reporting!

#212

JPA server should reject IDs containing invalid characters (e.g. "abc:123") but should allow client assigned IDs that contain text but do not start with text. Thanks to Josh Mandel for reporting!

:text modifier on server and JPA server did not work correctly. Thanks to Josh Mandel for reporting!

Fix issue in client where parameter values containing a comma were sometimes double escaped.

JPA server did not correctly index search parameters of type "URI". Thanks to David Hay for reporting! Note that if you are using the JPA server, this change means that there are two new tables added to the database schema. Updating existing resources in the database may fail unless you set default values for the resource table by issuing a SQL command similar to the following (false may be 0 or something else, depending on the database platform in use)
update hfj_resource set sp_coords_present = false;
update hfj_resource set sp_uri_present = false;

FIx issue in JPA server where profile declarations, tags, and security labels were not always properly removed by an update that was trying to remove them. Also don't store duplicates.

Instance $meta operations on JPA server did not previously return the resource version and lastUpdated time

Server responses populate Bundle.entry.fullUrl if possible. Thanks to Bill de Beaubien for reporting!

XML parser failed to initialize in environments where a very old Woodstox library is in use (earlier than 4.0). Thanks to Bill de Beaubien for reporting!

#216

Invalid/unexpected attributes found when parsing composite elements should be logged or reported to the parser error handler

#222

JPA server returned deleted resources in search results when using the _tag, _id, _profile, or _security search parameters

#223

Fix issue with build on Windows. Thanks to Bryce van Dyk for the pull request!

#198

JPA server sorting often returned unexpected orders when multiple indexes of the same type were found on the same resource (e.g. multiple string indexed fields). Thanks to Travis Cummings for reporting!

#158

XmlParser and JsonParser in DSTU2 mode should not encode empty tags in resource. Thanks to Bill De Beaubien for reporting!

OperationDefinitions generated by server did not properly document their return parameters or the type of their input parameters.

Operations in server generated conformance statement should only appear once per name, since the name needs to be unique.

1.1.31HAPI FHIR 1.1

 

Release Information

Released: 2015-07-13

Changes

Add support for reference implementation structures.

LoggingInterceptor for server now supports logging DSTU2 extended operations by name

#179

Add fluent client method for validate operation, and support the new DSTU2 style extended operation for $validate if the client is in DSTU2 mode. Thanks to Eric from the FHIR Skype Implementers chat for reporting.

Server now supports complete Accept header content negotiation, including q values specifying order of preference. Previously the q value was ignored.

Server in DSTU2 mode now indicates that whether it has support for Transaction operation or not. Thanks to Kevin Paschke for pointing out that this wasn't working!

#166

Questionnaire.title now gets correctly indexed in JPA server (it has no path, so it is a special case)

JPA server now supports ifNoneMatch in GET within a transaction request.

DateRangeParam now supports null values in the constructor for lower or upper bounds (but still not both)

Generic/fluent client and JPA server now both support _lastUpdated search parameter which was added in DSTU2

Add $meta, $meta-add, and $meta-delete operations to generic client

Introduce ResponseHighlighterInterceptor, which provides syntax highlighting on RESTful server responses if the server detects that the request is coming from a browser. This interceptor has been added to fhirtest.uhn.ca responses.

#170

Add better addXXX() methods to structures, which take the datatype being added as a parameter. Thanks to Claude Nanjo for the suggestion!

#152

Add a new parser validation mechanism (see the validation page for info) which can be used to validate resources as they are being parsed, and optionally fail if invalid/unexpected elements are found in resource bodies during parsing.

Web tester UI now supports _revinclude

Parsers did not encode the resource meta element if the resource had tags but no other meta elements. Thanks to Bill de Beaubien and Claude Nanjo for finding this.

#178

Support link elements in Bundle.entry when parsing in DSTU2 mode using the old (non-resource) Bundle class. Thanks to GitHub user @joedai for reporting!

Woodstox XML parser has a default setting to limit the maximum length of an attribute to 512kb. This caused issues handling large attachments, so this setting has been increased to 100Mb. Thanks to Nikos Kyriakoulakos for reporting!

#175

Some HTML entities were not correctly converted during parsing. Thanks to Nick Kitto for reporting!

In the JPA Server: Transactions creating resources with temporary/placeholder resource IDs and other resources with references to those placeholder IDs previously did not work if the reference did not contain the resource type (e.g. Patient/urn:oid:0.1.2.3 instead of urn:oid:0.1.2.3). The latter is actually the correct way of specifying a reference to a placeholder, but the former was the only way that worked. Both forms now work, in order to be lenient. Thanks to Bill De Beaubien for reporting!

When parsing Bundles, if Bundle.entry.base is set to "cid:" (for DSTU1) or "urn:uuid:" / "urn:oid:" (for DSTU2) this is now correctly passed as the base in resource.getId(). Conversely, when encoding bundles, if a resource ID has a base defined, and Bundle.entry.base is empty, it will now be automatically set by the parser.

#164

Correct performance issue with :missing=true search requests where the parameter is a resource link. Thanks to wanghaisheng for all his help in testing this.

#188

JPA server now supports sorting on reference parameters. Thanks to Vishal Kachroo for reporting that this wasn't working!

Prevent Last-Updated header in responses coming back to the client from overwriting the 'lastUpdated' value in the meta element in DSTU2 resources. This is important because 'lastUpdated' can have more precision than the equivalent header, but the client previously gave the header priority.

JPA server supports _count parameter in transaction containing search URL (nested search)

DSTU2 servers now indicate support for conditional create/update/delete in their conformance statement.

Support for the Prefer header has been added to the server, client, and JPA modules.

#196

JPA server failed to search for deep chained parameters across multiple references, e.g. "Location.partof.partof.organization". Thanks to Ismael Sarmento Jr for reporting!

Prevent crash when encoding resources with contained resources if the contained resources contained a circular reference to each other

#149

The self link in the Bundle returned by searches on the server does not respect the server's address strategy (which resulted in an internal IP being shown on fhirtest.uhn.ca)

Performing a create operation in a client used an incorrect URL if the resource had an ID set. ID should be ignored for creates. Thanks to Peter Girard for reporting!

IParser#parseResource(Class, String) method, which is used to parse a resource into the given structure will now throw a DataFormatException if the structure is for the wrong type of resource for the one actually found in the input String (or Reader). For example, if a Patient resource is being parsed into Organization.class this will now cause an error. Previously, the XML parser would ignore the type and the JSON parser would fail. This also caused operations to not parse correctly if they returned a resource type other than parameters with JSON encoding (e.g. the $everything operation on UHN's test server). Thanks to Avinash Shanbhag for reporting!

1.1.32HAPI FHIR 1.0

 

Release Information

Released: 2015-04-08

Changes

Bump the version of a few dependencies to the latest versions:

  • Phloc-commons (for schematron validation) 4.3.5 -> 4.3.6
  • Apache HttpClient 4.3.6 -> 4.4
  • Woodstox 4.4.0 -> 4.4.1
  • SLF4j 1.7.9 -> 1.7.10
  • Spring (used in hapi-fhir-jpaserver-base module) 4.1.3.RELEASE -> 4.1.5.RELEASE

Add support for "profile" and "tag" elements in the resource Meta block when parsing DSTU2 structures.

#135

Remove Eclipse and IntelliJ artifacts (.project, *.iml, etc) from version control. Thanks to Doug Martin for the suggestion!

REST server methods may now have a parameter of type NarrativeModeEnum which will be populated with the value of the _narrative URL parameter if one was supplied. Annotation client methods may also include a parameter of this type, and it will be used to populate this parameter on the request URL if it is not null. Thanks to Neal Acharya for the idea!

Android JAR now includes servlet-API classes, as the project will not work without them. Thanks

#138

Add new server address strategy "ApacheProxyAddressStrategy" which uses headers "x-forwarded-host" and "x-forwarded-proto" to determine the server's address. This is useful if you are deploying a HAPI FHIR server behind an Apache proxy (e.g. for load balancing or other reasons). Thanks to Bill de Beaubien for contributing!

Client now supports invoking transcation using a DSTU2-style Bundle resource as the input.

#148

JPA Server $everything operation now allows a _count parameter

Add a new configuration method on the parsers, setStripVersionsFromReferences(boolean) which configures the parser to preserve versions in resource reference links when encoding. By default, these are removed.

#162

Add a framework for the Web Tester UI to allow its internal FHIR client to be configured (e.g. to add an authorization interceptor so that it adds credentials to client requests it makes). Thanks to Harsha Kumara for the suggestion!

Allow fluent/generic client users to execute a transaction using a raw string (containing a bundle resource) as input instead of a Bundle resource class instance.

Add methods for setting the default encoding (XML/JSON) and oretty print behaviour in the Fluent Client. Thanks to Stackoverflow user ewall for the idea.

#167

Rename the Spring Bean definition for the JPA server EntityManager from "myEntityManagerFactory" to just "entityManagerFactory" as this is the default bean name expected in other parts of the Spring framework. Thanks to Mohammad Jafari for the suggestion!

#164

Improve error message when a user tries to perform a create/update with an invalid or missing Content-Type header. Thanks to wanghaisheng for reporting! (This was actually a three part bug, so the following two fixes also reference this bug number)

#164

Add support for :missing qualifier in generic/fluent client.

#164

Add support for :missing qualifier in JPA server.

Add a new configuration method on the parsers, setStripVersionsFromReferences(boolean) which configures the parser to preserve versions in resource reference links when encoding. By default, these are removed.

#171

Add an exception for RESTful clients/servers to represent the HTTP 403 Forbidden status code. Thanks to Joel Costigliola for the patch!

Add support for _revinclude parameter in client, server, and JPA.

Include constants on resources (such as Observation.INCLUDE_VALUE_STRING ) have been switched in the DSTU2 structures to use the new syntax required in DSTU2: [resource name]:[search param NAME] insead of the DSTU1 style [resource name].[search param PATH]

#124

When encoding resources, the parser will now convert any resource references to versionless references automatically (i.e. it will omit the version part automatically if one is present in the reference) since references between resources must be versionless. Additionally, references in server responses will omit the server base URL part of the reference if the base matches the base for the server giving the response.

Searching in JPA server with no search parameter returns deleted resources when it should exclude them.

#116

Requested _include values are preserved across paging links when the server returns multiple pages. Thanks to Bill de Beaubien for reporting!

#143

Resource references between separate resources found in a single bundle did not get populated with the actual resource when parsing a DSTU2 style bundle. Thanks to Nick Peterson for reporting and figuring out why none of our unit tests were actually catching the problem!

#146

JSON encoder did not encode contained resources when encoding a DSTU2 style bundle. Thanks to Mohammad Jafari and baopingle for all of their help in tracking this issue down and developing useful unit tests to demonstrate it.

#147

JPA Server $everything operation could sometimes include a duplicate copy of the main focus resource if it was referred to in a deep chain. Thanks to David Hay for reporting!

#113

When a user manually creates the list of contained resources in a resource, the encoder fails to encode any resources that don't have a '#' at the start of their ID. This is unintuitive, so we now assume that '123' means '#123'. Thanks to myungchoi for reporting and providing a test case!

#139

JPA server failed to index resources containing ContactPointDt elements with populated values (e.g. Patient.telecom). Thanks to Mohammad Jafari for reporting!

#155

Terser's IModelVisitor now supplies to the path to the element. This is an API change, but I don't think there are many users of the IModelVisitor yet. Please let us know if this is a big hardship and we can find an alternate way of making this change.

Prevent server from returning a Content-Location header for search response when using the DSTU2 bundle format

JPA server (uhnfhirtest.uhn.ca) sometimes included an empty "text" element in Bundles being returned.

#163

Fix regression in early 1.0 builds where resource type sometimes does not get populated in a resource ID when the resource is parsed. Thanks to Nick Peterson for reporting, and for providing a test case!

Disable date validation in the web tester UI, so that it is possible to enter partial dates, or dates without times, or even test out invalid date options.

#36

Make BaseElement#getUndeclaredExtensions() and BaseElement#getUndeclaredExtensions() return a mutable list so that it is possible to delete extensions from a resource instance.

#168

Server conformance statement check in clients (this is the check where the first time a given FhirContext is used to access a given server base URL, it will first check the server's Conformance statement to ensure that it supports the correct version of FHIR) now uses any registered client interceptors. In addition, IGenericClient now has a method "forceConformanceCheck()" which manually triggers this check. Thanks to Doug Martin for reporting and suggesting!

Transaction server operations incorrectly used the "Accept" header instead of the "Content-Type" header to determine the POST request encoding. Thanks to Rene Spronk for providing a test case!

#129

JPA Server did not mark a resource as "no longer deleted" if it was updated after being deleted. Thanks to Elliott Lavy and Lloyd McKenzie for reporting!

#128

Fix regression in 0.9 - Server responds with an HTTP 500 and a NullPointerException instead of an HTTP 400 and a useful error message if the client requests an unknown resource type

#130

Narrative generator incorrectly sets the Resource.text.status to 'generated' even if the given resource type does not have a template (and therefore no narrative is actually generated). Thanks to Bill de Beaubien for reporting!

1.1.33HAPI FHIR 0.9

 

Release Information

Released: 2015-03-14

Changes

Support for DSTU2 features introduced: New resource definitions, Bundle resource, encoding changes (ID in resource bodt, meta tag)

RESTful Client now queries the server (only once per server base URL) to ensure that the given server corresponds to the correct version of the FHIR specification, as defined by the FhirContext. This behaviour can be disabled by setting the appropriate configuration on the RestfulClientConfig. Thanks to Grahame Grieve for the suggestion!

JPA module now supports deleting resource via transaction

Add new properties to RestfulServer: "DefaultResponseEncoding", which allows users to configure a default encoding (XML/JSON) to use if none is specified in the client request. Currently defaults to XML. Also "DefaultPrettyPrint", which specifies whether to pretty print responses by default. Both properties can be overridden on individual requets using the appropriate Accept header or request URL parameters.

Library now checks if custom resource types can be instantiated on startup (e.g. because they don't have a no-argument constructor) in order to avoid failing later

Add support for quantity search params in FHIR tester UI

Add support for FHIR "extended operations" as defined in the FHIR DSTU2 specification, for the Generic Client, Annotation Client, and Server.

#77

Server now only automatically adds _include resources which are provided as references if the client request actually requested that specific include. See RestfulServer

Sorting is now supported in the Web Testing UI (previously a button existed for sorting, but it didn't do anything)

#111

Server will no longer include stack traces in the OperationOutcome returned to the client when an exception is thrown. A new interceptor called ExceptionHandlingInterceptor has been created which adds this functionality back if it is needed (e.g. for DEV setups). See the server interceptor documentation for more information. Thanks to Andy Huang for the suggestion!

Bump a few dependency JARs to the latest versions in Maven POM:

  • SLF4j (in base module) - Bumped to 1.7.9
  • Apache HTTPClient (in base module) - Bumped to 4.3.6
  • Hibernate (in JPA module) - Bumped to 4.3.7

#79

JPA server module now supports _include value of * . Thanks to Bill de Beaubien for reporting!

#65

Fix an issue encoding extensions on primitive types in JSON. Previously the "_value" object would be an array even if the field it was extending was not repeatable. This is not correct according to the specification, nor can HAPI's parser parse this correctly. The encoder has been corrected, and the parser has been adjusted to be able to handle resources with extensions encoded in this way. Thanks to Mohammad Jafari for reporting!

#91

Custom/user defined resource definitions which contained more than one child with no order defined failed to initialize properly. Thanks to Andy Huang for reporting and figuring out where the problem was!

#97

DateClientParam#second() incorrectly used DAY precision instead of SECOND precision. Thanks to Tom Wilson for the pull request!

#100

Fix issue where HAPI failed to initialize correctly if Woodstox library was not on the classpath, even if StAX API was configured to use a different provider. Thanks to James Butler for reporting and figuring out where the issue was!

#101

Calling BaseDateTimeDt#setValue(Date, TemporalPrecisionEnum) did not always actually respect the given precision when the value was encoded. Thanks to jacksonjesse for reporting!

#103

Encoders (both XML and JSON) will no longer encode contained resources if they are not referenced anywhere in the resource via a local reference. This is just a convenience for users who have parsed a resource with contained resources and want to remove some before re-encoding. Thanks to Alexander Kley for reporting!

#110

Add support for DSTU2 style security labels in the parser and encoder. Thanks to Mohammad Jafari for the contribution!

Server requests for Binary resources where the client has explicitly requested XML or JSON responses (either with a _format URL parameter, or an Accept request header) will be responded to using the Binary FHIR resource type instead of as Binary blobs. This is in accordance with the recommended behaviour in the FHIR specification.

Observation.applies[x] and other similar search fields with multiple allowable value types were not being correctly indexed in the JPA server.

#122

DateClientParam.before() incorrectly placed "<=" instead of "<" in the request URL. Thanks to Ryan for reporting!

#120

User defined resource types which contain extensions that use a bound code type (e.g. an BoundCodeDt with a custom Enum) failed to parse correctly. Thanks to baopingle for reporting and providing a test case!

#67

IdDt failed to recognize local identifiers containing fragments that look like real identifiers as being local identifiers even though they started with '#'. For example, a local resource reference of "#aa/_history/aa" would be incorrectly parsed as a non-local reference. Thanks to Mohammad Jafari for reporting!

Last-Modified header in server was incorrectly using FHIR date format instead of RFC-1123 format.

Server create and update methods failed with an IllegalArgumentException if the method type was a custom resource definition type (instead of a built-in HAPI type). Thanks to Neal Acharya for the analysis.

IdDt method withServerBase returned String (unlike all of the other "withFoo" methods on that class), and did not work correctly if the IdDt already had a server base. This has been corrected. Note that the return type for this method has been changed, so code may need to be updated.

#84

In previous versions of HAPI, the XML parser encoded multiple contained resources in a single <contained></contained> tag, even though the FHIR specification rerquires a separate <contained></contained> tag for each resource. This has been corrected. Note that the parser will correctly parse either form (this has always been the case) so this change should not cause any breakage in HAPI based trading partners, but may cause issues if other applications have been coded to depend on the incorrect behaviour. Thanks to Mochaholic for reporting!

1.1.34HAPI FHIR 0.8

 

Release Information

Released: 2014-12-17

Changes

API CHANGE: The "FHIR structures" for DSTU1 (the classes which model the resources and composite datatypes) have been moved out of the core JAR into their own JAR, in order to allow support for DEV resources, and DSTU2 resources when thast version is finalized. See the DSTU2 page for more information.

Remove dependency on JAXB libraries, which were used to parse and encode dates and times (even in the JSON parser). JAXB is built in to most JDKs but the version bundled with IBM's JDK is flaky and resulted in a number of problems when deploying to Websphere.

When using Generic Client, if performing a create or update operation using a String as the resource body, the client will auto-detect the FHIR encoding style and send an appropriate Content-Type header.

#53

DateDt left precision value as null in the constructor DateDt(Date) .

API Change: The IResource#getResourceMetadata() method has been changed from returning Map<ResourceMetadataKeyEnum<?>, Object> to returning a new type called ResourceMetadataMap. This new type implements Map<ResourceMetadataKeyEnum<?>, Object> itself, so this change should not break existing code, but may require a clean build in order to run correctly.

Add a method String IResource#getResourceName() which returns the name of the resource in question (e.g. "Patient", or "Observation"). This is intended as a convenience to users.

Server gives a more helpful error message if multiple IResourceProvider implementations are provided for the same resource type. Thanks to wanghaisheng for the idea!

#61

Bring DSTU1 resource definitions up to version 0.0.82-2929
Bring DEV resource definitions up to 0.4.0-3775
Thanks to crinacimpian for reporting!

#62

JPA server did not correctly process _include requests if included resources were present with a non-numeric identifier. Thanks to Bill de Beaubien for reporting!

#38

Profile generation on the server was not working due to IdDt being incorrectly used. Thanks to Bill de Beaubien for the pull request!

#73

Add convenience methods to TokenOrListParam to test whether any of a set of tokens match the given requested list.

#86

Add a protected method to RestfulServer which allows developers to implement their own method for determining which part of the request URL is the FHIR request path (useful if you are embedding the RestulServer inside of another web framework). Thanks to Harsha Kumara for the pull request!

#42

Profiles did not generate correctly if a resource definition class had a defined extension which was of a composite type. Thanks to Bill de Beaubien for the pull request!

#44

Remove unnecessary IOException from narrative generator API. Thanks to Petro Mykhailysyn for the pull request!

#48

Introduced a new @ProvidesResources annotation which can be added to resource provider and servers to allow them to declare additional resource classes they are able to serve. This is useful if you have a server which can serve up multiple classes for the same resource type (e.g. a server that sometimes returns a default Patient, but sometimes uses a custom subclass). Thanks to Bill de Beaubien for the pull request!

#49

Introduced a new @Destroy annotation which can be added to a resource provider method. This method will be called by the server when it is being closed/destroyed (e.g. when the application is being undeployed, the container is being shut down, etc.) Thanks to Bill de Beaubien for the pull request!

Add a new method handleException to the server interceptor framework which allows interceptors to be notified of any exceptions and runtime errors within server methods. Interceptors may optionally also override the default error handling behaviour of the RestfulServer.

Add constants to BaseResource for the "_id" search parameter which all resources should support.

Deprecated API Removal: The following classes (which were deprocated previously) have now been removed:

  • ISecurityManager: If you are using this class, the same functionality is available through the more general purpose server interceptor capabilities.
  • CodingListParam: This class was made redundant by the TokenOrListParam class, which can be used in its place.

DateRangeParam parameters on the server now return correct getLowerBoundAsInstant() and getUpperBoundAsInstant() values if a single unqualified value is passed in. For example, if a query containing &birthdate=2012-10-01 is received, previously these two methods would both return the same value, but with this fix getUpperBoundAsInstant() now returns the instant at 23:59:59.9999.

Resource fields with a type of "*" (or Any) sometimes failed to parse if a value type of "code" was used. Thanks to Bill de Beaubien for reporting!

#50

Primitive datatypes now preserve their original string value when parsing resources, as well as containing the "parsed value". For instance, a DecimalDt field value of 1.0000 will be parsed into the corresponding decimal value, but will also retain the original value with the corresponding level of precision. This allows vadliator rules to be applied to original values as received "over the wire", such as well formatted but invalid dates, e.g. "2001-15-01". Thanks to Joe Athman for reporting and helping to come up with a fix!

#52

JPA module (and public HAPI-FHIR test server) were unable to process resource types where at least one search parameter has no path specified. These now correctly save (although the server does not yet process these params, and it should). Thanks to GitHub user shvoidlee for reporting and help with analysis!

Generic/Fluent Client "create" and "update" method requests were not setting a content type header

RESTful server now doesn't overwrite resource IDs if they are absolute. In other words, if a server's Resource Provider returns a resource with ID "Patient/123" it will be translated to "[base url]/Patient/123" but if the RP returns ID "http://foo/Patient/123" the ID will be returned exactly as is. Thanks to Bill de Beaubien for the suggestion!

#55

JPA module Transaction operation was not correctly replacing logical IDs beginning with "cid:" with server assigned IDs, as required by the specification.

FhirTerser did not visit or find children in contained resources when searching a resource. This caused server implementations to not always return contained resources when they are included with a resource being returned.

Do not strip version from resource references in resources returned from server search methods. Thanks to Bill de Beaubien for reporting!

#54

Correct an issue with the validator where changes to the underlying OperationOutcome produced by a validation cycle cause the validation results to be incorrect.

Client interceptors registered to an interface based client instance were applied to other client instances for the same client interface as well. (Issue did not affect generic/fluent clients)

#57

DateDt, DateTimeDt and types InstantDt types now do not throw an exception if they are used to parse a value with the wrong level of precision for the given type but do throw an exception if the wrong level of precision is passed into their constructors.

This means that HAPI FHIR can now successfully parse resources from external sources that have the wrong level of precision, but will generate a validation error if the resource is validated. Thanks to Alexander Kley for the suggestion!

Encoding a Binary resource without a content type set should not result in a NullPointerException. Thanks to Alexander Kley for reporting!

#60

Client requests which include a resource/bundle body (e.g. create, update, transaction) were not including a charset in the content type header, leading to servers incorrectly assuming ISO-8859/1. Thanks to shvoidlee for reporting!

#59

Clean up the way that Profile resources are automatically exported by the server for custom resource profile classes. See the @ResourceDef JavaDoc for information on how this works.

1.1.35HAPI FHIR 0.7

 

Release Information

Released: 2014-10-23

Changes

#30

API CHANGE: The TagList class previously implemented ArrayList semantics, but this has been replaced with LinkedHashMap semantics. This means that the list of tags will no longer accept duplicate tags, but that tag order will still be preserved. Thanks to Bill de Beaubien for reporting!

Add a new client interceptor which adds HTTP Authorization Bearer Tokens (for use with OAUTH2 servers) to client requests.

HAPI now logs a single line indicating the StAX implementation being used upon the first time an XML parser is created.

Documentation fixes

Documentation on contained resources contained a typo and did not actually produce contained resources. Thanks to David Hay of Orion Health for reporting!

#31

Add a Vagrant based environment (basically a fully built, self contained development environment) for trying out the HAPI server modules. Thanks to Preston Lee for the pull request, and for offering to maintain this!

#32

Change validation API so that it uses a return type instead of exceptions to communicate validation failures. Thanks to Joe Athman for the pull request!

#35

Add a client interceptor which adds an HTTP cookie to each client request. Thanks to Petro Mykhailysyn for the pull request!

Add a collection of new methods on the generic client which support the read and search operations using an absolute URL. This allows developers to perform these operations using URLs they obtained from other sources (or external resource references within resources). In addition, the existing read/vread operations will now access absolute URL references if they are passed in. Thanks to Doug Martin of the Regenstrief Center for Biomedical Informatics for contributing this implementation!

#33

Server was incorrectly including contained resources being returned as both contained resources, and as top-level resources in the returned bundle for search operations. Thanks to Bill de Beaubien for reporting! This also fixes Issue #20, thanks to lephty for reporting!

Resources containing entities which are not valid in basic XML (e.g. §) will have those entities converted to their equivalent unicode characters when resources are encoded, since FHIR does not allow extended entities in resource instances.

Add phloc-commons dependency explicitly, which resolves an issue building HAPI from source on some platforms. Thanks to Odysseas Pentakalos for the patch!

Update methods on the server did not return a "content-location" header, but only a "location" header. Both are required according to the FHIR specification. Thanks to Bill de Beaubien of Systems Made Simple for reporting this!

#26

Parser failed to correctly read contained Binary resources. Thanks to Alexander Kley for the patch!

#29

Calling encode multiple times on a resource with contained resources caused the contained resources to be re-added (and the actual message to grow) with each encode pass. Thanks to Alexander Kley for the test case!

JSON-encoded contained resources with the incorrect "_id" element (which should be "id", but some incorrect examples exist on the FHIR specification) now parse correctly. In other words, HAPI previously only accepted the correct "id" element, but now it also accepts the incorrect "_id" element just to be more lenient.

Several unit tests failed on Windows (or any platform with non UTF-8 default encoding). This may have also caused resource validation to fail occasionally on these platforms as well. Thanks to Bill de Beaubien for reporting!

toString() method on TokenParam was incorrectly showing the system as the value. Thanks to Bill de Beaubien for reporting!

Server implementation was not correctly figuring out its own FHIR Base URL when deployed on Amazon Web Service server. Thanks to Jeffrey Ting and Bill De Beaubien of Systems Made Simple for their help in figuring out this issue!

XML Parser failed to encode fields with both a resource reference child and a primitive type child. Thanks to Jeffrey Ting and Bill De Beaubien of Systems Made Simple for their help in figuring out this issue!

HAPI now runs successfully on Servlet 2.5 containers (such as Tomcat 6). Thanks to Bernard Gitaadji for reporting and diagnosing the issue!

Summary (in the bundle entry) is now encoded by the XML and JSON parsers if supplied. Thanks to David Hay of Orion Health for reporting this!

#24

Conformance profiles which are automatically generated by the server were missing a few mandatory elements, which meant that the profile did not correctly validate. Thanks to Bill de Beaubien of Systems Made Simple for reporting this!

XHTML (in narratives) containing escapable characters (e.g. < or ") will now always have those characters escaped properly in encoded messages.

1.1.36HAPI FHIR 0.6

 

Release Information

Released: 2014-09-08

Changes

Add server interceptor framework, and new interceptor for logging incoming requests.

Add server validation framework for validating resources against the FHIR schemas and schematrons

Transaction server method is now allowed to return an OperationOutcome in addition to the incoming resources. The public test server now does this in order to return status information about the transaction processing.

Update method in the server can now flag (via a field on the MethodOutcome object being returned) that the result was actually a creation, and Create method can indicate that it was actually an update. This has no effect other than to switch between the HTTP 200 and HTTP 201 status codes on the response, but this may be useful in some circumstances.

Added narrative generator template for OperationOutcome resource

Transaction method in server can now have parameter type Bundle instead of List<IBaseResource>

HAPI parsers now use field access to get/set values instead of method accessors and mutators. This should give a small performance boost.

SecurityEvent.Object structural element has been renamed to SecurityEvent.ObjectElement to avoid conflicting names with the java Object class. Thanks to Laurie Macdougall-Sookraj of UHN for reporting!

SecurityEvent resource's enums now use friendly enum names instead of the unfriendly numeric code values. Thanks to Laurie MacDougall-Sookraj of UHN for the suggestion!

Contained/included resource instances received by a client are now automatically added to any ResourceReferenceDt instancea in other resources which reference them.

Add documentation on how to use eBay CORS Filter to support Cross Origin Resource Sharing (CORS) to server. CORS support that was built in to the server itself has been removed, as it did not work correctly (and was reinventing a wheel that others have done a great job inventing). Thanks to Peter Bernhardt of Relay Health for all the assistance in testing this!

Annotation client search methods with a specific resource type (e.g. List<Patient> search()) won't return any resources that aren't of the correct type that are received in a response bundle (generally these are referenced resources, so they are populated in the reference fields instead). Thanks to Tahura Chaudhry of University Health Network for the unit test!

Date/time types did not correctly parse values in the format "yyyymmdd" (although the FHIR-defined format is "yyyy-mm-dd" anyhow, and this is correctly handled). Thanks to Jeffrey Ting of Systems Made Simple for reporting!

Server search method for an unnamed query gets called if the client requests a named query with the same parameter list. Thanks to Neal Acharya of University Health Network for reporting!

Category header (for tags) is correctly read in client for "read" operation

JSON parser encodes resource references incorrectly, using the name "resource" instead of the name "reference" for the actual reference. Thanks to Ricky Nguyen for reporting and tracking down the issue!

Tester UI created double _format and _pretty param entries in searches. Thanks to Gered King of University Health Network for reporting!

Rename NotImpementedException to NotImplementedException (to correct typo)

Server setUseBrowserFriendlyContentType setting also respected for errors (e.g. OperationOutcome with 4xx/5xx status)

Fix performance issue in date/time datatypes where pattern matchers were not static

Server now gives a more helpful error message if a @Read method has a search parameter (which is invalid, but previously lead to a very unhelpful error message). Thanks to Tahura Chaudhry of UHN for reporting!

Resource of type "List" failed to parse from a bundle correctly. Thanks to David Hay of Orion Health for reporting!

QuantityParam correctly encodes approximate (~) prefix to values

#14

If a server defines a method with parameter "_id", incoming search requests for that method may get delegated to the wrong method. Thanks to Neal Acharya for reporting!

Text/narrative blocks that were created with a non-empty namespace prefix (e.g. <xhtml:div xmlns:xhtml="...">...</xhtml:div>) failed to encode correctly (prefix was missing in encoded resource)

Resource references previously encoded their children (display and reference) in the wrong order so references with both would fail schema validation.

#4

Create method was incorrectly returning an HTTP 204 on sucessful completion, but should be returning an HTTP 200 per the FHIR specification. Thanks to wanghaisheng for reporting!

FHIR Tester UI now correctly sends UTF-8 charset in responses so that message payloads containing non US-ASCII characters will correctly display in the browser

JSON parser was incorrectly encoding extensions on composite elements outside the element itself (as is done correctly for non-composite elements) instead of inside of them. Thanks to David Hay of Orion for reporting this!

IResource interface did not expose the getLanguage/setLanguage methods from BaseResource, so the resource language was difficult to access.

JSON Parser now gives a more friendly error message if it tries to parse JSON with invalid use of single quotes

1.1.37HAPI FHIR 0.5

 

Release Information

Released: 2014-07-30

Changes

HAPI has a number of RESTful method parameter types that have similar but not identical purposes and confusing names. A cleanup has been undertaken to clean this up. This means that a number of existing classes have been deprocated in favour of new naming schemes.

All annotation-based clients and all server search method parameters are now named (type)Param, for example: StringParam, TokenParam, etc.

All generic/fluent client method parameters are now named (type)ClientParam, for example: StringClientParam, TokenClientParam, etc.

All renamed classes have been retained and deprocated, so this change should not cause any issues for existing applications but those applications should be refactored to use the new parameters when possible.

Allow server methods to return wildcard generic types (e.g. List<? extends IResource>)

#2

Read invocations in the client now process the "Content-Location" header and use it to populate the ID of the returned resource. Thanks to Neal Acharya for the suggestion!

Binary reads on a server not include the Content-Disposition header, to prevent HTML in binary blobs from being used for nefarious purposes. See FHIR Tracker Bug 3298 for more information.

Support has been added for using an HTTP proxy for outgoing requests.

Search parameters are not properly escaped and unescaped. E.g. for a token parameter such as "&identifier=system|codepart1|codepart2"

Add support for OPTIONS verb (which returns the server conformance statement)

Add support for CORS headers in server

Bump SLF4j dependency to latest version (1.7.7)

Add interceptor framework for clients (annotation based and generic), and add interceptors for configurable logging, capturing requests and responses, and HTTP basic auth.

Bundle entries now support a link type of "search". Thanks to David Hay for the suggestion!

#1

If a client receives a non 2xx response (e.g. HTTP 500) and the response body is a text/plain message or an OperationOutcome resource, include the message in the exception message so that it will be more conveniently displayed in logs and other places. Thanks to Neal Acharya for the suggestion!

#3

Fix issue where vread invocations on server incorrectly get routed to instance history method if one is defined. Thanks to Neal Acharya from UHN for surfacing this one!

Fix: Primitive extensions declared against custom resource types are encoded even if they have no value. Thanks to David Hay of Orion for reporting this!

Fix: RESTful server deployed to a location where the URL to access it contained a space (e.g. a WAR file with a space in the name) failed to work correctly. Thanks to David Hay of Orion for reporting this!

Transaction client invocations with XML encoding were using the wrong content type ("application/xml+fhir" instead of the correct "application/atom+xml"). Thanks to David Hay of Orion Health for surfacing this one!

1.1.38HAPI FHIR 0.4

 

Release Information

Released: 2014-07-13

Changes

BREAKING CHANGE: : IdDt has been modified so that it contains a partial or complete resource identity. Previously it contained only the simple alphanumeric id of the resource (the part at the end of the "read" URL for that resource) but it can now contain a complete URL or even a partial URL (e.g. "Patient/123") and can optionally contain a version (e.g. "Patient/123/_history/456"). New methods have been added to this datatype which provide just the numeric portion. See the JavaDoc for more information.

API CHANGE: : Most elements in the HAPI FHIR model contain a getId() and setId() method. This method is confusing because it is only actually used for IDREF elements (which are rare) but its name makes it easy to confuse with more important identifiers. For this reason, these methods have been deprecated and replaced with get/setElementSpecificId() methods. The old methods will be removed at some point. Resource types are unchanged and retain their get/setId methods.

Add support for paging responses from RESTful servers.

Support added for deleted-entry by/name, by/email, and comment from Tombstones spec

Allow use of QuantityDt as a service parameter to support the "quantity" type. Previously QuantityDt did not implement IQueryParameterType so it was not valid, and there was no way to support quantity search parameters on the server (e.g. Observation.value-quantity)

Introduce StringParameter type which can be used as a RESTful operation search parameter type. StringParameter allows ":exact" matches to be specified in clients, and handled in servers.

Parsers (XML/JSON) now support deleted entries in bundles

Transaction method now supported in servers

Support for Binary resources added (in servers, clients, parsers, etc.)

Client requests for IdentifierDt types (such as Patient.identifier) did not create the correct query string if the system is null.

Don't fail on narrative blocks in JSON resources with only an XML declaration but no content (these are produced by the Health Intersections server)

Server now automatically compresses responses if the client indicates support

Server failed to support optional parameters when type is String and :exact qualifier is used

Read method in client correctly populated resource ID in returned object

Support for Query resources fixed (in parser)

Nested contained resources (e.g. encoding a resource with a contained resource that itself contains a resource) now parse and encode correctly, meaning that all contained resources are placed in the "contained" element of the root resource, and the parser looks in the root resource for all container levels when stitching contained resources back together.

Server methods with @Include parameter would sometimes fail when no _include was actually specified in query strings.

1.1.39HAPI FHIR 0.3

 

Release Information

Released: 2014-05-12

Changes

1.1.40HAPI FHIR 0.2

 

Release Information

Released: 2014-04-23

Changes

1.1.41HAPI FHIR 0.1

 

Release Information

Released: 2014-04-15

Changes