The version of a few dependencies have been bumped to the latest versions (dependent HAPI modules listed in brackets):

• Spring (JPA): 5.3.6 -> 5.3.7
• Spring Boot (JPA Starter): 2.4.4 -> 2.5.0
• Jetty (CLI): 9.4.39.v20210325 -> 9.4.42.v20210604

Pagination returned incorrect offset and count in the previous link of the last page when total element count was one more than multiple of page size. Problem is now fixed

Settings have been added to the JPA Server DaoConfig to enable/disable various individual kinds of scheduled tasks.

When performing a conditional create operation on a JPA server, the system will now verify that the conditional URL actually matches the data supplied in the resource body, and aborts the conditional create if it does not.

Support has been added to the JPA server for _include and _revinclude where the value is a qualified star, e.g. _include=Observation:*.

A new interceptor ValidationMessageSuppressingInterceptor has been added. This interceptor can be used to selectively suppress specific vaLidation messages.

A new setting has been added to the DaoConfig that allows the maximum number of _include and _revinclude resources to be added to a single search page result.

When performing non-query cache JPA searches (i.e. searches with Cache-Control: no-store) the loading of _include and _revinclude will now factor the maximum include count.

A new config option has been added to the DaoConfig that causes generated SQL statements to account for potential null values in HAPI FHIR JPA date index rows. Nulls are no longer ever used in this table after HAPI FHIR 5.3.0, but legacy data may still have nulls.

A new DaoConfig setting called Mass Ingestion Mode has been added. This mode enables rapid data ingestion by skipping a number of unnecessary checks during backloading.

A new Pointcut has been added that is invoked when a new Bulk Export is initiated.

The JPA server terminology uploader now supports uploading ICD-10-CM (US Edition) using the native format for that vocabulary.

AuthorizationInterceptor can now be used to authorize bulk export requests

Support for LOINC 2.70 has been added.

The $evaluate-measure now works on a partitioned server.

A new interceptor has been added for JPA servers that uses semaphores to avoid multiple concurrent FHIR transactions from trying to create/update the same resource at the same time. This can improve overall performance when writing many concurrent transactions since it avoids the need for retries.

A new tag storage mode called Inline Tag Mode tas been added. In this mode, all tags are stored directly in the serialized resource body in the database, instead of using dedicated tables. This has significant performance advantages when storing resources with many distinct tags (i.e. many tags that are unique to each resource, as opposed to being reused across multiple resources).

A new interceptor has been addeed to the JPA server called ForceOffsetSearchModeInterceptor. This interceptor forces all searches to be offset searches, instead of relying on the query cache. This means that FHIR search operations will never result in any database write, which can be good for highly concurrent servers.

A new JPA partitioning interceptor PatientIdPartitionInterceptor has been added. This interceptor uses the ID of the patient associated with any resources in the patient compartment to generate a consistent partition ID.

$mdm-query-links and $mdm-duplicate-golden-resources now enforce paging via parameters _offset and _count. More details can be found in the MDM Operations documentation.

Support for multiple header-passthrough option using -hp or --header-passthrough parameter has been added to hapi-fhir-cli commands: example-data-uploader, export-conceptmap-to-csv, import-csv-to-conceptmap and upload-terminology

A new Validation Support Module has been added that can use NPM Packages to supply validation conformance artifacts programatcally to the validator.

Allowed the optional inclusion of the LOINC Consumer Names archive in addition to the main LOINC distribution. If it is supplied, the consumer names CSV file will be scanned, and all consumer names will be added to uploaded Concepts as additional designations

Allowed the optional inclusion of the LOINC Linguistic Variants archive in addition to the main LOINC distribution. If it is supplied, all linguistic variants files will be scanned, and all translations will be added to uploaded Concepts as additional designations

Conditional URL lookups in the JPA server will now explicitly specify a maximum fetch size of 2, avoiding fetching more data that won't be used inadvertently in some situations.

FHIR Transaction duplicate record checks are now performed without any database interactions or SQL statements, reducing the processing load associated with FHIR transactions by at least a small amount.

FHIR transactions in the JPA server that perform writes will now aggressively pre-fetch as many entities as possible at the very start of transaction processing. This can drastically reduce the number of round-trips, especially as the number of resources in a transaction gets bigger.

A new setting has been added to the DaoConfig called Tag Versioning Mode. This setting controls whether a single collection of tags/profiles/security labels is maintained across all versions of a single resource, or whether each version of the resource maintains its own independent collection. Previously each version always maintained an independent collection, which is useful sometimes, but is often not useful and can affect performance.

When performing a conditional create/update/delete on a JPA server, if the match URL contained a plus character, this character was interpreted as a space (per legacy URL encoding rules) even though this has proven to not be the intended behaviour in real life applications. Plus characters will now be treated literally as a plus character in these URLs.

Bulk import batch jobs are now activated in a local scheduled task, making bulk import jobs better able to take advantage of large clusters.

DELETE _expunge=true has been converted to use Spring Batch. It now simply returns the jobId of the Spring Batch job while the job continues to run in the background. A new operation called $expunge-delete has been added to provide more fine-grained control of the delete expunge operation. This operation accepts an ordered list of URLs to be delete expunged and an optional batch-size parameter that will be used to perform the delete expunge. If no batch size is specified in the operation, then the value of DaoConfig.getExpungeBatchSize() is used.

The ConceptMap.group.element.display storage size limit has been increased to 500 characters.

The bulk export request length limit has been increased to 1024 characters.

If two authorization compartments apply to the same targets and share the same compartment name, then instead of creating a new compartment, the rule builder now adds the new owner to the list of owners in the existing compartment.

When operating in partitioned mode, the interceptor pointcut STORAGE_PARTITION_IDENTIFY_CREATE will now be invoked to determine the partition to use for create with client-assigned IDs. Previously the STORAGE_PARTITION_IDENTIFY_READ pointcut was invoked, which was confusing and potentially unexpected.

Flyway migration used to enforce order by default. This has been changed so now the default behaviour is out of order migrations are permitted. Strict order can be enforced via the new strict-order flag if required.

Identifier maximum length increased from 200 to 500. This specifically applies to table HFJ_IDX_CMP_STRING_UNIQ.

When the contents of a package are corrupt, the error messages now identify the corrupt element

When performing a FHIR transaction containing a conditional create, references to that resource were inadvertently replaced with contained references."

A concurrency error was fixed when using client assigned IDs on a highly concurrent server with resource deletion disabled.

A null-pointer exception was fixed when a ResponseTerminologyDisplayInterceptor is registered and a search or read response returns a resource with code value that in turn returns a null code lookup.

Subscription notifications will no longer be triggered by default in response to changes that do not increment the resource version (e.g. $meta-add and $meta-delete). A new DaoConfig setting has been added to make this configurable.

When myDaoConfig.setDefaultTotalMode(SearchTotalModeEnum.ACCURATE) and there are zero search results on an _id search, An Index Out of Bounds error was thrown. This has been corrected.

Fixes the problem that FHIR package IDs were incorrectly treated as case sensitive when being loaded, causing loads to fail when dependencies were declared with a different case than in the package itself.

Constraint errors were not always auto-retried even when configured to do so on certain platforms (particularly Postgresql) where constraint names are auto converted to lower case. Thanks to Bruno Hedman for the pull request!

When searching by source, if deleted resources are matched, the search returned an incorrect size. This has been corrected.

The _filter search parameter was incorrectly included in the server capability statement if it was disabled on the server. This has been corrected.

ValueSet expansion did not correctly preserve the order if multiple codes were included in a single inclusion block.

Too many MDM candidates matching could result in an OutOfMemoryError. Candidate matching is now limited to the value of IMdmSettings.getCandidateSearchLimit(), default 10000.

A regression caused the JPA Server History operation to not return paging links in responses. This has been corrected.

Added null checks to MDM resource interceptor in order to avoid NPEs.

The SQL generated for the _profile search parameter did not use all of the columns on the tag index table, resulting on poor performance on MySQL. This has been corrected.

The internal cache for tags, concepts, and others had longer or shorter expiry times than was intended. This has been corrected.

When searching for ExplanationOfBenefit?patient=123,456, the compartment authorization interceptor was treating '123,456' as a single id rather than as a list of ids. This has been corrected.

A regression was introduced in 2760 where a READ compartment could get collapsed into a WRITE compartment. This has been corrected.

Searches for mdm-expanded references such as Observation?subject:mdm=123 were getting denied by access rules that did not recognize the :mdm suffix. This has been corrected.

$mdm-submit operation was only submitting 100 resources and then stopping. It now correctly submits all requested resources.

When providing links for placeholder creation, DaoResourceLinkResolver expects just a single 'identifier=value' param, but it can be additional data, s.a. tags, extra identifiers, etc.

When initiating a FHIR bulk export, if more than one _typeFilter parameter was supplied only the first one was respected. This has been corrected.

Loading packages would fail when partitioning was enabled with unnamed partitions. This has been fixed.

An issue in the FHIRPath evaluator prevented Encounters from being stored when using the new PatientIdPartitionInterceptor. This has been corrected.

Support for LOINC 2.70 has been added.

The $evaluate-measure now works on a partitioned server.

A new tag storage mode called Inline Tag Mode tas been added. In this mode, all tags are stored directly in the serialized resource body in the database, instead of using dedicated tables. This has significant performance advantages when storing resources with many distinct tags (i.e. many tags that are unique to each resource, as opposed to being reused across multiple resources).

FHIR transactions in the JPA server that perform writes will now aggressively pre-fetch as many entities as possible at the very start of transaction processing. This can drastically reduce the number of round-trips, especially as the number of resources in a transaction gets bigger.

A new setting has been added to the DaoConfig called Tag Versioning Mode. This setting controls whether a single collection of tags/profiles/security labels is maintained across all versions of a single resource, or whether each version of the resource maintains its own independent collection. Previously each version always maintained an independent collection, which is useful sometimes, but is often not useful and can affect performance.

DELETE _expunge=true has been converted to use Spring Batch. It now simply returns the jobId of the Spring Batch job while the job continues to run in the background. A new operation called $expunge-delete has been added to provide more fine-grained control of the delete expunge operation. This operation accepts an ordered list of URLs to be delete expunged and an optional batch-size parameter that will be used to perform the delete expunge. If no batch size is specified in the operation, then the value of DaoConfig.getExpungeBatchSize() is used.

The ConceptMap.group.element.display storage size limit has been increased to 500 characters.

If two authorization compartments apply to the same targets and share the same compartment name, then instead of creating a new compartment, the rule builder now adds the new owner to the list of owners in the existing compartment.

Flyway migration used to enforce order by default. This has been changed so now the default behaviour is out of order migrations are permitted. Strict order can be enforced via the new strict-order flag if required.

ValueSet expansion did not correctly preserve the order if multiple codes were included in a single inclusion block.

Too many MDM candidates matching could result in an OutOfMemoryError. Candidate matching is now limited to the value of IMdmSettings.getCandidateSearchLimit(), default 10000.

A regression caused the JPA Server History operation to not return paging links in responses. This has been corrected.

Added null checks to MDM resource interceptor in order to avoid NPEs.

The SQL generated for the _profile search parameter did not use all of the columns on the tag index table, resulting on poor performance on MySQL. This has been corrected.

A regression was introduced in 2760 where a READ compartment could get collapsed into a WRITE compartment. This has been corrected.

Searches for mdm-expanded references such as Observation?subject:mdm=123 were getting denied by access rules that did not recognize the :mdm suffix. This has been corrected.

Pagination returned incorrect offset and count in the previous link of the last page when total element count was one more than multiple of page size. Problem is now fixed

Settings have been added to the JPA Server DaoConfig to enable/disable various individual kinds of scheduled tasks.

When performing a conditional create operation on a JPA server, the system will now verify that the conditional URL actually matches the data supplied in the resource body, and aborts the conditional create if it does not.

Support has been added to the JPA server for _include and _revinclude where the value is a qualified star, e.g. _include=Observation:*.

A new interceptor ValidationMessageSuppressingInterceptor has been added. This interceptor can be used to selectively suppress specific vaLidation messages.

A new setting has been added to the DaoConfig that allows the maximum number of _include and _revinclude resources to be added to a single search page result.

When performing non-query cache JPA searches (i.e. searches with Cache-Control: no-store) the loading of _include and _revinclude will now factor the maximum include count.

A new config option has been added to the DaoConfig that causes generated SQL statements to account for potential null values in HAPI FHIR JPA date index rows. Nulls are no longer ever used in this table after HAPI FHIR 5.3.0, but legacy data may still have nulls.

A new DaoConfig setting called Mass Ingestion Mode has been added. This mode enables rapid data ingestion by skipping a number of unnecessary checks during backloading.

A new Pointcut has been added that is invoked when a new Bulk Export is initiated.

The JPA server terminology uploader now supports uploading ICD-10-CM (US Edition) using the native format for that vocabulary.

AuthorizationInterceptor can now be used to authorize bulk export requests

Conditional URL lookups in the JPA server will now explicitly specify a maximum fetch size of 2, avoiding fetching more data that won't be used inadvertently in some situations.

FHIR Transaction duplicate record checks are now performed without any database interactions or SQL statements, reducing the processing load associated with FHIR transactions by at least a small amount.

When performing a conditional create/update/delete on a JPA server, if the match URL contained a plus character, this character was interpreted as a space (per legacy URL encoding rules) even though this has proven to not be the intended behaviour in real life applications. Plus characters will now be treated literally as a plus character in these URLs.

Bulk import batch jobs are now activated in a local scheduled task, making bulk import jobs better able to take advantage of large clusters.

When performing a FHIR transaction containing a conditional create, references to that resource were inadvertently replaced with contained references."

A concurrency error was fixed when using client assigned IDs on a highly concurrent server with resource deletion disabled.

A null-pointer exception was fixed when a ResponseTerminologyDisplayInterceptor is registered and a search or read response returns a resource with code value that in turn returns a null code lookup.

Subscription notifications will no longer be triggered by default in response to changes that do not increment the resource version (e.g. $meta-add and $meta-delete). A new DaoConfig setting has been added to make this configurable.

When myDaoConfig.setDefaultTotalMode(SearchTotalModeEnum.ACCURATE) and there are zero search results on an _id search, An Index Out of Bounds error was thrown. This has been corrected.

Fixes the problem that FHIR package IDs were incorrectly treated as case sensitive when being loaded, causing loads to fail when dependencies were declared with a different case than in the package itself.

Constraint errors were not always auto-retried even when configured to do so on certain platforms (particularly Postgresql) where constraint names are auto converted to lower case. Thanks to Bruno Hedman for the pull request!

When searching by source, if deleted resources are matched, the search returned an incorrect size. This has been corrected.

The _filter search parameter was incorrectly included in the server capability statement if it was disabled on the server. This has been corrected.

The version of a few dependencies have been bumped to the latest versions (dependent HAPI modules listed in brackets):

• Commons-Lang3 (Core): 3.9 -> 3.12.0
• Commons-Text (Core): 1.7 -> 1.9
• Commons-Codec (Core): 1.14 -> 1.15
• Commons-IO (Core): 2.6 -> 2.8.0
• Guava (Core): 30.1-jre -> 30.1.1-jre
• Jackson (Core): 2.12.1 -> 2.12.3
• Woodstox (Core): 6.2.3 -> 6.2.5
• Apache Jena (Core/RDF): 3.16.0 -> 3.17.0
• Gson (JPA): 2.8.5 -> 2.8.6
• Caffeine (JPA): 2.7.0 -> 3.0.1
• Hibernate (JPA): 5.4.26.Final -> 5.4.30.Final
• Hibernate Search (JPA): 6.0.0.Final -> 6.0.3.Final
• Spring (JPA): 5.3.3 -> 5.3.6
• Spring Batch (JPA): 4.2.3.RELEASE -> 4.3.2
• Spring Data (JPA): 2.4.2 -> 2.5.0
• Commons DBCP2 (JPA): 2.7.0 -> 2.8.0
• ElasticSearch Client (JPA): 7.10.2 -> 7.12.1
• Thymeleaf (Testpage Overlay): 3.0.11.RELEASE -> 3.0.12.RELEASE
• JAnsi (CLI): 2.1.1 -> 2.3.2
• JArchivelib (CLI): 1.0.0 -> 1.1.0

Support for the FHIR _list search parameter.

Terminology storage is now skipped for placeholder ValueSet and ConceptMap resources.

When a REST server returns a failure because no method matched the request parameters, the resulting OperationOutcome will now correctly set the issue type to not-supported. Thanks to Jari Maijenburg for the pull request!

Group Bulk exports are now supported. You can export all data for a Group of Patients via the /Group/[id]/$export endpoint for any resource type which contains a patient compartment. The _typeFilter and _since criteria are currently not supported at this level, but may eventually be

Optionally support '_contained' resource search by enabling the indexing on the contained resources in the ModelConfig.

When using the JPA server in partitioned mode with a partition interceptor, the interceptor is now called even for resource types that can not be placed in a non-default partition (e.g. SearchParameter, CodeSystem, etc.). The interceptor may return null or default in this case, but can include a non-null partition date if needed.

In MDM matching rules, support has been added for using FHIRPath expressions instead of Resource Path expressions via the fhirPath field in a field matcher

Support has been added for MDM expansion during Group bulk export. Calling a group export via /Group/123/$export?_mdm=true will cause Bulk Export to not only match group members, but also any MDM-matched patients, and their related golden record patients

Support has been added to the JPA server for indexing and searching using the _contained parameter, which allows searching using chained parameters that chain into contained resources. This feature is disabled by default but can be enabled via a setting on the ModelConfig object.

Support has been added for patient level Bulk export. This can be done via the /Patient/$export endpoint. Also, support has been added for setting Cache-Control header to no-cache for Bulk Export requests.

Auto-created placeholder reference targets now have an extension with the URL http://hapifhir.io/fhir/StructureDefinition/resource-placeholder and a value of true.

Adds interceptors for the following functionality:

• Data normalization (n11n) - removing unwanted characters (control, etc. as defined by the requirements)
• Data standardization (s13n) - normalizing data by ensuring word spacing and character cases are uniform
• Data validation - making sure that addresses / emails are validated

Added matching based on extension, when given the path to a fhir resource the matcher will take the extensions and match if the url and string value are the same

Two new server interceptors have been added that can be used to map codes and populate code display names respectively using the server terminology services.

When using the _mdm parameter during Group Bulk Export, resources written out will now contain an extension with the url https://hapifhir.org/associated-patient-golden-resource/ identifying which golden resource the target resource belongs to.

The server generated CapabilityStatment will now include supported Profile declarations for FHIR R4+.

A new server interceptor has been added that allows servers to implement lenient search mode, where unknown search parameters are ignored if an optional HTTP Prefer header is provided.

Add support for :mdm search parameter qualifier on reference search parameters. Details about enabling this feature can be found in the documentation.

The automatically generated CapabilityStatement for R4+ will now incude the list of supported revinclude values.

The server generated CapabilityStatement now reflects whether RDF/Turtle is supported by the server. In addition, the ResponseHighlightingInterceptor will now provide some TTL support.

A new Validation Support Module has been added called UnknownCodeSystemWarningValidationSupport. This module allows validation to produce a warning but not an error if a code being validated references an unknown code system.

A new optional parameter has been added to the ValueSet/$expand operation. When provided a value of true, the operation will include the concept hierarchy in the expansion response.

Add new pointcut STORAGE_TRANSACTION_PROCESSED, which fires after all operations in a transaction have executed.

It is now possible t create narrative generator templates that apply to any custom strucures including custom extension structures.

Added new NUMERIC mdm matcher for matching phone numbers. Also added NUMERIC phonetic encoder to support adding NUMERIC encoded search parameter (e.g. if searching for matching phone numbers is required by mdm candidate searching).

A new interceptor called OpenApiInterceptor has been added. This interceptor can be registered against FHIR Servers to automatically add support for OpenAPI / Swagger.

A new header called X-Upsert-Extistence-Check can now be added to JPA server Create with Client-Assigned ID operations (aka Upsert) in order to improve performance when loading data that is known to not exist by skipping the resource existence check.

When using the JPA server in offset mode, the count+offset information is now passed to the SQL query, resulting in better performance. Thanks to Tuomo Ala-Vannesluoma for the pull request!

When automatically creating a placeholder reference that is set to auto-populate identifiers, logic has been improved. If the reference does not contain an identifier, but the inline match URL does, the identifier found in the match URL will be added to the target. If both are populated, they will both be added to the target.

When resources are created using package load, the new resources will use the same IDs as were provided in with the resource definitions in the package, if they exist. If the ids are numeric, a prefix of 'npm-' will be added.

Support for validating BCP-47 (language) codes against the FHIR Languages and All-Languages ValueSets has been improved.

The MSSQL-specific index definition for the ForcedId table in the JPA server has been enhanced to include an INCLUDE() clause, which should significantly improve performance.

It is now possible to declare database migrations as being mandatory even when running in schema initialization mode.

Several optimizations have been made to the JPA server transaction processor that should result in improved performance, particularly when processing large transaction Bundles, such as transactions containing many entries, or transactions containing very large entries.

The HAPI FHIR parser will now preserve the order of contained resources across round-trip parse/serialize passes.

A new PID-to-forced-ID cache, and a new optional Match-URL-to-PID cache have been added. These can improve write performance when doing large loads.

The generated search SQL statements have been optimized for simple JPA server searches containing only one parameter. In this case, an unnecessary JOIN has been removed.

DaoConfig setting for Populate Identifier In Auto Created Placeholder Reference Targets now defaults to true.

PointCutLatch now works with IPointcut instead of Pointcut.

Custom Search Parameters may now have FHIRPath expressions up to 500 characters long, up from 200.

The ConsentInterceptor no longer fully runs on calls to /metadata or during the $meta operation.

Added a new configuration option to DaoConfig, setInternalSynchronousSearchSize(), this controls the loadSynchronousUpTo() during internal operations such as delete with expunge, and certain CodeSystem searches.

An SQL syntax error was corrected when using the JPA server terminology services to pre-expand valuesets when using Oracle Database.

When storing resources in the JPA server, extensions in Resource.meta were not preserved, nor were any contents in Bundle.entry.resource.meta. Both of these things are now correctly persisted and returned. Thanks to Sean McIlvenna for reporting!

A crash was fixed when performing a FHIR read on a partitioned server, where the requested ID is not known. Thanks to Umberto Cappellini for reporting!

Supplementary characters in the parameters might cause errors when calculating hash values

A NullPointerException was corrected when indexing resources containing an indexed Period field that had a start but not an end defined.

When using the Generic Client, search invocations where the parameters are supplied using .where(Map) did not include search modifiers such as :exact in the search URL. Thanks to GitHub user @granadacoder for reporting this issue!

HasParam#doGetQueryParameterQualifier() returned a malformed modifier. For example, the modifier for _has:Observation:patient:code=123 was returned as Observation:code:123 when it should be :Observation:patient:code. This has been corrected.

References from a contained resource to the containing resource are now possible in the JPA server.

When performainfg a search using a date search parameter, invalid values (e.g. date=foo) resulted in a confusing error message. This has been improved.

Running a manual reindex of data failed on a partitioned server with an interceptor error. This has been corrected. Thanks to Ajay Shekar for reporting!

An NPE was fixed when performing highly concurrent system requests while using the ResourceVersionConflictResolutionStrategy interceptor.

the create-package command of the HAPI FHIR CLI was not correctly adding the fhirVersions section to the generated package.json. This has been fixed

A database deadlock in Postgresql was observed when uploading large terminology CodeSystems using deferred uploading. Thanks to Tyge Folke Nielsen for reporting and suggesting a fix!

An incorrect path caused the select2 library to fail to load in the HAPI FHIR testpage overlay modue. Thanks to Ari Ruotsalainen for reporting!

Fixed issues with application of survivorship rules when matching golden record to a single resource

Added Operation section to Conformance Statement.

An issue with compartment definitions in R5 models was fixed. This issue caused some authorization rules to reject valid requests. Thanks to Patrick Palacin for reporting!

When issuing a request for a specific Resource and also specifying an _include param, the referenced resource is not returned when there is only 1 version of the referenced resource available. When there are more than 1 versions available, the referenced resource is returned in the response bundle.

An issue with package installer involving logical StructureDefinition resources was fixed. Package registry will no longer attempt to generate a snapshot for logical StructureDefinition resources if one is not already provided in the resource definition.

When issuing a request for a specific Resource and also specifying an _include param, the proper historical referenced resource is not returned when there are more than 1 versions of the referenced resource available, after the reference has been changed from the original version 1 to some other version. When there are more than 1 versions available, and the referring resource had previously referred to version 1 but now refers to version 4, the resource returned in the response bundle is for version 1.

Fixed a bug which would cause Bulk Export to fail when run in a partitioned environment.

Added support for deleting resources to BundleBuilder via method addTransactionDeleteEntry.

When running the $apply-codesystem-delta-add operation, code properties were not correctly saved. Thanks to Hanan Awwad for the pull request!

When creating resources in a JPA server under highly concurrent conditions, creating a new tag across multiple threads could result in a race condition leaving an invalid entry in the tag cache. This resulted in new instances of this tag being unavailable for creation.

In the JPA server, if a tag was defined with the exact same system and code as a security label on a different resource, the tag would be incorrectly filed as a security label (and vice versa). This has been corrected.

When performing a search via GraphQL, token search parameters were not properly parsed. Thanks to Jari Maijenburg for the pull request!

Certain calls to the $evaluate-measure operation could result in a NullPointerException. This is now corrected.

A vulnerability in the FHIR History operation was resolved. When running HAPI FHIR JPA server on a large database (i.e. containing a large number of resources), if a malicious user performs a large number of concurrent FHIR History (_history) operations, an expensive COUNT() statement can consume all available database resources and ultimately trigger resource exhaustion and disable the server. A huge thanks to Zachary Minneker at Security Innovation who discovered and submitted a responsible disclosure of this issue.

When using Auto-Version references in the JPA server, if an auto-versioned reference within a FHIR transaction pointed to a resource that did not actually change during the transaction (e.g. an update/PUT where the resource body was unchanged from the existing version), the reference would point to an incremented version number even though none existed. This has been corrected.

The new Match URL cache suffered from potential cache poisoning if multiple threads performed a condiitonal create operation at the same time.

The id of ValueSet resources in ValueSet expansions was null. This has been corrected. The id of the expanded value set is now the same as the id of the value set that was expanded.

Fixed a bug where delete with expunge would throw a LazyInitializationException if there were delete conflicts, and the expunge batch size was smaller than the available list of resources to delete.

The Testpage Overlay now suppresses authorization headers from the output headers. Thanks to Tuomo Ala-Vannesluoma for the pull request!

Addressed the following CVE report by bumping the minor version for Jetty in the root POM:

• CVE-2020-27223

A NullPointerException was corrected when indexing resources containing an indexed Period field that had a start but not an end defined.

When issuing a request for a specific Resource and also specifying an _include param, the referenced resource is not returned when there is only 1 version of the referenced resource available. When there are more than 1 versions available, the referenced resource is returned in the response bundle.

When issuing a request for a specific Resource and also specifying an _include param, the proper historical referenced resource is not returned when there are more than 1 versions of the referenced resource available, after the reference has been changed from the original version 1 to some other version. When there are more than 1 versions available, and the referring resource had previously referred to version 1 but now refers to version 4, the resource returned in the response bundle is for version 1.

When using the JPA server in partitioned mode with a partition interceptor, the interceptor is now called even for resource types that can not be placed in a non-default partition (e.g. SearchParameter, CodeSystem, etc.). The interceptor may return null or default in this case, but can include a non-null partition date if needed.

The version of a few dependencies have been bumped to the latest versions (dependent HAPI modules listed in brackets):

• SLF4j (All Modules): 1.7.28 -> 1.7.30
• Jackson (All Modules): 2.11.2 -> 2.12.1
• Woodstox (XML FHIR Parser): 4.4.1 -> 6.2.3 (Note that the Maven groupId has changed from org.codehaus.woodstox to com.fasterxml.woodstox and the Maven artifactId has changed from woodstox-core-asl to woodstox-core for this library)
• Spring (JPA): 5.2.3.RELEASE -> 5.2.9.RELEASE
• Datasource-Proxy (JPA): 1.5.1 -> 1.7
• Apache Commons Collections4 (JPA): 4.3 -> 4.4
• Jetty (JPA Starter): 9.4.30.v20200611 -> 9.4.35.v20201120
• Guava (JP): 29.0-jre -> 30.1-jre
• Hibernate ORM (JPA Server): 5.4.22.FINAL -> 5.4.26.FINAL
• Spring (JPA Server): 5.2.9.RELEASE -> 5.3.3
• Spring Data (JPA Server): 2.2.0.RELEASE -> 2.4.2
• Hibernate Search (JPA Server): 5.11.5.FINAL -> 6.0.0.Final
• Lucene(HAPI FHIR JPA Server): 5.5.5 -> 8.7.0
• Spring Boot (JPA Starter): 2.2.6.RELEASE -> 2.4.1
• JANSI (CLI): 1.18 -> 2.1.1
• PH-Schematron (SCH Validator): 5.2.0 -> 5.6.5
• PH-Commons (SCH Validator): 5.3.8 -> 9.5.4

Two new switches have neen added to FhirInstanceValidator to suppress optional warning messages. Thanks to Anders Havn for the pull request!

Redesigning the Enterprise Master Patient Index solution to a Master Data Management solution. The new MDM solution supports other FHIR resources where EMPI only allowed Person resource to be used. For example, if MDM is occurring on a patient, we will create a new Patient, and tag that patient as a Golden Record. This means that several things have changed:

• Provider methods that pointed to type of Person are now server-level operations in which you specify a resource type.
• Link updating and querying no longer rely on Person IDs, but instead on arbitrary resource ids, depending on the resource type you are referring to in MDM.
• Change to the EMPI config to require a list of mdmTypes.

• hapi-fhir-server-empi and hapi-fhir-jpaserver-empi Maven projects were renamed to hapi-fhir-server-mdm and hapi-fhir-jpaserver-mdm
• All classes were refactored to use correct terms, e.g. Golden Resource in place of Person
• Message channel was renamed from empi to mdm
• Subscriptions were renamed to mdm-RESOURCE_TYPE, where RESOURCE_TYPE is an MDM type configured in mdmTypes section of the configuration file
• Configuration file was renamed from empi-rules.json to mdm-rules.json
• Log file was changed from empi-troubleshooting.log to mdm-troubleshooting.log

When a unique index SearchParameter violation is blocked, the error message will now include the ID of the relevant SearchParameter, in order to make troubleshooting easier.

Added a new IResourceChangeListenerRegistry service and modified SearchParamRegistry and SubscriptionRegistry to use it. This service contains an in-memory list of all registered {@link IResourceChangeListener} instances along with their caches and other details needed to maintain those caches. Register an {@link IResourceChangeListener} instance with this service to be notified when resources you care about are changed. This service quickly notifies listeners of changes that happened on the local process and also eventually notifies listeners of changes that were made by remote processes.

It is now possible for read operations (read/history/search/etc) in a partitioned server to read across more than one partition if the partitioning interceptor indicates multiple partitions.

Non release (i.e. SNAPSHOT) builds of HAPI FHIR will now include the Git revision hash as well as the build date in the version string that is logged on initialization, and included in the default server X-Powered-By string. Release builds are not affected by this change.

The error message returned by the transaction processor has been improved for the case where a transaction uses an unsupported/disabled resource types.

When performing a conditional create/update containing the email search parameter, any + characters will now be interpreted as actually being a plus symbol instead of being unescaped into a space character. This is technically a deviation from how URLs should be parsed, but allows for a sensible behaviour in a spot where no spaces are allowed.

It is now possible to use a parameter of type IBaseResource or IBaseBundle as the parameter on a @Transaction method in a plain server.

Optionally supports storage and search in canonical form of the quantity value which is defined by 'http://unitsofmeasure.org'; please check ModelConfig for the configuration. No changes were made to the existing behaviour.

The interceptor framework will now recognize and invoke @Hook methods that have an access level of public, protected, or default. Previously only public methods were recognized.

A new interceptor called the Repository Validating Interceptor has been added. This new interceptor allows a HAPI FHIR JPA Server to declare rules about mandatory profiles that all resources stored to the server must declare conformance and/or correctly validate against.

When performing a ValueSet expansion where the valueset to be expanded includes a display name for concepts it is explicitly including, this display name will be propagated to the expansion if no other display is available. Thanks to Hanan Awwad for the contribution!

A new utility called FHIRPathResourceGeneratorR4 has been added. This class can be used to build and populate a resource model object using FHIRPath expressions. Thanks to Marcel P for the contribution!

The JPA server has a new setting on the ModelConfig bean called "AutoVersionReferencesAtPaths". Using this setting, the server can be configured to add the current target resource version ID to any resource references found in a resource being stored. In addition, a new setting has been added to the JPA ModelConfig bean that allows _include statements to respect versioned references, and actually include the correct version for the reference.

Added support for the $evaluate-measure Operation as part of adding CQL support.

The JPA server generated SQL for date search parameters has been streamlined to avoid the use of redundant OR expressions that slow down performance in some cases.

Updates to Hibernate Search require a full reindexing of all indexed fulltext data, which is held in Lucene or Elasticsearch. Users using elasticsearch for fulltext indexing must upgrade to Elasticsearch 7.10.0.

The resource IDs for several LOINC resources were corrected. Thanks to Steven Wagers for the pull request!

The experimental TransactionBuilder helper class has been renamed to BundleBuilder as it now has utility methods for working with other types of Bundles too.

In the JPA server. the SQL datatype used to index quantities has been changed from NUMBER(19,2) to double precision (or equivalents depending on platform). This improves the query support for ssearching on very small quantities.

The @ResourceDef annotation has been marked as inheritable, so it does not need to be explicitly added to custom structures that extend built-in structures. Thanks to Marcelo Avancini for the pull request!

ElasticsearchHibernatePropertiesBuilder will now reject any REST url which is protocol-aware. Protocol information should be set in the protocol field of the builder.

Expanding a ValueSet using a filter now evaluates the display with left-matching by string token, case-insensitive.

Loading a package without a description was causing a null pointer exception. This has been fixed.

The CodeSystem/$subsumes operation inadvertantly reversed the meanings of the CodeA and CodeB parameters, resulting in subsumes and subsumed-by responses being reversed. This has been corrected. Thanks to Rob Hausam for reporting!

ApacheRestfulClientFactory now uses system properties for proxy configuration. Thanks to Vladimir Nemergut for the pull request!

When performing a ValueSet expansion with a filter a large pre-expanded ValueSet (more than 1000 codes), the filter failed to find concepts appearing after the first thousand. This has been corrected.

The new JPA SearchBuilder failed to perform FHIR Searches on Oracle DB with an invalid SQL error. This has been corrected.

When performing a JPA server search on a partitioned server, searches with only the _id parameter and no other parameters did not include the partition selector in the generated SQL, resulting in leakage across partitions. Thanks to GitHub user @jtheory for reporting!

The recent EMPI project accidentally caused a split package in ca.uhn.fhir.rest.server. This has been corrected. Thanks to Bill Denton for the pull request!

When using the validator from within the JPA server, validating CapabilityStatement resources failed with an error when trying to load linked SearchParameter resources. This has been corrected.

When using a partitioned JPA server, auto-create placeholder targets did not work if the partition interceptor was registered against the server (e.g. for a multitenancy configuration). This has been corrected. Thanks to Rob Whelan for reporting!

Sorting of search results was not working for MySQL, MSSQL and MariaDB due to recent changes made to handle sorting of nullable columns. This has now been fixed.

The new optimized SQL Generator introduced in HAPI FHIR 5.2.0 did not correctly bind variables for SQL Server queries, making the search functionality unusable. This has been corrected.

A database index in the JPA server was added in HAPI FHIR 5.2.0 and Smile CDR 2020.11 that exceeded the maximum index length in MySQL, preventing server upgrades on that database platform. This has been corrected.

Attempts to load IG packs when partitioning was enabled, resulted in nullpointer exceptions. This has now been fixed and IG packs and conformance resources will be loaded to the DEFAULT partition.

An incorrect HTML resource path led to a utility JavaScript library failing to load in the TestPage Overlay module. Thanks to Alejandro Medina for the pull request!

When performing a FHIR create using the HAPI FHIR client, if the payload is a Bundle resource the individual resources in the Bundle had their IDs removed by the client during payload serialization. This has been corrected.

A recent change inadvertently caused an issue with DB migration utility such that it would attempt to drop indexes even when the dry-run option was specified. This has been fixed.

The BulkExportDaoSvc bean was forgotten from the BaseConfig context. It has been added.

In the JPA server, HumanName.name.text was not being indexed and therefore was not searchable. This has been corrected.

The $expand filter parameter was not matching the ValueSet display value in all cases. E.g. a ValueSet with name 'abc def ghi' would match 'abc def' and 'def' but not 'def ghi'. This has been corrected so the ValueSet will match the filter if any substring of the ValueSet display value matches the $expand filter.

Unrecognized search param prefix strings were silently discarded. This is now an error.

A bug in the InMemoryResourceMatcher caused AND clauses to be treated as OR clauses. Thanks to Jari Maijenburg for the report and pull request!

When using the Consent Interceptor, the startOperation method was not invoked for search paging requests. This has been corrected. Thanks to Tue Toft Nørgård for reporting!

As of version 2.69, the LOINC Top2000CommonLabResultsSi.csv and Top2000CommonLabResultsUs.csv became optional. The Terminology Loader Service has been updated to reflect this change.

An important security issue with the JPA Server was solved. This issue applies only to JPA servers running in partitioned mode. When performing searches on a partitioned server, search results from previously cached searches against different partitions may be returned, potentially leaking data across partitions. This issue has been resolved.

Remove support for the upload-igpack command. This command is no longer supported, as the IGPack format has been withdrawn and replaced with the FHIR NPM Package specification, which is also supported by HAPI FHIR

A recent change inadvertently caused an issue with DB migration utility such that it would attempt to drop indexes even when the dry-run option was specified. This has been fixed.