1.3Changelog: 2019




1.3.2HAPI FHIR 5.3.0 (Odyssey)


Release Information

Released: 2021-02-18

Codename: (Odyssey)


The version of a few dependencies have been bumped to the latest versions (dependent HAPI modules listed in brackets):

  • SLF4j (All Modules): 1.7.28 -> 1.7.30
  • Jackson (All Modules): 2.11.2 -> 2.12.1
  • Woodstox (XML FHIR Parser): 4.4.1 -> 6.2.3 (Note that the Maven groupId has changed from org.codehaus.woodstox to com.fasterxml.woodstox and the Maven artifactId has changed from woodstox-core-asl to woodstox-core for this library)
  • Spring (JPA): 5.2.3.RELEASE -> 5.2.9.RELEASE
  • Datasource-Proxy (JPA): 1.5.1 -> 1.7
  • Apache Commons Collections4 (JPA): 4.3 -> 4.4
  • Jetty (JPA Starter): 9.4.30.v20200611 -> 9.4.35.v20201120
  • Guava (JP): 29.0-jre -> 30.1-jre
  • Hibernate ORM (JPA Server): 5.4.22.FINAL -> 5.4.26.FINAL
  • Spring (JPA Server): 5.2.9.RELEASE -> 5.3.3
  • Spring Data (JPA Server): 2.2.0.RELEASE -> 2.4.2
  • Hibernate Search (JPA Server): 5.11.5.FINAL -> 6.0.0.Final
  • Lucene(HAPI FHIR JPA Server): 5.5.5 -> 8.7.0
  • Spring Boot (JPA Starter): 2.2.6.RELEASE -> 2.4.1
  • JANSI (CLI): 1.18 -> 2.1.1
  • PH-Schematron (SCH Validator): 5.2.0 -> 5.6.5
  • PH-Commons (SCH Validator): 5.3.8 -> 9.5.4


Two new switches have neen added to FhirInstanceValidator to suppress optional warning messages. Thanks to Anders Havn for the pull request!


Redesigning the Enterprise Master Patient Index solution to a Master Data Management solution. The new MDM solution supports other FHIR resources where EMPI only allowed Person resource to be used. For example, if MDM is occurring on a patient, we will create a new Patient, and tag that patient as a Golden Record. This means that several things have changed:

  • Provider methods that pointed to type of Person are now server-level operations in which you specify a resource type.
  • Link updating and querying no longer rely on Person IDs, but instead on arbitrary resource ids, depending on the resource type you are referring to in MDM.
  • Change to the EMPI config to require a list of mdmTypes.

Code-level changes include the following changes:
  • hapi-fhir-server-empi and hapi-fhir-jpaserver-empi Maven projects were renamed to hapi-fhir-server-mdm and hapi-fhir-jpaserver-mdm
  • All classes were refactored to use correct terms, e.g. Golden Resource in place of Person
  • Message channel was renamed from empi to mdm
  • Subscriptions were renamed to mdm-RESOURCE_TYPE, where RESOURCE_TYPE is an MDM type configured in mdmTypes section of the configuration file
  • Configuration file was renamed from empi-rules.json to mdm-rules.json
  • Log file was changed from empi-troubleshooting.log to mdm-troubleshooting.log


When a unique index SearchParameter violation is blocked, the error message will now include the ID of the relevant SearchParameter, in order to make troubleshooting easier.


Added a new IResourceChangeListenerRegistry service and modified SearchParamRegistry and SubscriptionRegistry to use it. This service contains an in-memory list of all registered {@link IResourceChangeListener} instances along with their caches and other details needed to maintain those caches. Register an {@link IResourceChangeListener} instance with this service to be notified when resources you care about are changed. This service quickly notifies listeners of changes that happened on the local process and also eventually notifies listeners of changes that were made by remote processes.


It is now possible for read operations (read/history/search/etc) in a partitioned server to read across more than one partition if the partitioning interceptor indicates multiple partitions.


Non release (i.e. SNAPSHOT) builds of HAPI FHIR will now include the Git revision hash as well as the build date in the version string that is logged on initialization, and included in the default server X-Powered-By string. Release builds are not affected by this change.


The error message returned by the transaction processor has been improved for the case where a transaction uses an unsupported/disabled resource types.


When performing a conditional create/update containing the email search parameter, any + characters will now be interpreted as actually being a plus symbol instead of being unescaped into a space character. This is technically a deviation from how URLs should be parsed, but allows for a sensible behaviour in a spot where no spaces are allowed.


It is now possible to use a parameter of type IBaseResource or IBaseBundle as the parameter on a @Transaction method in a plain server.


Optionally supports storage and search in canonical form of the quantity value which is defined by 'http://unitsofmeasure.org'; please check ModelConfig for the configuration. No changes were made to the existing behaviour.


The interceptor framework will now recognize and invoke @Hook methods that have an access level of public, protected, or default. Previously only public methods were recognized.


A new interceptor called the Repository Validating Interceptor has been added. This new interceptor allows a HAPI FHIR JPA Server to declare rules about mandatory profiles that all resources stored to the server must declare conformance and/or correctly validate against.


When performing a ValueSet expansion where the valueset to be expanded includes a display name for concepts it is explicitly including, this display name will be propagated to the expansion if no other display is available. Thanks to Hanan Awwad for the contribution!


A new utility called FHIRPathResourceGeneratorR4 has been added. This class can be used to build and populate a resource model object using FHIRPath expressions. Thanks to Marcel P for the contribution!


The JPA server has a new setting on the ModelConfig bean called "AutoVersionReferencesAtPaths". Using this setting, the server can be configured to add the current target resource version ID to any resource references found in a resource being stored. In addition, a new setting has been added to the JPA ModelConfig bean that allows _include statements to respect versioned references, and actually include the correct version for the reference.

Added support for the $evaluate-measure Operation as part of adding CQL support.


The JPA server generated SQL for date search parameters has been streamlined to avoid the use of redundant OR expressions that slow down performance in some cases.


Updates to Hibernate Search require a full reindexing of all indexed fulltext data, which is held in Lucene or Elasticsearch. Users using elasticsearch for fulltext indexing must upgrade to Elasticsearch 7.10.0.


The resource IDs for several LOINC resources were corrected. Thanks to Steven Wagers for the pull request!


The experimental TransactionBuilder helper class has been renamed to BundleBuilder as it now has utility methods for working with other types of Bundles too.


In the JPA server. the SQL datatype used to index quantities has been changed from NUMBER(19,2) to double precision (or equivalents depending on platform). This improves the query support for ssearching on very small quantities.


The @ResourceDef annotation has been marked as inheritable, so it does not need to be explicitly added to custom structures that extend built-in structures. Thanks to Marcelo Avancini for the pull request!


ElasticsearchHibernatePropertiesBuilder will now reject any REST url which is protocol-aware. Protocol information should be set in the protocol field of the builder.


Expanding a ValueSet using a filter now evaluates the display with left-matching by string token, case-insensitive.


Loading a package without a description was causing a null pointer exception. This has been fixed.


The CodeSystem/$subsumes operation inadvertantly reversed the meanings of the CodeA and CodeB parameters, resulting in subsumes and subsumed-by responses being reversed. This has been corrected. Thanks to Rob Hausam for reporting!


ApacheRestfulClientFactory now uses system properties for proxy configuration. Thanks to Vladimir Nemergut for the pull request!


When performing a ValueSet expansion with a filter a large pre-expanded ValueSet (more than 1000 codes), the filter failed to find concepts appearing after the first thousand. This has been corrected.


The new JPA SearchBuilder failed to perform FHIR Searches on Oracle DB with an invalid SQL error. This has been corrected.


When performing a JPA server search on a partitioned server, searches with only the _id parameter and no other parameters did not include the partition selector in the generated SQL, resulting in leakage across partitions. Thanks to GitHub user @jtheory for reporting!


The recent EMPI project accidentally caused a split package in ca.uhn.fhir.rest.server. This has been corrected. Thanks to Bill Denton for the pull request!


When using the validator from within the JPA server, validating CapabilityStatement resources failed with an error when trying to load linked SearchParameter resources. This has been corrected.


When using a partitioned JPA server, auto-create placeholder targets did not work if the partition interceptor was registered against the server (e.g. for a multitenancy configuration). This has been corrected. Thanks to Rob Whelan for reporting!


Sorting of search results was not working for MySQL, MSSQL and MariaDB due to recent changes made to handle sorting of nullable columns. This has now been fixed.


The new optimized SQL Generator introduced in HAPI FHIR 5.2.0 did not correctly bind variables for SQL Server queries, making the search functionality unusable. This has been corrected.


A database index in the JPA server was added in HAPI FHIR 5.2.0 and Smile CDR 2020.11 that exceeded the maximum index length in MySQL, preventing server upgrades on that database platform. This has been corrected.


Attempts to load IG packs when partitioning was enabled, resulted in nullpointer exceptions. This has now been fixed and IG packs and conformance resources will be loaded to the DEFAULT partition.


An incorrect HTML resource path led to a utility JavaScript library failing to load in the TestPage Overlay module. Thanks to Alejandro Medina for the pull request!


When performing a FHIR create using the HAPI FHIR client, if the payload is a Bundle resource the individual resources in the Bundle had their IDs removed by the client during payload serialization. This has been corrected.


A recent change inadvertently caused an issue with DB migration utility such that it would attempt to drop indexes even when the dry-run option was specified. This has been fixed.


The BulkExportDaoSvc bean was forgotten from the BaseConfig context. It has been added.


In the JPA server, HumanName.name.text was not being indexed and therefore was not searchable. This has been corrected.


The $expand filter parameter was not matching the ValueSet display value in all cases. E.g. a ValueSet with name 'abc def ghi' would match 'abc def' and 'def' but not 'def ghi'. This has been corrected so the ValueSet will match the filter if any substring of the ValueSet display value matches the $expand filter.


Unrecognized search param prefix strings were silently discarded. This is now an error.


A bug in the InMemoryResourceMatcher caused AND clauses to be treated as OR clauses. Thanks to Jari Maijenburg for the report and pull request!


When using the Consent Interceptor, the startOperation method was not invoked for search paging requests. This has been corrected. Thanks to Tue Toft Nørgård for reporting!


As of version 2.69, the LOINC Top2000CommonLabResultsSi.csv and Top2000CommonLabResultsUs.csv became optional. The Terminology Loader Service has been updated to reflect this change.


An important security issue with the JPA Server was solved. This issue applies only to JPA servers running in partitioned mode. When performing searches on a partitioned server, search results from previously cached searches against different partitions may be returned, potentially leaking data across partitions. This issue has been resolved.


Remove support for the upload-igpack command. This command is no longer supported, as the IGPack format has been withdrawn and replaced with the FHIR NPM Package specification, which is also supported by HAPI FHIR

1.3.3HAPI FHIR 5.2.1 (Numbats)


Release Information

Released: 2021-01-20

Codename: (Numbats)



A recent change inadvertently caused an issue with DB migration utility such that it would attempt to drop indexes even when the dry-run option was specified. This has been fixed.

1.3.4HAPI FHIR 5.2.0 (Numbat)


Release Information

Released: 2020-11-19

Codename: (Numbat)


The version of a few dependencies have been bumped to the latest versions (dependent HAPI modules listed in brackets):

  • Jackson (Base): 2.10.0 -> 2.11.2
  • Flyway (JPA): 6.4.1 -> 6.5.4
  • JQuery (Testpage Overlay): 3.3.1 -> 3.5.1
  • UCUM (JPA): 1.0.2 -> 1.0.3
  • HttpClient (Client): 4.5.12 -> 4.5.13
  • Awesome Bootstrap Checkbos (Testpage Overlay): 1.0.1 -> 1.0.2
  • MomentJS (Testpage Overlay): 2.15.1 -> 2.27.0
  • Select2 (Testpage Overlay): 4.0.3 -> 4.0.13

The JPA Server SQL generator for handling FHIR search operations has been completely rewritten to no longer depend on the Hibernate QueryBuilder APIs. This rewrite produces much more efficient SQL in many cases and should dramatically increase performance in such cases. For example, a 10x speedup has been observed on Postgresql when searching a very large database where the search URL has multiple chained search params.

This new SQL builder will be disabled by default in HAPI FHIR 5.2.0 and Smile CDR 2020.11.R01, and can be enabled via a setting in the DaoConfig (HAPI FHIR) and Storage Module config (Smile CDR). Snapshot/prerelease builds will ship with this new SQL builder enabled by default, and the intention is to make this the default and ultimately remove the legacy SQL builder in the next quarterly release.

We highly encourage testing of this new feature, and welcome feedback on how it performs in your environment.


A new class called TransactionBuilder has been added. This class can be used to build FHIR Transaction Bundles easily.


The RemoteTerminologyServiceValidationSupport class used for connecting to a remote terminology service will no longer attempt to perform code validation for fields where the code system is implied, since there is no FHIR operation allowing this style of validation to be performed remotely.


The FHIR Client will now accept an HTTP 204 NO CONTENT as a response to a write operation such as a create/update/transaction/etc.


In the JPA server, when performing synchronous searches it is now possible to specify a limit and offset using a new (nonstandard) parameter called _offset. Thanks to Tuomo Ala-Vannesluoma for the pull request!


When using package support to install a package with STORE_AND_INSTALL mode, resources that are already present in the database will now be updated to the contents of the version in the package.


Operations for CodeSystem, ValueSet and ConceptMap will now support multiple CodeSystem versions.


Terminology loader for LOINC will now support specifying version and loading multiple versions of LOINC.


An implementation of CodeSystem validate-code operation has been added for R4 and R5.


The JPA search coordinator will now use worker threads sourced from a ThreadPoolTaskExecutor, in order to simplify the addition of decorators to those threads. Thanks to Tue Toft Nørgård for the pull requets!


Added new DaoConfig parameter called maximumTransactionBundleSize that if not-null will throw a PayloadTooLarge exception when the number of resources in a transaction bundle exceeds this size.


Stored SearchParameter resources with a status of DRAFT will no longer override and disable existing built-in search parameters. This is done in order to avoid issues caused by uploading NPM packages such as US Core that contain a large number of draft parameters.


EMPI enhancements. Added new IDENTIFIER matcher rule type that defines a matcher where two resources share the same value for a particular identifier system, or if no system is indicated, defines a matcher where two resources share any matching system,values identifier. Improved channel and batch troubleshooting logging. Added new controller layer to support non-fhir apis. Changed rule json format; replaced 'metric' with either matcher or simiarity that now have their own distinct subkeys.


Support for RDF Turle parsing and encoding has now been added. This support was previously partially implemented, but did not work correctly. A huge thanks to Josh Collins and Eric Prud'hommeaux of Janeiro Digital for the pull request!


A new _expunge parameter has been added to the DELETE operation when deleting multiple resources via a URL. For example DELETE http://www.example.com:8000/Observation?_expunge=true or DELETE http://www.example.com:8000/Observation?status=cancelled&_expunge=true. When the _expunge parameter is provided to DELETE then the matched resources and all of their history will be both deleted and expunged from the database. This will perform considerably faster than doing the delete and expunge separately. Note that Expunge must be enabled on the server for this to work.


The Package Installer has been enhanced to allow resources that do not have a url element to be loaded from a package. Resources without url will instead use identifier element.


A null check was added to the R4 CapabilityStatement generator, in order to improve the error message when a mandatory parameter is missed. Thanks to GitHub user @blangley28 for the contribution!


The version of Bootstrap used by the Testpage Overlay project has been upgraded from 3.4.0 to 4.5.2. Note that this is a major release upgrade, so any overlay implementations may require some modification to deal with changes to the Bootstrap framework.


In HAPI FHIR 5.1.0 JPA Server, if partitioning was enabled, but no interceptor was registered to the STORAGE_PARTITION_IDENTIFY_READ pointcut, the system would simply default to 'All Partitions'. This was not the intended behaviour, so this will now result in an error.


A performance bottleneck was fixed in the datetime datatypes that caused lock contention when parsing resources in heavily multithreaded environments. Thanks to GitHub user @abrsystematic for the pull request!


The JPA SearchParameetr validator did not reject custom Search Parameetrs with an invalid path expression consisting of only a resource type and no element name. Creating such a search parameter could cause strange indexing issues, so this has been added to the validator.


A potential NPE in the JPA server was fixed. This error could be triggered by searching for resources with unresolvable references. Thanks to Anders Havn for the pull request!


An issue was fixed where multiple JPA server updates to the same resource within the same database transaction would fail with a database constraint error.


A deadlock was fixed where the Database-backed Binary Storage service could lock the system up when running under very high contention.


A crash in the JPA server was fixed when performing a search containined two chained search parameters to date target types.


When using an NPM package spec in STORE_AND_INSTALL mode, conformance resources will only be stored if they have a status of active. This fixes a bug wgere installing the US Core IG caused searches to stop working due to draft Search Parameters.


In some circumstances when using a Plain Server, the generated CapabilityStatement could have duplciate Search Parameter definitions. This has been corrected.


EMPI bug fixes. Special characters in search param values (e.g. space) led to missed matches; these are now properly escaped so matches are accurately found. Candidates were failing to match when candidateSearchParams was empty; matches now work properly with empty candidateSearchParams. matchResultMap entries were incorrectly resolving if any named matchFields matched; they now correctly resolve only when ALL matchFields match.


When parsing XML encoded resources, if an xml:lang attribute was present in the narrative HTML, it would incorrectly have its prefix omitted. Thanks to Oliver Egger for the pull request!


When performing a _lastUpdated search in the JPA server where the parameter value(s) are supplied with date (not time) precision, a timezone bug could cause some resources to not be included. This has been corrected.


The _typeFilter parameter did not correctly work for JPA Bulk Export jobs. This has been corrected.


The In Memory search matcher (used for Subscriptions) could crash if a subscription was registered using the _source search parameter, and a resource was processed with no source value. This has been corrected.


When expanding a pre-expanded ValueSet using a filter, the filter was ignored and the pre-expansion was not used resulting in an inefficient and potentially incorrect expansion. This has been corrected.


The JPA Package loader was failing if the package had a description longer than 200 characters. This has been fixed.

1.3.5HAPI FHIR 5.1.0 (Manticore)


Release Information

Released: 2020-08-13

Codename: (Manticore)


The version of a few dependencies have been bumped to the latest versions (dependent HAPI modules listed in brackets):

  • Guava (JPA): 28.2-jre -> 29.0-jre
  • Jetty (CLI): 9.4.24.v20191120 -> 9.4.30.v20200611


An index has been added on the TRM_CONCEPT table. This index was previously missing, meaning that rebuilding large code systems took an abnormally long amount of time. Thanks to Jacob Stampe Mikkelsen for the pull request!


The email sender used by email subscriptions can now be configured with TLS parameters.


A new service has been added to the JPA server that fetches FHIR Implementation Guide NPM packages and installs the contained conformance resources into the JPA repository. Thanks to Martin Zacho Grønhøj for the pull request!


The Snapshot Generator now uses the R5 codebase for all versions of FHIR (similar to how the validator already worked). This means that the snapshot generator will be much more feature complete and hopefully have fewer bugs given the single codebase.


AuthorizationInterceptor can now fully secure GraphQL operations in the JPA server, meaning that it is possible to use compartment and type rules to restrict the specific data that is available through the GraphQL interface.


The validator will now correctly issue a warning instead of an error if a code can't be found when validating a code in a CodeSystem where the content mode (CodeSystem.content) has a value of fragment.


Initial implementation of lastn operation that uses an Elasticsearch v6 server to index observations.


In the JPA server, when indexing Date SearchParameters where the value being indexed is a FHIR Period that is missing either a lower bound or an upper bound, a default value representing an extreme 'beginning of time' or 'end of time' is now used. This allows range searches to return more accurate results.


Support for the :of-type modifier has been added to TokenParamModifier. Thanks to Alexander Lukyanchikov for the pull request!


Support has been added for GraphQL querying using an HTTP POST (with the query in the body). Thanks to Ibrohim Kholilul Islam for the pull request implementing this new feature!


Support for FHIR NPM Packages has been added to the JPA server. This new functionality allows packages to be installed to special tables within the FHIR JPA schema, and conformance resources used for validation.


The LOINC importer has been updated to support the file format used by the LOINC 2.68 release.


A new optional type parameter has been added to the $mark-all-resources-for-reindexing operation, allowing resources of a specific type to be marked.


Spring Batch has been added to HAPI FHIR in the hapi-fhir-jpaserver-batch project. hapi-fhir-jpaserver-base will make use of it for batch jobs


A new configuration bean called ValidationSettings has been added to the JPA server. This can be used to enable validation of reference target resources if necessary.


The RemoteTerminologyServiceValidationSupport validation support module, which is used to connect to external/remote terminology services, has been significantly enhanced to provide testing for supported CodeSystems and ValueSets. It will also now validate codes in fields that are not bound to a specific ValueSet.


Phonetic name search is now supported via ISearchParamRegistry.setStringEncoder().


The JPA server is now able to support _has queries where the linked search expression on the right hand side of the _has parameter is a second _has query.


REST Hook subscriptions may now specify a search expression to be used to fetch a collection of resources to deliver when a subscription matches.


The GraphQL module can now accept arrays of arguments as input to searches, and will treat them as OR'ed parameters. Thanks to Ibrohim Kholilul Isla for the pull request!


The HAPI FHIR CommonCodeSystemsTerminologyService validation support module now includes support for ISO 3166 (country codes).


A new interceptor called UserRequestRetryVersionConflictsInterceptor has been added to the JPA server. This interceptor allows clients to instruct the server to attempt to avoid returning an HTTP 409 (Version Conflict) if two concurrent client requests try to update the same resource at the same time.


The validator will now accept codes that are defined in a ValueSet where the valueset contains an enumeration of codes, and the CodeSystem URL refers to an unknown CodeSystem. This allows successful validation of ValueSets in several IGs that rely on the existence of grammar based systems.


Two new operations have been added for EMPI: $empi-clear and $empi-submit. $empi-clear will delete EMPI links, and related Person objects. $empi-submit will submit all matching resources for EMPI processing.


A few issues in the migrator when applying migrations against some versions of MSSQL were resolved


The JPA server maintains a cache of active SearchParameeter resources that can cause misleading results if a SearchParameter is changed and other resources that would be indexed by the changed SearchParameter are updated before the cache refreshes. A new interceptor has been added that should force a refresh sooner, especially on non-clustered systems.


A new interceptor has been added for the JPA server that selectively allows resource deletions to proceed even if there are valid references to the candidate for deletion from other resources that are not being deleted.


When submitting a transaction bundle containing a large number of resources being written, where the resources had tags or profile definitions, a number of redundant database calls have been optimized out. This should significantly improve performance for these scenarios.


Due to an inefficient SQL statement when performing searches with large numbers of _revincludes where the resources have tags, a large number of database roundtrips were produced when searching. This has been streamlined, greatly improving the response times for some searches.


When performing a search in the JPA server using a chained search parameter, an unnecessary resource type predicate was previously added to the generated SQL and has now been removed. This should improve performance on some queries.


When performing a JPA 'upsert' (a PUT to an ID that may or may not already exist) on a partitioned system, the partition interceptor will now be called once to determine the READ partition in order to find the candidate resource to update, and possibly a second time to determine the CREATE partition if a new row is actually being created. Previously only the CREATE partition was checked and used to perform the initial read.


HAPI FHIR has been migrated to use JUnit 5 (from JUnit 4) for unit testing. This change does not affect users of the library, but helps to make tests more maintainable.


Breaking Change: The method FhirContext#getResourceNames() has been renamed to FhirContext#getResourceTypes(). HAPI currently goes back and forth between the two, but is consolidating on Types.


The R5 structure methods for working with extensions on arbitrary fields, e.g. getExtensionByUrl(String), removeExtension(String), getExtensionsByUrl(String) hasExtension(String), and getExtensionString(String) have been enhanced so that they now return modifier extensions as well as the non-modifier extensions they previously returned.


Breaking Change: The IValidationSupport interface has had one further change after the rewrite in HAPI FHIR 5.0.0. Instead of passing an IValidationSupport object as an argument to many methods on the interface, a context object is now used instead.


When parsing a resource into a custom structure (e.g. a custom class extended a built-in FHIR resource class), inter-resouirce references could contain invaliud java refeences to other resources. Thanks to Christian Ohr for reporting and fixing!


A new operation has been added to the JPA server called $diff. This operation can generate a FHIR Patch diff showing the changes between two versions of a resource, or even two separate resources. See Diff for more information.


The FHIR Patch format is now supported for patching resources, in addition to the previously supported JSON Patch and XML Patch.


When serializing a resource, the JSON Parser will now ignore any extensions that are present on an element if they do not have a URL or any children populated.


In HAPI FHIR 5.0.0, partitioned JPA servers were introduced. The documentation claimed that an interceptor implementing the STORAGE_PARTITION_IDENTIFY_READ was optional, but the server incorrectly made this mandatory. This has been corrected.


The @Interceptor annotation was not marked as inheritable, meaning that the order attribute was lost when using Spring proxies. Thanks to Tue Toft Nørgård for the pull request!


When using a SearchParameter with uniqueness enabled, the $expunge operation sometimes failed to expunge resources with a database constraint error. This has been fixed.


The subscription delivery queue in the JPA server was erroneously keeping both a copy of the serialized and the deserialized payload in memory for each entry in the queue, doubling the memory requirements. This also caused failures when delivering XML payloads in some configurations. This has been corrected.


Cascade deletes were failing in cases where the resource being deleted had more than 600 conflicts due to a hard-coded limit on the number of conflicts that the CascadingDeleteInterceptor was allowed to process at a time. This hard-coded limit has been replaced with an optional configuration parameter.


Several duplicate classes were removed from the testpage overlay, avoiding a warning on startup. Thanks to Joel Schneider for the pull request!


HAPI FHIR 5.0.0 introduced a regression in JPA validator performance, where a number of unnecessary database lookups were introduced. This has been corrected.


BaseValidationSupportWrapper.expandValueSet(...) and ValidationSupportChain.expandValueSet(...) were incorrectly replacing expansion options (i.e. offset and count) with null, causing these parameters to be ignored when invoking the ValueSet$expand operation. This has been corrected.


When validating resources containing codes in a ValueSet that included UCUM codes, the validator would incorrectly report that the code was valid even if it was not in the ValueSet. This has been corrected.


The create-package CLI command failed with a NPE if no package dependencies were specified. This has been corrected.


ConceptMap resources were blocked from uploading into the JPA server if the ConceptMap had a source and/or target URL defined at the ConceptMap level but not at the group level. This prevented some US Core resources from being successfully uploaded. This has been corrected.


In HAPI FHIR 4.2.0 and before, due to the lenient Gson parser it was possible to store data in the JPA server that contained invalid decimal numbers with no leading digits, e.g. .123 and -.123. When we moved to Jackson as a JSON parser, these values could no longer be parsed due to Jackson's more strict (and correct) interpretation of the JSON specification. Unfortunately this led to data previously stored in the database being unusable. A fix has been implemented that automatically adds a leading zero to any decimals that were previously saved in invalid state. New data will still be blocked from being added if it contains invalid JSON numbers.


When generating a snapshot for a StructureDefinition that extends another non-base StructureDefinition, if the parent SD did not have a snapshot itself, the child snapshot would be empty. This has been corrected.


When updating a resource with links that change, to reduce database operations, hapi-fhir reuses link index records. However, all the columns were being properly updated except for the source path column which was accidentally missed and continued to hold the previous value. This resulted in mismatched source paths and values. This has been corrected.


In some cases, the Bundle total was not getting filtered from search results when using the consent interceptor. Thanks to Jens Kristian Villadsen for reporting!


When performing a resource $expunge in the JPA server, in-memory caches caused issues if a forced ID was reused quickly enough (as can be the case in some testing scenarios). Thanks to GitHub user @janvdpol for reporting!"


An XSS vulnerability was reported in the HAPI FHIR Testpage Overlay module. Thanks to Will Davison of NCC Group (Manchester UK) for disclosing this vulnerability. Users of the HAPI FHIR Testpage Overlay can use a specially crafted URL to exploit an XSS vulnerability in this module, allowing arbitrary JavaScript to be executed in the user's browser. The impact of this vulnerability is believed to be low, as this module is intended for testing and not believed to be widely used for any production purposes. Nonetheless, we recommend all users of the affected module upgrade immediately. A complete audit of the affected codebase has been completed in order to detect and resolve any similar issues.


A very old feature that is not believed to be used anywhere has been removed: The ServerProfileProvider is a special resource provider that was automatically registered to HAPI FHIR REST servers, and served up StructureDefinitions that were registered to the FhirContext. Registering custom StructureDefinitions against the FhirContext for exposure through the REST API (as what was then the /Profile endpoint) was planned to be a common feature during the DSTU1 lifecycle but did not turn out to be a useful approach. This feature was mostly forgotten about until the logic for selecting resource provider handler methods was revamped and the old mechanism suddenly became the default resource provider for StructureDefinition resources in the JPA server. We don't expect any negative impact by this change, please post in our mailing list if you disagree.

1.3.6HAPI FHIR 5.0.2 (Labrador)


Release Information

Released: 2020-06-02

Codename: (Labrador)


This release corrects a snapshot dependency on org.hl7.fhir.core that was accidentally left in HAPI FHIR 5.0.1.

The default setting for the partition mode's Include Hashes in Search Indexes setting was incorrectly set to true in HAPI FHIR 5.0.0 and has now been changed to false, as this is a more sensible default. Note that this wil affect existing systems that are trying this feature out. A manual reindex of data may be required.

1.3.7HAPI FHIR 5.0.1 (Labrador)


Release Information

Released: 2020-05-15

Codename: (Labrador)



When performing queries with multiple chained search parameters, such as 'Observation?subject.identifier=FOO&specimen.identifier=BAR', an unnecessary SQL join was introduced into the resulting query. This was inefficient, and made it particularly hard for the RDBMS optimizer to pick an efficient query plan in some cases. This is not fixing a regression (this issue has always existed in HAPI FHIR JPA) but it was deemed sufficiently important to merit a dedicated point release.


Issue #1849 added two new search columns for date SearchParameters that are used to provide searching at the day granularity in a timezone independent way. These new columns require a new database index that was missed in the original merge.

1.3.8HAPI FHIR 5.0.0 (Labrador)


Release Information

Released: 2020-05-13

Codename: (Labrador)


The version of a few dependencies have been bumped to the latest versions (dependent HAPI modules listed in brackets):

  • Hibernate ORM (JPA): 5.4.6 -> 5.4.14
  • Hibernate Search (JPA): 5.11.3 -> 5.11.5
  • Hibernate Validator (JPA): 5.4.2.Final -> 6.1.3.Final
  • Guava (JPA): 28.0 -> 28.2
  • Spring Boot (Boot): 2.2.0.RELEASE -> 2.2.6.RELEASE
  • FlywayDB (JPA) 6.1.0 -> 6.4.1
  • Apache HTTPCliient (JPA): 4.5.9 -> 4.5.12
  • Apache HTTPCore (JPA): 4.4.11 -> 4.4.14
  • Commons Compress (All): 1.19 -> 1.20


The classes BaseOrListParam and BaseParam now have public visibility in order to make it easier to create more generic APIs. Thanks to GitHub user @ibacher for the pull request!


Fields of type canonical were not previously indexed by the JPA server, meaning that some default search parameters could not be honoured (e.g. StructureDefinition:valueset). This is now corrected.


When performing large terminology concept additions via the delta addition service, concepts will now be added via the deferred storage service, meaning that they will be added in small incremental batches instead of as a part of one large transaction. This helps to avoid timeouts and memory issues when uploading large collections of concepts.


When performing a terminology delta ADD operation, if the number of codes being added is large the codes will be added in small batches via an asynchronous scheduled task in order to avoid overwhelming the database with a large operation.


A new constructor has been added to RestfulServer that accepts an InterceptorService. Thanks to gematik FuE for the pull request!


Adds support for chained parameters in a _has query. For example GET /Patient?_has:Observation:subject:device.identifier=1234-5. Adds a performance warning on any queries that use an unqualified resource in a chain which ends up resolving to 2 or more candidate target types. Thanks to Jean-Francois Briere for the patch.


A new built-in server interceptor called FhirPathFilterInterceptor has been added. This interceptor evaluates an arbitrary FHIRPath expression against the resource being returned and replaces the response with a Parameters resource containing the results of the evaluation.


The JPA server now allows chained searches on the _type parameter. For example, the following could be used to find all Encounters with a context of type Group: Encounter?subject._type=Group.


The REST Server will now raise an error if a client tries to perform a FHIR read operation while using URL paramaters that are specific to FHIR search operations. This should help clients who are mistaking the semantics between the two operations, as previously the search parameters were simply ignored leading to confusion. Thanks to Jafer Khan for implementing this!


A new server interceptor called ResponseSizeCapturingInterceptor has been added. This interceptor captures and makes available the number of characters written (pre-compression if Gzip compression is being used) to the HTTP response stream for FHIR responses.


The client interceptor pointcuts CLIENT_REQUEST and CLIENT_RESPONSE now allow a parameter of type IRestfulClient to be injected, containing a reference to the client making the request. In addition, CLIENT_REQUEST interceptors are now able to modify the URL of the request before it is performed.


In the JPA server, the ModelConfig setting 'DefaultSearchParamsCanBeOverridden' now has a default value of true (previously this was false). In addition, when creating/updating a SearchParameter resource, the system will now raise an error if the client is attempting to override a built-in SearchParameter when this setting is disabled (previously this was silently ignored).


In the JPA sevrer, if overriding built-in search parameters is not enabled, the server will now return an error if a client tries to create a SearchParameter that is trying to override one. Previously, the SearchParameter would be stored but silently ignored, which was confusing.


A new client interceptor called UrlTenantSelectionInterceptor has been added. This interceptor allows the dynamic selection of a tenant ID on servers that are using URL Base Tenant Selection.


The ApacheProxyAddressStrategy has been improved to add support for additional proxy headers inclusing X-Forwarded-Host, X-Forwarded-Proto, X-Forwarded-Port, and X-Forwarded-Prefix. Thanks to Thomas Papke for the pull request!


When parsing JSON resources, if an element contains an invalid value, the Parser Error Handler did not have access to the actual name of the element being parsed. This meant that errors lacked useful detail in order to diagnose the issue. This has been corrected. Thanks to GitHub user @jwalter for reporting!


The HAPI FHIR instance validator now includes validation for currency types (ISO 4217)


New mthods have been added to DateClientParam allowing searching at MILLIS precision. Thanks to David Gileadi for the pull request!


In a plain server, if a Resource Provider class had two methods with the same parameter names (as specified in the @OptionalParam or @RequiredParam) but different cardinalities, the server could sometimes pick the incorrect method to execute. The selection algorithm has been improved to no longer have this issue, and to be more consistent and predictable in terms of which resource provider method is selected when the choice is somewhat ambiguous.


Support for HAPI FHIR cascading deletes has been added to the Generic Client.


The JAX-RS server will now scan and serve ResourceProvider methods defined in super-classes as well. Thanks to Zhe Wang for the pull request!


Native support for UCUM has been added to the validation stack, meaning that UCUM codes can be validated at runtime without the need for any external validation.


Indexing for the :text modifier can now be globally or selectively disabled in the JPA server. This can have a measurable impact on index sizes and write speed in servers with large numbers of token indexes.


In HAPI FHIR 4.2.0, when performing a Bulk Export on a server with Binary Storage enabled, the bulk export files were not able to take advantage of the externalized binary stroage and would be stored in the relational DB. This has now been enhanced to allow bulk export files to store externally.


Date searches can be performed relative to 'now' using the %now parameter value. For example, to search for Procedures with a date later than now, you can search for /Procedure?date=ge%now. Note the '%' will need to be URL escaped so the actual URL will be /Procedure?date=ge%25now. The way this works is the server substitutes %now with the current date and time in the standard FHIR format yyyy-MM-ddTHH:mm:ss before submitting it to the FHIR Storage module. Similarly date searches can be performed relative to 'today' using the '%today' parameter value. '%today' works the same as '%now' except that it searches as a 'date' type as opposed to a 'dateTime' type.


Loading of _include and _revinclude values has been optimized to be slightly faster


When performing date range searches in the JPA server, the server was generating extra unneccessary joins in the generated SQL. This has been streamlined, which should result in faster searches when performing date ranges.


History operations in the JPA server have been significantly optimized to remove the number of SQL SELECT statements, and to completely eliminate any INSERT statements. This should have a positive effect on heavy users of history operations. In addition, history operations will no longer write an entry in the query cache (HFJ_SEARCH) table which should further improve performance of this operation.


Adjusted schema definitions for Resource and Resource History tables to eliminate circular dependencies with Forced ID table and to improve performance when expunging large numbers of resources.


Removed the SEARCH_LAST_RETURNED column of the HFJ_SEARCH table. HAPI FHIR updated the HFJ_SEARCH table with every request, but this led to unecessary database load. The purpose of this column was to ensure that search results were kept around long enough for systems that needed them for paging (default one hour). When expiring search results, we used to add one hour to SEARCH_LAST_RETURNED to determine the expiry time. However, the length of time where a search result could be updated was relatively small (default one minute). So rather than keeping track of the expiry time to expire exactly one hour after the last returned time, hapi now simply expires after the maximum possible length of time (default one hour plus one minute). This eliminates the need to update the HFJ_SEARCH table with every search.


The version converters for all versions except R4/R5 have been reworked to be split into individual classes per resource type (the R4/R5 converters were already organized this way). Thanks to Mark Iantorno for a huge effort to write a Java source parser/serializer to acomplish this task.


Breaking Change: The IFluentPath interface has been renamed to IFhirPath, and the FhirContext#newFluentPath() method has been replaced with an equivalent FhirContext.newFhirPath(). The FhirPath expression language was initially called FluentPath before being renamed, so this change brings HAPI FHIR inline with the correct naming.


Breaking Change: Several classes in the JPA server have been moved to new packages, including the DaoConfig and IDao interfaces. These classes have not changed in terms of functionality, but existing projects may need to adjust some package import statements.


Breaking Change: The Generic/Fluent delete() operation now returns a MethodOutcome object instead of an OperationOutcome. The OperationOutcomoe is still available direcly by querying the MethodOutcome object, but this change makes the delete() method more consistent with other similar methods in the API.

Breaking Change: Some R4 and R5 structure fields containing a code value with a Required (closed) binding did not use the java Enum type that was generated for the given field. These have been changed to use the Enum values where possible. This change does not remove any functionality from the model but may require a small amount of re-coding to deal with new setter/getter types on a few fields.


New Feature: A new feature has been added to the JPA server called **Partitioning. This feature allows data to be segregated using a user defined partitioning strategy. This can be leveraged to take advantags of native RDBMS partition strategies, and also to implement multitenant servers.


Breaking Change: The FHIR R5 draft definitions have been updated to the current 'Preview 2' definitions (FHIR 4.4.0).

DSTU3 searches using near-distance only worked on Location resources directly. It now works on chained searches on resources with a location. E.g. PractitionerRole?location.near-distance=1.0 now works properly.


Breaking Change: The HAPI FHIR Validation infrastructure has changed significantly under the hood. Existing users of the validator may need to change package declarations (as FhirInstanceValidator and several other related classes have been moved) and potentially add new modules to their Validation Support Chain. See Migrating to HAPI FHIR 5.x for details on how to account for this change in your code.


When performing a search with a DateParam that has DAY precision, rely on new ordinal date field for comparison instead of attempting to find oldest and newest instant that could be valid.


ValueSet expansions containing lists of terms did not correctly expand when backed by ElasticSearch due to the use of a feature not supported in ES. Thanks to Jens Villadsen for reporting!


When performing a terminology delta ADD operation, existing parent-child links were often deleted and recrreated needlessly during operations, which could result in a deadlock. This has been resolved.


In the JPA server, quickly deleting a resource and then performing a query that had recently returned that search result could cause a cached stub resource (containing no data but with an ID and metadata populated) to be returned. This has been corrected.


The Pointcut JavaDoc had an incorrect link from one pointcut to another and has been fixed. Thanks to Bert Roos for the pull request!


When performing a search in the JPA server where the only parameter was a _has parameter, the server did not respect the resource typename being searched for, causing false positive search results. This has been corrected.


When validating a resource, the validator will now report an error if the resource declares conformance to an unknown or invalid profile URL via the Resource.meta.profile declaration. Previously this was a warning and did not block successful validation.


When deleting searches from the query cache where a large number of searches with a large number of results were present, the system would repeatedly mark the same rows as deletion candidates. This put unneccessary pressure on the database and has been corrected.


A minor regression in 4.2.0 was introduced, where JPA searches using the _id search parameter often had a duplicate SQL predicate in their where clause. This issue may not have caused any bad effects on some environments, but it did look strange in SQL logs and has been corrected.


In servers, when requesting _summary=count, the response Bundle.type value was filtered, leading to an invalid response bundle. This has been corrected. Thanks to GitHub user @Legi429 for reporting!


When parsing Bundles, contained resoures from other entries in the Bundle could incorrecly be stitched into a target resource if they had the same local ID. Thanks to August Langhout for the pull request!


When encoding a resource, a crash could occur if the resource had a contained Bundle resource. This is not commonly done, but there are valid scenarios for doing so.


The GraphQL Expression parser sometimes fails and reports unhelpful error messages when using search arguments. Thanks to Ibrohim Kholilul Islam for the pull request!


A bug in the JPA server prevented Client Resource ID mode from being set to NOT_ALLOWED when Server Resource ID mode was set to UUID. Thanks to GitHub user @G-2-Z for reporting!


In previous versions of HAPI FHIR, the server incorrectly silently accepted decimal numbers in JSON with no leading numbers (e.g. .123), as well as decimal numbers with more than one leading zero (e.g. 00.123). These will now be rejected by the JSON parser. Any values with this string that have previously been stored in the JPA server database will now automatically normalize the value to 0.123.


When invoking JPA DAO methods programatically to store a resource (as opposed to using the FHIR REST API), if the resource being stored had any contained resources, these would sometimes not be visible to the search parameter indexer, leading to missing search params. This is a very fringe use case, but a workaround has been put in place to solve it.


The JPA server ElasticSearch provider failed to initialize if username/password credentials were not explicitly provided, meaning it could not run on AWS-supplied ElasticSearch. Thanks to Maciej Kucharek for the pull request!


The text styling on the Testpage Overlay homepage has been improved to use native Bootstrap warning colours. Thanks to Joel Schneider for the pull request!


In the JPA server, performing a search where the only search parameter was the _tag parameter could cause resources of the wrong type to be included in search results. This has been corrected.


The FHIR R4 validation resources (StructureDefintion, ValueSet, etc) were not updated to the R4 4.0.1 technical correction versions in HAPI FHIR 4.2.0. This has been corrected.

1.3.9HAPI FHIR 4.2.0 (Koala)


Release Information

Released: 2020-02-15

Codename: (Koala)


The version of a few dependencies have been bumped to the latest versions (dependent HAPI modules listed in brackets):

  • Jetty (CLI): 9.4.14.v20181114 -> 9.4.23.v20191118
  • Spring (JPA, Testpage): 5.2.1 -> 5.2.3 (addresses CVE-2020-5398 and CVE-2020-5397)


Support for several new operators has been added to the _filter support in the JPA server. Thanks to Anthony Sute for the Pull Request!


Support for LOINC 2.67 file format changes has been added to the JPA Server LOINC uploader. Thanks to Dan Vreeman for reporting!

In the JPA server, a new setting called setPopulateIdentifierInAutoCreatedPlaceholderReferenceTargets(boolean) has been added to the DaoConfig. If this setting is enabled, when creating placeholder resources, the Reference.identifier value is copied to the target resource if possible.


It is now possible to specify resource provider method annotations on interface methods implemented by resource provider classes, as opposed to needing to specify them directly on the concrete class. Thanks to Tue Toft Nørgård for the pull request!

Searching Location.position by latitude, longitude and distance for DSTU3, R4 and R5 is now supported using a simple 'box' search. Locations falling within a box with length and width of 2 * distance, centred on specified latitude,longitude are matched. If no distance is provided, the coordinates must match exactly.

Chained searches using the _has search parameter as the chain value are now supported by the JPA server.


Support has been added to the server (plain and JPA) for querying with _count=0 as a URL parameter.


A significant performance improvement was added to the Json and XML parsers when parsing large Bundle resources. Throughput for parsing these resources has been improved by roughly 50%. Thanks to Rok Bertoncelj and Bogdan Solga for providing analysis and insight that triggered this change.

When parsing Bundle resources containing other resources, XML/JSON parsers have an option called "override resource ID with bundle entry fullUrl". This option previously caused any value found in Bundle.entry.fullUrl to override any value found in Bundle.entry.resource.id (meaning that the parsed resource would take its ID from the fullUrl even if that ID disagreed with the ID found in the resource itself. As of HAPI FHIR 4.1.0 the value in Bundle.entry.fullUrl will only be used to set the parsed resource ID if the resource has no ID present.

Changed database migration to use flyway. This adds a new table called FLY_HFJ_MIGRATION that records all database migration tasks that have already been applied. The hapi-fhir-cli migrate tool has been changed to use flyway. Learn more about flyway here: https://flywaydb.org/.

The IRestfulClient#registerInterceptor and IRestfulClient#unregisterInterceptor methods now take Object as an argument instead of IClientInterceptor, allowing client interceptors to now be migrated to the new interceptor framework.


As of FHIR R4, some fields that were previously of type reference are now of type canonical. One example is QuestionnaireResponse.questionnaire. Technically this means that this field should no longer contain a relative reference, but as they are sometimes used that way, HAPI FHIR will now try to be permissive and will index relative link canonical fields such as (Questionnaire/123) as though it actually was a local relative link. Thanks to Dean Atchley for reporting and providing a test case!


A missing mandatory was added to the SNOMED CT CodeSystem that is uploaded when SCT is uploaded to the JPA server. Thanks to Anders Havn for the pull request!


When validating resources containing custom valuesets defined in PrePopulatedValidationSupport outside of the JPA server, sometimes code systems could not be found resulting in false negative errors.


Several misleading comments in documentation code snippets were fixed. Thanks to Jafer Khan for the pull request!


The client threw a NullPointerException in some circumstances when it received an HTTP 201 No Content response from the server. This has been corrected. Thanks to Petro Mykhailysyn for the pull request!


When performing the $expunge operation in the JPA server, the operation sometimes failed if a resource being expunged had historical versions that did not contain any tags. This has been corrected.


When validating an XML resource, the validatin failed if the resource contained an xsi:schemaLocation declaration. This has been corrected. Thanks to Brian Kaney for reporting!


An issue with the new flyway migrator hashCode generation was resolved. Thanks to Jafer Khan for the pull request!


When parsing HTML Narratives, the lang attribute was stripped from the outer DIV tag if present. Thanks to Sean McIlvenna for reporting!


When using a custom structure that changes the cardinality from 0..* to 0..1, the Parser was encoding a plain field instead of an array (as required by the FHIR specification). Thanks to Petro Mykhailysyn for the pull request!

A memory leak was resolved in the JPA terminology service delta upload operations.

ValueSet PreCalculation did not successfully expand valuesets when Lucene was not enabled in the JPA server. This has been corrected.


A correction was made to the narrative generation documentation. Thanks to GitHub user dionmcm for the pull request!


ValueSet Precalculation sometimes failed on Oracle DBs due to an invalid SQL function. This has been corrected.

A ConcurrentModificationException was sometimes thrown when performing a cascading delete. This has been corrected.


The constructor for Verdict.java was inadvertantly made private, preventing custom rules from being written. Thanks to Jafer Khan for the pull request!

1.3.10HAPI FHIR 4.1.0 (Jitterbug)


Release Information

Released: 2019-11-13

Codename: (Jitterbug)


The version of a few dependencies have been bumped to the latest versions (dependent HAPI modules listed in brackets):

  • SLF4j (All): 1.7.25 -> 1.7.28
  • Spring (JPA): 5.1.8.Final -> 5.2.0.Final
  • Hibernate Core (JPA): 5.4.2.Final -> 5.4.6.Final
  • Hibernate Search (JPA): 5.11.1.Final -> 5.11.3.Final
  • Jackson Databind (JPA): 2.9.9 -> 2.9.10 (CVE-2019-16335, CVE-2019-14540)
  • Commons-DBCP2 (JPA): 2.6.0 -> 2.7.0
  • Postgresql JDBC Driver (JPA): 42.2.6.jre7 -> 42.2.8
  • MSSQL JDBC Driver (JPA): 7.0.0.jre8 -> 7.4.1.jre8
  • Spring Boot (Boot): 2.1.1 -> 2.2.0
  • Phloc Schematron (Validator): 5.0.4 -> 5.2.0
  • Phloc Commons (Validator): 9.1.1 -> 9.3.8

New Feature: The JPA server now saves and supports searching on Resource.meta.source via the _source search parameter. The server automatically appends the Request ID as a hash value on the URI as well in order to provide request level tracking. Searches can use either the source URI, the request ID, or both.

When using the AuthorizationInterceptor with a rule to allow all reads by resource type, the server will now reject requests for other resource types earlier in the processing cycle. Thanks to Anders Havn for the suggestion!

New Feature: Support for the FHIR Bulk Data Export specification has been added to the JPA server. See the specification for information on how this works. Note that only system level export is currently supported but others will follow.

It is now possible to submit a PATCH request as a part of a FHIR transaction in DSTU3 (previously this was only supported in R4+). This is not officially part of the DSTU3 spec, but it can now be performed by leaving the Bundle.entry.request.method blank in DSTU3 transactions and setting the request payload as a Binary resource containing a valid patch.


LOINC concepts now include multiaxial hierarchical properties (e.g. parent and child , which identify parent and child concepts.


When loading LOINC terminology, a new ValueSet is automatically created with a single include element that identifies the LOINC CodeSystem in ValueSet.compose.include.system . This ValueSet includes all LOINC codes.


A note has been added to the downloads page explaning the removal of the hapi-fhir-utilities module. Thanks to Andrew Fitzgerald for the PR!

Added support for comparing resource dates to the current time via a new variable %now. E.g. Procedure?date=gt%now would match future procedures.

New Feature: Support for ElasticSearch has been added to the JPA server directly (i.e. without needing a separate module) and a new class called "ElasticsearchHibernatePropertiesBuilder" has been added to facilitate the creation of relevant properties. Instructions have been added to the hapi-fhir-jpaserver-starter project to get started with Elasticsearch. It is likely we will switch our default recommendation to Elastic in the future.

Add support for in-memory matching on date comparisons ge,gt,eq,lt,le.

The JPA server now uses the Quartz scheduling library as a lob scheduling mechanism

A new flag has been added to the JPA migrator tool that causes the migrator to not try to reduce the length of existing columns in the schema.


The ValueSet operation $expand has been optimized for large ValueSets. ValueSets are now persistence-backed by the terminology tables, which are populated by a scheduled pre-expansion process. A ValueSet previously stored in an existing FHIR repository will need to be re-created or updated to make it a candidate for pre-expansion. ValueSets that have yet to be pre-expanded will continue to be expanded in-memory.


The ValueSet operation $validate-code has been optimized for large ValueSets. Codes in ValueSets that have yet to be pre-expanded will continue to be validated in-memory.


LOINC filenames for terminology upload are now configurable using the loincupload.properties file.


Support for the LOINC EXTERNAL_COPYRIGHT_NOTICE property and copyright filter has been added.


Support for the LOINC parent and child filters has been added. Both filters can be used with either of the = or in operators.


Support for the LOINC ancestor and descendant filters has been added. The descendant filter can be used with either of the = or in operators. At present, the ancestor filter can only be used with the = operator.


Support for the LOINC ancestor filter with the in operator has been added.


Support for concept property values with a length exceeding 500 characters has been added in the terminology tables. In particular, this was added to facilitate the LOINC EXTERNAL_COPYRIGHT_NOTICE property, for which values can be quite long.

The AuthorizationInterceptor has been enhanced so that a user can be authorized to perform create operations specifically, without authorizing all write operations. Also, conditional creates can now be authorized even if they are happening inside a FHIR transaction.

A docker compose script for the hapi-fhir-jpaserver-starter project was added. Thanks to Long Nguyen for the pull request!


A number of overridden methods in the HAPI FHIR codebase did not have the @Override annotation. Thanks to Clayton Bodendein for cleaning this up!


Plain server resource providers were not correctly matching methods that had the _id search parameter if a client performed a request using a modifier such as :not or :exact. Thanks to Petro Mykhailyshyn for the pull request!

Auto generated transaction IDs will now use both upper- and lowercase letters for more uniqueness in the same amount of space.


Performance Improvement: A significant performance improvement was made to the parsers (particularly the Json Parser) when serializing resources. This work yields improvements of 20-50% in raw encode speed when encoding large resources. Thanks to David Maplesden for the pull request!


The server CapabilityStatement (/metadata) endpoint now respects the Cache-Control header. Thanks to Jens Villadsen for the pull request!

The @Metadata annotation now has an attribute that can be used to control the cache timeout


Performance Improvement: When running inside a JPA server, The DSTU3+ validator now performs code validations by directly testing ValueSet membership against a pre-calculated copy of the ValueSet, instead of first expanding the ValueSet and then examining the expanded contents. This can yield a significant improvement in validation speed in many cases.

Validation errors will now include details about the line number where the issue was found

A new built-in server interceptor called CaptureResourceSourceFromHeaderInterceptor has been added. This interceptor can be used to capture an incoming source system URI in an HTTP Request Header and automatically place it in Resource.meta.source


The email Subscription deliverer now respects the payload property of the subscription when deciding how to encode the resource being sent. Thanks to Sean McIlvenna for the pull request!


The CapabilityStatement generator will now determine supported profiles by navigating the complete hierarchy of supported resource types, instead of just using the root resource for each type. Thanks to Stig Døssing for the pull request!

Two foreign keys have been dropped from the HFJ_SEARCH_RESULT table used by the FHIR search query cache. These constraints did not add value and caused unneccessary contention when used under high load.

An inefficient regex expression in UrlUtil was replaced with a much more efficient hand-written checker. This regex was causing a noticable performance drop when feeding large numbers of transactions into the JPA server at the same time (i.e. when loading Synthea data).

The HAPI FHIR CLI server now uses H2 as its database platform instead of Derby. Note that this means that data in any existing installations will need to be re-uploaded to the new database platform.

REST servers will no longer try to guess the content type for HTTP requests where a body is provided but no Content-Type header is included. These requests are invalid, and will now result in an HTTP 400. This change corrects an error where some interceptors (notably the RequestValidatingInterceptor, but not including any HAPI FHIR security interceptors) could be bypassed if a Content Type was not included.

The Testpage Overlay has been upgraded to use FontAwesome 5.x, and now supports being deployed to a servlet path other than "/".

The hapi-fhir-jaxrs-server module now lists dependencies on structures JARs as optional dependencies, in order to avoid automatically importing all versions. This means that implementers of JAX-RS servers may now need to add an explicit dependency on one or more structures JARs to their own project.

The IValidationSupport#validateCode(...) method has been modified to add an additional parameter (String theValueSetUrl). Most users will be unaffected by this change as HAPI FHIR provides a number of built-in implementations of this interface, but any direct user implementations of this interface will need to add the new parameter.

The hapi-fhir-testpage-overlay project now uses WebJars for importing JavaScript dependency libraries. This reduces our Git repository size and should make it easier to stay up-to-date.

The JPA server in DST2 mode previously automatically validated submitted QuestionnaireResponse resource against their corresponding Questionnaires and rejected non-conformant QuestionnaireResponse resources from being stored. This was in contrast to every other version where the RequestValidatingInterceptor has to be registered in order to achieve this specific behaviour. This behaviour has been removed from the JPA server, and the same interceptor must be used for QR validation in the DSTU2 JPA server as in all other versions of FHIR.

DSTU2.1 profile validation now uses the same R5 validation as all other versions of FHIR.

When using the _filter search parameter, string comparisons using the "eq" operator were incorrectly performing a partial match. This has been corrected. Thanks to Marc Sandberg for pointing this out!

Reference search parameters did not work via the _filter parameter

Transaction entries with a resource URL starting with a leading slash (e.g. /Organization?identifier=foo instead of Organization?identifier=foo did not work. These are now supported.

SubscriptionDstu2Config incorrectly pointed to a DSTU3 configuration file. This has been corrected.

When using the VersionedApiConverterInterceptor, GraphQL responses failed with an HTTP 500 error.

Cascading deletes now correctly handle circular references. Previously this failed with an HTTP 500 error.

The informational message returned in an OperationOutcome when a delete failed due to cascades not being enabled contained an incorrect example. This has been corrected.

In some cases, deleting a CodeSystem resource would fail because the underlying codes were not correctly deleted from the terminology service tables. This is fixed.

The FHIRPath engine used to parse search parameters in the JPA R4/R5 server is now reused across requests, as it is somewhat expensive to create and is thread safe.

The GraphQL provider did not wrap the respone in a "data" element as described in the FHIR specification. This has been corrected.

When using the Consent Service and denying a resource via the "Will See Resource" method, the resource ID and version were still returned to the user. This has been corrected so that no details about the resource are leaked.

Fix a failure in FhirTerser#visit when fields in model classes being visited contain custom subclasses of the expected type.

Updating an existing CodeSystem resource with a content mode of COMPLETE did not cause the terminology service to accurately reflect the new CodeSystem URL and/or concepts. This is now corrected.


A NullPointerException when using the AuthorizationInterceptor RuleBuilder to build a conditional rule with a custom tester has been corrected. Thanks to Tue Toft Nørgård for reporting!


The R4+ client and server modules did not recognize the new _include:iterate syntax that replaces the previous _include:recurse syntax. Both are now supported on all servers in order to avoid breaking backwards compatibility, with the new syntax now being emitted in R4+ clients.


The LOINC terminology distribution includes multiple copies of the same files. Uploading LOINC terminology resulted in some ValueSets with duplicate codes. This has been corrected by specifying a path with each filename.

New Feature: A new set of operations have been added to the JPA server that allow CodeSystem deltas to be uploaded. A CodeSystem Delta consists of a set of codes and relationships that are added or removed incrementally to the live CodeSystem without requiring a downtime or a complete upload of the contents. Deltas may be specified using either a custom CSV format or a partial CodeSystem resource.
In addition, the HAPI FHIR CLI upload-terminology command has been modified to support this new functionality.

A corner case bug in the JPA server was solved: When performing a search that contained chained reference searches where the value contained slashes (e.g. Observation?derived-from:DocumentReference.contenttype=application/vnd.mfer ) the server could fail to load later pages in the search results.


Some resource IDs and URLs for LOINC ValueSets and ConceptMaps were inconsistently populated by the terminology uploader. This has been corrected.

When a resource was updated with a meta.source containing a request id, the meta.source was getting appended with the new request id, resulting in an ever growing source.meta value. E.g. after the first update, it looks like "#9f0a901387128111#5f37835ee38a89e2" when it should only be "#5f37835ee38a89e2". This has been corrected.


The Plain Server method selector was incorrectly allowing client requests with _include statements to be handled by method implementations that did not have any @IncludeParam defined. This is now corrected. Thanks to Tuomo Ala-Vannesluoma for reporting and providing a test case!

New Feature: When using Externalized Binary Storage in the JPA server, the system will now automatically externalize Binary and Attachment payloads, meaning that these will automatically not be stored in the RDBMS.

The JPA server failed to find codes defined in not-present codesystems in some cases, and reported that the CodeSystem did not exist. This has been corrected.


When encoding a Composition resource in XML, the section narrative blocks were incorrectly replaced by the main resource narrative. Thanks to Mirjam Baltus for reporting!


AN issue with date pickers not working in the hapi-fhir-testpage-overlay project has been fixed. Thanks to GitHub user @jaferkhan for the pull request!

Model Update: The DSTU3 structures have been upgraded to the new 3.0.2 (Technical Correction) release.
The R4 structures have been upgraded to the new 4.0.1 (Technical Correction) release.
The R5 structure have been upgraded to the current (October) snapshot.

The JPA server contained a restriction on the columns used to hold a resource's type name that was too short to hold the longest name from the final R4 definitions. This has been corrected to account for names up to 40 characters long.

The subscription triggering operation was not able to handle commas within search URLs being used to trigger resources for subscription checking. This has been corrected.

In some cases where resources were recently expunged, null entries could be passed to JPA interceptors registered against the STORAGE_PRESHOW_RESOURCES hook.

In issue was fixed in the JPA server where a previously failed search would be reused, immediately returning an error rather than retrying the search.

The JPA server did not correctly process _has queries where the linked search parameter was the _id parameter.


HAPI FHIR allows transactions in DSTU3 to contain a JSON/XML Patch in a Binary resource without specifying a verb in Bundle.entry.request.method, since the valueset defined in DSTU3 for that field does not include the PATCH verb. The AuthorizationInterceptor however did not understand this and would reject these requests. This is now corrected.


A potential XXE vulnerability in the validator was corrected. The XML parser used for validating XML payloads (i.e. FHIR resources) will no longer read from DTD declarations.

Paging requests that are incorrectly executed at the type level were interpreted by the plain server as search requests with no search parameters, leading to confusing search results. These will now result in an HTTP 400 error with a meaningful error message.


QuestionnaireResponse validation in the JPA server was not able to load Questionnaire resources that were referenced using a canonical URI instead of a local reference. Thanks to Vu Vuong for reporting!


When validating JSON payloads, the JSON structure was parsed by Gson instead of passing the raw JSON to the validator. This meant that the validator was unable to catch certain structural errors that are ignored by Gson. Thanks to Michael Lawley for reporting!


The JPA server exposed a number of duplicate entries in the CapabilityStatement's list of supported _include values for a given resource. Thanks to Jens Villadsen for reporting!


An unintended dependency from hapi-fhir-base on Jetty was introduced in HAPI FHIR 4.0.0. This has been removed.

The JPA migrator tool was not able to correctly drop tables containing foreign key references in some cases. This has been corrected.


An issue was fixed where the JPA server would occasionally fail to save a resource because it contained a string containing characters that change length when normalized. Thanks to Tuomo Ala-Vannesluoma for the pull request!

In the (fairly unlikely) circumstance that a JPA server was called with a parameter where the parameter name referenced a custom search parameter with an invalid chain attached, and the value was missing entirely (e.g. ProcedureRequest?someCustomParameter.BAD_NAME= , the server would ignore this parameter instead of incorrectly returning an error. This has been corrected.


Several issues with HAPI FHIR's annotation scanner that prevented use with Kotlin based resource providers have been corrected. Thanks to Jelmer ter Wal for the pull request!

Search parameters of type URI did not work in the hapi-fhir-testpage-overlay. This has been corrected.


JPA servers accidentally stripped the type attribute from the server-exported CapabilityStatement when search parameters of type "special" were found. This has been corrected.

When running the JPA server without Lucene indexing enabled and performing ValueSet expansion, the server would incorrectly ignore inclusion rules that specified a system but no codes (i.e. include the whole system). This has been corrected.


The hapi-fhir-testpage-overlay has been updated to support R5 endpoints. Thanks to Dazhi Jiao for the pull request!

A NullPointerException in the XML Parser was fixed when serializing a resource containing an extension on a primitive datatype that was missing a URL declaration.

When using the _filter search parameter in the JPA server with an untyped resource ID, the filter could bring in search results of the wrong type. Thanks to Anthony Sute for the Pull Request and Jens Villadsen for reporting!


In some cases where where a single search parameter matches the same resource many times with different distinct values (e.g. a search by Patient:name where there are hundreds of patients having hundreds of distinct names each) the Search Coordinator would end up in an infinite loop and never return all of the possible results. Thanks to @imranmoezkhan for reporting, and to Tim Shaffer for providing a reproducible test case!

The method IVersionSpecificBundleFactory#initializeBundleFromResourceList has been deprecated, as it provided duplicate functionality to other methods and had an outdated argument list based on the Bundle needs in DSTU1. We are not aware of any public use of this API, please let us know if this deprecation causes any issues.

HTTP PUT (resource update) operations will no longer allow the version to be specified in a Content-Location header. This behaviour was allowed in DSTU1 and was never removed from HAPI even though it hasn't been permitted in the spec for a very long time. Hopefully this change will not impact anyone!

The @ProvidesResources annotation has been removed from HAPI FHIR, as it was not documented and did not do anything useful. Please get in touch if this causes any issues.

1.3.11HAPI FHIR 4.0.3 (Igloo (Point Release))


Release Information

Released: 2019-09-03

Codename: (Igloo (Point Release))


This release contains no new or updated functionality, but addressed a dependency version that was left incorrectly requiring a SNAPSHOT maven build of the org.hl7.fhir.utilities module. Users who are successfully using HAPI FHIR 4.0.0 do not need to upgrade, but any users who were blocked from upgrading due to snapshot dependency issues are advised to upgrade immediately.

1.3.12HAPI FHIR 4.0.0 (Igloo)


Release Information

Released: 2019-08-14

Codename: (Igloo)


The version of a few dependencies have been bumped to the latest versions (dependent HAPI modules listed in brackets):

  • Commons Codec (Core): 1.11 -> 1.12
  • Apache HTTPClient (Client): 4.5.3 -> 4.5.9
  • Apache HTTPCore (Client>: 4.4.6 -> 4.4.11
  • Spring (JPA): 5.1.6.RELEASE -> 5.1.8.RELEASE
  • Spring-Data (JPA): 2.1.6.RELEASE -> 2.1.8.RELEASE
  • JANSI (CLI): 1.17.1 -> 1.18
  • json-patch (JPA): 1.10 -> 1.15 (see changelog entry about this change)
  • Jackson-Databind (JPA): 2.9.9 -> (due to a Jackson vulnerability CVE-2019-12384)
  • commons-collections4 (Server/JPA): 4.1 -> 4.3
  • commons-dbcp2 (JPA): 2.5.0 -> 2.6.0
  • commons-lang3 (Core): 3.8.1 -> 3.9
  • commons-text (Core): 1.6 -> 1.7
  • Guava (JPA): 27.1-jre -> 28.0-jre

New Feature: A new interceptor called CascadingDeleteInterceptor has been added to the JPA project. This interceptor allows deletes to cascade when a specific URL parameter or header is added to the request. Cascading deletes can also be controlled by a new flag in the AuthorizationIntereptor RuleBuilder, in order to ensure that cascading deletes are only available to users with sufficient permission.

Several enhancements have been made to the AuthorizationInterceptor :

  • The interceptor now registers against the STORAGE_PRESHOW_RESOURCES interceptor hook, which allows it to successfully authorize JPA operations that don't actually return resource content, such as GraphQL responses, and resources that have been filtered using the _elements parameter.
  • The rule list is now cached on a per-request basis, which should improve performance

The $expunge global everything operation has been refactored to do deletes in small batches. This change will likely reduce performance, but does allow for the operation to succeed without timing out in larger systems.

Added some experimental version-independent model classes to ca.uhn.fhir.jpa.model.any. They permit writing code that is version independent.

Added new subclass of HashMapResourceProvider called SearchableHashMapResourceProvider that uses the in-memory matcher to search the HashMap (using a full table scan). This allows rudimentary testing without a database.

Added a new interceptor hook called STORAGE_PRESTORAGE_DELETE_CONFLICTS that is invoked when a resource delete operation is about to fail due to referential integrity conflicts. Hooks have access to the list of resources that have references to the resource being deleted and can delete them. The boolean return value of the hook indicates whether the server should try checking for conflicts again (true means try again).


The HAPI FHIR unit test suite has been refactored to no longer rely on PortUtil to assign a free port. This should theoretically result in fewer failed builds resulting from port conflicts. Thanks to Stig Døssing for the pull request!


JPA server now supports conditional PATCH operation (i.e. performing a patch with a syntax such as /Patient?identifier=sys|val )


The json-patch library used in the JPA server has been changed from java-json-tools.json-patch to a more active fork of the same project: crate-metadata.json-patch. Thanks to Jens Villadsen for the suggestion and pull request!


Support has been implemented in the JPA server for the CodeSystem $subsumes operation.

A new pointcut has been added to the JPA server called JPA_PERFTRACE_RAW_SQL that can be used to capture the raw SQL statements that are sent to the underlying database.

The JPA server now rejects subscriptions being submitted with no value in Subscription.status (this field is mandatory, but the subscription was previously ignored if no value was provided)

The JSON and XML parsers will now raise a warning or error with the Parser Error Handler if an extension is being encoded that is missing a URL, or has both a value and nested extensions on the same parent extension.


Support in the JPA Terminology Service terminology uploader has been added for uploading the IMGT HLA Nomenclature distribution files as a FHIR CodeSystem. Thanks to Joel Schneider for the contribution!


A BOM POM has been added to the HAPI FHIR distribution, allowing users to import the HAPI FHIR library with all of its submodules automatically sharing the same version. Thanks to Stig Døssing for the pull request!

AuthorizationInterceptor will now try to block delete operations sooner in the processing lifecycle if there is no chance they will be permitted later (i.e. because the type is not authorized at all)

The HAPI FHIR server will now generate a random transaction ID to every request and add it to the response headers. Clients may supply the transaction header via the X-Request-ID header.

When attempting to read a resource that is deleted, a Location header is now returned that includes the resource ID and the version ID for the deleted resource.

IBundleProvider now has an isEmpty() method that can be used to check whether any results exist. A default implementation has been provided, so this is not a breaking change.

A new server interceptor hook called PROCESSING_COMPLETED has been added. This hook is called by the server at the end of processing every request (success and failure).

Added a new Pointcut STORAGE_PRESTORAGE_EXPUNGE_EVERYTHING that is called at the start of the expungeEverything operation.

The JPA server now has the ability to generate snapshot profiles from differential profiles via the $snapshot operation, and will automatically generate a snapshot when needed for validation.

Creating/updating CodeSystems now persist CodeSystem.concept.designation to the terminology tables.

Expanded ValueSets now populate ValueSet.expansion.contains.designation.language .

@Operation methods can now declare that they will manually process the request body and/or manually generate a response instead of letting the HAPI FHIR framework take care of these things. This is useful for situations where direct access to the low-level servlet streaming API is needed.

@Operation methods can now declare that they are global, meaning that they will apply to all resource types (or instances of all resource types) if they are found on a plain provider.

@Operation method parameters may now declare their type via a String name such as "code" or "Coding" in an attribute in @OperationParam. This is useful if you want to make operation methods that can operate across different versions of FHIR.

A new resource provider for JPA servers called BinaryAccessProvider has been added. This provider serves two custom operations called $binary-access-read and $binary-access-write that can be used to request binary data in Attachments as raw binary content instead of as base 64 encoded content.

New Feature: Support for the new R5 draft resources has been added. This support includes the client, server, and JPA server. Note that these definitions will change as the R5 standard is modified until it is released, so use with caution!

Support for PATCH operations performed within a transaction (using a Binary resource as the resource type in order to hold a JSONPatch or XMLPatch body) has been added to the JPA server.

A new attribute has been added to the @Operation annotation called typeName . This annotation can be used to specify a type for an operation declared on a plain provider without needing to use a specific version of the FHIR structures.

The $upload-external-code-system operation and the corresponding HAPI FHIR CLI command can now be used to upload custom vocabulary that has been converted into a standard file format defined by HAPI FHIR. This is useful for uploading large organizational code systems.


When performing a read-if-newer operation on a plain server, the resource ID in Resource.meta.versionId is now used if a version isn't found in the resource ID itself. Thanks to Stig Døssing for the pull request!

New Feature: A new interceptor called ConsentInterceptor has been added. This interceptor allows JPA based servers to make appropriate consent decisions related to resources that and operations that are being returned. See Server Security for more information.

New Feature: The JPA server now supports GraphQL for DSTU3 / R4 / R5 servers.


New Feature: The JPA server now supports the _filter search parameter when configured to do so. The filter search parameter is an extremely flexible and powerful feature, allowing for advanced grouping and order of operations on searches. It can be dangerous however, as it potentially allows users to create queries for which no database indexes exist in the default configuration so it is disabled by default. Thanks to Anthony Sute for the pull request and all of his support in what turned out to be a lengthy merge!

Breaking Change: The HL7.org DSTU2 structures (and ONLY the HL7.org DSTU2 structures) have been moved to a new package. Where they were previously found in org.hl7.fhir.instance.model they are now found in org.hl7.fhir.dstu2.model. This was done in order to complete the harmonization between the HAPI FHIR GitHub repository and the org.hl7.fhir.core GitHub repository. This is the kind of change we don't make lightly, as we do know that it will be annoying for users of the existing library. It is a change however that will allow us to apply validator fixes much more quickly, and will greatly reduce the amount of effort required to keep up with R5 changes as they come out, so we're hoping it is worth it. Note that no classes are removed, they have only been moved, so it should be fairly straightforward to migrate existing code with an IDE.

Moved in-memory matcher from Subscription module to SearchParam module and renamed the result type from SubscriptionMatchResult to InMemoryMatchResult.

Breaking Change: The IPagingProvider interface has been modified so that the retrieveResultList method now takes one additional parameter of type RequestDetails. If you have created a custom implementation of this interface, you can add this parameter and ignore it if needed. The use of the method has not changed, so this should be an easy fix to existing code.

Breaking Change: The HAPI FHIR REST client and server will now default to using JSON encoding instead of XML when the user has not explicitly configured a preference.

Breaking Change: The JPA $upload-external-code-system operation has been moved from being a server level operation (i.e. called on the root of the server) to being a type level operation (i.e. called on the CodeSystem type).

Server CapabilityStatement/Conformance repsonses from the /metadata endpoint will now be cached for 60 seconds always. This was previously a configurable setting on the ServerConformanceProvider, but it is now handled directly by the method binding so the provider now has no responsibility for caching.

The JPA server now uses the H2 database instead of the derby database to run its unit tests. We are hoping that this cuts down on the number of false test failures we get due to mysterious derby failures.

Breaking Change: The FhirValidator#validate(IResource) method has been removed. It was deprecated in HAPI FHIR 0.7 and replaced with FhirValidator#validateWithResults(IBaseResource) so it is unlikely anyone is still depending on the old method.

The Base64Binary types for DSTU3+ now use a byte array internally to represent their content, which is more efficient than storing base 64 encoded text to represent the binary as was previously done.

A few columns named 'CODE' in the JPA terminology services tables have been renamed to 'CODEVAL' to avoid any possibility of conflicting with reserved words in MySQL. The database migrator tool has been updated to handle this change.

Two new operations, $apply-codesystem-delta-add and $apply-codesystem-delta-remove have been added to the terminology server. These methods allow codes to be dynamically added and removed from external (notpresent) codesystems.

The JPA server did not correctly index Timing fields where the timing contained a period but no individual events. This has been corrected.


The HAPI FHIR CLI import-csv-to-conceptmap command was not accounting for byte order marks in CSV files (e.g. some Excel CSV files). This has been fixed.


A bug was fixed where deleting resources within a transaction did not always correctly enforce referential integrity even if referential integrity was enabled. Thanks to Tuomo Ala-Vannesluoma for reporting!

In the JPA server, the _total=accurate was not always respected if a previous search already existed in the query cache that matched the same search parameters.


Improved stability of concurrency test framework. Thanks to Stig Døssing for the pull request!

AuthorizationInterceptor sometimes failed with a 500 error when checking compartment membership on a resource that has a contained subject (Patient).

Uploading the LOINC/RSNA Radiology Playbook would occasionally fail when evaluating part type names due to case sensitivity. This has been corrected.


Invoking the transaction or batch operation on the JPA server would fail with a NullPointerException if the Bundle passed in did not contain a resource in an entry that required a resource (e.g. a POST). Thanks to GitHub user @lytvynenko-dmitriy for reporting!


HAPI FHIR Server (plain, JPA, and JAX-RS) all populated Bundle.entry.result on search result bundles, even though the FHIR specification states that this should not be populated. This has been corrected. Thanks to GitHub user @gitrust for reporting!


Creating R4 Observation resources with a value type of SampledData failed in the JPA server because of an indexing error. Thanks to Brian Reinhold for reporting!


Fix a build failure thanks to Maven pom errors. Thanks to Gary Teichrow for the pull request!


The JPA server did not correctly process searches with a _tag:not expression containing more than one comma separated value.

FHIR model classes have a method called hasPrimitiveValue() which previously returned true if the type was a primitive datatype (e.g. StringType). This method now only returns true if the type is a primitive datatype AND the type actually has a value.

A number of columns in the JPA Terminology Services ConceptMap tables were not explicitly annotated with @Column, so the DB columns that were generated had Java ugly field names as their SQL column names. These have been renamed, and entries in the JPA migrator tool have been added for anyone upgrading.

Field values with a datatype of canonical were indexed as though they were explicit resource references by the JPA server. This led to errors about external references not being supported when uploading various resources (e.g. Questionnaires with HL7-defined ValueSet references). This has been corrected. Note that at this time, we do not index canonical references at all (as we were previously doing it incorrectly). This will be improved soon.


The OkHttp client did not correctly apply the connection timeout and socket timeout settings to client requests. Thanks to Petro Mykhailyshyn for the pull request!

The _summary element was not always respected when encoding JSON resources.


Two issues in the Thymeleaf Narrative Template which caused an error when generating a narrative on an untitled DiagnosticReport were fixed. Thanks to GitHub user @navyflower for reporting!


In the JAX-RS server, the resource type history and instance vread operations had ambiguous paths that could lead to the wrong method being called. Thanks to Seth Rylan Gainey for the pull request!


The profile validator (FhirInstanceValidator) can now be used to validate a resource using an explicit profile declaration rather than simply relying on the declared URL in the resource itself.

When using the ResponseHighlighterInterceptor, some invalid requests that would normally generate an HTTP 400 response (e.g. an invalid _elements value) would cause an HTTP 500 crash.


An example datatype was corrected in the DSTU2 Identifier datatype StructureDefinition. Thanks to Nick Robison for the pull request!

1.3.13HAPI FHIR 3.8.0 (Hippo)


Release Information

Released: 2019-05-30

Codename: (Hippo)


The version of a few dependencies have been bumped to the latest versions (dependent HAPI modules listed in brackets):

  • Guava (base): 25-jre -> 27.1-jre
  • Hibernate (JPA): 5.4.1 -> 5.4.2
  • Jackson (JPA): 2.9.7 -> 2.9.8
  • Spring (JPA): 5.1.3.RELEASE -> 5.1.6.RELEASE
  • Spring-Data (JPA): 2.1.3.RELEASE -> 2.1.6.RELEASE
  • Caffeine (JPA): 2.6.2 -> 2.7.0
  • JANSI (CLI): 1.16 -> 1.17.1

ParametersUtil now has a utility method that can be used to add parameter values using the string name of the datatype (e.g. "dateTime") in order to help building Parameters resources in a version-independent way.

In the JPA server, a much more readable error message is now returned returned when two client threads collide while trying to simultaneously create a resource with the same client-assigned ID. In addition, better error messages are now returned when conflicts such as this one are hit within a FHIR transaction operation.

The JPA query builder has been optimized to take better advantage of SQL IN (..) expressions when performing token searches with multiple OR values.

The JPA server transaction processor will now automatically detect if the request Bundle contains multiple entries having identical conditional create operations, and collapse these into a single operation. This is done as a convenience, since many conversion algorithms can accidentally generate such duplicates.

A new config setting has been added to the JPA DaoConfig that disables validation of the resource type for target resources in references.

HapiLocalizer can now handle message patterns with braces that aren't a part of a message format expression. E.g. "Here is an {example}".

JPA searches using a Composite Unique Index will now use that index for faster searching even if the search has _includes and/or _sorts. Previously these two features caused the search builder to skip using the index.

In Servers that are configured to support extended mode _elements parameters, it is now possible to use the :exclude modifier to exclude entire resource types.

When performing a search in the JPA server where one of the parameters is a reference with multiple values (e.g. Patient?organization=A,B) the generated SQL was previously a set of OR clauses and this has been collapsed into a single IN clause for better performance.

RequestDetails now has methods called getAttribute and setAttribute that can be used by interceptors to pass arbitrary data between requests.

Added new configuration parameter to DaoConfig and ModelConfig to specify the websocket context path. (Before it was hardcoded to "/websocket").

Added new IRemovableChannel interface. If a SubscriptionChannel implements this, then when a subscription channel is destroyed (because its subscription is deleted) then the remove() method will be called on that channel.

When performing a JSON Patch in JPA server, the post-patched document is now validated to ensure that the patch was valid for the candidate resource. This means that invalid patches are caught and not just silently ignored.

Expunges are now done in batches in multiple threads. Both the number of expunge threads and batch size are configurable in DaoConfig.

ValidationSupportChain will now call isCodeSystemSupported() on each entry in the chain before calling fetchCodeSystem() in order to reduce the work required by chain entries. Thanks to Anders Havn for the suggestion!

The hapi-fhir-jpaserver-starter project has been updated to use a properties file for configuration, making it much easier to get started with this project. Thanks to Sean McIlvenna for the pull request!


The InstanceValidator now supports validating QuestionnairResponses with empty items for disabled questions. Thanks to Matti Uusitalo for the pull request!


A new method has been added to the client that allows arbitrary headers to be easily added to the request. Thanks to Christian Ohr for the pull request!


VersionConverter for R2-R3 has been modified to correectly handle the renamed basedOn field. Thanks to Gary Graham for the pull request!


Add a missing @Deprecated tag. Thanks to Drew Mitchell for the pull request!


The JSON parser has removed a few unneeded super keywords that prevented overriding behaviour. Thanks to Anders Havn for the pull request!


The DSTU2/3 version converter now converts Specimen resources. Thanks to Gary Graham for the pull request!

The JPA terminology service can now detect when Hibernate Search (Lucene) is not enabled, and will perform simple ValueSet expansions without relying on Hibenrate Search in such cases.

The hapi-fhir-testpage-overlay project no longer includes any library JARs in the built WAR, in order to prevent duplicates and conflicts in implementing projects.

The JSON Patch provider has been switched to use the provider from the Java JSON Tools project, as it is much more robust and fault tolerant.

Re-use subscription channel and handlers when a subscription is updated (unless the channel type changed).


A Google Analytics script fragment was leftover in the hapi-fhir-jpaserver example and starter projects. Thanks to Patrick Werner for removing these!

A potential security vulnerability in the hapi-fhir-testpage-overlay project was corrected: A URL parameter was not being correctly escaped, leading to a potential XSS vulnerability. A big thanks to Mudit Punia and Dushyant Garg for reporting this.

When performing a search using the JPA server, if a search returned between 1500 and 2000 results, a query for the final page of results would timeout due to a page calculation error. This has been corrected.


Searching the JPA server with multiple instances of the same token search parameter (e.g. "Patient?identifier=&identifier=b" returned no results even if resources should have matched. Thanks to @mingdatacom for reporting!

JPA searches using a Composite Unique Index did not return the correct results if a REFERENCE search parameter was used with arguments that consisted of unqualified resource IDs.

A non-threadsafe use of DateFormat was cleaned up in the StopWatch class.

When returning the results of a history operation from a HAPI FHIR server, any entries with a method of DELETE contained a stub resource in Bundle.entry.resource, even though the FHIR spec states that this field should be empty. This was corrected.

Two expunge bug fixes: The first bug is that the expunge operation wasn't bailing once it hit its limit. This resulted in a "Page size must not be less than one!" error. The second bug is that one case wasn't properly handled: when a resourceId with no version is provided. This executed the case where only resource type is provided.

When updating a resource in the JPA server, if the contents have not actually changed the resource version is not updated and no new version is created. In this situation, the update time was modified however. It will no longer be updated.

When running the JPA server in Resource Client ID strategy mode of "ANY", using the _id search parameter could return incorrect results. This has been corrected.

Performing a PUT or POST against a HAPI FHIR Server with no request body caused an HTTP 500 to be returned instead of a more appropriate HTTP 400. This has been corrected.


The fetchValueSet method on IValidationSupport implementation was not visible and could not be overridden. Thanks to Patrick Werner for the pull reuqest!


The JPA server failed to index R4 reources with search parameters pointing to the Money data type. Thanks to GitHub user @navyflower for reporting!

When validating DSTU3 QuestionnaireResponses that leverage the "enableWhen" functionality available in Questionnaire resources, the validation could sometimes fail incorrectly.

Ensure that database cursors are closed immediately after performing a FHIR search.

Validation errors were fixed when using a Questionnaire with enableWhen on a question that contains sub-items.

Fixed "because at least one resource has a reference to this resource" delete error message that mistakingly reported the target instead of the source with the reference.


In JPA server when updating a resource using a client assigned ID, if the resource was previously deleted (meaning that the operation is actually a create), the server will now return an HTTP 201 instead of an HTTP 200. Thanks to Mario Hyland for reporting!

The HAPI FHIR CLI was unable to start a server in R4 mode in HAPI FHIR 3.7.0. This has been corrected.


When encoding resources, profile declarations on contained resources will now be preserved. Thanks to Anders Havn for the pull request!


Two incorrect package declarations in unit tests were corrected. Thanks to github user @zaewonyx for the PR!


The JPA database migration tool has been enhanced to support migration from HAPI FHIR 2.5. Thanks to Gary Graham for the pull request!

The hapi-fhir-jpaserver-example did not have Subscription capabilities enabled after the refactoring of how Subscriptions are enabled that occurred in HAPI FHIR 3.7.0. Thanks to Volker Schmidt for the pull request!

When using the _elements parameter on searches and reads, requesting extensions to be included caused the extensions to be included but not any values contained within. This has been corrected.

1.3.14HAPI FHIR 3.7.0 (Gale)


Release Information

Released: 2019-02-06

Codename: (Gale)


HAPI FHIR is now built using OpenJDK 11. Users are recommended to upgrade to this version of Java if this is feasible. We are not yet dropping support for Java 8 (aka 1.8), but users are recommended to upgrade if possible.

The version of a few dependencies have been bumped to the latest versions (dependent HAPI modules listed in brackets):

  • Spring (JPA): 5.0.8.RELEASE -> 5.1.3.RELEASE
  • Spring-Data (JPA): 2.0.7.RELEASE -> 2.1.3.RELEASE
  • Hibernate-Core (JPA): 5.3.6.FINAL -> 5.4.1.FINAL
  • Hibernate-Search (JPA): 5.10.3.FINAL -> 5.11.1.FINAL
  • Thymeleaf (JPA): 3.0.9.RELEASE -> 3.0.11.RELEASE
  • thymeleaf-spring4 (Testpage Overlay) has been replaced with thymeleaf-spring5
  • Commons-Lang3: 3.8 -> 3.8.1
  • Commons-Text: 1.4 -> 1.4
  • Spring Boot: 1.5.6.RELEASE -> 2.1.1.RELEASE

FHIR Parser now has an additional overload of the parseResource method that accepts an InputStream instead of a Reader as the source.

FHIR Fluent/Generic Client now has a new return option called returnMethodOutcome which can be used to return a raw response. This is handy for invoking operations that might return arbitrary binary content.

Moved state and functionality out of BaseHapiFhirDao.java into new classes: LogicalReferenceHelper, ResourceIndexedSearchParams, IdHelperService, SearcchParamExtractorService, and MatchUrlService.

Replaced explicit @Bean construction in BaseConfig.java with @ComponentScan. Beans with state are annotated with @Component and stateless beans are annotated as @Service. Also changed SearchBuilder.java and the three Subscriber classes into @Scope("protoype") so their dependencies can be @Autowired injected as opposed to constructor parameters.

AuthorizationInterceptor now allows arbitrary FHIR $operations to be authorized, including support for either allowing the operation response to proceed unchallenged, or authorizing the contents of the response.

JPA Migrator tool enhancements: An invalid SQL syntax issue has been fixed when running the CLI JPA Migrator tool against Oracle or SQL Server. In addition, when using the "Dry Run" option, all generated SQL statements will be logged at the end of the run. Also, a case sensitivity issue when running against some Postgres databases has been corrected.

In the JPA server, when performing a chained reference search on a search parameter with a target type of Reference(Any) , the search failed with an incomprehensible error. This has been corrected to return an error message indicating that the chain must be qualified with a resource type for such a field. For example, QuestionnaireResponse?subject:Patient.name=smith instead of QuestionnaireResponse?subject.name=smith .

Changed subscription processing, if the subscription criteria are straightforward (i.e. no chained references, qualifiers or prefixes) then attempt to match the incoming resource against the criteria in-memory. If the subscription criteria can't be matched in-memory, then the server falls back to the original subscription matching process of querying the database. The in-memory matcher can be disabled by setting isEnableInMemorySubscriptionMatching to "false" in DaoConfig (by default it is true). If isEnableInMemorySubscriptionMatching is "false", then all subscription matching will query the database as before.

The LOINC uploader has been updated to suport the LOINC 2.65 release file format.

The resource reindexer can now detect when a resource's current version no longer exists in the database (e.g. because it was manually expunged), and can automatically adjust the most recent version to account for this.

When updating existing resources, the JPA server will now attempt to reuse/update rows in the index tables if one row is being removed and one row is being added (e.g. because a Patient's name is changing from "A" to "B"). This has the net effect of reducing the number

Plain Server ResourceProvider classes are no longer required to be public classes. This limitation has always been enforced, but did not actually serve any real purpose so it has been removed.

A new interceptor called ServeMediaResourceRawInterceptor has been added. This interceptor causes Media resources to be served as raw content if the client explicitly requests the correct content type cia the Accept header.


A new configuration item has been added to the FhirInstanceValidator that allows you to specify additional "known extension domains", meaning domains in which the validator will not complain about when it encounters new extensions. Thanks to Heinz-Dieter Conradi for the pull request!

Added 3 interfaces for services required by the standalone subscription server. The standalone subscription server doesn't have access to a database and so needs to get its resources using a FhirClient. Thus for each of these interfaces, there are two implementations: a Dao implementaiton and a FhirClient implementation. The interfaces thus introduced are ISubscriptionProvider (used to load subscriptions into the SubscriptionRegistry), the IResourceProvider (used to get the latest version of a resource if the "get latest version" flag is set on the subscription) and ISearchParamProvider used to load custom search parameters.


FHIR Servers now support the HTTP HEAD method for FHIR read operations. Thanks to GitHub user Cory00 for the pull request!

It is now possible in a plain or JPA server to specify the default return type for create/update operations when no Prefer header has been provided by the client.

It is now possible in a JPA server to specify the _total calculation behaviour if no parameter is supplied by the client. This is done using a new setting on the DaoConfig. This can be used to force a total to always be calculated for searches, including large ones.

AuthorizationInterceptor now rejects transactions with an invalid or unset request using an HTTP 422 response Bundle type instead of silently refusing to authorize them.

AuthorizationInterceptor is now able to authorize DELETE operations performed via a transaction operation. Previously these were always denied.


OperationDefinitions are now created for named queries in server module. Thanks to Stig Døssing for the pull request!

A new server interceptor has been added called "SearchNarrowingInterceptor". This interceptor can be used to automatically narrow the scope of searches performed by the user to limit them to specific resources or compartments that the user should have access to.

In a DSTU2 server, if search parameters are expressed with chains directly in the parameter name (e.g. @RequiredParam(name="subject.name.family") ) the second part of the chain was lost when the chain was described in the server CapabilityStatement. This has been corrected.

A wrapper script for Maven has been added, enabling new users to use Maven without having to install it beforehand. Thanks to Ari Ruotsalainen for the Pull Request!

AuthorizationInterceptor can now allow a user to perform a search that is scoped to a particular resource (e.g. Patient?_id=123) if the user has read access for that specific instance.

Changed behaviour of FHIR Server to reject subscriptions with invalid criteria. If a Subscription is submitted with invalid criteria, the server returns HTTP 422 "Unprocessable Entity" and the Subscription is not persisted.

HAPI FHIR will now log the Git revision when it first starts up (on the ame line as the version number that it already logs).

Added support for _id in in-memory matcher

Add a "subscription-matching-strategy" meta tag to incoming subscriptions with value of IN_MEMORY or DATABASE indicating whether the subscription can be matched against new resources in-memory or whether a call out to the database may be required. I say "may" because subscription matches fail fast so a negative match may be performed in-memory, but a positive match will require a database call.


Support for validating enableWhen in Questionnaires has been added to the Validator. Thanks to Eeva Turkka and Matti Uutsitalo for the pull request!


A badly formatted log message when handing exceptions was cleaned up. Thanks to Magnus Watn for the pull request!

AuthorizationInterceptor now allows the GraphQL operation to be authorized. Note that this is an all-or-nothing grant for now, it is not yet possible to specify individual resource security when using GraphQL.

The JPA stale search deletion service now deletes cached search results in much larger batches (20000 instead of 500) in order to reduce the amount of noise in the logs.

In example-projects/README.md and hapi-fhir-jpaserver-example/README.md, incidate that these examples projects are no longer maintained. The README.md points users to a starter project they should use for examples.

Replaced use of BeanFactory with custom factory classes that Spring @Lookup the @Scope("prototype") beans (e.g. SearchBuilderFactory).

Removed BaseSubscriptionInterceptor and all its subclasses (RestHook, EMail, WebSocket). These are replaced by two new interceptors: SubscriptionActivatingInterceptor that is responsible for activating subscriptions and SubscriptionMatchingInterceptor that is responsible for matching incoming resources against activated subscriptions. Call DaoConfig.addSupportedSubscriptionType(type) to configure which subscription types are supported in your environment. If you are processing subscriptions on a separate server and only want to activate subscriptions on this server, you should set DaoConfig.setSubscriptionMatchingEnabled to false. The helper method SubscriptionInterceptorLoader.registerInterceptors() will check if any subscription types are supported, and if so then load active subscriptions into the SubscriptionRegistry and register the subscription activating interceptor. This method also registers the subscription matching interceptor (that matches incoming resources and sends matches to subscription channels) only if DaoConfig.isSubscriptionMatchingEnabled is true. See https://github.com/hapifhir/hapi-fhir/wiki/Proposed-Subscription-Design-Change for more details.

Moved e-mail from address configuration from EmailInterceptor (which doesn't exist any more) to DaoConfig.

Separated active subscription cache from the interceptors into a new Spring component called the SubscriptionRegistry. This component maintains a cache of ActiveSubscriptions. An ActiveSubscription contains the subscription, it's delivery channel, and a list of delivery handlers.

Introduced a new Spring factory interface ISubscribableChannelFactory that is used to create delivery channels and handlers. By default, HAPI FHIR ships with a LinkedBlockingQueue implementation of the delivery channel factory. If a different type of channel factory is required (e.g. JMS or Kafka), add it to your application context and mark it as @Primary.

Added support for matching subscriptions in a separate server from the REST Server. To do this, run the SubscriptionActivatingInterceptor on the REST server and the SubscriptionMatchingInterceptor in the standalone server. Classes required to support running a standalone subscription server are in the ca.uhn.fhir.jpa.subscription.module.standalone package. These classes are excluded by default from the JPA ApplicationContext (that package is explicitly filtered out in the BaseConfig.java @ComponentScan).

The ResponseHighlighterInterceptor now declines to handle Binary responses provided as a response from extended operations. In other words if the operation $foo returns a Binary resource, the ResponseHighliterInterceptor will not provide syntax highlighting on the response. This was previously the case for the /Binary endpoint, but not for other binary responses.

A bug in the JPA resource reindexer was fixed: In many cases the reindexer would mark reindexing jobs as deleted before they had actually completed, leading to some resources not actually being reindexed.

An issue was corrected with the JPA reindexer, where String index columns do not always get reindexed if they did not have an identity hash value in the HASH_IDENTITY column.

Under some circumstances, when a custom search parameter was added to the JPA server resources could start reindexing before the new search parameter had been saved, meaning that it was not applied to all resources. This has been corrected.


When using the HL7.org DSTU2 structures, a QuestionnaireResponse with a value of type reference would fail to parse. Thanks to David Gileadi for the pull request!

When running the JPA server on Oracle, certain search queries that return a very large number of _included resources failed with an SQL exception stating that too many parameters were used. Search include logic has been reworked to avoid this.

JPA Subscription deliveries did not always include the accurate versionId if the Subscription module was configured to use an external queuing engine. This has been corrected.

In the JPA server, search/read operations being performed within a transaction bundle did not pass the client request HTTP headers to the sub-request. This meant that AuthorizationInterceptor could not authorize these requests if it was depending on headers being present.

When using a client in DSTU3/R4 mode, if the client attempted to validate the server CapabilityStatement but was not able to parse the response, the client would throw an exception with a misleading error about the Conformance resource not existing. This has been corrected. Thanks to Shayaan Munshi for reporting and providing a test case!

It is now possible to upload a ConceptMap to the JPA server containing mappings where the source or target is a StructureDefinition canonical URI. This was previously blocked, as the system could not apply these mappings. It is now permitted to be stored, although the system will still not apply these mappings.


In JPA Server REST Hook Subscriptions, any Headers defined in the Subscription resource are now applied to the outgoing HTTP request. Thanks to Volker Schmidt for the pull request!

When fetching a page of search results, if a page offset beyond the total number of available result was requested, a single result was still returned (e.g. requesting a page beginning at index 1000 when there are only 10 results would result in the 10th result being returned). This will now result in an empty response Bundle as would be expected.

The casing of the base64Binary datatype was incorrect in the DSTU3 and R4 model classes. This has been corrected.

When performing a JPA search with a chained :text modifier (e.g. MedicationStatement?medication.code:text=aspirin,tylenol) a series of unneccesary joins were introduced to the generated SQL query, harming performance. This has been fixed.

A serialization error when performing some searches in the JPA server using data parameters has been fixed. Thanks to GitHub user @PickOneFish for reporting!


An issue with outdated syntax in the Vagrant file that prevent it from being used was corrected. Thanks to Steve Lewis for the pull requst!


The HAPI FHIR tutorial server project had outdated versions of HAPI FHIR in its pom file. Thanks to Ricardo Estevez for the pull request!

The JPA server $expunge operation could sometimes fail to expunge if another resource linked to a resource that was being expunged. This has been corrected. In addition, the $expunge operation has been refactored to use smaller chunks of work within a single DB transaction. This improves performance and reduces contention when performing large expunge workloads.


A NullPointerException during validation was fixed. Thanks to GitHub user zilin375 for the pull request!


A NullPointerException has been fixed when using custom resource classes that have a @Block class as a child element. Thanks to Lars Gram Mathiasen for reporting and providing a test case!