Ontoserver
PostmanChange Log
Notable changes in each release are documented below.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Security - in case of vulnerabilities.
- Changed - for changes in existing functionality.
- Deprecated - for soon-to-be removed features.
- Removed - for now removed features.
- Fixed - for any bug fixes.
FHIR R5
7.1.0 - 20250211
Security
- Removed unused h2 jar to resolve warnings regarding CVE-2022-45868
- Updated library versions to mitigate CVEs:
- CVE-2016-1000027
- CVE-2023-5072
- CVE-2023-5384
- CVE-2023-6129
- CVE-2023-6237
- CVE-2023-33201
- CVE-2023-34042
- CVE-2023-34055
- CVE-2023-41080
- CVE-2023-42363
- CVE-2023-42364
- CVE-2023-42365
- CVE-2023-42366
- CVE-2023-42795
- CVE-2023-44487
- CVE-2023-45648
- CVE-2023-46589
- CVE-2023-52428
- CVE-2024-0727
- CVE-2024-0853
- CVE-2024-1597
- CVE-2024-2004
- CVE-2024-2379
- CVE-2024-2398
- CVE-2024-2466
- CVE-2024-4603
- CVE-2024-4741
- CVE-2024-5535
- CVE-2024-6119
- CVE-2024-6197
- CVE-2024-6874
- CVE-2024-7264
- CVE-2024-8096
- CVE-2024-9681
- CVE-2024-11053
- CVE-2024-12798
- CVE-2024-20918
- CVE-2024-20919
- CVE-2024-20921
- CVE-2024-20926
- CVE-2024-20932
- CVE-2024-20945
- CVE-2024-20952
- CVE-2024-21140
- CVE-2024-21145
- CVE-2024-21147
- CVE-2024-21235
- CVE-2024-21892
- CVE-2024-22243
- CVE-2024-22257
- CVE-2024-22259
- CVE-2024-22262
- CVE-2024-23672
- CVE-2024-24549
- CVE-2024-25629
- CVE-2024-25710
- CVE-2024-26308
- CVE-2024-29857
- CVE-2024-30171
- CVE-2024-34750
- CVE-2024-38807
- CVE-2024-38808
- CVE-2024-38809
- CVE-2024-38820
- CVE-2024-38816
- CVE-2024-38819
- CVE-2024-38821
- CVE-2024-38827
- CVE-2024-38828
- CVE-2024-45294
- CVE-2024-47554
- CVE-2024-50379
- CVE-2024-51132
- CVE-2024-52007
- CVE-2024-55887
- CVE-2024-56337
Changed
- Preload will now update a Metadata Resource (one with a canonical), if it has a later Resource.date than the matching currently persisted one.
- Fix reporting of
used-supplementinValueSet.expansion.parameter - Fix bug where Authorization header might not be included in certain HEAD requests for syndication content.
- Fix version numbers in internal preload feed.
- The
ontoserver.feature.syndication.rejectInconsistentContentItemValuescan be enabled to validate that a syndication entry's ContentItemIdentifier and ContentItemVersion match the resource's URL and version. - Report fhir-test-cases version in TerminologyCapabilities using Feature extension:
http://hl7.org/fhir/uv/tx-tests/FeatureDefinition/test-version - preAdopt
match.originMapin$translateoutput to include canonical for the ConceptMap. - Ontoserver log messages generated in the context of an API call now include a RequestId so they can be grouped/correlated in log analysis.
- Migrated from old spring-security-oauth2 library.
- Add support for
check-system-versionparameter toValueSet/$expand. - Add check for
used-codesystemwhen considering use of a pre-existing ValueSet expansion. - Added support for auto-detecting MMDDYYYY style versions (after 1300) when sorting for most recent
- Added
ontoserver.feature.compat.lookupTypedValueflag to force retention of old (broken) response for$lookup. If you need to the oldvalueStringetc names in$lookupresponses, then setontoserver.feature.compat.lookupTypedValue=true - Uplift to support terminology fhir-tests: tests v1.6.0, runner v6.4.0
- Removed dependency on old 3rd party Atom feed parser (Rome)
- Added ValueSet filter operator EXISTS support for subproperties.
- Add support for
targetsystemparameter to$translatewith unspecified ConceptMap. - Upgraded HAPI to 7.4.0 for latest FHIR Validation support:
org.hl7.fhir.validation:6.3.11 - Add support for
targetandtargetsystemparameters toConceptMap/$translate. - Support
SCALE_TYP = "DOC"(for any case of “Doc”) in ValueSet definitions for legacy reasons: https://chat.fhir.org/#narrow/stream/179202-terminology/topic/LOINC.20properties.20in.20filters - Added validation of partition id and check digit for SNOMED Codes.
- Ontoserver will now filter syndication feeds as a server as well as as a client
- Add support for the “top” and “bottom” operators,
!!>and!!<, from ECL 2.2 - Add validation that itemIdentifier and itemVersion from a feed entry matches url and version in the FHIR Resource
- Assign stable
ids to Bundle / Package resources that do not have anidalready provided - The
ontoserver.search.summaryconfiguration parameter can be used to control whether search requests default to summary or complete resources. - Cached internal syndication feed entries for significant performance improvement
- Added support for the
content-modesearch parameter on CodeSystem - Added support for
context,context-typeandcontext-type-valuesearch parameters for CodeSystem, ConceptMap, NamingSystem, StructureDefinition and ValueSet resources - Broadened support for filter operators on some of the FHIR specification's Defined Concept Properties
- Add support for
delete-historyinteractions (e.g., DELETE {Resource}/{id}/_history) from R6 - Improved support for case-insensitive CodeSystems. This includes an index format change for FHIR CodeSystems (migration is performed automatically)
- Tolerate CodeSystems that attempt to re-define the URIs for standard properties like
parentandchild. - Improved handling and validation of default CodeSystem properties like
status - Enabled R5 support for the
$convertoperation - Added support for contained CodeSystems. For example, a ValueSet may contain a CodeSystem (or supplements) that are then used in operations on the ValueSet.
- Added support for the
useSupplementparameter, pre-adopted from R5. - Added support for
ValueSet.expansion.property(via Extensions) pre-adopted from R5. - Added support for various SDC extensions:
- http://hl7.org/fhir/StructureDefinition/codesystem-conceptOrder
- http://hl7.org/fhir/StructureDefinition/codesystem-label
- http://hl7.org/fhir/StructureDefinition/itemWeight
- http://hl7.org/fhir/StructureDefinition/rendering-style
- http://hl7.org/fhir/StructureDefinition/rendering-xhtml
- http://hl7.org/fhir/StructureDefinition/valueset-concept-definition
- http://hl7.org/fhir/StructureDefinition/valueset-deprecated
- http://hl7.org/fhir/StructureDefinition/valueset-label
- http://hl7.org/fhir/StructureDefinition/valueset-conceptOrder
- MANY additional changes to support using Ontoserver with the FHIR Validator or IG Publisher as described here and to align with the tx tests in https://github.com/FHIR/fhir-test-cases
- Improved consistency and detail in
$validate-codemessages - Additional machine-readable output for
$validate-code - Eliminated redundant designations for
use="display"translations - …
- Improved consistency and detail in
- Added support for the Extension http://hl7.org/fhir/tools/StructureDefinion/valueset-expansion-param
- Added spell-correction support to
ValueSet/$expand?filter=... - Added the
atom.syndication.republishUpstreamFeedsconfiguration parameter, which specifies the upstream feeds whose entries should be republished. - Added support for prometheus endpoint (disabled and not exposed by default) at
/actuator/prometheus. - Exclude CodeSystems with
content=exampleorcontent=not-presentfrom use with$validate-code. - Added caching for TerminologyCapabilites to improve performance for large sets of CodeSystems.
- Added support for SNOMED International's new Edition dependency element in a syndication feed.
- Optional support
ValueSet.identifiermatching when resolving ValueSet uri in$expand. - Allow for inactive concepts to have an inactive FSN.
Fixed
- Tightened validation of syndication feed entries; ensure that advertised item canonical matches actual resource canonical for Metadata Resources (CodeSystem, ConceptMap, StructureDefinition, and ValueSet).
- Fixes to code identifying the appropriate display for a code in an expansion, and the set of associated designations.
- Fix
match.sourcevalue to bevalueUrinotvalueStringin$translateoutput. - Fix bug where Ontoserver could not verify the signature of JWT tokens while using secured syndication feeds.
- Fixes to cache invalidation propagation when in scaled mode.
- Fix bug with overly aggressive language matching for display validation.
- Fix bugs with
$validate-code, default / unspecified languages, and displays provided in theValueSet.compose. - Fix bug handling empty search criteria for
context-type-value. - Fix regression introduced in 6.20.1 with
ResourceandResource_Blobtable creation. - Fix bug when
$find-matchesis called without any values forproperty. - Fix bug with internal caching and CodeSystem supplement support.
- Fix bug with internal caching and
useSupplementparameter. - Fix bug with overly agressive language matching when validating display strings.
- Fix bug where ValueSets including versioned CodeSystems would not match in a
referencesearch. - Fix lazy initialisation of MappingR4.product / MappingR4.dependsOn bug.
- Fix bug identifying latest binary index version in syndication feed.
- Fix bug where
$expand?designation=...for a “use” would erroneously filter out all languages. - More robust ZIP file handling for unicode filenames.
- Ignore __MACOSX metadata directories in RF2 ZIP files.
- Fix bug where Community write permissions (e.g.,
grouping/mycommunity.write) were being ignored. - Fix bug with handling of ValueSet filter criteria in the presence of SNOMED and LOINC supplements.
- Fix bug with JWT token handling where the
authoritiesfield was empty and onlyscopewas being used. - Fix bug in ValueSet filter regex handling wrt escaped chars: \t \n \r \f
- Fix bug where content at /static was inaccessible with security enabled.
- Fix bug where content at /fhir/.well-known could return 401 rather than 404.
- Improve index cache invalidation following index deletion.
- Fix bug where $closure would fail when no CodeSystem version was specified and > 1 version of the CodeSystem was available.
- Fix bug where deduplication of Syndication feed entries did not correctly check contentItemIdentifier and contentItemVersion.
- Fix bug where stale Lucene index readers were retained in cache.
- Fix bug where an index that is OK gets marked in the database as not OK (e.g., due to a transient failure during an earlier repair task) but repair never updates the status back to OK.
- Fixed bug where create/update operations on ConceptMap and other resources would fail due to primary key violations after an Ontoserver upgrade.
- Fix bug where LOINC/SNOMED-CT CodeSystems indexed with older versions of Ontoserver would appear with caseSensitive=false.
- Fix bug where display text from ValueSet compose would override a translation selected for the preferred language
- Fix bug where older index versions could be preloaded over newer ones.
- If you have been experiencing unexpectedly high disk usage, we recommend using the
/api/vacuumendpoint to diagnose and/or remedy that.
- If you have been experiencing unexpectedly high disk usage, we recommend using the
- Fix bug where specifying a fhirVersion other than 4.0 in the ContentType header would fail for an empty body.
- Fix bug where Lucene indexes were not being closed during a cache flush.
- Fix bug where failure to fetch a preload feed might not be flagged as a Preload Job failure.
- Fix bug where caching of syndication feed entries always failed.
- Only binary indexes, FHIR resources and FHIR packages can be preloaded (no RF2 or LOINC sources)
- Fixed bug relating to ETags and caching of search results
- Fix bug in multipart handling for
$x-upload-externalfollowing Spring 3.0 migration - Fix bug in internal caching of feed entries when generating the syndication feed
- Improved handling of LOINC Linguistic variants (translations) for server LOINC Parts
- This results in a change in the LOINC index format version from 2.0.4 to 2.0.5
- Improved logging for certain syndication errors
- Fix bug in syndication feed generation when
atom.syndication.publish.index.enabled=true - Fixed
$validate-codebug whereinferSystemwas used with case-insensitive CodeSystems - Fixed bugs with actuator endpoints including health when operating in secure mode
- Removed bogus warnings about an “Unsupported authentication class”
- Avoid considering CodeSystems with content = example / missing for operations like $lookup, $subsumes, and validation
- Work around possible case of missing id in persisted JSON blobs
- Fix bug affecting
identifier:missingqueries - Improved some validation messages for post-coordinated expressions
- Fixed bug where failures to fetch a Syndication feed were cached indefinitely
- Fixed performance issues with SEARCH and the
referenceparameter. e.g.,[base]/ValueSet?reference=http://loinc.org - Fixed bug where certain incorrect SNOMED CT versions were allowed in a ValueSet definition
- Fixed bug where ValueSet-specified display text would be ignored when SNOMED CT Editions were used in a ValueSet definition
- Improved handling of an invalid
displayLangaugeparameter - Fix bug with regex and case-insensitive code systems
- Fix bugs affecting
_idsearch parameters - Fix bug where SNOMED designations with use
displaycould have incorrect language - Fixed bug with pre-existing LOINC indexes and case-sensitivity
- Fixed resolution of implicit ValueSets for CodeSystems provided via the
tx-resourceparameter. - Fixed bug processing CodeSystems without an
idprovided via thetx-resourceparameter. - Fixed bug handling a valid coding in CodeableConcept that is not also in the ValueSet.
- Fixed regression with
$expand, thepropertyparameter, and implicit SNOMED reference sets. - Add support for caseInsensitive CodeSystem in
$validate-code - Fixed healthcheck.sh -l semantics to only look at startup preload, and add -L to look for any preload (eg including redoPreload)
- Fixed bug where failing HEAD requests on syndication feeds would not trigger authorisation token renewal
- Fixed bug where SNOMED FSN's were mis-characterised during validation
- Fixed ValueSet resolution bug where tx-resource supplied ValueSets could conflict with persisted ValueSets.
- Work around Infinispan change that affects Search results when running in a scaled deployment mode.
- Improved consistency in CodeSystem version resolution within a
ValueSet.composewhen performing an$expandor$validate-code. - Fixed bug with ECL cardinality constraints on role-grouped attributes.
- Fixed bug in PATCH interactions that used delete with where conditions
- Improved consistency in CodeSystem version resolution within a
ValueSet.composewhen performing an$expandor$validate-code. - Fixed bug with ECL cardinality constraints on role-grouped attributes.
- Fixed bug with ECL cardinality constraints of the form
[0..n]not matching concepts with no (non-IS A) relationships. - Fixed bug resolving appropriate CodeSystem version for the LOINC all-codes implicit ValueSet.
- Fixed bug storing compressed JSON form of very large resources.
- Fixed bug where certain hash collisions could cause incorrect $expand, $validate-code, or $validate behaviour. This was extremely rare except in cases where two ValueSet compose clauses differed in only a single concept from a very large CodeSystem.
- SNOMED Binary Index format changed to 2.0.10; Fixed bug with handling of ECL wildcard and regular expression term matches containing whitespace.
- Fixed bug where
ValueSet.expansion.offsetwas not being set when paging. - Cleaned up unused default Spring Boot user management.
7.0.2 - 20231215
Security
- Updated library versions to mitigate CVEs:
- CVE-2023-6378
Fixed
- Fixed bug storing compressed JSON form of very large resources.
- Fix bug with version conversion from R4 to R5.
7.0.1 - 20230922
Fixed
- Fixed bug in run.sh launch script
7.0.0 - 20230918
Security
- Updated library versions to mitigate CVEs:
- CVE-2023-38286
Changed
- Updated to FHIR R5 as supported FHIR Version
- Binary index versions have all changed to 3.0.0 to support a new version of Lucene
Fixed
- Fixed bug where
ValueSet.expansion.offsetwas not being set when paging.