Change Log

Notable changes in each release are documented below.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

Security - in case of vulnerabilities.
Changed - for changes in existing functionality.
Deprecated - for soon-to-be removed features.
Removed - for now removed features.
Fixed - for any bug fixes.

FHIR R5

7.1.3 - 20250801

Security

Updated library versions to mitigate CVEs:
- CVE-2025-30749
- CVE-2025-48976
- CVE-2025-48988
- CVE-2025-49146
- CVE-2025-50059
- CVE-2025-50106

Fixed

Added special handling of Norwegian language codes for SNOMED CT translations.
The configuration option ontoserver.feature.identifier-resolition-enabled has been renamed to ontoserver.feature.identifier-resolution-enabled.

Changed

Updated syndication semantics to:
1. check and warn about syndication entries with a published date that does not match the Resource.date field of the referenced FHIR Resource.
2. further skip updating a Resource if the current Resource's date matches that of the syndicated Resource's date field.
Advertise admin and syndication API endpoints in the http://ontoserver.csiro.au/profiles/ontoserver-endpoints extension on CapabilityStatement.implementation

7.1.2 - 20250530

Changed

Add support for module composition metadata from release_package_information.json when indexing RF2 files
Add support for statically configured module compositions of the form snomed.edition.composition.<edition>=module1,module2,module3
Added support for answers-for properties and filters on LOINC terms (as well as lists)
- NOTE: This includes a change in the LOINC index format version from 2.0.6 to 2.0.7
Added config to allow default SNOMED module names to be supplied for the Indexer.
Added detail to SNOMED Indexing failure messages.
Add definition as a default property for $lookup; it is also language-sensitive, derived from designation.use, and populated appropriately for SNOMED CT
- NOTE: This includes a change in the SNOMED index format version from 2.0.14 to 2.0.15
Add RF2 text definition content to a concept's designations

7.1.1 - 20250514

Security

Updated library versions to mitigate CVEs:
- CVE-2024-12797
- CVE-2025-21587
- CVE-2025-22228
- CVE-2025-22235
- CVE-2025-23083
- CVE-2025-24813
- CVE-2025-31498

Fixed

Fix internal caching for ValueSets with boosting
Pay attention to CodeSystem version(s) in Coding and CodeableConcept when performing $validate-code
Fix regression; specifying language for ValueSet/$expand should not force includeDesignations=true
Fix missing support for “+HISTORY” in ECL
Fix preload update support for Resources other than CodeSystems
Fixed caching bug in resource validation, whereby updating terminology resources would not invalidate the cache.

Changed

RF2 Index Format change to 4.0.2
Add text definition content to a concept's designations
Add support for importing RF2 Identifiers content (for LOINC Ontology)
Prefer explicit ValueSet over implicit all-codes ValueSet, but also enforce all-codes definition semantics
Add support for SNOMED language aliases to display validation

7.1.0 - 20250211

Security

Removed unused h2 jar to resolve warnings regarding CVE-2022-45868
Updated library versions to mitigate CVEs:
- CVE-2016-1000027
- CVE-2023-5072
- CVE-2023-5384
- CVE-2023-6129
- CVE-2023-6237
- CVE-2023-33201
- CVE-2023-34042
- CVE-2023-34055
- CVE-2023-41080
- CVE-2023-42363
- CVE-2023-42364
- CVE-2023-42365
- CVE-2023-42366
- CVE-2023-42795
- CVE-2023-44487
- CVE-2023-45648
- CVE-2023-46589
- CVE-2023-52428
- CVE-2024-0727
- CVE-2024-0853
- CVE-2024-1597
- CVE-2024-2004
- CVE-2024-2379
- CVE-2024-2398
- CVE-2024-2466
- CVE-2024-4603
- CVE-2024-4741
- CVE-2024-5535
- CVE-2024-6119
- CVE-2024-6197
- CVE-2024-6874
- CVE-2024-7264
- CVE-2024-8096
- CVE-2024-9681
- CVE-2024-11053
- CVE-2024-12798
- CVE-2024-20918
- CVE-2024-20919
- CVE-2024-20921
- CVE-2024-20926
- CVE-2024-20932
- CVE-2024-20945
- CVE-2024-20952
- CVE-2024-21140
- CVE-2024-21145
- CVE-2024-21147
- CVE-2024-21235
- CVE-2024-21892
- CVE-2024-22243
- CVE-2024-22257
- CVE-2024-22259
- CVE-2024-22262
- CVE-2024-23672
- CVE-2024-24549
- CVE-2024-25629
- CVE-2024-25710
- CVE-2024-26308
- CVE-2024-29857
- CVE-2024-30171
- CVE-2024-34750
- CVE-2024-38807
- CVE-2024-38808
- CVE-2024-38809
- CVE-2024-38820
- CVE-2024-38816
- CVE-2024-38819
- CVE-2024-38821
- CVE-2024-38827
- CVE-2024-38828
- CVE-2024-45294
- CVE-2024-47554
- CVE-2024-50379
- CVE-2024-51132
- CVE-2024-52007
- CVE-2024-55887
- CVE-2024-56337

Changed

Preload will now update a Metadata Resource (one with a canonical), if it has a later Resource.date than the matching currently persisted one.
Fix reporting of used-supplement in ValueSet.expansion.parameter
Fix bug where Authorization header might not be included in certain HEAD requests for syndication content.
Fix version numbers in internal preload feed.
The ontoserver.feature.syndication.rejectInconsistentContentItemValues can be enabled to validate that a syndication entry's ContentItemIdentifier and ContentItemVersion match the resource's URL and version.
Report fhir-test-cases version in TerminologyCapabilities using Feature extension: http://hl7.org/fhir/uv/tx-tests/FeatureDefinition/test-version
preAdopt match.originMap in $translate output to include canonical for the ConceptMap.
Ontoserver log messages generated in the context of an API call now include a RequestId so they can be grouped/correlated in log analysis.
Migrated from old spring-security-oauth2 library.
Add support for check-system-version parameter to ValueSet/$expand.
Add check for used-codesystem when considering use of a pre-existing ValueSet expansion.
Added support for auto-detecting MMDDYYYY style versions (after 1300) when sorting for most recent
Added ontoserver.feature.compat.lookupTypedValue flag to force retention of old (broken) response for $lookup. If you need to the old valueString etc names in $lookup responses, then set ontoserver.feature.compat.lookupTypedValue=true
Uplift to support terminology fhir-tests: tests v1.6.0, runner v6.4.0
Removed dependency on old 3rd party Atom feed parser (Rome)
Added ValueSet filter operator EXISTS support for subproperties.
Add support for targetsystem parameter to $translate with unspecified ConceptMap.
Upgraded HAPI to 7.4.0 for latest FHIR Validation support: org.hl7.fhir.validation:6.3.11
Add support for target and targetsystem parameters to ConceptMap/$translate.
Support SCALE_TYP = "DOC" (for any case of “Doc”) in ValueSet definitions for legacy reasons: https://chat.fhir.org/#narrow/stream/179202-terminology/topic/LOINC.20properties.20in.20filters
Added validation of partition id and check digit for SNOMED Codes.
Ontoserver will now filter syndication feeds as a server as well as as a client
Add support for the “top” and “bottom” operators, !!> and !!<, from ECL 2.2
Add validation that itemIdentifier and itemVersion from a feed entry matches url and version in the FHIR Resource
Assign stable ids to Bundle / Package resources that do not have an id already provided
The ontoserver.search.summary configuration parameter can be used to control whether search requests default to summary or complete resources.
Cached internal syndication feed entries for significant performance improvement
Added support for the content-mode search parameter on CodeSystem
Added support for context, context-type and context-type-value search parameters for CodeSystem, ConceptMap, NamingSystem, StructureDefinition and ValueSet resources
Broadened support for filter operators on some of the FHIR specification's Defined Concept Properties
Add support for delete-history interactions (e.g., DELETE {Resource}/{id}/_history) from R6
Improved support for case-insensitive CodeSystems. This includes an index format change for FHIR CodeSystems (migration is performed automatically)
Tolerate CodeSystems that attempt to re-define the URIs for standard properties like parent and child.
Improved handling and validation of default CodeSystem properties like status
Enabled R5 support for the $convert operation
Added support for contained CodeSystems. For example, a ValueSet may contain a CodeSystem (or supplements) that are then used in operations on the ValueSet.
Added support for the useSupplement parameter, pre-adopted from R5.
Added support for ValueSet.expansion.property (via Extensions) pre-adopted from R5.
Added support for various SDC extensions:
- http://hl7.org/fhir/StructureDefinition/codesystem-conceptOrder
- http://hl7.org/fhir/StructureDefinition/codesystem-label
- http://hl7.org/fhir/StructureDefinition/itemWeight
- http://hl7.org/fhir/StructureDefinition/rendering-style
- http://hl7.org/fhir/StructureDefinition/rendering-xhtml
- http://hl7.org/fhir/StructureDefinition/valueset-concept-definition
- http://hl7.org/fhir/StructureDefinition/valueset-deprecated
- http://hl7.org/fhir/StructureDefinition/valueset-label
- http://hl7.org/fhir/StructureDefinition/valueset-conceptOrder
MANY additional changes to support using Ontoserver with the FHIR Validator or IG Publisher as described here and to align with the tx tests in https://github.com/FHIR/fhir-test-cases
- Improved consistency and detail in $validate-code messages
- Additional machine-readable output for $validate-code
- Eliminated redundant designations for use="display" translations
- …
Added support for the Extension http://hl7.org/fhir/tools/StructureDefinion/valueset-expansion-param
Added spell-correction support to ValueSet/$expand?filter=...
Added the atom.syndication.republishUpstreamFeeds configuration parameter, which specifies the upstream feeds whose entries should be republished.
Added support for prometheus endpoint (disabled and not exposed by default) at /actuator/prometheus.
Exclude CodeSystems with content=example or content=not-present from use with $validate-code.
Added caching for TerminologyCapabilites to improve performance for large sets of CodeSystems.
Added support for SNOMED International's new Edition dependency element in a syndication feed.
Optional support ValueSet.identifier matching when resolving ValueSet uri in $expand.
Allow for inactive concepts to have an inactive FSN.

Fixed

Tightened validation of syndication feed entries; ensure that advertised item canonical matches actual resource canonical for Metadata Resources (CodeSystem, ConceptMap, StructureDefinition, and ValueSet).
Fixes to code identifying the appropriate display for a code in an expansion, and the set of associated designations.
Fix match.source value to be valueUri not valueString in $translate output.
Fix bug where Ontoserver could not verify the signature of JWT tokens while using secured syndication feeds.
Fixes to cache invalidation propagation when in scaled mode.
Fix bug with overly aggressive language matching for display validation.
Fix bugs with $validate-code, default / unspecified languages, and displays provided in the ValueSet.compose.
Fix bug handling empty search criteria for context-type-value.
Fix regression introduced in 6.20.1 with Resource and Resource_Blob table creation.
Fix bug when $find-matches is called without any values for property.
Fix bug with internal caching and CodeSystem supplement support.
Fix bug with internal caching and useSupplement parameter.
Fix bug with overly agressive language matching when validating display strings.
Fix bug where ValueSets including versioned CodeSystems would not match in a reference search.
Fix lazy initialisation of MappingR4.product / MappingR4.dependsOn bug.
Fix bug identifying latest binary index version in syndication feed.
Fix bug where $expand?designation=... for a “use” would erroneously filter out all languages.
More robust ZIP file handling for unicode filenames.
Ignore __MACOSX metadata directories in RF2 ZIP files.
Fix bug where Community write permissions (e.g., grouping/mycommunity.write) were being ignored.
Fix bug with handling of ValueSet filter criteria in the presence of SNOMED and LOINC supplements.
Fix bug with JWT token handling where the authorities field was empty and only scope was being used.
Fix bug in ValueSet filter regex handling wrt escaped chars: \t \n \r \f
Fix bug where content at /static was inaccessible with security enabled.
Fix bug where content at /fhir/.well-known could return 401 rather than 404.
Improve index cache invalidation following index deletion.
Fix bug where $closure would fail when no CodeSystem version was specified and > 1 version of the CodeSystem was available.
Fix bug where deduplication of Syndication feed entries did not correctly check contentItemIdentifier and contentItemVersion.
Fix bug where stale Lucene index readers were retained in cache.
Fix bug where an index that is OK gets marked in the database as not OK (e.g., due to a transient failure during an earlier repair task) but repair never updates the status back to OK.
Fixed bug where create/update operations on ConceptMap and other resources would fail due to primary key violations after an Ontoserver upgrade.
Fix bug where LOINC/SNOMED-CT CodeSystems indexed with older versions of Ontoserver would appear with caseSensitive=false.
Fix bug where display text from ValueSet compose would override a translation selected for the preferred language
Fix bug where older index versions could be preloaded over newer ones.
- If you have been experiencing unexpectedly high disk usage, we recommend using the /api/vacuum endpoint to diagnose and/or remedy that.
Fix bug where specifying a fhirVersion other than 4.0 in the ContentType header would fail for an empty body.
Fix bug where Lucene indexes were not being closed during a cache flush.
Fix bug where failure to fetch a preload feed might not be flagged as a Preload Job failure.
Fix bug where caching of syndication feed entries always failed.
Only binary indexes, FHIR resources and FHIR packages can be preloaded (no RF2 or LOINC sources)
Fixed bug relating to ETags and caching of search results
Fix bug in multipart handling for $x-upload-external following Spring 3.0 migration
Fix bug in internal caching of feed entries when generating the syndication feed
Improved handling of LOINC Linguistic variants (translations) for server LOINC Parts
- This results in a change in the LOINC index format version from 2.0.4 to 2.0.5
Improved logging for certain syndication errors
Fix bug in syndication feed generation when atom.syndication.publish.index.enabled=true
Fixed $validate-code bug where inferSystem was used with case-insensitive CodeSystems
Fixed bugs with actuator endpoints including health when operating in secure mode
Removed bogus warnings about an “Unsupported authentication class”
Avoid considering CodeSystems with content = example / missing for operations like $lookup, $subsumes, and validation
Work around possible case of missing id in persisted JSON blobs
Fix bug affecting identifier:missing queries
Improved some validation messages for post-coordinated expressions
Fixed bug where failures to fetch a Syndication feed were cached indefinitely
Fixed performance issues with SEARCH and the reference parameter. e.g., [base]/ValueSet?reference=http://loinc.org
Fixed bug where certain incorrect SNOMED CT versions were allowed in a ValueSet definition
Fixed bug where ValueSet-specified display text would be ignored when SNOMED CT Editions were used in a ValueSet definition
Improved handling of an invalid displayLangauge parameter
Fix bug with regex and case-insensitive code systems
Fix bugs affecting _id search parameters
Fix bug where SNOMED designations with use display could have incorrect language
Fixed bug with pre-existing LOINC indexes and case-sensitivity
Fixed resolution of implicit ValueSets for CodeSystems provided via the tx-resource parameter.
Fixed bug processing CodeSystems without an id provided via the tx-resource parameter.
Fixed bug handling a valid coding in CodeableConcept that is not also in the ValueSet.
Fixed regression with $expand, the property parameter, and implicit SNOMED reference sets.
Add support for caseInsensitive CodeSystem in $validate-code
Fixed healthcheck.sh -l semantics to only look at startup preload, and add -L to look for any preload (eg including redoPreload)
Fixed bug where failing HEAD requests on syndication feeds would not trigger authorisation token renewal
Fixed bug where SNOMED FSN's were mis-characterised during validation
Fixed ValueSet resolution bug where tx-resource supplied ValueSets could conflict with persisted ValueSets.
Work around Infinispan change that affects Search results when running in a scaled deployment mode.
Improved consistency in CodeSystem version resolution within a ValueSet.compose when performing an $expand or $validate-code.
Fixed bug with ECL cardinality constraints on role-grouped attributes.
Fixed bug in PATCH interactions that used delete with where conditions
Improved consistency in CodeSystem version resolution within a ValueSet.compose when performing an $expand or $validate-code.
Fixed bug with ECL cardinality constraints on role-grouped attributes.
Fixed bug with ECL cardinality constraints of the form [0..n] not matching concepts with no (non-IS A) relationships.
Fixed bug resolving appropriate CodeSystem version for the LOINC all-codes implicit ValueSet.
Fixed bug storing compressed JSON form of very large resources.
Fixed bug where certain hash collisions could cause incorrect $expand, $validate-code, or $validate behaviour. This was extremely rare except in cases where two ValueSet compose clauses differed in only a single concept from a very large CodeSystem.
SNOMED Binary Index format changed to 2.0.10; Fixed bug with handling of ECL wildcard and regular expression term matches containing whitespace.
Fixed bug where ValueSet.expansion.offset was not being set when paging.
Cleaned up unused default Spring Boot user management.

7.0.2 - 20231215

Security

Updated library versions to mitigate CVEs:
- CVE-2023-6378

Fixed

Fixed bug storing compressed JSON form of very large resources.
Fix bug with version conversion from R4 to R5.

7.0.1 - 20230922

Fixed

Fixed bug in run.sh launch script

7.0.0 - 20230918

Security

Updated library versions to mitigate CVEs:
- CVE-2023-38286

Changed

Updated to FHIR R5 as supported FHIR Version
Binary index versions have all changed to 3.0.0 to support a new version of Lucene

Fixed

Fixed bug where ValueSet.expansion.offset was not being set when paging.

FHIR R4

Ontoserver 6.x

FHIR STU3

Ontoserver 5.x

FHIR DSTU2.1

Ontoserver 4.x