HealthShare® Health Connect Upgrade Checklist (2024.2)
This document is meant to help you assess the impact of moving your code to the HealthShare Health Connect 2024.2 continuous delivery (CD) release. It lists the incompatibilities since 2024.1.0. These incompatibilities may require changes to code, configuration, or operation.
InterSystems News, Alerts, and Advisories
From time to time, InterSystems publishes items of immediate importance to users of our software. These include alerts, mission-critical issues, important updates, fixes, and release announcements. You can obtain the most current list at https://www.intersystems.com/support-learning/support/product-news-alerts/Opens in a new tab. InterSystems recommends that you check this list periodically to obtain the latest information on these issues.
Fixed Security Issues
DP-427671
CWE: CWE-434: Unrestricted Upload of File with Dangerous Type
Severity: Medium
CVSS Score: 4.3
Versions: 2022.1.6, 2023.1.6, 2024.1.2, 2024.2.0
FIXED: For particular portal pages, a user may be able to upload file types other than those listed in the upload dialog.
DP-427673
CWE: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Severity: Medium
CVSS Score: 6.4
Versions: 2022.1.6, 2023.1.5, 2024.1.2, 2024.2.0
FIXED: For a particular page within InterSystems portal applications, an attacker may be able to craft a malicious link to execute arbitrary JavaScript.
CSP Server
DP-429230: OPTIONS requests to run unauthenticated
Category: CSP Server
Platforms: All
Version: 2024.2.0
The system no longer calls %CSP.REST.onPreDispatch() while handling HTTP OPTIONS requests. If there is code in that method that must be run in for an OPTIONS request, add the code to the OnHandleOptionsRequest() method.
FHIR
IF-6106: Bearer token string is visible in Interop message trace and FSLOG
Category: FHIR
Platforms: All
Version: 2024.2.0
FHIRServer no longer uses the request object (HS.FHIRServer.API.Request) to pass an OAuth bearer token string through the processing infrastructure. Instead, it uses the request object's AdditionalInfo "USER:TokenId" element to pass an identifier that can be used as a key to retrieve the bearer token information from a protected location, rather than directly from the AdditionalInfo "USER:OAuthToken" element.
See the documentation for the GetTokenInfo() and GetTokeInfoItem() methods in the HS.HC.Util.InfoCache class for details on how to use this mechanism.
In paritcular, custom ObjectScript that receives a bearer token via a request object sent by HS.FHIRServer.RestHandler, HF.FHIRServer.RestClient.FHIRService, or HS.FHIRServer.RestClient.Interop will need to be changed immediately to use the methods in HS.HC.Util.InfoCache immediately.
Any custom ObjectScript that places a bearer token string into a request object and subsequently passes the request object to HS.FHIRServer.Service or HS.FHIRServer.Interop.HTTP will continue to work as is. However, InterSystems strongly recommends that you convert this custom code to use HS.HC.Util.InfoCache as soon as possible.
Installation
- Unable to launch documentation from the cube
- remove cvencrypt from install
- Removal of Studio from Windows kits 2024.2+
DP-429584: Unable to launch documentation from the cube
Category: Installation
Platforms: All
Versions: 2023.2.0, 2023.3.0, 2024.1.0, 2024.1.1, 2024.2.0
If you are using Windows IIS as your web server or have upgraded from either 2023.2 or 2023.3, then you cannot open documentation through the launcher by default. To manually create a workaround, see the "Connect Your Web Server Manually" section of "Access the Management Portal and Other Built-in Web Applications Using Your Web Server."
DP-429883: remove cvencrypt from install
Category: Installation
Platforms: All
Version: 2024.2.0
The cvencrypt utility is no longer installed on any platform.
DP-431079: Removal of Studio from Windows kits 2024.2+
Category: Installation
Platforms: All
Version: 2024.2.0
Starting with this release, Windows kits will no longer contain Studio. This means that new installations using this kit will not install Studio and upgrading an existing instance to the version in this kit will remove Studio from the instance’s bin directory.
Developers who wish to keep using Studio will need to download the 2024.1 Studio independent component from the WRC distribution page. Studio version 2024.1 is forward compatible, so it can connect to IRIS versions 2024.2+.
Visual Studio Code is the preferred IDE for development. Refer to the documentation for more information.
Interoperability
DP-428768: System Default Settings Override support for LogGeneralTraceEvents, LogTraceEvents & Schedule
Category: Interoperability
Platforms: All
Version: 2024.2.0
The System Default Settings previously ignored any entries that matched an item's Schedule or LogTraceEvents setting or a production's LogGeneralTraceEvents setting, but now these settings that have matches are no longer automatically ignored. You should only set these settings from one place and should edit either the System Default Settings or the item/production settings to the system behaves as you expect.
To identify if such System Default Settings already exist, run the following SQL query from the desired namespace:
SELECT * FROM ENS_CONFIG.DEFAULTSETTINGS WHERE SETTINGNAME IN ('Schedule','LogTraceEvents','LogGeneralTraceEvents')
Licensing
DP-428833: Save (and use) downloaded license key for next startup
Category: Licensing
Platforms: All
Version: 2024.2.0
A copy of the last downloaded license key is now saved in the iris-saved.key file in the /mgr directory of your instance. If the instance finds an iris-saved.key file in this directory on startup and does not find an iris.key file there, then the iris-saved.key file is used as the license key for startup. A message indicating which license key has been used is reported at startup.
NLP
DP-429728: Remove UIMA components from IRIS
Category: NLP
Platforms: All
Versions: 2023.1.5, 2024.1.1, 2024.2.0
Following the deprecation of UIMA in 2020.1, it has been removed from the product in this release.
ObjectScript
DP-428527: RFC4122 randomized mac address with multicast bit set for multiple IRIS instances on one host
Category: ObjectScript
Platforms: UNIX®,macOS
Version: 2024.2.0
There is now a new CPF parameter, UUIDv1RandomMax, which controls how MAC addresses are treated within the UUID infrastructure. Users should refer to the documentation on this parameter and decide if they would like to set it or use the default.
Security
DP-428895: Don't allow the creation of Web Application names that break the Management Portal
Category: Security
Platforms: All
Version: 2024.2.0
With this change, there are now some invalid names for web applications. You cannot modify the properties of web applications with these newly invalid names. Instead, you should delete the application and create a new one using a valid name.
Invalid web application names take the following form: /csp/{namespace}/(images | portal | deepsee)
SQL
DP-429434: Safely support longer string fields in columnar storage
Category: SQL
Platforms: All
Version: 2024.2.0
If you explicitly define a string property with MAXLEN > 300 to use columnar storage or if you create a columnar index on a string property that is MAXLEN > 300, you will now receive an error. You should lower the value for MAXLEN on the field.
Refer to the documentation on columnar storage for more information about length limits.
DP-429949: Apply collation for UNION
Category: SQL
Platforms: All
Version: 2024.2.0
Previously, when using a UNION clause to join VARCHAR columns with different collations, the values were taken as they were and assumed to have used EXACT collation for onward processing (most notably, for calculating distinct values).
Now, the default collation (usually SQLUPPER) of the column will be applied to each value.
Work Queue Manager
DP-428004: Remove 'head' count in WQM and simplify internal interface
Category: Work Queue Manager
Platforms: All
Version: 2024.2.0
As part of the ongoing work to simplify and allow for future enhancements in the work queue manager, this change removes the deprecated %occCompileUtil routine.
For Additional Help
If you need assistance with evaluating how upgrading to this extended maintenance (EM) release will affect your applications, systems, or related plans, please contact the InterSystems Worldwide Support Center:
- Phone: +1.617.621.0700
- Fax: +1.617.734.9391
- Email: support@intersystems.com
Current release notes (and complete product documentation) can be found online at https://docs.intersystems.com.