Skip to content

SUSHI 2.2.4
Compare
Choose a tag to compare
@cmoesel cmoesel released this 21 Dec 02:44
· 260 commits to master since this release
v2.2.4
dd4e6b9

SUSHI 2.2.4 includes the following bug fixes and minor enhancements:

  • Fix output paths for resources with path separators in their id (#990, #991) (details below)
  • Fix canonical lookups for instances whose URL was set by an insert rule (#958, #985)
  • Update dependency libraries to address known vulnerabilities (#992)

Output Paths and IDs

SUSHI generates file names based on the resource id (i.e., ${resourceType}-${resourceId}.json). In past versions of SUSHI, if the id contained one or more path separators, it was possible to cause SUSHI to write the JSON file to other locations on the filesystem. This behavior could be abused to intentionally overwrite existing JSON files. The utility of leveraging this bug, however, is limited by the fact that the file contents would still be a FHIR resource (i.e., you cannot force it to write arbitrary JSON). In this version of SUSHI, the bug has been fixed by properly sanitizing file names before writing them to disk.

Full Documentation

For additional documentation, refer to FSH School's SUSHI documentation, the FSH STU1 specification, and/or the FSH current build specification.

Install or Update

To install or update to this release, run the following command:

$ npm install -g fsh-sushi

To revert to a previous release, run a command like the following:

$ npm install -g [email protected]

To check or confirm what version of SUSHI you have installed, you can run the following command:

$ sushi -v
Assets 2
Loading