Skip to content

3.12.0 Upgrade Guide

Chris Turczynskyj edited this page Mar 8, 2022 · 8 revisions

Database Reader XML casing

In 3.12.0 we updated Apache Commons DBUtils and made some associated changes in our code. As part of this change, the XML created by the Database Reader will now use the same case that appears in the actual SQL query, whereas before everything was just normalized to lowercase.

Example with "SELECT MyDatabaseColumn FROM MyTable"

Before: <mydatabasecolumn>value</mydatabasecolumn>

After: <MyDatabaseColumn>value</MyDatabaseColumn>

There is some discussion as to what the "correct" behavior should be, and whether we should add this as a configurable option. In the meantime though, just be aware that if you are selecting columns that have mixed casing, you may need to add AS clauses to set lowercase aliases for the columns. Or, any transformer steps can be updated to use the mixed-case versions instead.

Preventing XML External Entity Vulnerabilities

In 3.12.0, we address a potential security risk regarding XML External Entity Processing. See this OWASP article for more details about the vulnerability.

In order to mitigate risk, we now disallow DOCTYPE declarations in all areas the Mirth Connect that parse XML.

How this can affect you

If any of your channels or code templates are constructing XML messages that contain DOCTYPE declarations, there will now be an error when that XML is parsed by Mirth Connect.

Similarly, if any of your channels receives XML messages that contain DOCTYPE declarations, those messages will error upon parsing.

HAPI Library Updates

In 3.12.0 we updated the HAPI library from 1.x to 2.x. The new version of HAPI should be mostly backwards compatible, but if you run into errors after upgrading, you may need to uncheck "Strip Namespaces" in your HL7 v2.x data type properties.

PDF Generation Updates

In 3.12.0 Mirth Connect no longer uses iText for generating PDFs and is now using openhtmltopdf. Also, the PDFBox library has been updated from version 1.8.4 to 2.0.24.

Using PDFBox Classes

Since the PDFBox library has been updated from 1.x to 2.x, if you are using any classes from PDFBox directly, you may need to change how you have implemented your PDF solutions around this library as it is possible this major update could contain breaking changes.

PDF Generation and Local Files

Previously, while paths to local files may have worked without being proper URIs, it was never intended functionality, and with the change of PDF generation libraries in 3.12.0, you must now use a proper file URI when sourcing local files in your PDF.

For example, this will not work:

<img src="/data/images/image1.png"></img>

But this does work:

<img src="file:///data/images/image1.png"></img>
Clone this wiki locally