-
Notifications
You must be signed in to change notification settings - Fork 278
3.12.0 What's New
NextGen Connect 3.12.0 includes database performance improvements, improves visual HL7 representation, message pruning, keystore handling, PDF generation, community contributions, and fixes several security vulnerabilities. This release also contains many improvements to commercial extensions.
-
Core Connect
- HAPI Library Update and Friendly Names Support
- Message Metadata Table Drag and Drop Behavior
- Pruning Error Messages
- Setting Mirth Keystore Type
- Message Browser Filtering Pending
- New Library for PDF Generation
- Address XML External Entity Vulnerability
- Address CSRF for Login and API Pages
- Database Improvements
- Commercial Extension Improvements
You can find the list of completed issues for this release here.
We have updated HAPI libraries supporting HL7 v2.7+ and showing friendly names for versions 2.5.1, 2.6, 2.7, 2.7.1, 2.8, 2.8.1, 2.8.2.
We have fixed drag and drop behavior to insert a variable with the proper syntax (just variable
instead of ${variable}
) in the Message Metadata table.
Channels may now have the data pruner configured to prune messages with a status of ERROR. By default this is disabled for new channels and channels migrating to 3.12.0 as turning this on could cause you to lose ERRORed messages without even seeing them if a prune event occurs before you see the errors.
Mirth Connect now respects the keystore.type
property in mirth.properties
instead of using the hardcoded JCEKS type. (Thanks @pattersp)
The message browser can now filter messages with the PENDING
status.
We have migrated away from iText to a newer PDF Generation library based on PDFBox (OpenHtmlToPdf), compatible with Connect's license. This gives Connect an upgrade path for future PDF format and library updates.
We have fixed a XXE injection security vulnerability by disallowing external entity resolution anywhere XML is parsed.
We have fixed a CSRF security vulnerability by adding a new setting in mirth.properties
(server.api.require-requested-with
) which, when enabled, requires all API calls to include a X-Requested-With
header. Users with any sort of automation around the API will want to add this header to all API calls. This setting is disabled for servers migrating to 3.12.0 but new Connect servers will have it enabled by default.
We have removed unnecessary database rollback calls whenever a database connection is closed. This should reduce the load on some databases that were experiencing rollback pileups even when the rollback wasn't going to do anything. This effects core Connect and the Advanced Clustering plugin.
A new Cluster setting exists ("Strict Channel Synchronization") that can loosen the restrictions on Cluster node synchronization allowing nodes to start up faster and makes updating channels feel more responsive. If "Strict Channel Synchronization" is enabled (the default setting), Advanced Clustering will behave as it always has, locking channel state changes until the current channel state change has been completed across all nodes in the cluster. If disabled, those locks will no longer trigger which means channels can be out of sync temporarily but reaching eventual sync as the individual cluster nodes update themselves to match each channel's desired state.
Configuration map changes will now sync with other cluster nodes without requiring server restarts.
We have fixed a race condition that could cause a thread deadlock on startup.
We have fixed an issue where a server logging many messages per second (Server log, Connection log, etc.) could slow down and when trying to shut down would wait for all log messages to be dispatched to the log which could end up being a very long time or forever if there are many messages to log or log messages continue streaming in while the server is attempting to shut down.
We have fixed an issue where Health Data Hub resources, created before 3.11.0, would fail to deserialize and the resources would become unusable. Those resources will now deserialize properly and work as they should.
Previous versions of the Results extension would complain about "Security framework of XStream not initialized, XStream is probably vulnerable". We have updated how we initialize XStream, setting up default security for XStream and users should no longer see this log message.
We have added functionality allowing HTTP multipart boundaries to be configured by the user. Some servers may require a specific multipart boundary in MTOM responses so we have added the ability to add your own custom multipart boundary in all of the interop source connectors.
We have added the ability to store the full SOAP payload being sent in or out of any of the interop connectors. This is helpful when troubleshooting parts of messages that are generated outside of the normal message pipeline, like SAML headers (WS-Security). This will cause messages to consume more database space but can be helpful for debugging.
We have added the ability to add the mustUnderstand
attribute for WS-Addressing headers. With this option enabled on interop source and destination connectors the mustUnderstand
attribute will be added to the To
, RelatesTo
, Action
, and MessageID
headers on all SOAP responses.
- Home
- Frequently Asked Questions
- Source Code Contribution
- Java Licensing
- How to Contribute to the Wiki
- Administrator Launcher (MCAL)
-
Mirth Connect
-
Release Notes
- 4.5.0 - What's New
- 4.4.0 - What's New
- 4.3.0 - What's New
- 4.2.0 - What's New
- 4.1.0 - What's New
- 4.0.0 - What's New
- 3.12.0 - What's New
- 3.11.0 - What's New
- 3.10.0 - What's New
- 3.9.0 - What's New
- 3.8.0 - What's New
- 3.7.0 - What's New
- 3.6.0 - What's New
- 3.5.0 - What's New
- 3.4.0 - What's New
- 3.3.0 - What's New
- 3.2.0 - What's New
- 3.1.0 - What's New
- 3.0.0 - What's New
- Upgrading
-
Release Notes
- User Guide
- Commercial Extensions
- Examples and Tutorials