-
Notifications
You must be signed in to change notification settings - Fork 278
4.5.0 What's New
Mirth Connect 4.5.0 is a major release that includes security updates and bug fixes.
- Core Mirth Connect
-
Security Improvements
-
Library Updates
- Updated Apache commons-beanutils to 1.9.4
- Updated Apache commons-compress to 1.24.0
- Updated Apache commons-configuration2 to 2.8.0
- Added Apache commons-digester3 3.2
- Updated Apache commons-fileupload to 1.5
- Updated Apache commons-io to 2.13.0
- Updated Apache commons-lang3 to 3.13.0
- Updated Apache Velocity Engine to 2.3
- Updated Apache Velocity Tools to 3.1
- Updated Apache Xerces to 2.12.2
- Updated Jackson to 2.14.3
- Removed Jasypt Library
- Updated JDOM to JDOM2 2.0.6.1
- Updated Jetty to 9.4.53
- Replaced JSch Library with mwiede's Implementation
- Updated MySQL JDBC Driver to 8.1.0
- Updated Netty to 4.1.97
- Updated PostgreSQL JDBC Driver to 42.6.0
- Updated Quartz Scheduler to 2.3.2
- Removed SoapUI and XMLBeans Libraries
- Updated SQLite JDBC Driver to 3.43.2.1
- Removed woodstox-core and stax2-api Libraries
- Updated XStream to 1.4.20
-
Library Updates
- Commercial Extension Improvements
We fixed an issue where the Ports in Use dialog would not display when a filter/transformer contains a variable named 'listenerConnectorProperties'.
We fixed an issue which failed to include an attachment when reprocessing a multipart message. This affects messages where the attachment is not embedded within the raw message but is included in a separate boundary within the multipart message.
We fixed a null pointer exception that occurred when the SSL Plugin was installed but the destination web service connector was not utilizing the SSL Manager. We also made the following enhancements:
- We removed the requirement for the channel name on all web service API requests to simplify the request.
- All fields that are required are now noted for validation.
- We changed descriptions to better explain the more complex instructions needed for the API requests.
NOTICE (UPDATED): After reviewing community feedback, we have decided that starting in Mirth Connect version 4.7.0, we will be switching our minimum supported Java version from Java 8 to Java 17.
We've updated Apache commons-beanutils from version 1.9.3 to 1.9.4. This update addresses the following vulnerability:
We've updated Apache commons-compress from version 1.17 to 1.24.0. This update addresses the following vulnerabilities:
We've updated Apache commons-configuration2 from version 2.7 to 2.8.0. This update addresses the following vulnerability:
We've also updated Apache commons-codec from version 1.13 to 1.16.0 and Apache commons-vfs2 from version 2.1 to 2.9.0. There are no vulnerabilities associated with either library, but both libraries are dependencies of Apache commons-configuration2, and it was required to update them.
We've added the Apache commons-digester3-3.2 library. We've removed the Apache commons-digester-2.0 library from all components. If you are referencing this library in your code, please refer to the commons-digester3-3.2 library instead. This change addresses the following vulnerabilities:
We've updated Apache commons-fileupload from version 1.4 to 1.5. This update addresses the following vulnerability:
We've updated Apache commons-io from version 2.6 to 2.13.0. This update addresses the following vulnerability:
We've updated Apache commons-lang3 from version 3.9 to 3.13.0. There are no vulnerabilities associated with this library. We've removed the Apache commons-lang-2.6 library from all components. If you are referencing this library in your code, please refer to the commons-lang3-3.13.0 library instead.
We've updated Apache velocity-engine-core from version 2.2 to 2.3. This update addresses the following vulnerabilities:
We've updated Apache velocity-tools-generic from version 3.0 to 3.1. This update addresses the following vulnerabilities:
We've updated Apache Xerces from version 2.9.1 to 2.12.2. This update addresses the following vulnerabilities:
We've also updated Apache xml-apis from version 1.0.b2 to 1.4.01. There are no vulnerabilities associated with this library, but it is a dependency of Xerces, and it was required to update it.
We've updated several Jackson libraries from version 2.11.3 to 2.14.3. This update addresses the following vulnerabilities:
We've removed the jasypt library. This update addresses the following vulnerability:
We've updated the JDOM library from version 1.1.1 to JDOM2 version 2.0.6.1. This update addresses the following vulnerability:
We've updated several Jetty libraries from version 9.4.44 to 9.4.53. We've also updated several Jetty library dependencies (javax and asm). This update addresses the following vulnerabilities:
- CVE-2022-2047
- CVE-2022-2048
- CVE-2023-26048
- CVE-2023-26049
- CVE-2023-36478
- CVE-2023-36479
- CVE-2023-40167
- CVE-2023-41900
- CVE-2023-44487
We've replaced the official JSch library with the most recent version of mwiede's implementation which is a drop-in replacement. The official library is no longer maintained, while mwiede's library is actively maintained with bug fixes and security updates. Thanks to jonbartels for submitting the Community Issue and the pull request.
NOTE: This updated library disables the old ssh-rsa algorithm by default. See the Upgrade Guide for more information.
We've updated MySQL JDBC Driver from version 8.0.16 to 8.1.0. This update addresses the following vulnerability:
We've updated Netty from version 4.1.53 to 4.1.97. This update addresses the following vulnerabilities:
- CVE-2021-37136
- CVE-2021-37137
- CVE-2022-41881
- CVE-2021-21290
- CVE-2021-21295
- CVE-2021-21409
- CVE-2021-43797
- CVE-2022-24823
We have also updated the Netty NIO client to 2.20.140 and Netty reactive streams to 2.0.8.
We've updated PostgreSQL JDBC Driver from version 42.2.19 to 42.6.0. This update addresses the following vulnerabilities:
We've updated Quartz Scheduler from version 2.1.7 to 2.3.2. This update addresses the following vulnerability:
We've removed the SoapUI and XMLBeans libraries. This update addresses the following vulnerability in XMLBeans, which is a dependency of SoapUI:
We've updated SQLite JDBC Driver from version 3.7.2 to 3.43.2.1. This update addresses the following vulnerabilities:
We've removed the woodstox-core and stax2-api libraries. This update addresses the following vulnerability:
We've updated XStream from version 1.4.19 to 1.4.20. This update addresses the following vulnerabilities:
We fixed an issue that affected users upgrading to 4.2.0 or later. Any channels using the HDH Sender or HDH transformer steps could stop functioning after upgrading. Users would see UI bugs, and messages would have unexpected errors. This issue is fixed in 4.5.0.
We have updated the DUO Authentication to use the new Universal Prompt because the Traditional Prompt will no longer be accessible after March 30, 2024. If you are using the DUO Authentication with the Multi-Factor Authentication Plugin, do the following:
- Upgrade to 4.5.0 from a previous version
- Start Mirth Connect (login will look the same for DUO authentication)
- Go to your DUO account
- Select Applications and Mirth Connect Application
- Select
Show New Universal Prompt - Restart Mirth Connect (login will change to the new prompt)
If you choose not to upgrade before March 30, 2024, you need to disable your DUO setting.
We've updated Google Auth from version 1.1.5 to 1.5.0.
- Home
- Frequently Asked Questions
- Source Code Contribution
- Java Licensing
- How to Contribute to the Wiki
- Administrator Launcher (MCAL)
-
Mirth Connect
-
Release Notes
- 4.5.0 - What's New
- 4.4.0 - What's New
- 4.3.0 - What's New
- 4.2.0 - What's New
- 4.1.0 - What's New
- 4.0.0 - What's New
- 3.12.0 - What's New
- 3.11.0 - What's New
- 3.10.0 - What's New
- 3.9.0 - What's New
- 3.8.0 - What's New
- 3.7.0 - What's New
- 3.6.0 - What's New
- 3.5.0 - What's New
- 3.4.0 - What's New
- 3.3.0 - What's New
- 3.2.0 - What's New
- 3.1.0 - What's New
- 3.0.0 - What's New
- Upgrading
-
Release Notes
- User Guide
- Commercial Extensions
- Examples and Tutorials