FHIR

• Complete support for R4, R4B and R5 formats (#1323, #1332)
  • Implementation is now based on the official HL7 Java model libraries and convertors through a thin wrapper (https://github.com/b2ihealthcare/fhir-core)
  • New GET CapabilityStatement$versions operations endpoint to list the available supported FHIR versions
  • Support for fhirVersion=4.0.1|4.3.0|5.0.0 mime-type parameter in Accept, Content-Type headers
  • Support all accepted mime-type variants in the _format query parameter as well (including versioned forms)
  • Default format is R5 for all media types
• SNOMED CT concept lookups now include a Designation extension that describes additional contexts where the Designation can be used (#1334)
  • Define in https://confluence.ihtsdotools.org/display/FHIR/Designation+extension

SNOMED CT

• Upgrade ECL to 2.2 (#1331)
  • Support the complete ECL 2.2 syntax
  • Support evaluation of Top and Bottom operators

Security

• Replace CRA with Vite to mitigate all API site security vulnerabilities (df334fe)
• Mitigate CVE-2024-43788, CVE-2024-4067, CVE-2024-38816, CVE-2024-45296, CVE-2024-43796, CVE-2024-45590, CVE-2024-43800, CVE-2024-43799, CVE-2024-47068, CVE-2022-22978

Bugs/Improvements

• [fhir] generate correct FHIR CapabilityStatement operation definition resources (12ab565)
• [mrcm] validation rule evaluation now properly considers the current set of modules (#1333)

Dependencies

• Upgrade Spring to 6.1.3
• Upgrade Spring Security to 6.3.3
• Upgrade Rapidoc libraries to 9.3.6

Core

• Introduce 'sourceOf' dependency scope (#1327)
  • Special scope marker to indicate that a resource is used as a source of another
  • When versioning a resource, all sourceOf dependencies will be versioned with it at the same time

SNOMED CT

• Introduce snomed.mrcm.allowedDataAttributesExpression and snomed.mrcm.allowedObjectAttributesExpression configurations (#1325)
  • By default they use the corresponding attribute concept's descendants from SNOMED CT International Edition
  • They can be changed to accommodate additional requirements (e.g. allow additional hierarchies to be used as relationship types)

Validation

• Validation threading changes (#1320)
  • Introduce validation.workerPoolSize configuration setting
  • Deprecate validation.numberOfValidationThreads configuration setting
  • Increased allowed maximum pool size to 99
  • A more reasonable default pool size is computed based on the available resources on the current node

Bugs/Improvements

• [core] improve detection of non-connected cycles in SimpleTaxonomyGraph (#1322)
• [api] fixed an issue where retrieving validation results could result in a server error (#1310)
• [snomed] ensure that concrete data type reference sets can be created for concept component types (e4525b1)
• [snomed] fixen an issue where language configuration merging could result in serialization error (796f1f4)
• [classification] increase page size when gathering information for classification runs (ac34e31)

Bugs/Improvements

• [api] Java API improvements to allow updating concept members selectively only for certain refset types (#1311)
• [logging] remove log4j jars and use proper SLF4J bridge (#1315)
• [security] mitigate vulnerabilities CVE-2024-23444, CVE-2024-23450, CVE-2024-37890, CVE-2024-4068, CVE-2024-29415, CVE-2024-33883, CVE-2024-29041, CVE-2024-29180, CVE-2024-28849, CVE-2024-39338, CVE-2024-22257, CVE-2024-22259, CVE-2024-22262

Dependencies

• Bumped Elasticsearch to 7.17.23
• Bumped Elasticsearch Java Client to 8.15.0
• Removed Apache Log4j 1.2.25

Bugs/Improvements

• [core] add method to detect Win 11 OS (#1300)
• [core] consider transaction changeset when checking referential integrity checks, like ensure presence of a certain component before commit (#1303)
• [api] support timeout parameter configuration in Lock Java API with a default value of 3s (#1298)
• [api] support expansion of type and destination fields for expanded owlRelationships on axiom members (#1301)
• [api] support disabling duplicate preferred term check on a per request basis (#1308)
• [fhir] fixed an issue that caused internal server error logs not being reported to the log stream when using the FHIR API (5701a72)
• [classification] restore old concrete domain member inference logic when old concrete domain support is enabled in the system (#1302)
• [releng] change b2i.sg URLs to b2ihealthcare.com (e.g. https://artifacts.b2ihealthcare.com) (#1304)

Bugs/Improvements

• [fhir] fixed an issue that caused internal server error logs not being reported to the log stream when using the FHIR API
• [releng] change b2i.sg URLs to b2ihealthcare.com (e.g. https://artifacts.b2ihealthcare.com) (#1307)

Bugs/Improvements

• [core] improve error reporting in transport layer (#1297)
• [classification] add back equivalent concept merging capabilities from 6.x (#1277)
• [build] migrate to Node.js 20 in GitHub Actions (e128578)
• [docs] remove obsolete documentation files (4965bf3)

API

• New ETag, If-None-Match and Cache-Control HTTP header support (#1270)
  • Content HTTP responses now have an ETag header value generated based the queried branch reference
  • Cache-Control header value is also being returned using the api.cache_control configuration setting
    • Default value is s-maxage=0,max-age=0,must-revalidate which ensures that caching can happen but the cached response has to be revalidated before using
  • If-None-Match header is now also supported to allow clients to send the ETag value and receive a HTTP 304 Not Modified when revalidating an earlier response. This allows the cached response to be used until it is not overridden by the server with a new response.

Bugs/Improvements

• [index] support wildcard index queries (b904b47)
• [index] allow ObjectNode type in index documentation mapping classes (#1274)
• [index] ensure that fast-forward merges do no produce unnecessary zero change revisions (#1281)
• [core] api.rate_limit.capacity replaces the now deprecated api.rate_limit.overdraft configuration setting (#1270)
• [core] fixed some serialization issues affecting certain collection types in 3rd party plugins (#)
• [core] add -Dso.component.scan JVM argument to allow 3rd party plugins to use their own namespaces for their classpaths (#1294)
• [snomed] RF2 import release archive validation improvements (70b6a06, 6c615e8, b297247)
• [snomed] fix incorrect temporary directory name when building internal representation of an RF2 release during an RF2 import (a0831c7)
• [snomed] ensure that SubAnnotationPropertyOf axioms are properly handled in the SNOMED CT tooling (#1288, #1290, #1292)
• [snomed] fixed an issue where an incorrect identifier was returned in the RF2 import resource than the one used to request it (#1296)
• [ecl] ensure that any term matches do not produce unnecessary low-level wildcard/regex query clauses (8391852)
• [ecl] wild lexical searches now use the wildcard index query for better user experience (030304a)
• [api] properly response with an HTTP 400 Bad Request response when a required query parameter is missing (#1273)
• [api] fixed an issue where moduleId was not propagated to nested member create requests causing an HTTP 400 Bad Request response (#1276)
• [api] fixed an issue where namespaceConceptId was not propagated to nested description and relationship create requests causing incorrect namespace value to be used for the components (#1295)
• [fhir] fixed an issue where includeDesignations=true did not append the member designations in certain FHIR ValueSet$expand requests (#1275, dfba2b2)
• [fhir] fixed an issue where the POST /ValueSet/$expand operation fails with an internal server error when displayLanguage is not present (e9d1866)
• [fhir] report ECL syntax details in FHIR OperationOutcome responses (3b62aaf)
• [fhir] make sure the ECL part in an implicit SNOMED CT Value Set url is always get decoded before evaluation (1667d1e)

Dependencies

• Upgrade bucket4j to 8.10.1
• Replace embedded jsr305 v3.0.2 with dedicated dependency (#1279)

Huge thanks to @abelardy for testing and providing feedback to improve ECL evaluation and FHIR ValueSet$expand operation implementations!

Bugs/Improvements

• [index] fixed an issue where incorrect search results were returned due to incorrect search_analyzer configuration (#1268)
• [index] disable optional regular expression flags when performiny any kind of regexp query (#1266)
• [fhir] fixed an issue where using both the system and version parameters could result in a resource not found error (#1266)
• [fhir] fixed an issue where ValueSet#expand operation responded with a randomized compose definition on each request (#1266)
• [fhir] move resource-level operations to their right place in CapabilitiesStatement (#1266)

Bugs/Improvements

• [core] align timestamps during versioned so that resource metadata changes are visible when requesting content with the versions createdAt timestamp (versioned state requests) (#1265)

Dependencies

• Bump commons-compress to 1.26.0 (#1263, resolves CVE-2024-25710 and CVE-2024-26308)
• Bump Spring to 6.1.4 (#1264, resolves CVE-2024-22243)
• Bump Spring Security to 6.2.2 (#1264, resolves CVE-2024-22234)

Local Code Systems

• XLS/CSV import improvements (available in paid tiers)
  • Support auto-detecting and importing locale values for preferred terms and synonyms
  • Support auto-detecting and importing hierarchical relationships in the form of a parentId column
  • Support importing terminologies with multi-line concept definitions

Bugs/Improvements

• [lcs] ignore BOM characters when importing a CSV file describing code system concepts
• [lcs] detect auto-recognized column headers case insensitively
• [loinc] remove duplicate import path segment from import API route
• [loinc] fixed an issue that caused the LOINC import API to report a failure even if the request was valid

Dependencies

• Bump Elasticsearch 7 to 7.17.18
• Bump Elasticsearch 8 client to 8.12.2
• Bump Eclipse Platform to e4.30
• Bump Xtext to 2.33.0
• Bump EMF to 2.35.0
• Bump MWE2 to 2.16.0
• Bump ECL to 2.1.5
• Bump SLF4J to 2.0.11
• Bump Logback to 1.4.14
• Bump Jackson to 2.16.1
• Bump Jetty to 12.0.3 (with Jakarta EE10)
• Bump Spring to 6.1.3
• Bump springdoc to 2.3.0
• Bump Swagger libraries to 2.2.20
• Bump Guava to 32.1.3-jre
• Bump OWLAPI to custom 4.5.26
• Bump Protege to custom 5.0.7
• Bump snomed-owl-toolkit to a custom 5.1.1
• Bump fastutil to 8.5.12
• Bump rest-assured to 4.5.1
• Bump mockito to 5.9.0
• Bump bytebuddy to 1.14.11
• Bump uuid-creator to 5.3.7
• Bump failsafe to 3.3.2
• Bump rxjava to 2.2.21
• Bump netty to 4.1.106.Final
• Bump kotlin-osgi-bundle to 1.9.22
• Bump mapdb to 3.1.0
• Bump failsafe to 3.2.2
• Bump micrometer to 1.12.2
• Bump zjsonpatch to 0.4.16
• Bump bucket4j to 8.7.0
• Bump hibernate validator to 8.0.1.Final
• Bump java-jwt to 4.4.0
• Bump jwks-rsa to 0.22.1
• Bump testcontainers to 1.19.4
• Add required Apache Commons libraries
• Bump Tycho to 4.0.6