3.12.0 What's New
Mirth Connect 3.12.0 includes database performance improvements, improves visual HL7 representation, message pruning, keystore handling, PDF generation, community contributions, and fixes several security vulnerabilities. This release also contains many improvements to commercial extensions.
-
Core Mirth Connect
- HAPI Library Update and Friendly Names Support
- Message Metadata Table Drag and Drop Behavior
- Pruning Error Messages
- Setting Mirth Keystore Type
- Message Browser Filtering Pending
- Fix Database Columns Showing Out of Order from Database Connectors
- New Library for PDF Generation
- Address XML External Entity Vulnerability
- Address CSRF for Login and API Pages
- Database Improvements
- Commercial Extension Improvements
You can find the list of completed issues for this release here.
We have updated HAPI libraries supporting HL7 v2.7+ and showing friendly names for versions 2.5.1, 2.6, 2.7, 2.7.1, 2.8, 2.8.1, 2.8.2. (Community Issue)
NOTE: The new version of HAPI should be mostly backwards compatible, but if you run into errors after upgrading, you may need to uncheck "Strip Namespaces" in your HL7 v2.x data type properties.
We have fixed drag and drop behavior to insert a variable with the proper syntax (just variable instead of ${variable}) in the Message Metadata table. (Community Issue)
Channels may now have the data pruner configured to prune messages with a status of ERROR. By default this is disabled for new channels and channels migrating to 3.12.0 as turning this on could cause you to lose ERRORed messages without even seeing them if a prune event occurs before you see the errors. (Community Issue)
Mirth Connect now respects the keystore.type property in mirth.properties instead of using the hardcoded JCEKS type. (Thanks @pattersp for the fix) (Community Issue)
The message browser can now filter messages with the PENDING status. (Community Issue)
We have fixed a bug regarding the database receiver and XML results of database queries run in Database Connectors will now return with columns in the proper order. (Community Issue)
We have migrated away from iText to a newer PDF Generation library based on PDFBox (OpenHtmlToPdf), compatible with Mirth Connect's license. This gives Mirth Connect an upgrade path for future PDF format and library updates.
We have fixed a XXE injection security vulnerability by disallowing external entity resolution anywhere XML is parsed.
We have fixed a CSRF security vulnerability by adding a new setting in mirth.properties (server.api.require-requested-with) which, when enabled, requires all API calls to include a X-Requested-With header. Users with any sort of automation around the API will want to add this header to all API calls. This setting is disabled for servers migrating to 3.12.0 but new Mirth Connect servers will have it enabled by default.
We have removed unnecessary database rollback calls whenever a database connection is closed. This should reduce the load on some databases that were experiencing rollback pileups even when the rollback wasn't going to do anything. This effects core Mirth Connect and the Advanced Clustering plugin.
A new Cluster setting exists ("Strict Channel Synchronization") that can loosen the restrictions on Cluster node synchronization allowing nodes to start up faster and makes updating channels feel more responsive. If "Strict Channel Synchronization" is enabled (the default setting), Advanced Clustering will behave as it always has, locking channel state changes until the current channel state change has been completed across all nodes in the cluster. If disabled, those locks will no longer trigger which means channels can be out of sync temporarily but reaching eventual sync as the individual cluster nodes update themselves to match each channel's desired state.
Configuration map changes will now sync with other cluster nodes without requiring server restarts.
We have fixed a race condition that could cause a thread deadlock on startup.
We have fixed an issue where a server logging many messages per second (Server log, Connection log, etc.) could slow down and when trying to shut down would wait for all log messages to be dispatched to the log which could end up being a very long time or forever if there are many messages to log or log messages continue streaming in while the server is attempting to shut down.
We have fixed an issue where Health Data Hub resources, created before 3.11.0, would fail to deserialize and the resources would become unusable. Those resources will now deserialize properly and work as they should.
Previous versions of the Results extension would complain about "Security framework of XStream not initialized, XStream is probably vulnerable". We have updated how we initialize XStream, setting up default security for XStream and users should no longer see this log message.
We have added functionality allowing HTTP multipart boundaries to be configured by the user. Some servers may require a specific multipart boundary in MTOM responses so we have added the ability to add your own custom multipart boundary in all of the interop source connectors.
We have added the ability to store the full SOAP payload being sent in or out of any of the interop connectors. This is helpful when troubleshooting parts of messages that are generated outside of the normal message pipeline, like SAML headers (WS-Security). This will cause messages to consume more database space but can be helpful for debugging.
We have added the ability to add the mustUnderstand attribute for WS-Addressing headers. With this option enabled on interop source and destination connectors the mustUnderstand attribute will be added to the To, RelatesTo, Action, and MessageID headers on all SOAP responses.
