Skip to content

4.5.0 What's New

lmiller edited this page Oct 2, 2024 · 56 revisions

Mirth Connect 4.5.0 is a major release that includes security updates and bug fixes.

Core Mirth Connect

Fixed Defects

Updated Ports in Use

We fixed an issue where the Ports in Use dialog would not display when a filter/transformer contains a variable named 'listenerConnectorProperties'.

Updated Reprocess Attachment Handler to Always Include Attachments

We fixed an issue which failed to include an attachment when reprocessing a multipart message. This affects messages where the attachment is not embedded within the raw message but is included in a separate boundary within the multipart message.

Fixed API Endpoint for Web Service Connector Services

We fixed a null pointer exception that occurred when the SSL Plugin was installed but the destination web service connector was not utilizing the SSL Manager. We also made the following enhancements:

  1. We removed the requirement for the channel name on all web service API requests to simplify the request.
  2. All fields that are required are now noted for validation.
  3. We changed descriptions to better explain the more complex instructions needed for the API requests.

Planned Updates

Updating Minimum Supported Java Version in Mirth Connect 4.7.0

NOTICE (UPDATED): After reviewing community feedback, we have decided that starting in Mirth Connect version 4.7.0, we will be switching our minimum supported Java version from Java 8 to Java 17.

Security Improvements

Library Updates

Updated Apache commons-beanutils to 1.9.4

We've updated Apache commons-beanutils from version 1.9.3 to 1.9.4. This update addresses the following vulnerability:

Updated Apache commons-compress to 1.24.0

We've updated Apache commons-compress from version 1.17 to 1.24.0. This update addresses the following vulnerabilities:

Updated Apache commons-configuration2 to 2.8.0

We've updated Apache commons-configuration2 from version 2.7 to 2.8.0. This update addresses the following vulnerability:

We've also updated Apache commons-codec from version 1.13 to 1.16.0 and Apache commons-vfs2 from version 2.1 to 2.9.0. There are no vulnerabilities associated with either library, but both libraries are dependencies of Apache commons-configuration2, and it was required to update them.

Added Apache commons-digester3 3.2

We've added the Apache commons-digester3-3.2 library. We've removed the Apache commons-digester-2.0 library from all components. If you are referencing this library in your code, please refer to the commons-digester3-3.2 library instead. This change addresses the following vulnerabilities:

Updated Apache commons-fileupload to 1.5

We've updated Apache commons-fileupload from version 1.4 to 1.5. This update addresses the following vulnerability:

Updated Apache commons-io to 2.13.0

We've updated Apache commons-io from version 2.6 to 2.13.0. This update addresses the following vulnerability:

Updated Apache commons-lang3 to 3.13.0

We've updated Apache commons-lang3 from version 3.9 to 3.13.0. There are no vulnerabilities associated with this library. We've removed the Apache commons-lang-2.6 library from all components. If you are referencing this library in your code, please refer to the commons-lang3-3.13.0 library instead.

Updated Apache Velocity Engine to 2.3

We've updated Apache velocity-engine-core from version 2.2 to 2.3. This update addresses the following vulnerabilities:

Updated Apache Velocity Tools to 3.1

We've updated Apache velocity-tools-generic from version 3.0 to 3.1. This update addresses the following vulnerabilities:

Updated Apache Xerces to 2.12.2

We've updated Apache Xerces from version 2.9.1 to 2.12.2. This update addresses the following vulnerabilities:

We've also updated Apache xml-apis from version 1.0.b2 to 1.4.01. There are no vulnerabilities associated with this library, but it is a dependency of Xerces, and it was required to update it.

Updated Jackson to 2.14.3

We've updated several Jackson libraries from version 2.11.3 to 2.14.3. This update addresses the following vulnerabilities:

Removed Jasypt Library

We've removed the jasypt library. This update addresses the following vulnerability:

Updated JDOM to JDOM2 2.0.6.1

We've updated the JDOM library from version 1.1.1 to JDOM2 version 2.0.6.1. This update addresses the following vulnerability:

Updated Jetty to 9.4.53

We've updated several Jetty libraries from version 9.4.44 to 9.4.53. We've also updated several Jetty library dependencies (javax and asm). This update addresses the following vulnerabilities:

Replaced JSch Library with mwiede's Implementation

We've replaced the official JSch library with the most recent version of mwiede's implementation which is a drop-in replacement. The official library is no longer maintained, while mwiede's library is actively maintained with bug fixes and security updates. Thanks to jonbartels for submitting the Community Issue and the pull request.

NOTE: This updated library disables the old ssh-rsa algorithm by default. See the Upgrade Guide for more information.

Updated MySQL JDBC Driver to 8.1.0

We've updated MySQL JDBC Driver from version 8.0.16 to 8.1.0. This update addresses the following vulnerability:

Updated Netty to 4.1.97

We've updated Netty from version 4.1.53 to 4.1.97. This update addresses the following vulnerabilities:

We have also updated the Netty NIO client to 2.20.140 and Netty reactive streams to 2.0.8.

Updated PostgreSQL JDBC Driver to 42.6.0

We've updated PostgreSQL JDBC Driver from version 42.2.19 to 42.6.0. This update addresses the following vulnerabilities:

Updated Quartz Scheduler to 2.3.2

We've updated Quartz Scheduler from version 2.1.7 to 2.3.2. This update addresses the following vulnerability:

Removed SoapUI and XMLBeans Libraries

We've removed the SoapUI and XMLBeans libraries. This update addresses the following vulnerability in XMLBeans, which is a dependency of SoapUI:

Updated SQLite JDBC Driver to 3.43.2.1

We've updated SQLite JDBC Driver from version 3.7.2 to 3.43.2.1. This update addresses the following vulnerabilities:

Removed woodstox-core and stax2-api Libraries

We've removed the woodstox-core and stax2-api libraries. This update addresses the following vulnerability:

Updated XStream to 1.4.20

We've updated XStream from version 1.4.19 to 1.4.20. This update addresses the following vulnerabilities:

Commercial Extension Improvements

Health Data Hub Plugin

Fixed Defect When Upgrading to 4.2.0 or later

We fixed an issue that affected users upgrading to 4.2.0 or later. Any channels using the HDH Sender or HDH transformer steps could stop functioning after upgrading. Users would see UI bugs, and messages would have unexpected errors. This issue is fixed in 4.5.0.

Multi-Factor Authentication Plugin

Updated DUO Authentication to use the Universal Prompt

We have updated the DUO Authentication to use the new Universal Prompt because the Traditional Prompt will no longer be accessible after March 30, 2024. If you are using the DUO Authentication with the Multi-Factor Authentication Plugin, do the following:

  1. Upgrade to 4.5.0 from a previous version
  2. Start Mirth Connect (login will look the same for DUO authentication)
  3. Go to your DUO account
  4. Select Applications and Mirth Connect Application
  5. Select Show New Universal Prompt
  6. Restart Mirth Connect (login will change to the new prompt)

If you choose not to upgrade before March 30, 2024, you need to disable your DUO setting.

Updated Google Auth to 1.5.0

We've updated Google Auth from version 1.1.5 to 1.5.0.

Clone this wiki locally