============================================================================= Run Date: FEB 29, 2024 Designation: WEBP*1*36 Package : WEBP - PATIENT CENTERED MANAGEMENT Priority: Mandatory Version : 1 SEQ #35 Status: Released Compliance Date: MAR 31, 2024 ============================================================================= Subject: PCMM WEB DEFECT REMEDIATION AND ADAPTIVE MAINTENANCE II Category: - Informational - Other Description: ============ The purpose of the patch is to remediate some defects and add integration with AppDynamics Browser RUM for performance tracing. There are a total of 7 items addressed in the patch, including 5 defects and 2 adaptive maintenance item. Defects: -------- 1. HDSO-6352 Address 508 Compliance Issue: Note 1, Defect 1: Critical - Non-text content does not have a text equivalent. 2. HDSO-6353 Address 508 Compliance Issue: Note 1, Defect 1: Critical - Non-text content does not have a text equivalent. 3. HDSO-6841 Dynamic Code Evaluation: JNDI Reference Injection 0 0 / 1 0 0 0 / 1 4. HDSO-6842 Dynamic Code Evaluation: Unsafe Deserialization 0 0 / 16 0 / 1 0 0 / 17 5. HDSO-6910 Set lock and query timeouts for PCMM and UM. Adaptive Maintenance: --------------------- 1. HDSO-7070 INC31055571 PCMM PHO Sta. 644 - Position Description Spelled Incorrectly 2. PCMMW-519 Create user security notice for PCMM and UM Patch Components: ----------------- Files & Fields Associated: File Name (Number) Field Name (Number) New/Modified/Deleted ------------------ ------------------- -------------------- N/A Forms Associated: Form Name File Number New/Modified/Deleted --------- ----------- -------------------- N/A Mail Groups Associated: Mail Group Name New/Modified/Deleted --------------- -------------------- N/A Options Associated: Option Name Type New/Modified/Deleted ----------- ---- -------------------- N/A Protocols Associated: Protocol Name New/Modified/Deleted ------------- -------------------- N/A Security Keys Associated: Security Key Name ----------------- N/A Templates Associated: Template Name Type File Name (Number) New/Modified/Deleted ------------- ---- ------------------ -------------------- N/A Remote Procedures Associated: Remote Procedure Name New/Modified/Deleted --------------------- -------------------- N/A Parameter Definitions Associated: Parameter Name New/Modified/Deleted -------------- -------------------- N/A Additional Information: ----------------------- N/A New Service Requests (NSRs): N/A Patient Safety Issues (PSIs): N/A Defect Tracking System Ticket(s) & Overview: -------------------------------------------- 1. HDSO-6352 Address 508 Compliance Issue: Note 1, Defect 1: Critical - Non-text content does not have a text equivalent. Problem: -------- Non-text content does not have a text equivalent, which makes it not 508 compliant. Resolution: ----------- Added alt attribute to the image so that JAWS can read it for vision-impaired users. 2. HDSO-6353 Address 508 Compliance Issue: Note 1, Defect 1: Critical - Non-text content does not have a text equivalent. Problem: -------- Non-text content does not have a text equivalent, which makes it not 508 compliant. Resolution: ----------- Added alt attribute to the image so that JAWS can read it for vision-impaired users. 3. HDSO-6841 Dynamic Code Evaluation: JNDI Reference Injection 0 0 / 1 0 0 0 / 1 Problem: -------- Fortify flagged JNDI query code as security risk. Resolution: ----------- Removed unused JNDI query code from deployment. 4. HDSO-6842 Dynamic Code Evaluation: Unsafe Deserialization 0 0 / 16 0 / 1 0 0 / 17 Problem: -------- Fortify flagged object deserialization code as security risk. Resolution: ----------- Removed unused object deserialization code from deployment. 5. HDSO-6910 Set lock and query timeouts for PCMM and UM. Problem: -------- Default lock and query timeouts are too long which causes blocked queries to be blocked for too long. Resolution: --------- Added configurable lock and query timeouts so that they can be fine tuned. Adaptive Maintenance Tracking System Ticket(s) & Overview: ---------------------------------------------------------- 1. HDSO-7070 INC31055571 PCMM PHO Sta. 644 - Position Description Spelled Incorrectly Problem: -------- As a PCMM User, I want positions of "Registered Dietitian" and "Clinical Pharmacist Practitioner" to be spelled correctly. Resolution: ----------- Updated CPRS Pop-up template with correct spelling. 2. PCMMW-519 Create user security notice for PCMM and UM Problem: -------- For ATO compliance, create user security notice for PCMM and UM that requires user to accept warning message before being able to access application. Resolution: ----------- Created user security notice for PCMM and UM that requires user to accept warning message before being able to access application. Test Sites: ----------- Memphis VA Medical Center (Memphis, TN) VA Montana Health Care System (Ft. Harrison, Miles City) Software and Documentation Retrieval Instructions: -------------------------------------------------- PCMM Web patch, WEBP*1*36, is a centrally managed web-based application and will be implemented and deployed to a central web server. Sites do not need to download any file for the patch installation. Documentation describing the new functionality is included in this release. Documentation can be found on the VA Software Documentation Library at: https://www.domain.ext/vdl/. Documentation can also be obtained at https://download.vista.domain.ext/index.html/SOFTWARE. Documentation Title File Name --------------------------------------------------------------------- Deployment, Installation Back-Out, WEBP_1.0_36_DIBRG.DOCX and Rollback Guide WEBP_1.0_36_DIBRG.PDF --------------------------------------------------------------------- PCMM Web User Guide PCMM_WEB_UG.DOCX Document PCMM_WEB_UG.PDF Other Software Files: --------------------- This release also includes other software files. Other software files can be obtained by accessing the URL: https://download.vista.domain.ext/index.html/SOFTWARE File Name Description -------------------------------------------------------- PCMMR_EAR-1.36.01.EAR Installation file PCMMR_UNATTENDED_EAR-1.36.01.EAR Installation file cissUserManagement-1.36.01.EAR Installation file Patch Installation: =================== PCMM Web patch, WEBP*1*36, is a centrally managed web-based application and will be implemented and deployed to a central web server. No installation is required by sites. Pre/Post Installation overview: --------------------------------------- N/A. Pre-Installation Instructions: ------------------------------ Installation Instructions: ------------------------- ****************************************************************** ** PLEASE NOTE: THERE IS NO INSTALLATION FOR THIS PATCH. ** ****************************************************************** This informational patch, WEBP*1.0*36, is for PCMM Web. Installation is done on a centralized server. Please refer to the WEBP_1.0_36_DIBRG.PDF for more details. Post-Installation Instructions: ----------------------------- N/A Back-Out Plan: -------------------------- Backout plan is provided as part of deployment guide detailed in the Deployment, Installation Back-Out, and Rollback Guide (WEBP_1.0_36_DIBRG.PDF). Routine Information: ==================== No routines included. ============================================================================= User Information: Entered By : Date Entered : JAN 25, 2024 Completed By: Date Completed: FEB 28, 2024 Released By : Date Released : FEB 29, 2024 ============================================================================= Packman Mail Message: ===================== No routines included