============================================================================= Run Date: AUG 01, 2025 Designation: PRPF*4*12 Package : PRPF - INTEGRATED PATIENT FUNDS Priority: Mandatory Version : 4 SEQ #12 Status: Released Compliance Date: AUG 31, 2025 ============================================================================= Subject: Post Transaction Date Validation, Log4j Upgrade Category: - Informational Description: ============ There are several issues being addressed by this patch: 1.Log4j upgrade (version 2.24) 2.Transaction Date and Deferral Date validation (will validate a mandatory parameter for a new transaction, making sure it is a date and in the right format) - affects both Post Single Transaction and Post Multiple Transactions. 3.Getting rid of the older (version 1.2.7) log4j library being pulled as a transient dependency. 4.Undefined Esignature handling.Handle gracefully rare cases where a VPFS user does not have an Esignature defined. EHRM Impact Statement: ---------------------- This patch should have no EHRM impact, and can be installed at all sites, including EHRM converted sites. Patch Components: ----------------- Files & Fields Associated: File Name (Number) Field Name (Number) New/Modified/Deleted ------------------ ------------------- -------------------- N/A Forms Associated: Form Name File Number New/Modified/Deleted --------- ----------- -------------------- N/A Mail Groups Associated: Mail Group Name New/Modified/Deleted --------------- -------------------- N/A Options Associated: Option Name Type New/Modified/Deleted ----------- ---- -------------------- N/A Protocols Associated: Protocol Name New/Modified/Deleted ------------- -------------------- N/A Security Keys Associated: Security Key Name ----------------- N/A Templates Associated: Template Name Type File Name (Number) New/Modified/Deleted ------------- ---- ------------------ -------------------- N/A Remote Procedures Associated: Remote Procedure Name New/Modified/Deleted --------------------- -------------------- N/A Parameter Definitions Associated: Parameter Name New/Modified/Deleted -------------- -------------------- N/A Additional Information: ----------------------- N/A Defect Tracking System Ticket(s) & Overview: 1. WEBVPFS-151 Log4j upgrade (version 2.24) Problem: -------- Log4J dependency was out of date according to TRM Resolution: ----------- Upgraded to the safest version with the most compatibility for our applications and their dependency 2. WEBVPFS-152 Defect identified by SQA re Transaction Date and Deferral Date validation Problem: -------- The validation routines that were required for ensuring that transaction and deferral dates entered met certain criteria were not executing, resulting in the possibility for invalid dates to be entered by the user. Resolution: ----------- Reimplemented the validations in Java code, as what could be validated in XML changed after upgrading from Struts 1.x to Struts 2.x 3. WEBVPFS-153 Critical Nessus Finding removing older (version 1.2.7) log4j library since it's being pulled as a transient dependency Problem: -------- One of our dependencies necessary in the operation of VPFS was pulling in an outdated version of Log4J, which violated Nessus scanning Resolution: ----------- Prevent the dependency from being pulled in by excluding it specifically in build files (Maven) 4. WEBVPFS-155 Defect regarding undefined eSignature handling Problem: -------- Users who did not set up an esignature could trigger an unexpected exception Resolution: ----------- Updated the codebase to check for esignature prior to attempting to go to a page in the application where esignature is necessary to continue. VPFS will now get a descriptive error message instead of the cryptic messaging before Test Sites: ----------- Tomah VAMC Washington DC VAMC SNOW Change Order#: ------------------- CHG0632408 Software and Documentation Retrieval Instructions: -------------------------------------------------- User interface patch to be deployed on a centralized application server only. Documentation Title File Name --------------------------------------------------------------------- No updates Patch Installation: ------------------- This is a web application Java Build. This is a centralized server promotion. No installation is required at local sites. Pre/Post Installation Overview: ------------------------------- To be installed on centralized WebLogic 12c server only Back-Out/Roll Back Plan: ------------------------ Any back-out/roll back will be handled by the central server deployment team. No actions are required of local sites in the event of back-out/rollback Routine Information: ==================== No routines included. ============================================================================= User Information: Entered By : Date Entered : APR 17, 2025 Completed By: Date Completed: AUG 01, 2025 Released By : Date Released : AUG 01, 2025 ============================================================================= Packman Mail Message: ===================== No routines included