=============================================================================
Run Date: JAN 14, 2025                     Designation: PSO*7*727
Package : PSO - OUTPATIENT PHARMACY           Priority: Mandatory
Version : 7       SEQ #638                      Status: Released
                  Compliance Date: FEB 14, 2025
=============================================================================


Subject: Inbound eRx (ePrescribing) TRM Compliance & Defect Fixes

Category: 
  - Informational
  - Other

Description:
============

 The Inbound eRx JAVA application is a component of the PRE IEP program 
 that provides the capability to receive inbound eRx's from an external 
 provider. The JAVA application provides a user interface that allows end 
 users to manage and monitor eRx processing from external sources.
  
 This patch provides resolutions for the following issues:
  
 1 Jira Defect: HDSO-3909 - Resolves issues reported by the Software 
 Assurance (SwA) team with vulnerabilities detected within the libraries 
 and frameworks used in the 
 application.
 2 INC23782969 - Addresses an incorrect error code within the application.
 3 Jira Defects: HDSO-737, HDSO-9083 and ERXCS-3191- Addresses TRM
 compliance issues with outdated libraries and frameworks used.
 4 INC23152564- MbM_Check to set fault value independent of digital 
 signature by limiting initial call to the class constructor - post parse.
 5 Jira Defect: HDSO-6920- Outdated version of ESAPI version that is not 
 TRM compliant in use by the application.
  
 Patch Components:
 -----------------
 Files & Fields Associated:
  
 File Name (Number)          Field Name (Number)       New/Modified/Deleted
 ------------------          -------------------       --------------------
 N/A
  
 Forms Associated:
  
 Form Name                   File Number               New/Modified/Deleted
 ---------                   -----------               --------------------
 N/A
  
 Mail Groups Associated:
  
 Mail Group Name             New/Modified/Deleted
 ---------------             --------------------
 N/A
  
 Options Associated:
  
 Option Name                 Type                      New/Modified/Deleted
 -----------                 ----                      --------------------
 N/A
  
 Protocols Associated:
  
 Protocol Name               New/Modified/Deleted
 -------------               --------------------
 N/A
  
 Security Keys Associated: 
  
 Security Key Name
 -----------------
 N/A
  
 Templates Associated:
  
 Template Name         Type    File Name (Number)      New/Modified/Deleted
 -------------         ----    ------------------      --------------------
 N/A
  
 Remote Procedures Associated:
  
 Remote Procedure Name       New/Modified/Deleted
 ---------------------       --------------------
 N/A
  
 Parameter Definitions Associated:
  
 Parameter Name              New/Modified/Deleted
 --------------              --------------------
 N/A
  
 Patient Safety Issues (PSIs):
 N/A
   
 Defect Tracking System Ticket(s) & Overview:
 ============================================
  
 1. Jira Defects: HDSO-3909 -(SwA) team detected vulnerabilities 
 within several libraries and frameworks.
  
 Problem 1:
 ---------
 Software Assurance (SwA) team detected vulnerabilities within several 
 libraries and frameworks that were used by the application.
 Resolution 1:
 -----------
 The libraries and frameworks with known vulnerabilities were updated 
 within the application to patched versions of the libraries and 
 frameworks in question to eliminate the issues reported by the SwA team.
  
 2. INC23782969 - Inbound eRx is sending an error with error code 602
  
 Problem 2:
 ---------
 Inbound eRx is sending an error with error code 602 for eRx 
 containing controlled substance when sending a NewRx to MEDS BY MAIL 
 CHAMPVA (NCPDP ID: 5204437) which is an incorrect error code. 
     
 Resolution 2:
 -----------
 The system should send error code 601 with description (Receiver unable 
 to process).
  
 3. Jira Defect: HDSO-7370 and HDSO-9083 - Update libraries and
 frameworks for compliance with TRM.
  
 Problem 3:
 ---------
 Update libraries and frameworks for compliance with TRM.
     
 Resolution 3:
 -----------
 Updated Apache CXF, Apache Commons Text, Apache Commons Lang3, Apache 
 log4j, Spring Framework, Spring Security, Jackson JSON, SLF4J, Hibernate, 
 Hibernate Validator, and Ehcache for compliance with TRM.
  
 4. INC23152564 - Jira Defect:HDSO-505-CII eRx prescriptions are 
 supposed to be blocked at the Hub,but some CII eRx prescriptions are 
 still reaching our VistA.
  
 Problem 4:
 ---------
 CII eRx prescriptions are supposed to be blocked at the 
 Hub, but some CII eRx prescriptions are still reaching our VistA.
     
 Resolution 4:
 -----------
 Changed MbM_Check to set fault value independent of digital signature by 
 limiting initial call to the class constructor - post parse. 
  
 5. Jira Defect: HDSO-6920 - Outdated version of ESAPI version that 
 is not TRM compliant. 
  
 Problem 5:
 ---------
 Outdated version of ESAPI version that is not TRM compliant in use by the 
 application.
     
 Resolution 5:
 -----------
 Updated ESAPI version from 2.4.0.0 to 2.5.0.0 in compliance with TRM.
  
 Patient Safety Issues:
 ======================
 N/A
   
 Participating Test Sites:
 =========================
 User acceptance testing successfully completed at listed stations. 
 MbM - Station 741
 Central Texas- Station 674
  
 SNOW/RFC Ticket#:
 -------------------
 INC37063743 
  
 Software and Documentation Retrieval Instructions:
 ------------------------------------------------- 
 The PSO*7*727 documentation can be found on the VA Documentation Library
 (VDL) at: https://www.domain.ext/vdl.
 The PSO*7*727 documentation can also be obtained at: 
 https://download.vista.domain.ext/index.html/SOFTWARE.
  
 PSO*7*727 documentation can also be obtained at:
 https://download.vista.domain.ext/index.html/SOFTWARE.
  
 Title                                           File Name
 ------------------------------------------------------------------
 Deployment, Installation,                      PSO_7_0_P727_ DIBR.DOCX
 Back-out and Rollback Guide                    PSO_7_0_P727_ DIBR.PDF
  
 Patch Installation:
 -------------------
  
 Pre-Installation Instructions: 
 ------------------------------
 N/A
  
 Installation Instructions:  
 -------------------------  
 Inbound eRx (ePrescribing GUI) is a Centralized Web application and JAVA
 component for this patch is being installed by AITC. No installation is
 required at Local sites.
  
 The Deployment, Installation, Back-Out and Rollback Guide (DIBR) for this 
 patch contains detailed installation instructions on how to deploy this 
 eRx Java application patch at the Central Application Server.
  
  
 Back-Out/Roll Back Plan:
 --------------
 The backout plan is provided as part of the Deployment, Installation, 
 Back-Out and Rollback Guide (DIBR) for this patch.  Refer to section 4, 
 Back-Out Procedure.
  
 Validation of Back-out Procedure:
 ---------------------------------
 Detailed information on the validation of back-out procedure is provided 
 in the DIBR for this patch.  Refer to section 4.2, Back-Out Verification 
 Procedure. 

Routine Information:
====================
No routines included.

=============================================================================
User Information:
Entered By  :                               Date Entered  : MAY 17, 2023
Completed By:                               Date Completed: JAN 14, 2025
Released By :                               Date Released : JAN 14, 2025
=============================================================================


Packman Mail Message:
=====================

No routines included