============================================================================= Run Date: MAY 20, 2025 Designation: CHDS*2.2*8 Package : CHDS - CLINICAL DATA REPOSITORY/HEA Priority: Mandatory Version : 2.2 SEQ #8 Status: Released Compliance Date: JUN 20, 2025 ============================================================================= Subject: CHDR TECHNICAL UPDATE FOR TRM & FORTIFY COMPLIANCE AND JUNIT FIXES Category: - Informational - Other Description: ============ The Clinical Health Data Repository (CHDR) application is an interagency data transfer application responsible for synchronizing the Allergy and Pharmacy data for Active Dual Consumer (ADC) patients contained in the Department of Defense (DOD) Clinical Data Repository (CDR) and the VA's Health Data Repository (HDR). EHRM Impact Statement: ---------------------- This patch can be installed at all sites, including EHRM converted sites. Patch Components: ----------------- Files & Fields Associated: File Name (Number) Field Name (Number) New/Modified/Deleted ------------------ ------------------- -------------------- N/A Forms Associated: Form Name File Number New/Modified/Deleted --------- ----------- -------------------- N/A Mail Groups Associated: Mail Group Name New/Modified/Deleted --------------- -------------------- N/A Options Associated: Option Name Type New/Modified/Deleted ----------- ---- -------------------- N/A Protocols Associated: Protocol Name New/Modified/Deleted ------------- -------------------- N/A Security Keys Associated: Security Key Name ----------------- N/A Templates Associated: Template Name Type File Name (Number) New/Modified/Deleted ------------- ---- ------------------ -------------------- N/A Remote Procedures Associated: Remote Procedure Name New/Modified/Deleted --------------------- -------------------- N/A Parameter Definitions Associated: Parameter Name New/Modified/Deleted -------------- -------------------- N/A Additional Information: ----------------------- New Service Requests (NSRs): N/A Patient Safety Issues (PSIs): N/A Defect Tracking System Ticket(s) & Overview: 1. JIRA Task Id: CHDR-525 - Updating CHDR TRM Library compliance Problem: -------- Libraries within CHDR are not in compliance with TRM and need to be updated. Resolution: ----------- Updated libraries to TRM compliant versions for Spring Framework, Log4j, Slf4j, aspectjweaver, c3p0, commons-codec, commons-dbcp2, commons-lang3, commons-logging, dom4j, icu4j, jline, commons-collections4, commons-io, commons-validator, xmlresolver, xmlresolver-data, junit, junit-jupiter-api, junit-platform-suite-api, xmlunit-legacy, aspectjrt, wsdl4j, saxon-he. Also removed the need for the Saxon Enterprise Edition license by using extension functions within the Saxon HE version. 2. JIRA Task Id: CHDR-571 - Fortify & Jenkins fix Problem: -------- The latest Fortify scan identified a new finding for an XML External Entity Injection vulnerability. Additionally, errors were occurring within the Jenkins build process. Resolution: ----------- Addressed the Fortify finding for XML External Entity Injection and fixed the Jenkins file. Commented out the Open Worldwide Application Security Project (OWASP) Dependency-Check as it is no longer working on the current version of Jenkins being used and is causing the build to fail. Test Sites: ----------- Since the CHDR application is not directly connected to any VistA sites there are no Veterans Health Administration (VHA) VistA sites associated with this release. Test support and verification will be provided by VA test results only since the Department of Defense (DOD) side of CHDR is no longer operational. Test Sites - SNOW Change Order #: --------------------------------- N/A Software and Documentation Retrieval Instructions: -------------------------------------------------- Other software files and documentation pertaining to this patch are available. Other Software Files: The software for this patch is being released as a Java electronic archive (.ear) file to be deployed at Austin Information Technology Center (AITC) by the AITC Support Team as a centrally located application. There is no associated VistA patch to be released to all VistA sites. File Name: ---------- chdr-2.2.8.4.ear Documentation can be found on the VA Software Document Library at: https://www.domain.ext/vdl/ Documentation can also be obtained at: https://download.vista.domain.ext/index.html/SOFTWARE/ Documentation Title File Name --------------------------------------------------------------------- CHDR Version 2.2.8.4 Deployment, CHDS_2_2_P8_DIBRG.DOCX Installation, Back-Out, and Rollback Guide CHDS_2_2_P8_DIBRG.PDF Patch Installation: ------------------- Pre/Post Installation Overview: N/A Pre-Installation Instructions: N/A Installation Instructions: Austin Information Technology Center (AITC) performs patch installation on a centralized web server. CHDR is a web application build. This is a centralized server promotion. No installation is required at local sites. Please refer to the CHDR Version 2.2.8.4 Deployment, Installation, Back-Out, and Rollback Guide (DIBRG) for complete instructions. Post-Installation Instructions: N/A Back-Out/Roll Back Plan: ------------------------ Back-out will be done only with the concurrence and participation of the development team and appropriate Austin Information Technology Center (AITC) personnel. The decision to back out or roll back software will be a joint decision between the development team, AITC personnel, and other appropriate VA personnel. Back-out can be accomplished by the AITC WebLogic Administrator by replacing the chdr-2.2.8.4.ear file with the previously deployed chdr-2.2.7.2.ear file. Please refer to the CHDR Version 2.2.8.4 Deployment, Installation, Back-Out, and Rollback Guide (DIBRG) for complete instructions. No data was modified by this application installation and, therefore, no rollback strategy is required. Routine Information: ==================== No routines included. ============================================================================= User Information: Entered By : Date Entered : JAN 13, 2025 Completed By: Date Completed: MAY 20, 2025 Released By : Date Released : MAY 20, 2025 ============================================================================= Packman Mail Message: ===================== No routines included