============================================================================= Run Date: DEC 15, 2025 Designation: CHDS*2.2*10 Package : CHDS - CLINICAL DATA REPOSITORY/HEA Priority: Mandatory Version : 2.2 SEQ #10 Status: Released Compliance Date: DEC 15, 2025 ============================================================================= Subject: CHDR TECHNICAL UPDATE FOR TRM COMPLIANCE Category: - Informational - Other Description: ============ The Clinical Health Data Repository (CHDR) application is an interagency data transfer application responsible for synchronizing the Allergy and Pharmacy data for Active Dual Consumer (ADC) patients contained in the Department of Defense (DOD) Clinical Data Repository (CDR) and the VA's Health Data Repository (HDR). EHRM Impact Statement: ---------------------- This patch should have no EHRM impact, and can be installed at all sites, including EHRM converted sites. Patch Components: ----------------- Files & Fields Associated: File Name (Number) Field Name (Number) New/Modified/Deleted ------------------ ------------------- -------------------- N/A Forms Associated: Form Name File Number New/Modified/Deleted --------- ----------- -------------------- N/A Mail Groups Associated: Mail Group Name New/Modified/Deleted --------------- -------------------- N/A Options Associated: Option Name Type New/Modified/Deleted ----------- ---- -------------------- N/A Protocols Associated: Protocol Name New/Modified/Deleted ------------- -------------------- N/A Security Keys Associated: Security Key Name ----------------- N/A Templates Associated: Template Name Type File Name (Number) New/Modified/Deleted ------------- ---- ------------------ -------------------- N/A Remote Procedures Associated: Remote Procedure Name New/Modified/Deleted --------------------- -------------------- N/A Parameter Definitions Associated: Parameter Name New/Modified/Deleted -------------- -------------------- N/A Additional Information: ----------------------- New Service Requests (NSRs): N/A Patient Safety Issues (PSIs): N/A Defect Tracking System Ticket(s) & Overview: 1. JIRA Task Id: CHDR-621 - Updating libraries for TRM compliance and CVE fixes Problem: -------- The libraries used by the CHDR application need to be updated to the latest compliant versions in TRM. Additionally, libraries need to be updated to address the following Common Vulnerabilities and Exposures (CVEs): Apache Commons Validator - CVE-2025-48734 Apache Commons IO - CVE-2025-48924 Apache Commons Lang - CVE-2025-48924 Apache Commons FileUpload - CVE-2025-48976, CVE-2024-47554 Apache Commons Codec - CVE-2025-48924 Apache Commons BeanUtils - CVE-2025-48734 Resolution: ----------- Updated libraries to TRM compliant versions which also addressed CVE-2025-48734, CVE-2025-48924, CVE-2025-48924, CVE-2025-48976, CVE-2024-47554, CVE-2025-48924, CVE-2025-48734. Test Sites: ----------- Since the CHDR application is not directly connected to any VistA sites there are no Veterans Health Administration (VHA) VistA sites associated with this release. Test support and verification will be provided by VA test results only since the Department of Defense (DOD) side of CHDR is no longer operational. Test Sites - SNOW Change Order #: --------------------------------- N/A Software and Documentation Retrieval Instructions: -------------------------------------------------- Other software files and documentation pertaining to this patch are available. Other Software Files: The software for this patch is being released as a Java electronic archive (.ear) file to be deployed at Austin Information Technology Center (AITC) by the AITC Support Team as a centrally located application. There is no associated VistA patch to be released to all VistA sites. File Name: ---------- chdr-2.2.10.1.ear Documentation can be found on the VA Software Document Library at: https://www.domain.ext/vdl/ Documentation can also be obtained at: https://download.vista.domain.ext/index.html/SOFTWARE/ Documentation Title File Name --------------------------------------------------------------------- CHDR Version 2.2.10.1 Deployment, Installation, Back-Out, and Rollback Guide CHDS_2_2_P10_DIBRG.DOCX CHDS_2_2_P10_DIBRG.PDF Patch Installation: ------------------- Pre/Post Installation Overview: N/A Pre-Installation Instructions: N/A Installation Instructions: Austin Information Technology Center (AITC) performs patch installation on a centralized web server. CHDR is a web application build. This is a centralized server promotion. No installation is required at local sites. Please refer to the CHDR Version 2.2.10.1 Deployment, Installation, Back-Out, and Rollback Guide (DIBRG) for complete instructions. Post-Installation Instructions: N/A Back-Out/Roll Back Plan: ------------------------ Back-out and/or rollback will be done only with the concurrence and participation of the development team and appropriate Austin Information Technology Center (AITC) personnel. The decision to back out or roll back software will be a joint decision between the development team, AITC personnel, and other appropriate VA personnel. Rollback can be accomplished by the AITC WebLogic Administrator by replacing the chdr-2.2.10.1.ear file with the previously deployed chdr-2.2.9.1.ear file. Please refer to the CHDR Version 2.2.10.1 Deployment, Installation, Back-Out, and Rollback Guide (DIBRG) for complete instructions. Routine Information: ==================== No routines included. ============================================================================= User Information: Entered By : Date Entered : AUG 27, 2025 Completed By: Date Completed: DEC 05, 2025 Released By : Date Released : DEC 15, 2025 ============================================================================= Packman Mail Message: ===================== No routines included