============================================================================= Run Date: FEB 01, 2022 Designation: CHDS*2.2*2 Package : CHDS - CLINICAL DATA REPOSITORY/HEA Priority: Mandatory Version : 2.2 SEQ #2 Status: Released Compliance Date: MAR 04, 2022 ============================================================================= Subject: CHDR Log4j Mitigation Release Category: - Informational - Other Description: ============ The CHDR application is an interagency data transfer application responsible for synchronizing the Allergy and Pharmacy data for Active Dual Consumer (ADC) patients contained in the DOD's Clinical Data Repository (CDR) and the VA's Health Data Repository (HDR). The purpose of this patch/upgrade is to mitigate the log4j vulnerability. Defect Tracking System Ticket(s) & Overview: ============================================ 1. JIRA Task Id: CHDR-230 - CHDS*2.2*2 Release Plan Problem: -------- The current CHDR java application does not have the latest log4j library included in the build which may introduce risk of the log4j vulnerability being exposed in CHDR. Resolution: ----------- Retrieve the respective log4j libraries to replace current libraries and include the new libraries in a new CHDR build. Test Sites: ----------- Since the CHDR application is not directly connected to any VistA sites there are no VA Vista sites associated with this release. Test support and verification will be provided by VA Test results with concurrence from DOD test results. Software and Documentation Retrieval Instructions: -------------------------------------------------- The software for this patch is being released as a java electronic archive (.ear) file to be deployed at AITC as a centrally located application. There is no associated VistA patch to be released to all VistA sites. Other Software Files: --------------------- All code updates, build, library and properties files will be controlled and stored in the chdr-code Github repository. All documentation and test results will be controlled and stored in the chdr-product Github repository. Patch Installation: ------------------- The patch installation will include submission of the updated newly compiled electronic archive file (.ear file) to the production AITC WebLogic administrator for deployment to the WebLogic domain for deployment. Back-Out/Roll Back: ------------------- The back out or roll back of this application will include the replacement of the new .ear file with the previously deployed .ear file and performed by the AITC WebLogic Administrator. Routine Information: ==================== No routines included. ============================================================================= User Information: Entered By : Date Entered : JAN 21, 2022 Completed By: Date Completed: FEB 01, 2022 Released By : Date Released : FEB 01, 2022 ============================================================================= Packman Mail Message: ===================== No routines included