============================================================================= Run Date: JAN 10, 2024 Designation: CHDS*2.2*7 Package : CHDS - CLINICAL DATA REPOSITORY/HEA Priority: Mandatory Version : 2.2 SEQ #7 Status: Released Compliance Date: FEB 10, 2024 ============================================================================= Subject: CHDR HL7 Phone Number Validation Category: - Informational - Other Description: ============ The Clinical Health Data Repository (CHDR) application is an interagency data transfer application responsible for synchronizing the Allergy and Pharmacy data for Active Dual Consumer (ADC) patients contained in the Department of Defense (DOD) Clinical Data Repository (CDR) and the VA's Health Data Repository (HDR). The purpose of this patch is to correct a defect in error exception handling which is an inadvertent side effect of the previous error exception logging patch. Also needed to Update the Spring, Hibernate, Log4j, and commons-fileupload libraries within CHDR to the latest versions to stay in compliance with Technical Reference Model (TRM). Patch Components: ----------------- Files & Fields Associated: N/A File Name (Number) Field Name (Number) New/Modified/Deleted ------------------ ------------------- -------------------- N/A Forms Associated: Form Name File Number New/Modified/Deleted --------- ----------- -------------------- N/A Mail Groups Associated: Mail Group Name New/Modified/Deleted --------------- -------------------- N/A Options Associated: Option Name Type New/Modified/Deleted ----------- ---- -------------------- N/A Protocols Associated: Protocol Name New/Modified/Deleted ------------- -------------------- N/A Security Keys Associated: Security Key Name ----------------- N/A Templates Associated: Template Name Type File Name (Number) New/Modified/Deleted ------------- ---- ------------------ -------------------- N/A Remote Procedures Associated: Remote Procedure Name New/Modified/Deleted --------------------- -------------------- N/A Parameter Definitions Associated: Parameter Name New/Modified/Deleted -------------- -------------------- N/A Additional Information: ----------------------- New Service Requests (NSRs): ---------------------------- N/A Defect Tracking System Ticket(s) & Overview: ============================================ 1. JIRA Task Id: HDSO-6045 - Phone Number Validation Problem: -------- The current CHDR java application validates the HL7 Phone Number fields which is not a required field in CDR or HDR. This is causing exceptions to be logged when it attempts validation on certain entries that are invalid or do not have a phone number as it is not required. This validation is still occurring in some scenarios. Resolution: ----------- Remove the HL7 Phone Number field validation from CHDR or allow the message to pass through as it is not a required field in CDR or HDR. 2. JIRA Task Id: HDSO-6054 - Update CHDR libraries for TRM compliance Problem: -------- Some of the libraries within CHDR (Spring, Hibernate, Log4j, commons-fileupload) were found to be outdated and/or effected by the following CVEs: CVE-2023-20863, CVE-2023-20861, CVE-2023-6378, CVE-2022-45868, CVE-2022-42003, CVE-2022-41853, CVE-2022-40156, CVE-2022-40155, CVE-2022-40154, CVE-2022-40153, CVE-2022-40152, CVE-2023-24998, CVE-2021-29425, CVE-2020-15250 Resolution: ----------- Update the Spring, Hibernate, Log4j, and commons-fileupload libraries within CHDR to the latest versions to fix the listed CVEs Test Sites: ----------- Since the CHDR application is not directly connected to any VistA sites there are no Veterans Health Administration (VHA) Vista sites associated with this release. Test support and verification will be provided by VA Test results with concurrence from Department of Defense (DOD) test results. SNOW Change Order#: ------------------- N/A Software and Documentation Retrieval Instructions: -------------------------------------------------- The software for this patch is being deployed by the Austin Information Technology Center (AITC) Support Team. Documentation can be found on the VA Software Documentation Library at: https://www.domain.ext/vdl/. Documentation can also be obtained at https://download.vista.domain.ext/index.html/SOFTWARE. Documentation Title File Name ------------------- --------- Deployment, Installation, CHDS_2.2_7_DIRB.docx Back-out, and Rollback Guide The software for this patch is being released as a java electronic archive (.ear) file to be deployed at Austin Information Technology Center (AITC) as a centrally located application. There is no associated VistA patch to be released to all VistA sites. Other Software Files: --------------------- chdr-2.2.7.2.ear Patch Installation: ------------------- Pre-Installation Instructions: ------------------------------ N/A Installation Instructions: ------------------------- Austin Information Technology Center (AITC) performs patch installation on a centralized web server. CHDR is a web application build. This is a centralized server promotion. No installation is required at local sites. Post-Installation Instructions: ------------------------------- N/A Back-Out/Roll Back Plan: ----------------------- The back out or roll back of this application will include the replacement of the new .ear file with the previously deployed .ear file and performed by the AITC WebLogic Administrator. Routine Information: ==================== No routines included. ============================================================================= User Information: Entered By : Date Entered : OCT 03, 2023 Completed By: Date Completed: JAN 09, 2024 Released By : Date Released : JAN 10, 2024 ============================================================================= Packman Mail Message: ===================== No routines included