============================================================================= Run Date: FEB 26, 2026 Designation: EDP*2*43 Package : EDP - EMERGENCY DEPARTMENT Priority: Mandatory Version : 2 SEQ #37 Status: Released Compliance Date: MAR 29, 2026 ============================================================================= Subject: WEB APPLICATION SECURITY ASSESSMENT (WASA) AND BUG FIXES Category: - Informational - Other Description: ============ This patch is for the Emergency Department Integration Software (EDIS) Java Graphic User Interface (GUI). After release, the EDIS GUI/Web Server version will be 2.2.62. Patch EDP*2*43 addresses the following defects: 1) EDIS-874 - Web Application Security Assessment (WASA) Finding #29198 - Missing Content-Security-Policy Header (Informational) 2) EDIS-1489 - INC40168854 - Issues with column sizing in EDIS. 3) EDIS-1600 - INC41017308 Add Room/Bed option saves without selecting the save button. EHRM Impact Statement: ---------------------- -This patch should have no EHRM impact, and can be installed at all sites, including EHRM converted sites. Patch Components: ----------------- Files & Fields Associated: File Name (Number) Field Name (Number) New/Modified/Deleted ------------------ ------------------- -------------------- N/A Forms Associated: Form Name File Number New/Modified/Deleted --------- ----------- -------------------- N/A Mail Groups Associated: Mail Group Name New/Modified/Deleted --------------- -------------------- N/A Options Associated: Option Name Type New/Modified/Deleted ----------- ---- -------------------- N/A Protocols Associated: Protocol Name New/Modified/Deleted ------------- -------------------- N/A Security Keys Associated: Security Key Name ----------------- N/A Templates Associated: Template Name Type File Name (Number) New/Modified/Deleted ------------- ---- ------------------ -------------------- N/A Remote Procedures Associated: Remote Procedure Name New/Modified/Deleted --------------------- -------------------- N/A Parameter Definitions Associated: Parameter Name New/Modified/Deleted -------------- -------------------- N/A Additional Information: ----------------------- N/A New Service Requests (NSRs): N/A Patient Safety Issues (PSIs): N/A Defect Tracking System Tickets(s) & Overview: 1) EDIS-874 - WASA Finding #29198 - Missing Content-Security-Policy Header (Informational). Problem: -------- The EDIS application is missing the Content-Security-Policy Header. Resolution: ----------- The required Content Security Policy (CSP) was applied to the web configuration file. 2) EDIS-1489 - INC40168854 - Issues with column sizing in EDIS. PROBLEM: ----------- The drag to move and size columns feature in Configure->Display Board->Preview Display Board does not work properly. Resolution: ----------- Updates were applied to the sizing logic to allow consistent behavior when a column is adjusted. However, there are limitations based on the algorithm used to decide what the limits should be based on a set size. This can impact the desired outcome. 3) EDIS-1600 - INC41017308 Add Room/Bed option saves without selecting the save button. Problem: -------- When a user clicks on Configure->Room/Areas->Add Room/Bed button and exits the page without saving it, the new Room/Bed displays on the table even though the page was not saved. Resolution: ----------- Changes have been made to allow users to Add new Room/Bed only when they click on the save button. Navigating to another screen without saving warns the user of loss of unsaved changes, and if acknowledged the unsaved changes are discarded. Test Sites: ----------- Robert J. Dole VAMC, Wichita, KS Erie VA Medical Center, Erie, PA SNOW Change Order #: ------------------- CHG0698644 Software and Documentation Retrieval Instructions: -------------------------------------------------- The software for this patch is being deployed by the IO Enterprise Server Support Team. Documentation describing the new functionality is not included in this Release. Documentation Title File Name ---------------------------------------------------------------- N/A Patch Installation: ------------------- Pre/Post Installation Overview: Austin Information Technology Center (AITC) performs patch installation on a centralized web server. EDIS is a java-based web application build. This is a centralized server promotion. No installation is required at local sites. Pre-Installation Instructions: This patch may be installed with users on the system although it is recommended that it be installed during non-peak hours to minimize potential disruption to users. However, no installation is required at local sites. Installation Instructions: N/A Post-Installation Instructions: N/A Back-Out/Roll Back Plan: ------------------------ Backout plan is provided as part of deployment instructions provided to AITC. No actions are required of local sites in the event of back-out/roll back. Routine Information: ==================== No routines included. ============================================================================= User Information: Entered By : Date Entered : JAN 23, 2026 Completed By: Date Completed: FEB 26, 2026 Released By : Date Released : FEB 26, 2026 ============================================================================= Packman Mail Message: ===================== No routines included