=============================================================================
Run Date: FEB 06, 2024                     Designation: PRED*3*6
Package : PRED - PHARMACY DATA UPDATE (DATUP) Priority: Mandatory
Version : 3         SEQ #6                      Status: Released
                  Compliance Date: MAR 08, 2024
=============================================================================


Subject: DATUP 3.2.01 TECHNICAL REFERENCE MODEL (TRM) COMPLIANCE

Category: 
  - Informational
  - Other

Description:
============

 Data and Table Update Process (DATUP) is a utility that runs an automated
 process to maintain the First Data Bank Drug Information Framework
 (FDB-DIF) and VA custom data used by Medication Order Check Healthcare
 Application (MOCHA) servers. It is also used at the National level by
 Pharmacy Enterprise Customization System (PECS) and Pharmacy Product
 System - National (PPS-N). 
  
 The purpose of this patch is to upgrade Log4j version from 2.19.0 to 
 2.20.0, upgraded to ESAPI version from 2.4.0 to 2.5.2.0 and upgraded to 
 Apache Commons Collections from 3.2.1 to 4.4 
 to comply with the VA Technical Reference Model (TRM).
  
 Patch Components:
 -----------------
  
 Files & Fields Associated:
  
 File Name (Number)          Field Name (Number)   New/Modified/Deleted
 ------------------          -------------------   --------------------
 N/A
  
 Forms Associated:
  
 Form Name                   File Number           New/Modified/Deleted
 ---------                   -----------           --------------------
 N/A 
  
 Mail Groups Associated:
  
 Mail Group Name             New/Modified/Deleted
 ---------------             --------------------
 N/A 
  
 Options Associated:
  
 Option Name                 Type                  New/Modified/Deleted
 -----------                 ----                  --------------------
 N/A 
  
 Protocols Associated:
  
 Protocol Name               New/Modified/Deleted
 -------------               --------------------
 N/A 
  
 Security Keys Associated: 
  
 Security Key Name
 -----------------
 N/A
  
 Templates Associated:
  
 Template Name         Type    File Name (Number)  New/Modified/Deleted
 -------------         ----    ------------------  --------------------
 N/A
  
 Remote Procedures Associated:
  
 Remote Procedure Name       New/Modified/Deleted
 ---------------------       --------------------
 N/A 
  
 Parameter Definitions Associated:
  
 Parameter Name              New/Modified/Deleted
 --------------              --------------------
 N/A 
  
 New Service Requests (NSRs):
 ---------------------------
 N/A 
  
 Patient Safety Issues (PSIs):
 ----------------------------
 N/A 
    
 Defect Tracking System Ticket(s) & Overview:
 ============================================
 JIRA Task Id: HDSO-5792
   
 Problem: 
 --------
 DATUP application contains Java Enterprise components which are subject 
 to Technical Reference Model (TRM) to maintain authority to operate 
 (ATO). Routine Fortify scanning and remediation is performed to maintain 
 compliance.  
  
 Resolution:
 -----------
 DATUP patch PRED*3.0*6 was upgraded to Log4j version from 2.19.0 to 2.20.0
 , upgraded to ESAPI version from 2.4.0 to 2.5.3.0 and upgraded to 
 Apache Commons Collections from 3.2.1 to 4.4 to
 be compliant with Technical Reference Model (TRM).
  
 Participating Test Sites:
 ------------------------
 User acceptance testing completed by the Business Office.
  
 SNOW Change Order #:
 ---------------------
 N/A
   
 Software and Documentation Retrieval Instructions:
 -------------------------------------------------
 The patch will be released in Forum via PackMan MailMan message. For the 
 Java installation, this patch is being released by AITC. 
  
 Other Software Files:
 ---------------------
 This release also includes other software files.  They can be obtained at 
 location: /srv/vista/patches/SOFTWARE     
  
 File Title                             File Name                       
 -------------------------------------------------------------------
 Deployment, Installation               PRED_3_2_01_P6_DIBR.DOCX
 Back-Out, and Rollback Guide             PRED_3_2_01_P6_DIBR.PDF
  
  
 Patch Installation:
 -------------------
  
 Pre-Installation Instructions:
 ------------------------------
 N/A  
  
 Installation Instructions:
  
 Patch will be installed by AITC. No action is needed at the sites.
 For further information on installation of the patch, refer to the section
 2 (Deployment) in the PRED_3_2_01_P6_DIBR.DOCX.
  
 Post-Installation Instructions:
 -------------------------------
 N/A
  
 Back-Out/Roll Back Plan:
 ------------------------
 Patch will be backed out by AITC. For further information on the back out
 of the patch, refer to the section 4 (Back-Out Procedure) in the
 PRED_3_2_01_P6_DIBR.DOCX.
  
 Validation of Back-out Procedure
 ---------------------------------
 Patch will be installed by AITC. For further information, refer to the 
 section 4.2 (Back-Out Verification Procedure) in the 
 PRED_3_2_01_P6_DIBR.DOCX document.

Routine Information:
====================
No routines included.

=============================================================================
User Information:
Entered By  :                               Date Entered  : AUG 28, 2023
Completed By:                               Date Completed: FEB 06, 2024
Released By :                               Date Released : FEB 06, 2024
=============================================================================


Packman Mail Message:
=====================

No routines included