============================================================================= Run Date: FEB 01, 2024 Designation: PREM*3*5 Package : PREM - MEDICATION ORDER CHECK (MOCH Priority: Mandatory Version : 3 SEQ #5 Status: Released Compliance Date: MAR 03, 2024 ============================================================================= Subject: MOCHA - Log4j2 Upgrade for TRM Compliance Category: - Informational - Other Description: ============ MOCHA application server is a component of the Medication Order Check Healthcare program that provides the capability to receive and validate the format of the request. Provided the format is correct, the MOCHA services will process the request by interacting with FDB's Med Knowledge Framework to perform the requested check and return the results. The purpose of this informational patch is to comply with the Technical Reference Model (TRM). Log4j2 libraries has been upgraded to version 2.20.0 to remediate security vulnerability found in the older versions of log4j. Aspectj instances were also removed. Patch Components: ----------------- Files & Fields Associated: File Name (Number) Field Name (Number) New/Modified/Deleted ------------------ ------------------- -------------------- N/A Forms Associated: Form Name File Number New/Modified/Deleted --------- ----------- -------------------- N/A Mail Groups Associated: Mail Group Name New/Modified/Deleted --------------- -------------------- N/A Options Associated: Option Name Type New/Modified/Deleted ----------- ---- -------------------- N/A Protocols Associated: Protocol Name New/Modified/Deleted ------------- -------------------- N/A Security Keys Associated: Security Key Name ----------------- N/A Templates Associated: Template Name Type File Name (Number) New/Modified/Deleted ------------- ---- ------------------ -------------------- N/A Remote Procedures Associated: Remote Procedure Name New/Modified/Deleted --------------------- -------------------- N/A Parameter Definitions Associated: Parameter Name New/Modified/Deleted -------------- -------------------- N/A New Service Requests (NSRs): --------------------------- N/A Patient Safety Issues (PSIs): ---------------------------- N/A Defect Tracking System Ticket(s) & Overview: ============================================ JIRA Task Id: HDSO-5754 Problem: -------- MOCHA application contains Java components which are subject to compliance with Technical Reference Model (TRM) to maintain authority to operate (ATO). Resolution: ----------- Log4j Logging framework has been updated to be compliant with Technical Reference Model (TRM) and removal of Aspectj instances to remediate security vulnerabilities. Log4j has been upgraded from 2.17.1 to TRM approved version 2.20.0. Participating Test Sites: ----------------------- Battle Creek VAMC Battle Creek, MI Wilmington VAMC Wilmington, DE SNOW Change Order #: --------------------- N/A Software and Documentation Retrieval Instructions: ------------------------------------------------- The PREM*3*5 Informational Patch is available in FORUM. Documentation can be found in the VA Documentation Library (VDL) at: https://www.domain.ext/vdl/ PREM*3*5 Documentation can also be obtained at: https://download.vista.domain.ext/index.html/SOFTWARE Title File Name ------------------------------------------------------------------ Deployment, Installation, PREM_3_P5_DIBR.DOCX Back-out, and Rollback Guide PREM_3_P5_DIBR.PDF Installation Guide PREM_3_P5_MOCHA_SERVER_V3_3_1_IG.DOCX PREM_3_P5_MOCHA_SERVER_V3_3_1_IG.PDF Patch Installation: ------------------- Pre-Installation Instructions: ------------------------------ N/A Installation Instructions: ------------------------- This is a Java Application, and it is deployed on the centralized Weblogic application server. No installation is required at local sites. Post-Installation Instructions: ------------------------------- N/A Back-out/Roll Back Plan: ------------------------ Patch will be installed by AITC. For further information on the Roll back plan of the patch, refer to the section 4 (Back-Out Procedure) in the PREM_3_P5_DIBR.DOCX document. Validation of Back-out Procedure --------------------------------- Patch will be installed by AITC. For further information, refer to the section 4.2 (Back-Out Verification Procedure) in the PREM_3_P5_DIBR.DOCX document. Routine Information: ==================== No routines included. ============================================================================= User Information: Entered By : Date Entered : AUG 19, 2023 Completed By: Date Completed: JAN 31, 2024 Released By : Date Released : FEB 01, 2024 ============================================================================= Packman Mail Message: ===================== No routines included