NO ROUTINE INCLUDED ============================================================================= Run Date: APR 25, 2024 Designation: WEBP*1*37 Package : WEBP - PATIENT CENTERED MANAGEMENT Priority: Mandatory Version : 1 SEQ #36 Status: Released Compliance Date: MAY 25, 2024 ============================================================================= Subject: PCMM FORTIFY AND WEB DEFECT REMEDIATION Category: - Informational - Other Description: ============ The purpose of the patch is to remediate some defects and add integration with AppDynamics Browser RUM for performance tracing. There are a total of 23 items addressed in the patch, including 13 defects and 10 adaptive maintenance items. Defects: -------- 1. PCMMW-770 Resolve Fortify Issue: Mass Assignment - Insecure Binder Configuration 2. PCMMW-784 Address 508 Compliance Issue: Note 5, Defect 5: Critical - Functionality of content is not operable through a keyboard interface. 3. PCMMW-806 Resolve Fortify Issue: Access Control: Database 4. PCMMW-1356 Stationless option on Background Job Reports Page returns error every time instead of proper results. 5. PCMMW-546 Date of Death for veteran in Cerner does not match PCMM. 6. PCMMW-772 Add filtering on sta3n for validator query that consumes a lot of resources (from MS call). 7. PCMMW-787 Resolve Fortify Issue: LDAP Entry Poisoning 8. PCMMW-793 Resolve Fortify Issue: Race Condition 9. PCMMW-800 Resolve Fortify Issue: Unreleased Resource: Streams 10. PCMMW-1037 INC31293126 - PCMM FHM STA 436- Provider Role has a Trash Icon and Should Not 11. PCMMW-802 If JobExecutionResultItemServiceImpl.java:71 call (update batch job item end time) fails, instead of failing whole auto-inactivation job retry with routing through JMS. 12. PCMMW-754 Address 508 Compliance Issue: Note 5, Defect 5: Critical - Functionality of content is not operable through a keyboard interface. 13. PCMMW-777 Resolve Fortify Issue: Password Management: Password in Configuration File Adaptive Maintenance: --------------------- 1. PCMMW-1349 508 Compliance - PCMM Banner UI Changes 2. PCMMW-789 Optimize AlerttDAOImpl.userHasActiveAlerts - current code is overly general and complicated. 3. PCMMW-795 parenthesis in security warning screen 4. PCMMW-807 Change PCMM Announcements language to reflect the updated PCMM banner order 5. PCMMW-774 Per MS advice - optimize validator queries to use sta3n where tables involved are partitioned on sta3n. 6. PCMMW-791 Remove configuration parameters for lock and query timeouts for MS SQL Driver, since they do not work for WL SQL Driver. 7. PCMMW-788 Optimize vista sync to reduce repeatable writings of the same record to VistA. 8. PCMMW-794 Optimize UI "Validate Team Data Consistency" operation to use read-only transaction. 9. PCMMW-776 Add code to aide troubleshooting slow validations. 10. PCMMW-1403 Remove unneeded validations from the processing when "validate team consistency" is triggered from UI link. Patch Components: ----------------- Files & Fields Associated: File Name (Number) Field Name (Number) New/Modified/Deleted ------------------ ------------------- -------------------- N/A Forms Associated: Form Name File Number New/Modified/Deleted --------- ----------- -------------------- N/A Mail Groups Associated: Mail Group Name New/Modified/Deleted --------------- -------------------- N/A Options Associated: Option Name Type New/Modified/Deleted ----------- ---- -------------------- N/A Protocols Associated: Protocol Name New/Modified/Deleted ------------- -------------------- N/A Security Keys Associated: Security Key Name ----------------- N/A Templates Associated: Template Name Type File Name (Number) New/Modified/Deleted ------------- ---- ------------------ -------------------- N/A Remote Procedures Associated: Remote Procedure Name New/Modified/Deleted --------------------- -------------------- N/A Parameter Definitions Associated: Parameter Name New/Modified/Deleted -------------- -------------------- N/A Additional Information: ----------------------- N/A New Service Requests (NSRs): N/A Patient Safety Issues (PSIs): N/A Defect Tracking System Ticket(s) & Overview: -------------------------------------------- 1. PCMMW-770 Resolve Fortify Issue: Mass Assignment - Insecure Binder Configuration Problem: -------- 65 high findings for Mass Assignment: Insecure Binder and Mass Assignment: Sensitive Field Exposure. Resolution: ----------- Set to ignore unknown values fixed the issues. 2. PCMMW-784 Address 508 Compliance Issue: Note 5, Defect 5: Critical - Functionality of content is not operable through a keyboard interface. Problem: -------- Ensure that the Home menu item and the Change Station menu item can be operated with a keyboard and mouse so that users can utilize both functions and to ensure that PCMM is 508 Compliant. Resolution: ----------- Resolved the issue where the Home and Change Station menus links could not be accessed through the keyboard. Additionally resorted the menu toolbar as requested in HDSO-7136. 3. PCMMW-806 Resolve Fortify Issue: Access Control: Database Problem: -------- High Fortify finding for Access Control: Database Resolution: --------- Added several changes to file relevant to the Fortify Issue: Access Control: Database. Mostly this includes changes to API calls to validate the user running the command has access to the station data of the information they're requesting. 4. PCMMW-1356 Stationless option on Background Job Reports Page returns error every time instead of proper results. Problem: -------- Stationless option on Background Job Reports Page returns error every time instead of proper results. Resolution: ----------- Changed the logic in the code to skip the station check if the flag for specific station wasn't set so that the queries can be run to return just the stationless jobs. 5. PCMMW-546 Date of Death for veteran in Cerner does not match PCMM. Problem: -------- Date of Death for veteran in Cerner does not match PCMM. Resolution: ----------- This issue will be fixed and tested by Cerner group. It will be released and documented in PCMM release 1.37 and will be treated in UAT as untestable. 6. CMMW-772 Add filtering on sta3n for validator query that consumes a lot of resources (from MS call). Problem: -------- Add filtering on sta3n for validator query that consumes a lot of resources (from MS call). Resolution: ----------- Implemented change for validator EnsurePatientAssignmentMaxOneForCareTypesAcrossThreeDigitStations.java 7. PCMMW-787 Resolve Fortify Issue: LDAP Entry Poisoning Problem: -------- High Fortify finding for LDAP Entry Poisoning Resolution: ----------- Removed unused classes that fortify flagged for the problem. 8. PCMMW-793 Resolve Fortify Issue: Race Condition Problem: -------- High Fortify finding for Race Condition. Resolution: ----------- Fixed by changing singleton's member to local variable so that it's not shared between users. 9. PCMMW-800 Resolve Fortify Issue: Unreleased Resource: Streams Problem: -------- High Fortify finding for Unreleased Resource: Streams. Resolution: ----------- Moved stream creation into try with resources block, so it's auto-closed and released. 10. PCMMW-1037 INC31293126 - PCMM FHM STA 436- Provider Role has a Trash Icon and Should Not Problem: -------- When creating a new team, the staffing model is based on the focus 1 when the team is created. When you create a team with the WH focus 1 and change the PCP role from WH Provider to PC Provider, the trash can is visible and vice versa, when creating a PC Only focus 1 team PC Provider to WH Provider, the trash can is visible. User should not be able to trash a CORE position regardless of the initial focus when creating a team. Resolution: ----------- The solution is to use appropriate model based on current caretype/focus/station instead of one that was used during creation. 11. PCMMW-802 If JobExecutionResultItemServiceImpl.java:71 call (update batch job item end time) fails, instead of failing whole auto-inactivation job retry with routing through JMS. Problem: -------- Update batch job item end time fails, instead of failing whole auto-inactivation job retry with routing through JMS. Resolution: ----------- Changed exception handling to continue processing and send update event through JMS queue so that entry can be added asynchronously later. 12. PCMMW-754 Address 508 Compliance Issue: Note 5, Defect 5: Critical - Functionality of content is not operable through a keyboard interface. Problem: -------- Throughout the product, some menu items cannot be operated with a keyboard but can be operated with a mouse. For example, on the Patient-Centered Management Module (PCMM) | PCMM screen (Submit (CHYSHR (#983))), after activating the Search for Patient | PCMM screen (Patient -> Search for Patient), the Home menu item and the Change Station menu item cannot be operated with a keyboard. Resolution: ----------- Resolved the issue where the Home and Change Station menus links could not be accessed through the keyboard. Additionally resorted the menu toolbar as requested in HDSO-7136. 13. PCMMW-777 Resolve Fortify Issue: Password Management: Password in Configuration File Problem: -------- High Fortify finding for Password Management: Password in Configuration File Resolution: ----------- Moved password to pcmm.properties that is only accessible by SAs and split group and network passwords from salt, so it's more secure. Adaptive Maintenance Tracking System Ticket(s) & Overview: ---------------------------------------------------------- 1. PCMMW-1349 508 Compliance - PCMM Banner UI Changes Problem: -------- Reorder that the main menu as follows: Home Change Station Patient Teams Rooms Non-VA Providers Reports Alerts Groups Administration Help/Reference I will remove the Reference tab and combine it with the Help tab. The order of the drop down is as follows: Web Help Primary Care Links Mental Health Links OEF/OIF/OND Links Reordering will be done to make accessing certain areas of PCMM more user friendly. Resolution: ----------- Resolved the issue where the Home and Change Station menus links could not be accessed through the keyboard. Additionally resorted the menu toolbar as requested in HDSO-7136. 2. PCMMW-789 Optimize AlerttDAOImpl.userHasActiveAlerts - current code is overly general and complicated. Problem: -------- Optimize AlerttDAOImpl.userHasActiveAlerts - current code is overly general and complicated. Resolution: ----------- Optimized AlerttDAOImpl.userHasActiveAlerts. 3. PCMMW-795 parenthesis in security warning screen Problem: -------- Warning in pcmm and um do not include spaces after parenthesis. Resolution: ----------- Updated warning in pcmm and um to include spaces after parenthesis. 4. PCMMW-807 Change PCMM Announcements language to reflect the updated PCMM banner order Problem: -------- The Announcements language changed from "PCMM completed migration from PITC to AITC 9/10/22..." to "Please note the following changes to the PCMM banner: Change Station is now located between "Home" and "Patient" menus The "Reference" menu has been relocated under the "Help" menu" Resolution: ----------- Created script to update wording in the database (to execute at deployment time). 5. PCMMW-774 Per MS advice - optimize validator queries to use sta3n where tables involved are partitioned on sta3n. Problem: -------- Validator queries should be optimized to use sta3n where tables involved are partitioned on sta3n. Resolution: ----------- Updated queries, added kill switch to turn optimization on and off. 6. PCMMW-791 Remove configuration parameters for lock and query timeouts for MS SQL Driver, since they do not work for WL SQL Driver. Problem: -------- Remove configuration parameters for lock and query timeouts for MS SQL Driver, since they do not work for WL SQL Driver. Resolution: ----------- Removed configuration parameters for lock and query timeouts for MS SQL Driver, since they do not work for WL SQL Driver. 7. PCMMW-788 Optimize vista sync to reduce repeatable writings of the same record to VistA. Problem: -------- Optimize vista sync to reduce repeatable writings of the same record to VistA. Resolution: ----------- Optimized vista sync to reduce repeatable writings of the same record to VistA. 8. PCMMW-794 Optimize UI "Validate Team Data Consistency" operation to use read-only transaction. Problem: -------- Optimize UI "Validate Team Data Consistency" operation to use read-only transaction. Resolution: ----------- Optimized UI "Validate Team Data Consistency" operation to use read-only transaction. 9. PCMMW-776 Add code to aide troubleshooting slow validations. Problem: -------- Add code to aide troubleshooting slow validations. Resolution: ----------- Added JMX call so validation can be invoked through JMX consolke and error can be inspected. Also, while validation runs thread name will be changed to "TeamValidation-" so it can be easily identified in debugger. 10. PCMMW-1403 Remove unneeded validations from the processing when "validate team consistency" is triggered from UI link. Problem: -------- Remove unneeded validations from the processing when "validate team consistency" is triggered from UI link. Resolution: ----------- Removed 2 unneeded validators from the flow to speed up the process. Test Sites: ----------- Memphis VA Medical Center (Memphis, TN) VA Montana Health Care System (Ft. Harrison, Miles City) SNOW Change Order #:--------------------CHG0474001 - Centralized Servers - Austin Information Technology Center, Austin, TX Software and Documentation Retrieval Instructions: -------------------------------------------------- PCMM Web patch, WEBP*1*37, is a centrally managed web-based application and will be implemented and deployed to a central web server. Sites do not need to download any file for the patch installation. Documentation describing the new functionality is included in this release. Documentation can be found on the VA Software Documentation Library at: https://www.domain.ext/vdl/. Documentation can also be obtained at https://download.vista.domain.ext/index.html/SOFTWARE. Documentation Title File Name --------------------------------------------------------------------- Deployment, Installation Back-Out, WEBP_1.0_37_DIBRG.DOCX and Rollback Guide WEBP_1.0_37_DIBRG.PDF --------------------------------------------------------------------- PCMM User Guide PCMM_WEB_UG.DOCX PCMM_WEB_UG.PDF Other Software Files: --------------------- This release also includes other software files. Other software files can be obtained by accessing the URL: https://download.vista.domain.ext/index.html/SOFTWARE File Name Description -------------------------------------------------------- PCMMR_EAR-1.37.07.EAR Installation file PCMMR_UNATTENDED_EAR-1.37.07.EAR Installation file cissUserManagement-1.37.02.EAR Installation file Patch Installation: =================== PCMM Web patch, WEBP*1*37, is a centrally managed web-based application and will be implemented and deployed to a central web server. No installation is required by sites. Pre/Post Installation overview: --------------------------------------- N/A. Pre-Installation Instructions: ------------------------------ Installation Instructions: ------------------------- ****************************************************************** ** PLEASE NOTE: THERE IS NO INSTALLATION FOR THIS PATCH. ** ****************************************************************** This informational patch, WEBP*1.0*37, is for PCMM Web. Installation is done on a centralized server. Please refer to the WEBP_1.0_37_DIBRG.PDF for more details. Post-Installation Instructions: ----------------------------- N/A Back-Out Plan: -------------------------- Backout plan is provided as part of deployment guide detailed in the Deployment, Installation Back-Out, and Rollback Guide (WEBP_1.0_37_DIBRG.PDF). Routine Information: ==================== No routines included. ============================================================================= User Information: Entered By : Date Entered : APR 01, 2024 Completed By: Date Completed: APR 25, 2024 Released By : Date Released : APR 25, 2024 ============================================================================= Packman Mail Message: =====================