============================================================================= Run Date: JUN 08, 2020 Designation: XWB*1.1*71 Package : XWB - RPC BROKER Priority: Mandatory Version : 1.1 SEQ #53 Status: Released Compliance Date: JUL 09, 2020 ============================================================================= Subject: RPC Broker BDK (Broker Development Kit) fixes and security updates Category: - Informational - Enhancement (Mandatory) Description: ============ Patch XWB*1.1*71 RPC Broker Development Kit (BDK) with support for Delphi XE8, 10, 10.1, 10.2, and 10.3 Patch XWB*1.1*71 corrects a number of issues: o Patient Safety Issue (HITPS-2387), Mental Health providers are unable to renew medications in CPRS when a patient has more than one medication used by Mental Health providers. The issue arises when more than one medication is being renewed, the data received from First DataBank for drug<->drug interactions exceeds the allowable width of a string in the LPack function in the wsockc.pas code of the BDK. This patch widens the width from 999 characters to 99999 characters. o Broker Security Enhancement (BSE) breaking, applications compiled with the BDK provided with XWB*1.1*65 could no longer connect to a remote VistA instance using the BSE without the user having to enter his/her access/verify codes at the remote site. This patch corrects this issue. o A hidden dialog when a user entered incorrect access/verify codes, this only occurred after the first dialog was presented, the first dialog was visible to the user, subsequent dialogs for invalid access/verify codes were hidden behind the application window. This patch remedies this issue by ensuring the dialog is always in the front of the main application. o The inability to restart an unattended application, like the VistA Imaging Background Processor. If an unattended application was suddenly stopped by a VistA error, the application's context with VistA was removed, this prevented the application from reconnecting to VistA in an unattended fashion. This patch corrects this issue by preserving the context option that was initially created by the execution of the application. o The way in which Identity and Access Management (IAM) security (SAML) tokens were being retrieved was altering the way the token was presented to VistA, the original token structure was not sound, this patch changes the way the token is requested and how it is received from the IAM sever. o A user is unable to logon to a workstation with their PIV card, the user contacts the National Help Desk to receive a PIV exemption to allow them to logon with their Active Directory (AD) credentials (username and password). The BDK will now detect this and allow the user to use their AD credentials to secure a SAML token from IAM for logon to VistA via applications compiled with this version of the BDK. o When applications connecting to VistA were presented with the security banner, the text of the banner was not accessible to Screen Readers such as JAWS. This was caused by a Tab Stop not being set on the component which contains the banner text. This patch adds that Tab Stop and the text is readable by the Screen Reader. Backward Compatibility ====================== Patch XWB*1.1*71 is built on top of and includes all the BDK Delphi code of patch XWB*1.1*65, except for the change to IAM tokens as described above. Applications compiled with this version of the BDK will automatically incorporate these fixes into their applications. Distribution and Installation ============================= There is no action for VHA sites required by this patch. This patch is Programmer-Only Client-Only. There is no server side (VistA PackMan or KIDS) part to the patch. There are no client side (Windows executable) programs for VHA production workstations. The patch is intended for Delphi developer client workstations only. The BDK Delphi code is distributed as a zip file (XWB_1_1_P71.zip) on the anonymous directory sites. The zip file is intended for Delphi GUI application developers only. It contains all the source code and instructions for compiling and installing for Delphi XE8, 10, 10.1, 10.2, and 10.3, as well as a few sample programs. The installation of the BDK requires less than 30 Megabytes of disk space on a workstation. Blood Bank Team Coordination ============================ RISK ANALYSIS: Changes made by patch XWB*1.1*71 have no effect on Blood Bank software functionality, therefore RISK is none. Patch Components ================ Files & Fields Associated: ------------------------- Forms Associated: Form Name Type New/Modified/Deleted --------- ---- -------------------- N/A Options Associated: ------------------ Option Name Type New/Modified/Deleted ----------- ---- -------------------- N/A Protocols Associated: -------------------- N/A Security Keys Associated: ------------------------ N/A Templates Associated: -------------------- Template Name Type File Name (Number) New/Modified/Deleted ------------- ---- ------------------ -------------------- N/A Remote Procedure Calls Associated: --------------------------------- RPC Name Type New/Modified/Deleted -------- ---- -------------------- New Service Requests (NSRs) --------------------------- 20190202 - CPRS Enhancement: Order checks and broker call limits exceeded Patient Safety Issues (PSIs) ---------------------------- HITPS-2387 - Providers are unable to renew medications via CPRS for patients who have more than one Mental Health prescribed medication. SDM Ticket(s) & Overview ------------------------ N/A Test Sites: (Patch Tracking Message #N/A) ---------- Field test waiver: No field testable components included in patch. Patch Installation: ================== Pre-Installation Instructions ----------------------------- There are no pre-installation steps associated with patch XWB*1.1*71 Software and Documentation Retrieval Instructions: -------------------------------------------------- The software for this patch is being released using a host file. The host file is available at the following location: https://download.vista.domain.ext/index.html/SOFTWARE/XWB_1_1_P71.ZIP The install README file is available at the following location: https://download.vista.domain.ext/index.html/SOFTWARE/ XWB_1_1_P71_README.TXT Documentation describing the new functionality is included in this release. Documentation can be found on the VA Software Documentation Library at: https://www.domain.ext/vdl/application.asp?appid=23 The files containing the updated RPC Broker documentation may also be downloaded from the following location. https://download.vista.domain.ext/index.html/SOFTWARE/ RPC Broker Readme File (XWB_1_1_P71_README.TXT) RPC Broker Release Notes (XWB_1_1_RN.DOCX/.PDF) RPC Broker Patch XWB*1.1*71 Deployment, Installation, Back-Out, and Rollback (DIBR) Guide (XWB_1_1_DIBRG.DOCX/.PDF) RPC Broker Developer's Guide (XWB_1_1_DG.DOCX/.PDF) RPC Broker Online Help File (BROKER_1_1.CHM) RPC Broker Systems Management Guide (XWB_1_1_SM.DOCX/.PDF) RPC Broker User Guide (XWB_1_1_UG.DOCX/.PDF) RPC Broker Technical Manual (XWB_1_1_TM.DOCX/.PDF) NOTE: VistA documentation is made available online in Microsoft Word format (.DOC) and Adobe Acrobat Portable Document Format (.PDF). Documentation contained in the XWB_1_1_P71_README.txt file contains updated instructions for installing the RPC Broker BDK. Routine Information: ==================== No routines included. ============================================================================= User Information: Entered By : Date Entered : OCT 11, 2018 Completed By: Date Completed: JUN 03, 2020 Released By : Date Released : JUN 08, 2020 ============================================================================= Packman Mail Message: ===================== No routines included