============================================================================= Run Date: SEP 08, 2023 Designation: YS*5.01*229 Package : YS - MENTAL HEALTH Priority: Mandatory Version : 5.01 SEQ #171 Status: Released Compliance Date: OCT 09, 2023 ============================================================================= Subject: National Clozapine Registry 1.2.22.0 Hotfix Category: - Informational Description: ============ The purpose of Mental Health patch YS*5.01*229 is to address the Software Composition Analysis (SCA) security findings from the National Clozapine Registry (NCR) Graphical User Interface (GUI). The NCR application is used to track the use of Clozapine throughout Department of Veterans Affairs (VA). The NCR 1.2.22.2 GUI is available only to staff at the National Clozapine Coordinating Center (NCCC). NCR 1.2.22.2 is planned for release into the VA enterprise cloud. Deployment and installation are done by the Configuration Management Team (CMT). The software for this release will be hosted in the VA enterprise cloud servers. No site involvement is needed and there are no components added to Veterans Health Information Systems and Technology Architecture (VistA). This patch provides documentation of the changes made to this cloud-based application. Patch Components: ----------------- Files & Fields Associated: File Name (Number) Field Name (Number) ------------------ ------------------- Not Applicable (N/A) Forms Associated: Form Name File Number --------- ----------- N/A Mail Groups Associated: Mail Group Name New/Modified/Deleted --------------- -------------------- N/A Options Associated: Option Name New/Modified/Deleted Type -------------------- ---- N/A Protocols Associated: Protocol Name New/Modified/Deleted ------------- -------------------- N/A Security Keys Associated: Security Key Name ----------------- N/A Templates Associated: Template Name Type File Name (Number) ------------- ---- ------------------ N/A Remote Procedures Associated: Remote Procedure Name New/Modified/Deleted --------------------- -------------------- N/A Parameter Definitions Associated: Parameter Name New/Modified/Deleted -------------- -------------------- N/A Additional Information: New Service Requests (NSRs): ---------------------------- 201000703 SCA Findings: NCC-14006- SCA Finding- Chart.bundle.js- Upgrade Moment.js version to 2.29.2 NCC-14007- SCA Finding - Chart.bundle.js- Upgrade Moment.js version to 2.29.4 NCC-14009- SCA Finding- Chart.bundle.min.js- Upgrade Moment.js version to 2.29.2 NCC-14010- SCA Finding- Chart.bundle.min.js- Upgrade Moment.js version to 2.29.4 Problem: Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts the Node Package Manager (NPM) server users of Moment.js between versions 1.0.1 and 2.29.1, especially if the user-provided locale string is directly used to switch moment locale. Solution: Code fix will be implemented to update the moment.js libraries accordingly. Patient Safety Issues (PSIs): ----------------------------- N/A Defect Tracking System Ticket(s) and Overview: ---------------------------------------------- Test Sites: ----------- N/A Software and Documentation Retrieval Instructions: -------------------------------------------------- ****** N/A - This is an informational patch ONLY. ****** Documentation Title File Name ------------------- --------- N/A Patch Installation: ------------------- ****** This is an informational patch ONLY. ****** ****** There is NO install to be done by sites. ****** Pre/Post Installation Overview: ------------------------------- N/A Pre-Installation Instructions: ------------------------------ N/A Installation Instructions: -------------------------- ****** This is an informational patch ONLY. ****** ****** There is NO install to be done by sites. ****** Post-Installation Instructions: ------------------------------- N/A Back-Out/Roll Back Plan: ------------------------ N/A Patch Components: ----------------- Files & Fields Associated: File Name (Number) Field Name (Number) ------------------ ------------------- Not Applicable (N/A) Forms Associated: Form Name File Number --------- ----------- N/A Mail Groups Associated: Mail Group Name New/Modified/Deleted --------------- -------------------- N/A Options Associated: Option Name New/Modified/Deleted Type -------------------- ---- N/A Protocols Associated: Protocol Name New/Modified/Deleted ------------- -------------------- N/A Security Keys Associated: Security Key Name ----------------- N/A Templates Associated: Template Name Type File Name (Number) ------------- ---- ------------------ N/A Remote Procedures Associated: Remote Procedure Name New/Modified/Deleted --------------------- -------------------- N/A Parameter Definitions Associated: Parameter Name New/Modified/Deleted -------------- -------------------- N/A Additional Information: New Service Requests (NSRs): ---------------------------- Patient Safety Issues (PSIs): ----------------------------- N/A Defect Tracking System Ticket(s) and Overview: -------------------------------------------- Test Sites: ----------- N/A Software and Documentation Retrieval Instructions: -------------------------------------------------- ****** N/A - This is an informational patch ONLY. ****** Documentation Title File Name ------------------- --------- N/A Patch Installation: ------------------- ****** This is an informational patch ONLY. ****** ****** There is NO install to be done by sites. ****** Pre/Post Installation Overview: ------------------------------- N/A Pre-Installation Instructions: ------------------------------ N/A Installation Instructions: -------------------------- ****** This is an informational patch ONLY. ****** ****** There is NO install to be done by sites. ****** Post-Installation Instructions: ------------------------------- N/A Back-Out/Roll Back Plan: ------------------------ N/A Routine Information: ==================== No routines included. ============================================================================= User Information: Entered By : Date Entered : APR 26, 2023 Completed By: Date Completed: SEP 08, 2023 Released By : Date Released : SEP 08, 2023 ============================================================================= Packman Mail Message: ===================== No routines included