CONNECT 5.0 Release Notes

Disclaimer

All capabilities designed, developed, and tested during the CONNECT 5.0 project time frame are described below. Known defects in the product are listed below as well as in the CONNECT Issue Tracker tool. Defects which may occur within the product may not be limited to these issues. This product and the accompanying written materials are provided "as is" without warranty or guarantee of any kind. Furthermore, no representations made regarding the use, or the results of use, of the product in terms of correctness, accuracy, reliability, currency, or otherwise is warranted or guaranteed. The Federal Health Architecture (FHA) shall not be held liable for any direct, indirect, consequential, or incidental damages arising out of the use of or the inability to use this product.

Version History

Version#

Date

Modified By

Description of Modification

0.105/25/2017Sovann HuynhInitial Draft

Summary

Release 5.0 continues to build on the functionality and architecture introduced in Release 4.0 through additional features, selected improvements, and bug fixes. We encourage the CONNECT community to upgrade to Release 5.0 to take advantage of these updates. Details can be found in the following subsections:

Enhancements and Announcements

CXF upgrade

/wiki/spaces/CONNECTWIKI/pages/110198793 to utilize a higher version of CXF (3.1.9). In addition to the security updates inherent in the CXF upgrade itself. older code was refactored and Spring, OpenSAML and WS Security updates were required as well. Jar dependencies were also minimized, resulting in an overall lighter software bundle.

Java JDK 1.8

CONNECT 5.0 source code can now be compiled with JDK 1.8, allowing it to be reinforced by the latest SonarQube security scans.  Code quality improvements stemming from the analysis and resolution of these latest security scan findings result in a more secure messaging platform.

Custom HTTP headers

/wiki/spaces/CONNECTWIKI/pages/110198796 can now be added to outgoing NwHIN requests and in a responding CONNECT gateway, these headers are forwarded from one component adapter to another

UDDI timestamp

When enabled in gateway.properties, a timestamp attribute is added to the UDDI file to signify the last time the file was downloaded

Audit.properties editor

Similar to the existing gateway.properties and adapter.properties editor, /wiki/spaces/CONNECTWIKI/pages/116898885 can now be edited within the CONNECT Admin GUI

TLS version for UDDI

TLS versions for UDDI updates are now configurable, allowing CONNECT to utilize one /wiki/spaces/CONNECTWIKI/pages/118035664 another for HIE transactions

JBoss EAP 7 support

JBoss Application Server is no longer a supported version for CONNECT post 5.0. In its place, JBoss EAP 7 is now officially supported by the FHA CONNECT product team.

Specification compliance and conformance update

NIST Testing

CONNECT 5.0 was tested and successfully validated utilizing the new /wiki/spaces/CONNECTWIKI/pages/39125124test cases for SOAP-based transport/XDR and Direct transport testing.

eHealth Exchange Testing

CONNECT 5.0 was successfully tested against the eHealth Exchange test cases for participant and product certification. Details on the testing can be found at /wiki/spaces/CONNECTWIKI/pages/39125109. There are no open CONNECT issues related to participant testing.

Security Scans findings and security update

The CONNECT team as part of the release readiness process in 5.0, identified and addressed findings based on security scans performed on the CONNECT gateway code base. Several tools were used including Fortify, SonarQube, OWASP Dependency Checks and FindBugs as part of the scans executed on the 5.0 code.  All Critical, High, Medium, and Cat 1 Low findings were addressed and the team will continue to work with the federal partners to ensure the code quality meets their implementation requirements. Addressing these security findings will ensure adopters deploy a more secure implementation and will assist in meeting their organization's internal security reviews, as they deploy CONNECT in their preferred environments. 

Release Testing update

CONNECT 5.0 was install-tested in multiple environments and with multiple operating systems to support the federal partner environments and application servers/configurations used by the community.  As with each release, CONNECT was regression tested as well as integration tested against prior supported versions of CONNECT. Test summary report is /wiki/spaces/CONNECTWIKI/pages/117580903. See below the testing matrix with the application servers/OS that were utilized for release testing.

Testing summary by Operating system and application server for 5.0 


App Server

WebSphere 
Enterprise

(Version 8.5.5.3)


WebLogic12c

(Version 12.1.1)

WildFly
(Version 8.2.1)

JBoss

(Version EAP 7)

OS






Windows 64




BSD, A, IO, R


Sparc Solaris
B, D, A, IO


Linux 64



BD, A, IO


B, D, A, IO

Legend:

  • S – Source Code Installation and Validation
  • B – Binary Installation and Validation
  • R – Regression
  • IO – Interoperability
  • A – Admin GUI (IE v11, Chrome)
  • D – Direct Tested

Product Development Notes

Open source application server – WildFly

From a product development perspective, the team uses WildFly as the team-supported open source application server. We are aware of community members using CONNECT on JBoss EAP, the enterprise version of WildFly. We have published instructions for FIPS configurations on /wiki/spaces/CONNECTWIKI/pages/108691466 and WildFly.

Development, installation and new feature testing will be done on WebLogic, WebSphere, JBoss EAP 7 and WildFly only.

Known issues 

Issue
CONNECTDirectConfig - postmasterAddressId Not Populating when adding a Domain

Direct Interop: Multi-Recipient Messages(Inbound) issue when recipient is one of many recipients in the message