2.1.0 - Security and Performance

General remarks:

• This is a feature update for DSF 2.x with security and performance improvements.
• To Update from an existing 2.x installation, please see the 2.x -> 2.1.0 Upgrade Guide.
• For a fresh deployment, follow the installation instructions.

Security Advisories:

• Missing Session Timeout for OIDC Sessions: GHSA-gj7p-595x-qwf5
• Inverted Time Comparison in OIDC JWKS and Token Cache: GHSA-xmj9-7625-f634

Bug Fixes:

• In previous versions starting processes via the FHIR server front-end failed, if Task resources used input parameter codes (Task.input.type) that were substrings of other input parameter codes (#442). The front-end code was fixed to handle these edge-cases.
• Process instances started with DSF 1.x failed to continue on DSF 2.x (#438). Fallback code was added to correctly read the old DSF 1.x Task process variables.
• A configuration error in the DsfClient used by v2 process plugins via the FHIR client connections API resulted in bearer tokens and basic authentication credentials not being send (#432). The feature registration order was fixed to send authentication credentials in the DsfClient implementation.

Feature Summary:

• An identifier constraint rule was added to the Task base profile http://dsf.dev/fhir/StructureDefinition/task for resources with status draft. The constraint adds a rule to the base profile that was previously only enforced via the TaskAuthorizationRule.
• The DSF FHIR server front-end was improved to display the Binary resource content inline. This feature is enabled for Binary resources with content-types: text/html and text/plain.
• The performance of allow-list and other bundle executions was improved by modifying the database schema and optimizing the FHIR server code base. A new current column was added to resource tables together with a number of new database indexes. A "not found" cache was added for metadata resources to reduce unnecessary database calls.
• Other security improvements were implemented and are detailed in the DSF 2.1.0 hardening measures document.
• Starting with this release our docker images are cryptographically signed. Take a look at the Verify Image Signatures document for details.

Docker images for this release can be accessed via the GitHub Docker registry - ghcr.io:

• bpe: ghcr.io/datasharingframework/bpe:2.1.0
  Digest: sha256:3ee7ef0ac201fc3776273fbfc2569bdc4edf724a2bb9f1b4a889eb7e13ff4049
• bpe_proxy: ghcr.io/datasharingframework/bpe_proxy:2.1.0
  Digest: sha256:c67da4a1720ea75a383764db2bf25619fe70f57773b1069029f5b49588eb1ecc
• fhir: ghcr.io/datasharingframework/fhir:2.1.0
  Digest: sha256:71599af143f0262a7265aa2bc4ea5a9660f11de6248a053e060b5667070203fd
• fhir_proxy: ghcr.io/datasharingframework/fhir_proxy:2.1.0
  Digest: sha256:9f11a3580c970314532f5951808be6fe72f1de7d53348e625d2dd0c95bcf1d96

Process Plugin API v1 on Maven Central:

<dependency>
    <groupId>dev.dsf</groupId>
    <artifactId>dsf-bpe-process-api-v1</artifactId>
    <version>2.1.0</version>
</dependency>

Process Plugin API v2 on Maven Central:

<dependency>
    <groupId>dev.dsf</groupId>
    <artifactId>dsf-bpe-process-api-v2</artifactId>
    <version>2.1.0</version>
</dependency>

DSF Maven Plugin on Maven Central:

<plugin>
    <groupId>dev.dsf</groupId>
    <artifactId>dsf-maven-plugin</artifactId>
    <version>2.1.0</version>
</plugin>

Issues closed:

• Security Improvements / Defense-in-Depth #453
• Upgrade Dependencies #448
• Improve Allow-List Bundle Execution Performance #443
• Form.js builds invalid Task resource when submitting form #442
• Add Identifier Constraint to Task Profile #440
• Process Instances from DSF 1.x Fail to Continue on DSF 2.x #438
• Start New Development Cycle #435
• Automate Docker Image Builds and Maven Central Deploys #434
• ClientConfig in DsfClientJersey overwrites Authentication Features #432

This release contains contributions from @EmteZogaf, @hhund, @jaboehri, @schwzr and @wetret.

2.0.2 - Maintenance Release

General remarks:

• This is an update for DSF 2.0.0 / 2.0.1.
• To Update from an existing 1.x installation, please see the 1.x -> 2.0.2 Upgrade Guide.
• To Update from an existing 2.x installation, please see the 2.x -> 2.0.2 Upgrade Guide.
• For a fresh deployment, follow the installation instructions.
• With this release a number of bugs were fixed.

Bug Fixes:

• The property key dev.dsf.bpe.fhir.client.connections.config.default.enable.debug.logging was used for unrelated configuration values to specify the default EnableDebugLogging value for FHIR client connections and the default OidcVerifyAuthorizedParty value for OIDC Client-Credentials-Flow connections. A new property key dev.dsf.bpe.fhir.client.connections.config.default.oidc.verify.authorized.party was added.
• A NoClassDefFoundError was throw when executing the num-process-dashboard-report process plugin in Version 1.0.0.0 and 1.1.0.0. Additional packages were added to the API v1 class allow list file.
• A process instance waiting for a timer event crashed on continuation if the process plugin was removed. The crash resulted in Task resources remaining in status in-progress. Additional error handling was implemented to update Task to a status failed.
• No debug log output was generated for code from the mii-processes-common module used in some medical informatics initiative process plugins. A new config property dev.dsf.log.min.level.loggers with default value was added to restore the DSF 1.x behavior.
• The API v2 setJsonVariable() mechanism was unable to serialize date/time objects from the java.time package. The ObjectMapper configuration was fixed and the JavaTimeModule added.

Docker images for this release can be accessed via the GitHub Docker registry - ghcr.io:

• bpe: ghcr.io/datasharingframework/bpe:2.0.2
• bpe_proxy: ghcr.io/datasharingframework/bpe_proxy:2.0.2
• fhir: ghcr.io/datasharingframework/fhir:2.0.2
• fhir_proxy: ghcr.io/datasharingframework/fhir_proxy:2.0.2

Process Plugin API v1 on Maven Central:

<dependency>
    <groupId>dev.dsf</groupId>
    <artifactId>dsf-bpe-process-api-v1</artifactId>
    <version>2.0.2</version>
</dependency>

Process Plugin API v2 on Maven Central:

<dependency>
    <groupId>dev.dsf</groupId>
    <artifactId>dsf-bpe-process-api-v2</artifactId>
    <version>2.0.2</version>
</dependency>

DSF Maven Plugin on Maven Central:

<plugin>
    <groupId>dev.dsf</groupId>
    <artifactId>dsf-maven-plugin</artifactId>
    <version>2.0.2</version>
</plugin>

Issues closed:

• API v2 Variables Fails to Serialize java.time Types #428
• Incomplete Debug Logging for MII Process Plugins #425
• Add DFN Community-PKI as Trusted Client CA #423
• Crash on Timer Continuation After Process Plugin Removal Leaves Task In-Progress #421
• Remove Duplicated Thumbprint Calculations #419
• Upgrade Dependencies #417
• NoClassDefFoundError While Executing Plugin num-process-dashboard-report #415
• Start New Development Cycle #412
• Property dev.dsf.bpe.fhir.client.connections.config.default.enable.debug.logging Used for Unrelated Configuration Values #411

This release contains contributions from @EmteZogaf, @hhund, @jaboehri, @schwzr and @wetret.

2.0.1 - Maintenance Release

General remarks:

• This is an update for DSF 2.0.0. A description of changes between the 1.9.0 and 2.0.0 releases can be found in the 2.0.0 release notes.
• To Update from an existing 1.x installation, please see the 1.x -> 2.0.1 Upgrade Guide.
• To Update from an existing 2.x installation, please see the 2.x -> 2.0.1 Upgrade Guide.
• For a fresh deployment, follow the installation instructions.
• With this release a startup bug related to ECC client certificate was fixed.

Bug Fixes:

• Starting the DSF 2.0.0 FHIR or BPE server with an ECC client certificate without keyEncipherment extension, resulted in a First certificate from '...' not a client certificate error (#405). The requirement for the keyEncipherment extension was removed with this release.

Docker images for this release can be accessed via the GitHub Docker registry - ghcr.io:

• bpe: ghcr.io/datasharingframework/bpe:2.0.1
• bpe_proxy: ghcr.io/datasharingframework/bpe_proxy:2.0.1
• fhir: ghcr.io/datasharingframework/fhir:2.0.1
• fhir_proxy: ghcr.io/datasharingframework/fhir_proxy:2.0.1

Process Plugin API v1 on Maven Central:

<dependency>
    <groupId>dev.dsf</groupId>
    <artifactId>dsf-bpe-process-api-v1</artifactId>
    <version>2.0.1</version>
</dependency>

Process Plugin API v2 on Maven Central:

<dependency>
    <groupId>dev.dsf</groupId>
    <artifactId>dsf-bpe-process-api-v2</artifactId>
    <version>2.0.1</version>
</dependency>

DSF Maven Plugin on Maven Central:

<plugin>
    <groupId>dev.dsf</groupId>
    <artifactId>dsf-maven-plugin</artifactId>
    <version>2.0.1</version>
</plugin>

Issues closed:

• Start New Development Cycle #406
• DSF Fails to Start with Certain ECC Client Certificates #405

This release contains contributions from @hhund and @schwzr.

2.0.0 - Major Release

General remarks:

• This is the 2.0.0 major release of the DSF. DSF installations in version 1.9.0 can be upgraded to this release.
• To Update an existing 1.x installation, please see the 1.9.0 -> 2.0.0 upgrade guide.
• For a fresh deployment, follow the installation instructions.
• A list of compatible process plugins can be found in the plugin install guide.

Feature Summary:

• With the 2.0.0 release the workflow engine for the DSF BPE Server was migrated from Camunda 7 to the community-driven, open-source BPMN engine Operaton. The migration includes a byte-code rewriting layer that allows existing v1 process plugins compiled against Camunda classes to continue running without recompilation.
• The release includes a new Process Plugin API v2, offering cleaner abstractions, new services and expanded metadata. The API introduces foundational support for FHIR validation services (planned to be fully activated in a future release) and provides utilities such as data encryption, compression and new logging facilities. Using the new FHIR server connections API, credentials for local FHIR data servers can be shared between process plugins, with password, mTLS and OIDC based authentication supported.
• Default FHIR profiles for all supported resources have been created for version 2.0.0 on the DSF FHIR Server, with automated data-migration to ensure compliance for existing installations. The authorization system now supports fine-grained, resource-specific roles and enhanced practitioner-based access control for Task and QuestionnaireResponse resources. Internal optimizations improve performance for Binary resources with a new size limit of resources constraint by PostgreSQL's 4TB limit of Large Objects (limits of forwarding- and reverse-proxies for uploads may be smaller).
• Finally, the user experience has been modernized with a more responsive layout and a new statistics panels on the FHIR server visible to administrators. Extensive configuration cleanup and unified logging controls simplify administration across both the BPE and FHIR servers.
• The DSF 2.0.0 code-base was upgraded to Java 25 and uses latest versions of Jetty and HAPI. A new dsf-maven-plugin was created to automate build steps and help process plugins developers in generating configuration documentation and docker-compose based DSF development setups.

Docker images for this release can be accessed via the GitHub Docker registry - ghcr.io:

• bpe: ghcr.io/datasharingframework/bpe:2.0.0
• bpe_proxy: ghcr.io/datasharingframework/bpe_proxy:2.0.0
• fhir: ghcr.io/datasharingframework/fhir:2.0.0
• fhir_proxy: ghcr.io/datasharingframework/fhir_proxy:2.0.0

Process Plugin API v1 on Maven Central:

<dependency>
    <groupId>dev.dsf</groupId>
    <artifactId>dsf-bpe-process-api-v1</artifactId>
    <version>2.0.0</version>
</dependency>

Process Plugin API v2 on Maven Central:

<dependency>
    <groupId>dev.dsf</groupId>
    <artifactId>dsf-bpe-process-api-v2</artifactId>
    <version>2.0.0</version>
</dependency>

DSF Maven Plugin on Maven Central:

<plugin>
    <groupId>dev.dsf</groupId>
    <artifactId>dsf-maven-plugin</artifactId>
    <version>2.0.0</version>
</plugin>

Issues closed:

• 1.9.0 to 2.0.0 Transition #400
• Fix 2.0.0-RC2 Bugs #397
• Add New D-Trust Server Certificate Root CAs #395
• Fix 2.0.0-RC1 Bugs #393
• Add Licence Headers #391
• Improve FHIR Server UI #388
• Delete dsf-fhir-auth and Move Code to dsf-fhir-server #387
• Upgrade to PostgreSQL 18 #385
• Rename Test-Setups to Dev-Setups #383
• Add Methods for Additional Metadata to v2 ProcessPluginDefinition #382
• Add FHIR Profiles for All Supported Resource Types #378
• Allow Updates to Output Parameters of in-progress Tasks via Plugin API #373
• Add Service to Validate FHIR Resources via Plugin API #372
• Improve User to Task and QuestionnaireResponse Association #367
• Extended FHIR Server User Role Config - Role Per Resource #365
• Migrate Camunda 7 to Operaton 1 #353
• Add Service With Data Compression Functions to Plugin API #349
• Simplify Prototype Scoped Bean Definition for BPMN Activities #347
• Runtime Access to ProcessPluginDefinition via API #346
• Properly Display FHIR Duration Type in DSF FHIR Server UI #344
• Add Library.content to HTML View #341
• Simplify Specification of Name, Version and Release-Date of Process Plugins Using Values From Maven pom #338
• DSF Maven Plugin: Add ability to generate .password-files #332
• Add Validation Support for Process Plugins #331
• Add DocumentReference HTML View #325
• Improve Allow-List and Enable Thumbprints on Endpoint Resources #317
• Reorganize dsf-tools Modules #315
• Extend dsf-tools-documentation-generator Maven Plugin for v2 Process Plugins #309
• Create Target Provider #307
• Upgrade Dependencies #301
• Upgrade to HAPI 8.0.0 #297
• Optimize FHIR Binary Resource Handling #296
• Add Mechanism to the API for Modifying Process Plugin FHIR Resources During Startup #292
• Remove Camunda Dependency from Process Plugin API v2 #284
• Validator Ignores CodeSystem Version #281
• Add BPE Integration Tests #271
• Add Mechanism to Manage Connections to Local FHIR Servers #270
• Port Fixes and Features From 1.7.0 to 2.0.0 #268
• Complete Class and Resource Allow Lists for ProcessPluginApiClassLoader #241
• Port Fixes and Features From 1.6.0 to 2.0.0 #239
• Add Methods for Accessing "Local" BPMN Variables to the Plugin API #210
• Add Service to Log Debug Information Including Context Information via Plugin API #209
• Add Service to Log Sensitive Data if Enabled via Plugin API #208
• Add Service to Access Trusted Certificate Authorities via Plugin API #207
• Add Service to Encrypt and Decrypt Binary Data via Plugin API #206
• Add Service to Check Mime-Type of Binary Data via Plugin API #205
• Add Default Trusted Certificate Authorities to Docker Images #204
• Upgrade to Jetty 12 #203
• Upgrade to Java 25 #202
• Web Application Style Class Loading for Process Plugins #201
• Create API v2 Maven Module #200
• Process Plugin API v2 #197
• Don't require DEV_DSF_FHIR_SERVER_ORGANIZATION_THUMBPRINT #177
• Add Constants for organization-role and practitioner-role CodeSystems #81
• Improve DefaultUserTaskListener #78

This release contains contributions from @alexanderkiel, @EmteZogaf, @hhund, @jaboehri, @MadMax93, @schwzr and @wetret.

Second Release Candidate for 2.0.0

General remarks:

• This is the second release candidate for the upcoming major version 2.0.0. Do not use this release in production.
• Two new default trusted server root CAs were added and a number of bugs fixed since the 2.0.0-RC1 release, for details see PRs: #394 and #396.

Feature Summary:

• With the 2.0.0 release the workflow engine for the DSF BPE Server was migrated from Camunda 7 to the community-driven, open-source BPMN engine Operaton. The migration includes a byte-code rewriting layer that allows existing v1 process plugins compiled against Camunda classes to continue running without recompilation.
• The release includes a new Process Plugin API v2, offering cleaner abstractions, new services and expanded metadata. The API introduces foundational support for FHIR validation services (planned to be fully activated in 2.1) and provides utilities such as data encryption, compression and new logging facilities. Using the new FHIR server connections API, credentials for local FHIR data servers can be shared between process plugins, with password, mTLS and OIDC based authentication supported.
• Default FHIR profiles for all supported resources have been created for version 2.0.0 on the DSF FHIR Server, with automated data-migration to ensure compliance for existing installations. The authorization system now supports fine-grained, resource-specific roles and enhanced practitioner-based access control for Task and QuestionnaireResponse resources. Internal optimizations improve performance for Binary resources with a new size limit of resources constraint by PostgreSQL's 4TB limit of Large Objects (limits of forwarding- and reverse-proxies for uploads may be smaller).
• Finally, the user experience has been modernized with a more responsive layout and a new statistics panels on the FHIR server visible to administrators. Extensive configuration cleanup and unified logging controls simplify administration across both the BPE and FHIR servers.
• The DSF 2.0.0 code-base was upgraded to Java 25 and uses latest versions of Jetty and HAPI. A new dsf-maven-plugin was created to automate build steps and help process plugins developers in generating configuration documentation and docker-compose based DSF development setups.

Docker images for this release can be accessed via the GitHub Docker registry - ghcr.io:

• bpe: ghcr.io/datasharingframework/bpe:2.0.0-RC2
• bpe_proxy: ghcr.io/datasharingframework/bpe_proxy:2.0.0-RC2
• fhir: ghcr.io/datasharingframework/fhir:2.0.0-RC2
• fhir_proxy: ghcr.io/datasharingframework/fhir_proxy:2.0.0-RC2

Process Plugin API v1 on Maven Central:

<dependency>
    <groupId>dev.dsf</groupId>
    <artifactId>dsf-bpe-process-api-v1</artifactId>
    <version>2.0.0-RC2</version>
</dependency>

Process Plugin API v2 on Maven Central:

<dependency>
    <groupId>dev.dsf</groupId>
    <artifactId>dsf-bpe-process-api-v2</artifactId>
    <version>2.0.0-RC2</version>
</dependency>

DSF Maven Plugin on Maven Central:

<plugin>
    <groupId>dev.dsf</groupId>
    <artifactId>dsf-maven-plugin</artifactId>
    <version>2.0.0-RC2</version>
</plugin>

Issues closed:

• Add New D-Trust Server Certificate Root CAs #395
• Fix 2.0.0-RC1 Bugs #393
• Add Licence Headers #391
• Improve FHIR Server UI #388
• Delete dsf-fhir-auth and Move Code to dsf-fhir-server #387
• Upgrade to PostgreSQL 18 #385
• Rename Test-Setups to Dev-Setups #383
• Add Methods for Additional Metadata to v2 ProcessPluginDefinition #382
• Add FHIR Profiles for All Supported Resource Types #378
• Allow Updates to Output Parameters of in-progress Tasks via Plugin API #373
• Add Service to Validate FHIR Resources via Plugin API #372
• Improve User to Task and QuestionnaireResponse Association #367
• Extended FHIR Server User Role Config - Role Per Resource #365
• Migrate Camunda 7 to Operaton 1 #353
• Add Service With Data Compression Functions to Plugin API #349
• Simplify Prototype Scoped Bean Definition for BPMN Activities #347
• Runtime Access to ProcessPluginDefinition via API #346
• Properly Display FHIR Duration Type in DSF FHIR Server UI #344
• Add Library.content to HTML View #341
• Simplify Specification of Name, Version and Release-Date of Process Plugins Using Values From Maven pom #338
• DSF Maven Plugin: Add ability to generate .password-files #332
• Add Validation Support for Process Plugins #331
• Add DocumentReference HTML View #325
• Improve Allow-List and Enable Thumbprints on Endpoint Resources #317
• Reorganize dsf-tools Modules #315
• Extend dsf-tools-documentation-generator Maven Plugin for v2 Process Plugins #309
• Create Target Provider #307
• Upgrade Dependencies #301
• Upgrade to HAPI 8.0.0 #297
• Optimize FHIR Binary Resource Handling #296
• Add Mechanism to the API for Modifying Process Plugin FHIR Resources During Startup #292
• Remove Camunda Dependency from Process Plugin API v2 #284
• Validator Ignores CodeSystem Version #281
• Add BPE Integration Tests #271
• Add Mechanism to Manage Connections to Local FHIR Servers #270
• Port Fixes and Features From 1.7.0 to 2.0.0 #268
• Complete Class and Resource Allow Lists for ProcessPluginApiClassLoader #241
• Port Fixes and Features From 1.6.0 to 2.0.0 #239
• Add Methods for Accessing "Local" BPMN Variables to the Plugin API #210
• Add Service to Log Debug Information Including Context Information via Plugin API #209
• Add Service to Log Sensitive Data if Enabled via Plugin API #208
• Add Service to Access Trusted Certificate Authorities via Plugin API #207
• Add Service to Encrypt and Decrypt Binary Data via Plugin API #206
• Add Service to Check Mime-Type of Binary Data via Plugin API #205
• Add Default Trusted Certificate Authorities to Docker Images #204
• Upgrade to Jetty 12 #203
• Upgrade to Java 25 #202
• Web Application Style Class Loading for Process Plugins #201
• Create API v2 Maven Module #200
• Process Plugin API v2 #197
• Don't require DEV_DSF_FHIR_SERVER_ORGANIZATION_THUMBPRINT #177
• Add Constants for organization-role and practitioner-role CodeSystems #81
• Improve DefaultUserTaskListener #78

This release contains contributions from @alexanderkiel, @EmteZogaf, @hhund, @jaboehri, @MadMax93, @schwzr and @wetret.

First Release Candidate for 2.0.0

General remarks:

• This is the first release candidate for the upcoming major version 2.0.0. Do not use this release in production.

Feature Summary:

• With the 2.0.0 release the workflow engine for the DSF BPE Server was migrated from Camunda 7 to the community-driven, open-source BPMN engine Operaton. The migration includes a byte-code rewriting layer that allows existing v1 process plugins compiled against Camunda classes to continue running without recompilation.
• The release includes a new Process Plugin API v2, offering cleaner abstractions, new services and expanded metadata. The API introduces foundational support for FHIR validation services (planned to be fully activated in 2.1) and provides utilities such as data encryption, compression and new logging facilities. Using the new FHIR server connections API, credentials for local FHIR data servers can be shared between process plugins, with password, mTLS and OIDC based authentication supported.
• Default FHIR profiles for all supported resources have been created for version 2.0.0 on the DSF FHIR Server, with automated data-migration to ensure compliance for existing installations. The authorization system now supports fine-grained, resource-specific roles and enhanced practitioner-based access control for Task and QuestionnaireResponse resources. Internal optimizations improve performance for Binary resources with a new size limit of resources constraint by PostgreSQL's 4TB limit of Large Objects (limits of forwarding- and reverse-proxies for uploads may be smaller).
• Finally, the user experience has been modernized with a more responsive layout and a new statistics panels on the FHIR server visible to administrators. Extensive configuration cleanup and unified logging controls simplify administration across both the BPE and FHIR servers.
• The DSF 2.0.0 code-base was upgraded to Java 25 and uses latest versions of Jetty and HAPI. A new dsf-maven-plugin was created to automate build steps and help process plugins developers in generating configuration documentation and docker-compose based DSF development setups.

Docker images for this release can be accessed via the GitHub Docker registry - ghcr.io:

• bpe: ghcr.io/datasharingframework/bpe:2.0.0-RC1
• bpe_proxy: ghcr.io/datasharingframework/bpe_proxy:2.0.0-RC1
• fhir: ghcr.io/datasharingframework/fhir:2.0.0-RC1
• fhir_proxy: ghcr.io/datasharingframework/fhir_proxy:2.0.0-RC1

Process Plugin API v1 on Maven Central:

<dependency>
    <groupId>dev.dsf</groupId>
    <artifactId>dsf-bpe-process-api-v1</artifactId>
    <version>2.0.0-RC1</version>
</dependency>

Process Plugin API v2 on Maven Central:

<dependency>
    <groupId>dev.dsf</groupId>
    <artifactId>dsf-bpe-process-api-v2</artifactId>
    <version>2.0.0-RC1</version>
</dependency>

DSF Maven Plugin on Maven Central:

<plugin>
    <groupId>dev.dsf</groupId>
    <artifactId>dsf-maven-plugin</artifactId>
    <version>2.0.0-RC1</version>
</plugin>

Issues closed:

• Add Licence Headers #391
• Improve FHIR Server UI #388
• Delete dsf-fhir-auth and Move Code to dsf-fhir-server #387
• Upgrade to PostgreSQL 18 #385
• Rename Test-Setups to Dev-Setups #383
• Add Methods for Additional Metadata to v2 ProcessPluginDefinition #382
• Add FHIR Profiles for All Supported Resource Types #378
• Allow Updates to Output Parameters of in-progress Tasks via Plugin API #373
• Add Service to Validate FHIR Resources via Plugin API #372
• Improve User to Task and QuestionnaireResponse Association #367
• Extended FHIR Server User Role Config - Role Per Resource #365
• Migrate Camunda 7 to Operaton 1 #353
• Add Service With Data Compression Functions to Plugin API #349
• Simplify Prototype Scoped Bean Definition for BPMN Activities #347
• Runtime Access to ProcessPluginDefinition via API #346
• Properly Display FHIR Duration Type in DSF FHIR Server UI #344
• Add Library.content to HTML View #341
• Simplify Specification of Name, Version and Release-Date of Process Plugins Using Values From Maven pom #338
• DSF Maven Plugin: Add ability to generate .password-files #332
• Add Validation Support for Process Plugins #331
• Add DocumentReference HTML View #325
• Improve Allow-List and Enable Thumbprints on Endpoint Resources #317
• Reorganize dsf-tools Modules #315
• Extend dsf-tools-documentation-generator Maven Plugin for v2 Process Plugins #309
• Create Target Provider #307
• Upgrade Dependencies #301
• Upgrade to HAPI 8.0.0 #297
• Optimize FHIR Binary Resource Handling #296
• Add Mechanism to the API for Modifying Process Plugin FHIR Resources During Startup #292
• Remove Camunda Dependency from Process Plugin API v2 #284
• Validator Ignores CodeSystem Version #281
• Add BPE Integration Tests #271
• Add Mechanism to Manage Connections to Local FHIR Servers #270
• Port Fixes and Features From 1.7.0 to 2.0.0 #268
• Complete Class and Resource Allow Lists for ProcessPluginApiClassLoader #241
• Port Fixes and Features From 1.6.0 to 2.0.0 #239
• Add Methods for Accessing "Local" BPMN Variables to the Plugin API #210
• Add Service to Log Debug Information Including Context Information via Plugin API #209
• Add Service to Log Sensitive Data if Enabled via Plugin API #208
• Add Service to Access Trusted Certificate Authorities via Plugin API #207
• Add Service to Encrypt and Decrypt Binary Data via Plugin API #206
• Add Service to Check Mime-Type of Binary Data via Plugin API #205
• Add Default Trusted Certificate Authorities to Docker Images #204
• Upgrade to Jetty 12 #203
• Upgrade to Java 25 #202
• Web Application Style Class Loading for Process Plugins #201
• Create API v2 Maven Module #200
• Process Plugin API v2 #197
• Don't require DEV_DSF_FHIR_SERVER_ORGANIZATION_THUMBPRINT #177
• Add Constants for organization-role and practitioner-role CodeSystems #81
• Improve DefaultUserTaskListener #78

This release contains contributions from @EmteZogaf, @hhund, @jaboehri, @MadMax93, @schwzr and @wetret.

1.9.0 - Dependency Upgrades and Non Root Reverse Proxy

General remarks:

• This is an update for the 1.x DSF and not compatible with 0.9.x and older versions developed at highmed/highmed-dsf.
• To Update an existing 1.x installation, please see the 1.8.0 -> 1.9.0 Upgrade Guide.
• For a fresh deployment, follow the installation instructions.
• With this release library dependencies have been updated.
• The integrated camunda engine of the DSF BPE server was upgraded to version 7.24, requiring a small change to the database schema of the DSF BPE.

Features:

• The HARICA Client Authentication RSA and ECC Issuing CAs have been added to default accepted client issuing CAs. Visit dsf.dev for a full list of default root and issuing CA.
• The Apache httpd based reverse proxy docker images fhir_proxy and bpe_proxy now execute as non root users. The fhir_proxy container executes with uid/gid 4101, the bpe_proxy container with uid/gid 4202.

Docker containers for this release can be access via the GitHub Docker registry - ghcr.io:

• bpe: ghcr.io/datasharingframework/bpe:1.9.0
• bpe_proxy: ghcr.io/datasharingframework/bpe_proxy:1.9.0
• fhir: ghcr.io/datasharingframework/fhir:1.9.0
• fhir_proxy: ghcr.io/datasharingframework/fhir_proxy:1.9.0

Issues closed:

• Add HARICA Client Authentication RSA and ECC Issuing CAs #363
• Upgrade Dependencies #359
• Start New Development Cycle #358
• Support for running the proxy containers as non-root by default #352

This release contains contributions from @EmteZogaf, @hhund, @jaboehri and @schwzr.

2.0.0-M4 - Fourth Milestone Pre Release

General remarks:

• This is the fourth milestone release for the upcoming major version 2.0.0. Do not use this release in production.

Features:

• Process Plugin API v2
• Improved allow list flexibility with thumbprints in Endpoint resources
• Support for large FHIR Binary resources up to 4 TB.
• Details see PRs #351, #350, #348, #345, #343, #342, #340, #339, #337, #336, #326, #322, #319, #318, #316, #314, #311, #310, #305, #304, #303, #302, #300, #299, #295, #293, #291, #290, #283, #282, #278, #273, #269, #244, #223, #221 and #212

Docker images in GitHub docker registry - ghcr.io:

• bpe: ghcr.io/datasharingframework/bpe:2.0.0-M4
• bpe_proxy: ghcr.io/datasharingframework/bpe_proxy:2.0.0-M4
• fhir: ghcr.io/datasharingframework/fhir:2.0.0-M4
• fhir_proxy: ghcr.io/datasharingframework/fhir_proxy:2.0.0-M4

Process Plugin API v1 on Maven Central:

<dependency>
    <groupId>dev.dsf</groupId>
    <artifactId>dsf-bpe-process-api-v1</artifactId>
    <version>2.0.0-M4</version>
</dependency>

Process Plugin API v2 on Maven Central:

<dependency>
    <groupId>dev.dsf</groupId>
    <artifactId>dsf-bpe-process-api-v2</artifactId>
    <version>2.0.0-M4</version>
</dependency>

Issues closed:

• Add Service With Data Compression Functions to Plugin API #349
• Simplify Prototype Scoped Bean Definition for BPMN Activities #347
• Runtime Access to ProcessPluginDefinition via API #346
• Add Library.content to HTML View #341
• Simplify Specification of Name, Version and Release-Date of Process Plugins Using Values From Maven pom #338
• Add Validation Support for Process Plugins #331
• Add DocumentReference HTML View #325
• Improve Allow-List and Enable Thumbprints on Endpoint Resources #317
• Reorganize dsf-tools Modules #315
• Extend dsf-tools-documentation-generator Maven Plugin for v2 Process Plugins #309
• Create Target Provider #307
• Upgrade Dependencies #301
• Upgrade to HAPI 8.0.0 #297
• Optimize FHIR Binary Resource Handling #296
• Add Mechanism to the API for Modifying Process Plugin FHIR Resources During Startup #292
• Remove Camunda Dependency from Process Plugin API v2 #284
• Validator Ignores CodeSystem Version #281
• Add BPE Integration Tests #271
• Add Mechanism to Manage Connections to Local FHIR Servers #270
• Port Fixes and Features From 1.7.0 to 2.0.0 #268
• Complete Class and Resource Allow Lists for ProcessPluginApiClassLoader #241
• Port Fixes and Features From 1.6.0 to 2.0.0 #239
• Add Methods for Accessing "Local" BPMN Variables to the Plugin API #210
• Add Service to Encrypt and Decrypt Binary Data via Plugin API #206
• Add Service to Check Mime-Type of Binary Data via Plugin API #205
• Upgrade to Jetty 12 #203
• Upgrade to Java 21 #202
• Web Application Style Class Loading for Process Plugins #201
• Create API v2 Maven Module #200
• Add Constants for organization-role and practitioner-role CodeSystems #81
• Improve DefaultUserTaskListener #78

This release contains contributions from @hhund, @jaboehri, @schwzr and @wetret.

1.8.0 - Dependency Upgrades and UI Fixes

General remarks:

• This is an update for the 1.x DSF and not compatible with 0.9.x and older versions developed at highmed/highmed-dsf.
• To Update an existing 1.x installation, please see the 1.7.1 -> 1.8.0 Upgrade Guide.
• For a fresh deployment, follow the installation instructions.
• With this release, library dependencies have been updated and small bugs in the UI of the DSF FHIR have been fixed.
• The integrated camunda engine of the DSF BPE server was upgraded to version 7.23, requiring a small change to the database schema of the DSF BPE and thus making this the 1.8.0 and not a 1.7.2 release.

Bug Fixes:

• Task resources with status draft were not correctly rendered if an optional input parameter was not defined in the Task resource (#306).
• Boolean input parameters of Task resource with status draft, were not included in the created Task resource with status requested if the false option was selected (#323).

Docker containers for this release can be access via the GitHub Docker registry - ghcr.io:

• bpe: ghcr.io/datasharingframework/bpe:1.8.0
• bpe_proxy: ghcr.io/datasharingframework/bpe_proxy:1.8.0
• fhir: ghcr.io/datasharingframework/fhir:1.8.0
• fhir_proxy: ghcr.io/datasharingframework/fhir_proxy:1.8.0

Issues closed:

• FHIR UI: Task Boolean Input Parameter With Value False Not Included in Created Task #323
• Upgrade Dependencies #320
• Start New Development Cycle #312
• Migrate OSSRH Namespace to Central Portal #308
• Fix Cardinality Handling on Draft Tasks (Templates) with Missing Optional Inputs #306
• Adapt Github Actions to build on pull request #163

This release contains contributions from @hhund, @schwzr and @wetret.

2.0.0-M3 - Third Milestone Pre Release

General remarks:

• This is the third milestone release for the upcoming major version 2.0.0. Do not use this release in production.

Features:

• Process Plugin API v2
• Improved allow list flexibility with thumbprints in Endpoint resources
• Support for large FHIR Binary resources up to 4 TB.
• Details see PRs #326, #322, #319, #318, #316, #314, #311, #310, #305, #304, #303, #302, #300, #299, #295, #293, #291, #290, #283, #282, #278, #273, #269, #244, #223, #221 and #212

Docker images in GitHub docker registry - ghcr.io:

• bpe: ghcr.io/datasharingframework/bpe:2.0.0-M3
• bpe_proxy: ghcr.io/datasharingframework/bpe_proxy:2.0.0-M3
• fhir: ghcr.io/datasharingframework/fhir:2.0.0-M3
• fhir_proxy: ghcr.io/datasharingframework/fhir_proxy:2.0.0-M3

Process Plugin API v1 on Maven Central:

<dependency>
    <groupId>dev.dsf</groupId>
    <artifactId>dsf-bpe-process-api-v1</artifactId>
    <version>2.0.0-M3</version>
</dependency>

Process Plugin API v2 on Maven Central:

<dependency>
    <groupId>dev.dsf</groupId>
    <artifactId>dsf-bpe-process-api-v2</artifactId>
    <version>2.0.0-M3</version>
</dependency>

Issues closed:

• Add DocumentReference HTML View #325
• Improve Allow-List and Enable Thumbprints on Endpoint Resources #317
• Reorganize dsf-tools Modules #315
• Extend dsf-tools-documentation-generator Maven Plugin for v2 Process Plugins #309
• Create Target Provider #307
• Upgrade Dependencies #301
• Upgrade to HAPI 8.0.0 #297
• Optimize FHIR Binary Resource Handling #296
• Add Mechanism to the API for Modifying Process Plugin FHIR Resources During Startup #292
• Remove Camunda Dependency from Process Plugin API v2 #284
• Validator Ignores CodeSystem Version #281
• Add BPE Integration Tests #271
• Add Mechanism to Manage Connections to Local FHIR Servers #270
• Port Fixes and Features From 1.7.0 to 2.0.0 #268
• Complete Class and Resource Allow Lists for ProcessPluginApiClassLoader #241
• Port Fixes and Features From 1.6.0 to 2.0.0 #239
• Add Methods for Accessing "Local" BPMN Variables to the Plugin API #210
• Add Service to Encrypt and Decrypt Binary Data via Plugin API #206
• Add Service to Check Mime-Type of Binary Data via Plugin API #205
• Upgrade to Jetty 12 #203
• Upgrade to Java 21 #202
• Web Application Style Class Loading for Process Plugins #201
• Create API v2 Maven Module #200
• Add Constants for organization-role and practitioner-role CodeSystems #81
• Improve DefaultUserTaskListener #78

This release contains contributions from @hhund, @jaboehri, @schwzr and @wetret.