11 posts tagged with "Fire Arrow Server"

Fire Arrow Server 1.11.0 has been released.

• (breaking) Token generation, binary upload, and CarePlan materialize operations no longer return distinct HTTP codes for unknown or deleted resource IDs
• (security) CareTeam-scoped access no longer includes patients outside the practitioner's actual teams
• (feature) New CarePlan $materialize and $dematerialize operations to start and stop task materialization without Subscription write access
• (bugfix) Token generation honors every matching practitioner-role-code rule, not only the first one in configuration
• (maintenance) HAPI FHIR 8.10.0 platform upgrade (HAPI CLI database migration required) and dependency updates including Spring Security 6.5.10 (CVE-2026-22732)

Fire Arrow Server 1.10.0 has been released.

• (feature) $generate-durable-token and $generate-one-time-token are now governed by all validators, not just Allowed
• (breaking) Token-generation rules using the wildcard resource: "*" are rejected at startup
• (security) Update Next.js to 16.2.6 (CVE-2026-23870, CVE-2026-44573, CVE-2026-44575, CVE-2026-44579, CVE-2026-44580, CVE-2026-44581, CVE-2026-44576, CVE-2026-44582, CVE-2026-45109)
• (feature) New _synchronous mode for CarePlan/$subscribe-due-events returns materialized Task IDs in the response
• (bugfix) Questionnaire media viewer recovers automatically when pre-signed URLs expire

Fire Arrow Server 1.9.1 has been released.

• (bugfix) Fix pre-signed attachment URLs not being recognized after client round-trip

Fire Arrow Server 1.8.2 has been released.

• (feature) Support _total search parameter in GraphQL

Fire Arrow Server 1.8.1 has been released.

• (feature) Display SampledData observations in charts with dynamic aggregation
• (bugfix) Fix urn:uuid: bundle references blocking logical identifier fallback in authorization

Fire Arrow Server 1.8.0 has been released.

• (security) Close search-parameter side-channel for property-filtered fields
• (feature) Resolve FHIR R4 conditional and logical Patient references in authorization
• (bugfix) Fix inherited roles being dropped when a child organization has a direct role
• (bugfix) Fix HFQL rejecting every request with 403 Forbidden when no explicit search/read rules are configured
• (maintenance) Dependency upgrades across server, UI, and tooling

Fire Arrow Server 1.7.0 has been released.

• (breaking) Task scheduling data now written to Task.restriction.period instead of Task.executionPeriod
• (security) Update Next.js to 16.2.3 (CVE-2026-23869)

Fire Arrow Server 1.6.1 has been released.

• (feature) Automatically ensure canonical URLs exist for definition resources in plans
• (bugfix) Reverse pre-signed Azure Blob URLs back to firearrow:// on resource updates

Fire Arrow Server 1.5.0 has been released.

• (feature) Add licensing system
• (bugfix) Fix CarePlan task scheduling drift after DST transitions
• (bugfix) Fix delivery tracking for message channel subscriptions

Fire Arrow Server 1.5.1 has been released.

• (feature) Show total number of search results instead of page size in the GraphQL count field
• (bugfix) Fix crash in development license handler preventing release versions from starting