-
Notifications
You must be signed in to change notification settings - Fork 277
4.5.0 What's New
Summary
- Core Mirth Connect
-
Security Improvements
-
Library Updates
- Updated Apache commons-beanutils to 1.9.4
- Updated Apache commons-compress to 1.24.0
- Added Apache commons-digester3 3.2
- Updated Apache commons-fileupload to 1.5
- Updated Apache commons-io to 2.13.0
- Updated Apache commons-lang3 to 3.13.0
- Updated Apache Derby to 10.14.2.0
- Updated Apache Velocity Engine to 2.3
- Updated Apache Velocity Tools to 3.1
- Updated Apache Xerces to 2.12.2
- Updated Jackson to 2.14.3
- Removed Jasypt Library
- Updated JDOM to JDOM2 2.0.6.1
- Updated Jetty to 9.4.53
- Replaced JSch Library with mwiede's Implementation
- Updated MySQL JDBC Driver to 8.1.0
- Updated Netty to 4.1.97
- Updated PostgreSQL JDBC Driver to 42.6.0
- Updated Quartz Scheduler to 2.3.2
- Removed SoapUI and XMLBeans Libraries
- Updated SQLite JDBC Driver to 3.43.2.1
- Removed woodstox-core and stax2-api Libraries
- Updated XStream to 1.4.20
- Functional Changes
-
Library Updates
- Commercial Extension Improvements
- Docker Images
We fixed an issue where the Ports in Use
dialog would not display when a filter/transformer contains a variable named 'listenerConnectorProperties'.
We fixed an issue which failed to include an attachment when reprocessing a multipart message. This affects messages where the attachment is not embedded within the raw message but is included in a separate boundary within the multipart message.
We've updated Apache commons-beanutils from version 1.9.3 to 1.9.4. This update addresses the following vulnerability:
We've updated Apache commons-compress from version 1.17 to 1.24.0. This update addresses the following vulnerabilities:
We've added the Apache commons-digester3-3.2 library. We've removed the Apache commons-digester-2.0 library from all components. If you are referencing this library in your code, please refer to the commons-digester3-3.2 library instead. This change addresses the following vulnerabilities:
We've updated Apache commons-fileupload from version 1.4 to 1.5. This update addresses the following vulnerability:
We've updated Apache commons-io from version 2.6 to 2.13.0. This update addresses the following vulnerability:
We've updated Apache commons-lang3 from version 3.9 to 3.13.0. There are no vulnerabilities associated with this library. We've removed the Apache commons-lang-2.6 library from all components. If you are referencing this library in your code, please refer to the commons-lang3-3.13.0 library instead.
We've updated Apache derby and derbytools from version 10.10.2.0 to 10.14.2.0. This update addresses the following vulnerabilities:
We've updated Apache velocity-engine-core from version 2.2 to 2.3. This update addresses the following vulnerabilities:
We've updated Apache velocity-tools-generic from version 3.0 to 3.1. This update addresses the following vulnerabilities:
We've updated Apache Xerces from version 2.9.1 to 2.12.2. This update addresses the following vulnerabilities:
We've also updated Apache xml-apis from version 1.0.b2 to 1.4.01. There are no vulnerabilities associated with this library, but it is a dependency of Xerces, and it was required to update it.
We've updated several Jackson libraries from version 2.11.3 to 2.14.3. This update addresses the following vulnerabilities:
We've removed the jasypt library. This update addresses the following vulnerability:
We've updated the JDOM library from version 1.1.1 to JDOM2 version 2.0.6.1. This update addresses the following vulnerabilities:
We've updated several Jetty libraries from version 9.4.44 to 9.4.53. We've also updated several Jetty library dependencies (javax and asm). This update addresses the following vulnerabilities:
- CVE-2022-2047
- CVE-2022-2048
- CVE-2023-26048
- CVE-2023-26049
- CVE-2023-36478
- CVE-2023-36479
- CVE-2023-40167
- CVE-2023-41900
- CVE-2023-44487
We've replaced the official JSch library with the most recent version of mwiede's implementation which is a drop-in replacement. The official library is no longer maintained, while mwiede's library is actively maintained with bug fixes and security updates. Thanks to jonbartels for submitting the community issue and the pull request.
We've updated MySQL JDBC Driver from version 8.0.16 to 8.1.0. This update addresses the following vulnerability:
We've updated Netty from version 4.1.53 to 4.1.97. This update addresses the following vulnerabilities:
- CVE-2021-37136
- CVE-2021-37137
- CVE-2022-41881
- CVE-2021-21290
- CVE-2021-21295
- CVE-2021-21409
- CVE-2021-43797
- CVE-2022-24823
We have also updated the Netty NIO client to 2.20.140 and Netty reactive streams to 2.0.8.
We've updated PostgreSQL JDBC Driver from version 42.2.19 to 42.6.0. This update addresses the following vulnerabilities:
We've updated Quartz Scheduler from version 2.1.7 to 2.3.2. This update addresses the following vulnerability:
We've removed the SoapUI and XMLBeans libraries. This update addresses the following vulnerability in XMLBeans, which is a dependency of SoapUI:
We've updated SQLite JDBC Driver from version 3.7.2 to 3.43.2.1. This update addresses the following vulnerabilities:
We've removed the woodstox-core and stax2-api libraries. This update addresses the following vulnerability:
We've updated XStream from version 1.4.19 to 1.4.20. This update addresses the following vulnerabilities:
We fixed an issue that affected users upgrading to 4.2.0 or later. Any channels using the HDH Sender or HDH transformer steps could stop functioning after upgrading. Users would see UI bugs, and messages would have unexpected errors. This issue is fixed in 4.5.0.
We have updated the DUO Authentication to use the new Universal Prompt because the Traditional Prompt will no longer be accessible after March 30, 2024. If you are using the DUO Authentication with the Multi-Factor Authentication Plugin, do the following:
- Upgrade to 4.5.0 from a previous version
- Start Mirth Connect (login will look the same for DUO authentication)
- Go to your DUO account
- Select Applications and Mirth Connect Application
- Select
Show New Universal Prompt
- Restart Mirth Connect (login will change to the new prompt)
If you choose not to upgrade before March 30, 2024, you need to disable your DUO setting.
- Home
- Frequently Asked Questions
- Source Code Contribution
- Java Licensing
- How to Contribute to the Wiki
- Administrator Launcher (MCAL)
-
Mirth Connect
-
Release Notes
- 4.5.0 - What's New
- 4.4.0 - What's New
- 4.3.0 - What's New
- 4.2.0 - What's New
- 4.1.0 - What's New
- 4.0.0 - What's New
- 3.12.0 - What's New
- 3.11.0 - What's New
- 3.10.0 - What's New
- 3.9.0 - What's New
- 3.8.0 - What's New
- 3.7.0 - What's New
- 3.6.0 - What's New
- 3.5.0 - What's New
- 3.4.0 - What's New
- 3.3.0 - What's New
- 3.2.0 - What's New
- 3.1.0 - What's New
- 3.0.0 - What's New
- Upgrading
-
Release Notes
- User Guide
- Commercial Extensions
- Examples and Tutorials