Version 14.5.15(released on 2024-09-20)
Major bug fix: When importing data (via Data Import Tool, API, Mobile App, etc.) into a project that contains Data Access Groups, an erroneous message might be returned stating that the records being imported cannot be modified because they do not belong to the user's DAG, in which it names existing records in the project (not the records being imported). This would prevent the data import process from starting, and if using the Background Data Import, that process might mistakenly fail midway through the import, thus needing to be re-imported. Bug emerged in the previous version. (Ticket #240514)
Bug fix: Further fixes for a possible upgrade error with regard to foreign keys on specific tables that occur for some installations under specific circumstances.
Bug fix: If a survey has the e-Consent Framework enabled and also has "Save & Return Later" enabled with "Allow respondents to return and modify completed responses", this combination could cause major issues with regard to the state of the data of a participant's informed consent if they are allowed to modify their own completed e-Consent response. In this specific situation going forward, the "Allow respondents to return and modify completed responses" setting will be automatically disabled and thus will prevent participants from modifying their completed e-Consent response. Additionally, the "Allow respondents to return and modify completed responses" setting will be disabled on the Survey Settings page if the current survey has the e-Consent Framework enabled, and it will display a note beneath the setting to inform users why it is disabled. (Ticket #240265)
Bug fix: The page number that is displayed near the top right of multi-page surveys would mistakenly not be fully right-aligned on the page when using a non-fixed width setting for the survey page.
Bug fix: When exporting data to SPSS, any field labels longer than 256 bytes would result as an error when loaded into SPSS.
Bug fix: When using Shibboleth authentication for REDCap, and a survey participant opens a survey page that contains an inline PDF, the PDF might mistakenly not be displayed but would display a login page inside an iframe. (Ticket #240240)
Bug fix: When using the Data Resolution Workflow along with Data Access Groups in a project, if a user attempts to assign a data query to a user, in some situations the drop-down list of assignable users would mistakenly list users that are not currently eligible to be assigned to the data query because they are not currently assigned to the record's DAG. It should only list users that are currently in the record's DAG (or users not in any DAG) if the record itself is assigned to a DAG. This bug was supposedly fixed in REDCap 13.10.2 but mistakenly was not. (Ticket #213770b)
Version 14.5.14(released on 2024-09-18)
Major bug fix: Resolved an issue in the CDIS module that caused errors and disrupted normal operations in environments running PHP versions lower than 8.0. This bug affected: CDP auto-adjudication process, Mapping helper usage, and Data Mart operations. The fix ensures proper handling of user data, allowing CDIS to function smoothly across different PHP versions. Bug emerged in the previous release. (Ticket #240182)
Bug fix: Fix possible upgrade error with regard to foreign keys on specific tables that occurs for some installations under specific circumstances.
Bug fix: When a repeating instrument is enabled as a survey, and a participant navigates to that survey with "&new" appended to the URL to denote that a new repeating instance should be created from that response, the survey page would mistakenly get pre-filled with existing data if instance 1 of the instrument contains data and was created via a data entry form. When "&new" is appended to a survey URL, the survey should never get pre-filled with any saved data. (Ticket #239909)
Bug fix: When executing a custom data quality rule on a multi-arm project, in which the rule's logic implies that only records in certain arms should be returned in the results, the results might mistakenly return false positives of data from arms in which the records do not actually exist. (Ticket #237137)
Bug fix: When exporting the Logging page as a CSV file, some logged events (e.g., "Invalid SMS response") might mistakenly say "Record 101" rather than just "101" in the record column of the CSV file. This is inconsistent with how the record name is displayed in that column for other logged events. (Ticket #239394)
Bug fix: When reports or data exports are sorted by a multiple choice field that has only integers as its choice codes, the data for that field would mistakenly be sorted as a text string rather than appropriately sorted as a number.
Bug fix: When using Shibboleth authentication, in which the "URL for Shibboleth SP Session Initiator" is defined, the user might not get redirected back to their current page after performing a successful login.
Bug fix: When using Twilio or Mosio, it would mistakenly not send SMS messages to U.S. phone numbers with certain newer area codes, including 787 and 939. This bug was supposedly fixed in REDCap 14.0.33 LTS and 14.4.1 Standard Release, but mistakenly it was not. (Ticket #234300b)
Bug fix: When using surveys with enhanced radios/checkboxes together with LH orientation and an RTL language for Multi-Language Management, the standard radios/checkboxes would mistakenly be visible, and the order of the enhanced radios was not following proper RTL alignment.
Bug fix: When viewing a survey page with date or datetime fields, in which the "Size of survey text" setting is "Large" or "Very large", the values inside the date/datetime fields might appear truncated/cut off on the page. Note: This does not affect the actual value from being saved. (Ticket #239174)
Version 14.5.13(released on 2024-09-17)
Critical security fix: A Remote Code Execution vulnerability was found in which a malicious user who is logged in could potentially exploit it by manipulating an HTTP request to a specific External Module Framework endpoint. If successfully exploited, this could allow the attacker to remotely execute arbitrary code on the REDCap server. This vulnerability exists in REDCap 11.0.0 and higher.
Critical security fix: A Remote Code Execution vulnerability was found in which a malicious user who is logged in could potentially exploit it by manipulating an HTTP request to the Data Import Tool page while uploading a specially-crafted CDISC ODM XML file. If successfully exploited, this could allow the attacker to remotely execute arbitrary code on the REDCap server. This vulnerability exists in REDCap 6.12.0 and higher.
Major security fix: A Cross-Site Request Forgery (CSRF) Bypass vulnerability was found in which a malicious user could potentially exploit it by manipulating an HTTP request to any URL in the system by tricking an authenticated user to click a specially-crafted link that could bypass the CSRF check and submit information (including changing REDCap system configuration values) on behalf of the user or admin. This vulnerability exists in REDCap 13.4.0 and higher.
Major security fix: A Local File Inclusion (LFI) vulnerability was discovered in which a malicious user could potentially exploit it by setting the path of the hook function file on the General Configuration page to a value containing specific characters in order to bypass the check that ensures that the file path points to a PHP file. The user must have "Modify system configuration pages" administrator privileges in order to exploit this. This bug affects all known REDCap versions.
Major security fix: A Stored XSS (Cross-site Scripting) vulnerability was discovered in which a malicious user could potentially exploit it by inserting custom HTML and JavaScript in a specially crafted way that can be exploited on the following pages: Alerts & Notifications, Stats & Charts, and the main REDCap Home Page. This vulnerability can only be exploited by authenticated users. Bug exists in all REDCap versions.
Medium security fix: A Blind SQL Injection vulnerability was found on certain Clinical Data Mart (CDM) related pages, in which a malicious user could potentially exploit it and execute arbitrary SQL commands on the database by manipulating an HTTP request in a specially-crafted way. The user must have "Access to all projects and data with maximum user privileges" administrator privileges in order to exploit this. This bug affects all known REDCap versions.
Medium security fix: A Blind SQL Injection vulnerability was found on several Control Center pages, in which a malicious user who has co-opted a REDCap admin account could potentially exploit it and execute arbitrary SQL commands on the database by manipulating an HTTP request in a specially-crafted way. The user must have "Modify system configuration pages" administrator privileges in order to exploit this. This bug affects all known REDCap versions.
Medium security fix: A Blind SQL Injection vulnerability was found on the Edit Project Settings page, in which a malicious user could potentially exploit it and execute arbitrary SQL commands on the database by manipulating an HTTP request in a specially-crafted way. The user must have "Access to all projects and data with maximum user privileges" administrator privileges in order to exploit this. This bug affects all known REDCap versions.
Medium security fix: A Blind SQL Injection vulnerability was found on the Online Designer page, in which a malicious user could potentially exploit it and execute arbitrary SQL commands on the database by manipulating an HTTP request in a specially-crafted way. The user must be logged in to REDCap in order to exploit this. This bug affects all known REDCap versions.
Medium security fix: A Blind SQL Injection vulnerability was found on the Send-It upload page, in which a malicious user could potentially exploit it and execute arbitrary SQL commands on the database by manipulating an HTTP request in a specially-crafted way. The user must be logged in to REDCap in order to exploit this. This bug affects all known REDCap versions.
Version 14.5.12(released on 2024-09-15)
Major bug fix: In rare cases where radio field choices are being piped on a form or survey, the page might mistakenly never fully load due to a JavaScript error.
Bug fix: Mapped fields in projects marked as both CDP and CDM were not displaying correctly in the CDIS Mapping Helper tool.
Bug fix: Some text inside red boxes throughout REDCap would mistakenly appear in a much lighter red color than intended.
Bug fix: When users are deleting multiple fields in the Online Designer, in some rare cases a race condition might occur that scrambles the field order and results in fields being suddenly in the wrong location.
Bug fix: When using the MyCap "App Design" page, a JavaScript error would occur when clicking the "Publish" button. This issue prevents a success message box from appearing on the page.
Version 14.5.11(released on 2024-09-05)
Major bug fix: When the e-Consent Framework has been set up but then later disabled for a given survey, a PDF Snapshot would mistakenly still get saved to the File Repository and/or specified File Upload field whenever a participant completes the survey. (Ticket #239030)
Bug fix: MyCap participants would mistakenly not receive any push notifications upon a user (e.g., study coordinator) sending them an announcement via the MyCap messaging interface in the project.
Bug fix: Radio fields with the action tags READONLY and DEFAULT or SETVALUE would mistakenly not pipe correctly on the page.
Bug fix: Some unwanted text would mistakenly be displayed at the bottom of the Edit Project Settings page. (Ticket #238981)
Bug fix: When opening the "Edit Branching Logic" dialog via the Quick Modify Fields popup on the Online Designer, the branching logic text box in the dialog would mistakenly retain the previous value entered by the user while on that same current page. The text box's value should be cleared out each time the dialog is opened. (Ticket #238833)
Bug fix: When performing a data import on the Data Import Tool page, in some rare situations, the import process might mistakenly fail due to a fatal PHP error when using PHP 8. (Ticket #238912)
Bug fix: When using "OpenID Connect" or "OpenID Connect & Table-based" authentication, and a user logs out of REDCap and then later logs back in again, the login process might mistakenly fail silently when re-logging again. (Ticket #237124)
Bug fix: When using Multi-Language Management in a project with MyCap enabled, the language ISO codes displayed for MyCap in the "Add New Language" dialog on the MLM setup page were incorrect for many of the languages listed. Those ISO codes have been corrected.
Bug fix: When viewing a report that has report logic that includes checkbox fields that reference Missing Data Codes (e.g., [my_checkbox(NA)] = "1"), the report might mistakenly not return items/data that should be returned, specifically when displaying data for repeating instruments.
Version 14.5.10 (released on 2024-08-29)
Bug fix: Alerts with conditional logic containing datediff() with "today" or "now" as a parameter might mistakenly get triggered multiple times by the cron job, thus resulting in duplicate alerts being sent. This behavior appears to be sporadic and occurs very seldom for most installations. (Ticket #237341)
Bug fix: Horizontally-aligned enhanced radios/checkboxes on surveys that do not have a question number column would mistakenly not be spaced out consistently between each choice on a given horizontal line. Note: This fix is slightly different from a similar one from last week, which did not get completely fixed.
Bug fix: If a user has received a confirmation link via email for registering a new email address with their REDCap account, and then the REDCap server is upgraded to a new REDCap version after the email is received, the link in the email would mistakenly redirect to the wrong place in the new version, thus preventing the user from being able to complete the email registration process. (Ticket #238619)
Bug fix: In certain specific situations, logged events related to clicking Project Bookmarks might mistakenly be displayed on the Logging page when filtering by a specific record in the project. (Ticket #238547)
Bug fix: In some cases when inline PDFs are attached to Descriptive fields, and a user downloads the PDF of the instrument, if the iMagick PHP extension is installed on the web server, the first page of the inline PDF might mistakenly get truncated in the resulting REDCap-generated PDF of the instrument.
Bug fix: In some cases when inline PDFs are used as consent forms in the e-Consent Framework, and a user downloads the PDF of the instrument, if the iMagick PHP extension is installed on the web server, there would mistakenly be a blank page following the inline PDFs in the resulting REDCap-generated PDF of the instrument. (Ticket #237921)
Bug fix: Several missing LOINC codes were added to the CDIS mapping features. Additionally, several Clinical Notes types were missing and not mappable, specifically pathology study, diagnostic imaging study, and laboratory report.
Bug fix: The CSV file download option for the Choices Editor inside the Edit Field dialog for multiple choice fields in the Online Designer would mistakenly not do anything. (Ticket #238818)
Bug fix: When a Data Entry Trigger is triggered on a data entry form for a record in a Data Access Group, the unique DAG name would mistakenly not get sent in the request to the Data Entry Trigger URL. Note: This issue does not occur on survey pages, and it also does not occur on data entry forms when a record is being assigned to a DAG while also being created there on the form. (Ticket #238727)
Bug fix: When comparing two records in the Data Comparison Tool, the coded values of multiple choice fields would be mistakenly wrapped in escaped HTML italic tags, which would cause the tags to be visible (rather than interpreted) on the page. Bug emerged in REDCap 14.0.14 LTS and 14.2.1 Standard. (Ticket #238437)
Bug fix: When copying a project via the "Copy the Project" page for a project that contains a repeating survey with a repeating Automated Survey Invitation, the ASI's recurrence settings (e.g., "How many times to send it") would mistakenly not get copied into the new project. Bug emerged in REDCap 12.5.0. (Ticket #238218)
Bug fix: When downloading a PDF of "All forms/surveys with saved data" or "All forms/surveys with saved data (compact)" when some instruments contain embedded fields, some of the embedded fields might mistakenly not get converted into data values or underscores (if they have no value) in the resulting PDF. (Ticket #238683)
Bug fix: When modifying a PDF Snapshot, some of the snapshot settings (specifically the checkbox options) might mistakenly not get saved successfully after being changed, and no error would be displayed to notify the user that their desired settings were not saved. This issue only affects web servers running PHP 7.3 or 7.4. (Ticket #236067)
Bug fix: When participants are taking a survey that contains fields with the @HIDDEN-SURVEY action tag, in which the participant is using a non-standard web browser, the fields might mistakenly be displayed instead of hidden on the survey page. (Ticket #238129)
Bug fix: When selecting instruments for the scope of a PDF Snapshot, the "Update" and "Cancel" buttons may disappear when scrolling downward when many instruments exist in the box, thus possibly causing confusion with regard to how to save one's selected instruments. To fix this, the buttons now float at the top of the box regardless of scrolling. (Ticket #238698)
Bug fix: When the Confirmation Email option has been enabled, specifically with the "Include PDF of completed survey as attachment" checkbox checked, for a survey that has the e-Consent Framework enabled, the PDF attached to the email received by the participant would mistakenly contain the record name of the participant's record in the filename of the PDF. The record name should not be included in the PDF filename for PDFs received by participants. (Ticket #223899)
Bug fix: When the Top Usage Report page displays a row that is a "Project" type, the project link displayed in that row would mistakenly be an invalid URL if the project title ends with text enclosed in parentheses. (Ticket #238523)
Bug fix: When using Clinical Data Pull for CDIS, in the "launch from EHR" context of a CDIS project, events were not logged properly when a patient was added to a project. This improper logging prevented the record list cache in REDCap from rebuilding correctly, leading to issues when saving records in projects with auto-incrementing record IDs. (Ticket #234550)
Bug fix: When using certain screen readers, such as JAWS, the individual options of drop-down fields might mistakenly not be able to be read by the screen reader. (Ticket #237629)
Version 14.5.9(released on 2024-08-22)
Bug fix: Deleting fields via the Online Designer for projects with several hundred fields might cause the page to hang for unacceptable amounts of time.
Bug fix: HTML "abbr" tags were mistakenly disallowed as an allowed tag that users can use in field labels, survey instructions, and other user input. Bug emerged in REDCap 14.5.4 Standard and 14.5.5 LTS.
Bug fix: Horizontally-aligned enhanced radios/checkboxes on surveys that do not have a question number column would mistakenly not be spaced out properly with some space between each horizontal choice.
Bug fix: If a Notes field has both the RICHTEXT and READONLY action tag at the same time, the "Source code" button in the toolbar of the rich text editor would still be clickable and could be used to modify the field's value, which should not be allowed in this situation. (Ticket #237348b)
Bug fix: If editing a matrix of fields, in which one of the fields has its variable name changed, that field's branching logic would mistakenly be erased when saving the changes to the matrix. (Ticket #236685)
Bug fix: Some CDIS-related text on the Edit Project Settings page was mistakenly not translatable via language INI files. (Ticket #238036)
Bug fix: Some EM Framework related language text that stems from translated INI language files might mistakenly not appear as translated on the page in certain places. (Ticket #238038)
Bug fix: The Upgrade page's link to the REDCap ChangeLog on the REDCap Community website was outdated. (Ticket #237664)
Bug fix: When attempting to upload the Survey Queue via a CSV file when using certain browsers, such as Firefox, the upload process might mistakenly fail with an unknown error. (Ticket #233684)
Bug fix: When executing Data Quality rules in certain browsers and operating systems (e.g., Firefox on Linux), the "export
view" links to export and view the DQ results might mistakenly not be visible on the page.
Bug fix: When using Multi-Language Management while the Secondary Unique Field is enabled, the duplicate value message might not be translated via MLM when the secondary unique check is triggered by pre-filling a field from a URL parameter. (Ticket #237182)
Bug fix: When using the EHR Launch for Clinical Data Pull in CDIS, there could be possible compatibility issues, resulting in an HTTP 401 error, when using certain external authentication methods. (Ticket #237765)
Version 14.5.8(released on 2024-08-15)
Bug fix: A missing LOINC code was added to the CDIS mapping features.
Bug fix: For certain MySQL/MariaDB configurations, the upgrade SQL script might mistakenly fail when upgrading from pre-14.1.1 to any post-14.1.1 version. The upgrade script has been updated for more compatibility to prevent this issue going forward.
Bug fix: HTML "input" tags were mistakenly disallowed as an allowed tag that users can use in field labels, survey instructions, and other user input. Bug emerged in REDCap 14.5.4 Standard and 14.5.5 LTS. (Ticket #237448)
Bug fix: If a Notes field has both the @richtext and @readonly action tag at the same time, the field would mistakenly not be displayed as a rich text editor but as a regular textarea field, which would contain visible HTML tags inside it if the field already has a value. (Ticket #237348)
Bug fix: In the Online Designer, when editing a CALCTEXT field whose calculation contains references to fields with ":value" appended - e.g., [field:value], normal users might never be able to successfully edit the field to change its CALCTEXT syntax. Note: Administrators are able to modify the field though. This issue was caused by the [field:value] syntax, which is not necessary since fields should be referenced simply as [field] in logic and calculations. Going forward, using the [field:value] notation, which is technically not incorrect, will no longer cause the Edit Field popup to hang when saving a field in the Online Designer. (Ticket #236945)
Bug fix: Some PHP 8 specific errors might occur on the MLM setup page in projects that do not have MyCap enabled.
Bug fix: When using LDAP authentication with PHP 8, an LDAP user that logs in with an incorrect password might mistakenly result in a fatal PHP error during the login process. (Ticket #237359)
Bug fix: When using both MyCap and Multi-Language Management in a project, the MLM setup page (inside the "MyCap help" popup and "add/edit language" popup) was mistakenly not displaying the list of available language codes currently supported by the MyCap mobile app.
Bug fix: When using both MyCap and Multi-Language Management in a project, the MLM setup page would mistakenly display a "MyCap" tab under the User Interface section. That tab was not meant to be added since it cannot be used yet.
Bug fix: When using the EHR Launch for Clinical Data Pull in CDIS, there could be possible compatibility issues when using Internet Explorer as the default browser in the EHR.
Bug fix: When using the EHR Launch for Clinical Data Pull in CDIS, there could be possible compatibility issues when using certain external authentication methods.
Bug fix: When using the READONLY action tag on the Secondary Unique Field on a survey that has the SUF prefilled via URL variables, the field would mistakenly be editable and not read-only. Note: This occurs only on the SUF when viewed specifically in survey mode, and only when prefilling is being performed. (Ticket #237623)
Version 14.5.7(released on 2024-08-08)
Major security fix: A Stored XSS (Cross-site Scripting) vulnerability was discovered in which a malicious user could potentially exploit it by inserting custom HTML and JavaScript in a specially crafted way into any user input that is then output on a page in REDCap (e.g., field labels, survey instructions, data displayed on a report). This vulnerability can be exploited by authenticated users and also by survey participants entering data. Bug exists in all REDCap versions.
Medium security fix: A Reflected XSS (Cross-site Scripting) vulnerability was discovered in which a malicious user could potentially exploit it by inserting custom HTML and JavaScript in a specially crafted way into a specific API parameter's value that is used in a specific API method. This vulnerability can be exploited only by users with a valid API token. Bug exists in all REDCap versions.
Major bug fix: If Multi-Language Management is enabled on a project, the datepicker for date/datetime fields would mistakenly appear in right-to-left mode all the time. Bug emerged in 14.5.4 Standard and 14.5.5 LTS.
Bug fix: In some situations, the record name and "upcoming calendar events" button that appears above the table on the Record Home Page might mistakenly appear too narrow on the page. (Ticket #236702)
Bug fix: In very specific situations, a user exporting the data for a report might mistakenly fail with a PHP error when using PHP 8. (Ticket #236555)
Bug fix: When upgrading from a version of REDCap below 14.5.0, in some specific situations the upgrade might fail due to an SQL error. (Ticket #236740)
Bug fix: When using Clinical Data Pull for CDIS, the auto-adjudication interface would be incorrectly displayed on the record dashboard after disabling CDP in the project or at the system level.
Bug fix: When using MyCap together with Multi-Language Management, the "Notification Settings" tab was mistakenly not appearing in the correct location on the MyCap setup page.
Bug fix: When using MyCap together with Multi-Language Management, the "version" attribute and list of languages in the MyCap config JSON (that is consumed by the MyCap mobile app) was mistakenly not getting updated automatically whenever a user clicks on the "Save" button on the MLM setup page.
Version 14.5.6(released on 2024-08-01)
Major bug fix: When using the Multi-language Management feature in the MyCap mobile app, some important task settings information might mistakenly not get pulled from the REDCap server into the MyCap app on the mobile device, thus resulting in text from the fallback language being used in the mobile app instead of the desired MLM language.
Bug fix: On the Configuration Check page, the External Service Check for Google reCAPTCHA API services might mistakenly return a false positive saying that the service can't be reached when it actually can.
Bug fix: The Quick-Modify Fields feature would not allow users to copy branching logic when it was just added (or would allow users to copy it when it was just removed).
Bug fix: When using Form Display Logic, in which the "Hide forms that are disabled" checkbox is checked but no conditions are defined in the Form Display Logic setup dialog, the Record Home Page would mistakenly not display any instruments in the table for any records. (Ticket #236229)
Bug fix: When using Multi-Language Management, the "Save & Return Later" page might mistakenly not display the desired language for the participant. (Ticket #236220)
Bug fix: When using a rich text consent form with the e-Consent Framework, the consent form text might all be mistakenly bolded when being viewed on the survey page. (Ticket #236369)
Version 14.5.5(released on 2024-07-30)
New LTS branch based off of REDCap 14.5.4 (Standard) Note: Please see the Standard Release ChangeLog for the full list of new features and changes released between the previous LTS and this new LTS branch.
Version 14.5.4(released on 2024-07-30)
Improvement: Multi-Language Management can now be utilized by MyCap. Users will see a new "MyCap" tab on the MLM setup page, which will allow them to translate their custom MyCap elements that will appear to participants in the MyCap Mobile App. Participants will be given the choice to use any of the project's MLM languages after opening and viewing the MyCap Mobile App.
Improvement: REDCap now supports the "s" HTML tag for strikethrough (note: the "strike" HTML tag was already supported).
Improvement: The "Help & FAQ" page has been updated with new content (thanks to the FAQ Committee).
Improvement: The "strikethrough" styling button has been added to the toolbar in the rich text editor in all the places where the editor is used.
Improvement: When using MyCap in a project, users can now customize the notification time (default 8:00AM) for MyCap notifications to participants using the MyCap mobile app.
Major bug fix: When editing a user's privileges on the User Rights page, it would not be possible to grant a user access to the File Repository, despite checking the checkbox for it. Additionally, if any user previously had File Repository privileges and then another privilege was modified for the user on the User Rights page (excluding CSV imports and API imports), it would mistakenly remove their File Repository privileges. Bug emerged in REDCap 14.5.2.
Change/improvement: If a custom primary key field has been added to any given REDCap database table that does not have an auto-incrementing field that serves as the primary key, the "database structure is incorrect" warning in the Control Center will no longer recommend that this extra field (and its key) be deleted. This should help institutions where their local IT support is recommending or forcing them to add primary keys to all REDCap database tables (for various reasons).
Bug fix: A JavaScript error might occur on some MyCap pages if using a non-English language for the project.
Bug fix: A duplicated language string in English.ini might cause an incorrect phrase to be displayed on the upgrade page. (Ticket #235989)
Bug fix: If the REDCap Base URL contains a port number, logging out of REDCap might mistakenly send the user to an incorrect URL that does not contain the port, thus resulting in an error. (Ticket #236221)
Bug fix: The user interface for the date/time picker for date-validated and datetime-validated fields was mistakenly not translatable via Multi-Language Management. (Ticket #236211)
Bug fix: When uploading an attachment file in the Edit Alerts dialog on the Alerts & Notifications page, the error message might not always be correct in all cases.
Version 14.5.3(released on 2024-07-25)
Improvement: More user experience improvements for the Online Designer, including a new dismissible popup that alerts the user about the new "drag-n-drop" behavior for moving fields in the Online Designer. Additionally, users can now limit the deactivation/reactivation to certain action tags in the Quick Modify Field(s) popup. In previous versions, users could only deactivate/reactivate all action tags for the selected fields, but now users may provide specific actions tags that will be deactivated/reactivated.
Change/improvement: The internal service check on the Configuration Check page that checks the main REDCap survey end-point now works even when the REDCap system is set as "Offline".
Change: REDCap has been verified to be fully compatible with PHP 8.3.
Bug fix: If a project is in Production status and currently in Draft Mode, and then a user moves the project to Analysis/Cleanup status, the Online Designer would mistakenly still be accessible when it should instead display the message "Note: This page can only be accessed when the project is in Development or Production status". (Ticket #235798)
Bug fix: If a user manipulates some of the URL parameters on the Calendar page so that the parameter's value is in scientific notation format instead of an integer, it would cause the page to crash with a fatal PHP error.
Bug fix: Rapid Retrieval caching on Windows servers might mistakenly cause cache files to be invalidated/deleted prematurely, thus negating the positive benefits of the Rapid Retrieval feature. This has been fixed, in which it appears to have affected only Windows web servers. (Ticket #235297)
Bug fix: When a PDF Snapshot trigger has been defined, in which the snapshot's scope includes an instrument that has the e-Consent Framework enabled and the snapshot is set to be stored in the File Repository, if a user has marked that e-Consent instrument's Form Status as "Complete" on a data entry form without having completed the instrument as an e-Consent survey, the "PDF utilized e-Consent Framework" icon would mistakenly be displayed for the snapshot in the PDF Snapshot Archive table in the File Repository. That icon should only appear when the snapshot contains a completed e-Consent response that was completed as a survey. Note: This will not fix the issue retroactively for already-stored snapshots, but it will prevent the issue going forward. Bug emerged in REDCap 14.5.0.
Bug fix: When a participant is taking a survey as an SMS conversation using Twilio/Mosio, in which branching logic is used on some fields, in very specific situations those fields might mistakenly get skipped when they should not be skipped. (Ticket #235586)
Bug fix: When upgrading from a version of REDCap below 14.5.0, in some specific situations the upgrade might fail due to an SQL error. (Ticket #235758)
Bug fix: When using "OpenID Connect" or "OpenID Connect & Table-based" authentication, the user might not get correctly logged out of REDCap for some configurations. (Ticket #235539)
Bug fix: When using the Field Bank in the Online Designer to search for fields, it might mistakenly show answer choices that say "Login to see the value." for specific items. (Ticket #228217b)
Version 14.5.2(released on 2024-07-18)
Major bug fix: If upgrading from REDCap 14.5.0 or 14.5.1, the upgrade script for upgrading to 14.5.0 or 14.5.1 from an earlier version would have not properly converted the "Save a PDF of completed survey response to a File Upload field" survey setting into its equivalent PDF Snapshot format for 14.5.X if the survey had neither the e-Consent Framework enabled nor the PDF Auto-Archiver enabled. This incorrect conversion would mistakenly cause a PDF Snapshot of the entire record (i.e., snapshot scope="all instruments") to be stored to the File Upload field rather than a PDF Snapshot of only the current survey/event/instance (i.e., snapshot scope="single survey response"). Upgrading to 14.5.2 and higher will fix this issue so that surveys in those specific situations will only save the current survey response to the File Upload field, as it did in pre-14.5.0 versions.
Major bug fix: When Data Access Groups are utilized in a project, especially when the DAG Switcher is being actively used, it is possible in specific scenarios that a user assigned to a DAG might mistakenly be able to see logged events on the Logging page for records in another DAG. For example, this could happen if a user created/modified a record for one DAG, and then switched to another DAG, a user in the second DAG would mistakenly be able to view logged events for the record in the first DAG merely due to the fact that the first user created/modified that record. (Ticket #235432)
Change/improvement: Small change in JavaScript to improve loading speed and calculation speed on data entry forms and survey pages. (Ticket #235138)
Change/improvement: Small change in JavaScript to improve loading speed slightly on data entry forms and survey pages in specific situations. (Ticket #235136)
Change/improvement: When a user moves a project to production and they opt to delete all records during the process, this is now specifically denoted on the Logging page, which will now list the logged event as "Move project to Production status (delete all records)".
Bug fix: In some cases when inline PDFs are attached to Descriptive fields, and a user downloads the PDF of the instrument, if the iMagick PHP extension is installed on the web server, there would mistakenly be a blank page following the inline PDFs in the resulting REDCap-generated PDF of the instrument. Bug emerged in REDCap 14.5.0 Standard. (Ticket #222014b)
Bug fix: Messages in REDCap Messenger that contain HTML hyperlinks might mistakenly get mangled and not display as a hyperlink correctly in a Messenger conversation.
Bug fix: The BioPortal Ontology Service recently began returning data in a slightly unexpected format from its web service, thus causing all BioPortal fields on surveys and data entry forms not to work any longer. (Ticket #235501)
Bug fix: When deleting a file from the File Repository via the API, it would mistakenly require that the user have "Delete Record" privileges, which are not required for this API method. (Ticket #235363)
Bug fix: When upgrading from a version of REDCap below 14.5.0, in some specific situations the upgrade might fail due to an SQL error. (Ticket #235260)
Bug fix: When users attempt to view the "General Notifications" or "System Notifications" threads in REDCap Messenger, those threads would mistakenly not open for normal users but would only open for REDCap administrators. Bug emerged in REDCap 14.0.33 LTS and 14.4.1 Standard.
Bug fix: When using Custom Mappings for fields in CDIS projects, the Custom Mappings might mistakenly not get prioritized and thus might get overridden by the default mappings in REDCap.
Various updates and fixes for the External Module Framework, including 1) Fixed a bug preventing $module->getChoiceLabel() from correctly matching integer values, 2) Displayed a warning when a development copy of the External Module Framework is installed & out of date, and 3) Misc. security scan improvements.
Version 14.5.1(released on 2024-07-15)
Improvement: In the "Move Field" dialog in the Online Designer, the user may now choose "Insert at top of this form" or (if the field is part of a matrix) "Insert at the top of the matrix group" from the field drop-down.
Major bug fix: Some specific external authentication methods, such as Shibboleth and possibly AAF, might no longer work and might result in a fatal PHP error. Bug emerged in the previous version. (Ticket #235223, #235211)
Change: Added 2 new data tables and 3 new log_event tables to help long-term performance going forward.
Bug fix: During the check to ensure that all non-versioned files are accounted for, in some specific situations the process might mistakenly fail with a fatal PHP error when using PHP 8. (Ticket #234877)
Bug fix: The table displayed in the PDF Snapshot Re-Trigger dialog on data entry forms would mistakenly be missing a column header. (Ticket #235190)
Bug fix: When using Entra ID (formerly Azure AD), OpenID Connect, or the "X & Table-based" version of either of those for authentication in REDCap, a user's original location (their URL before logging in) would mistakenly not be preserved after having authenticated, and in some cases the logout process might not function 100% correctly, thus redirecting the user to a URL ending with "?logout=1" or sometimes a more generic URL of the REDCap installation, rather than the exact URL when they logged out. (Ticket #217736, #234817)
Version 14.5.0(released on 2024-07-11)
New features: Enhanced e-Consent Framework and PDF Snapshot Functionality
Overview - A new page named "Settings for e-Consent & PDF Snapshots" (linked from the Online Designer) serves as the new location where users can enable and set up the e-Consent Framework for a given survey and also set up triggers for storing PDF Snapshots. In previous versions, the e-Consent Framework and PDF Snapshot settings all existed on the Survey Settings page as several disparate options, but now they have been consolidated on this new page as two separate tabs. While these two exist as separate features, there is some overlap of functionality since the e-Consent Framework does ultimately store a copy of the PDF Snapshot for the e-Consent response. In addition to moving these features to the new page, both have been given enhancements, which are detailed below. View a 5-minute overview video of the new features: https://redcap.link/econsent2vid
Overall Benefits of the New Features - Streamlined Consent Process: Simplify and enhance the electronic consent process for both researchers and participants. Improved Data Integrity: Ensure secure and organized storage of consent forms and survey responses. Enhanced Compliance: Meet regulatory standards such as ICH and FDA requirements with robust version control and audit trails.
Improved PDF Snapshot Functionality: Audit Trails: Improved, detailed audit trails for consent form completions and PDF snapshot generations.
Improved PDF Snapshot Functionality: Automatic Saving: Save PDF copies of survey responses (i.e., snapshots) to the project's File Repository or to specified File Upload fields. In previous versions, this would have been set up using separate features on the Survey Settings page, but now they can be set up as specific settings of a PDF Snapshot trigger.
Improved PDF Snapshot Functionality: Custom Logic-based Triggers: Create custom triggers for generating PDF snapshots based on specific conditions using conditional logic. Whenever data is being saved for a record (on a survey, form, API, data import, etc.), if the logic of the snapshot trigger evaluates as True, then a PDF snapshot will be saved to whatever location is specified. Note: Logic-based triggers can only be triggered once per record, whereas survey-completion-based triggers (including e-Consent surveys) will store a new snapshot every time the survey is completed (because surveys may possibly be completed multiple times if certain Survey Settings are defined).
Improved PDF Snapshot Functionality: File Naming Customization: Customize the file names of PDF snapshots using static text or piping, appended with date-time stamps.
Improved PDF Snapshot Functionality: Note: Non-e-Consent PDF Snapshot triggers will always store the PDF in the default MLM language, but an e-Consent PDF Snapshot trigger will always store the snapshot in the participant's chosen language.
Improved PDF Snapshot Functionality: Snapshot Re-triggering: Perform re-triggering of PDF Snapshots while on a data entry form. If the user has "View & Edit" Data View privileges on the current instrument, they will see a "Trigger Snapshots'' link in the button box at the top-left of the page. This will allow them to trigger or re-trigger any given PDF snapshot (although "survey completion" snapshot triggers specifically require that the survey be completed first). Additionally, for logic-based triggers, the logic does not have to currently be True in order to trigger/re-trigger it.
Improved PDF Snapshot Functionality: Snapshot Scope: The "scope" of the snapshot must be defined when creating a new snapshot trigger. The scope refers to the data content inside the PDF, i.e., which instruments are included in the snapshot (a single instrument, multiple instruments, or all instruments/events). Note: The PDF snapshot created by completing an e-Consent survey will only ever include just that single survey response. But for non-e-Consent snapshots, users may define the scope of the snapshot.
Improved PDF Snapshot Functionality: Support for Multi-Form Consents: Combine multiple forms and/or signatures into a single PDF snapshot. Define a PDF snapshot that contains multiple instruments in order to potentially capture multiple signatures, and then store the snapshot in the File Repository or a File Upload field.
Improved PDF Snapshot Functionality: Vault Storage Integration: If using the system-level feature "e-Consent Framework: PDF External Storage Settings (for all projects)", all PDF snapshots generated via completed e-Consent surveys will automatically be stored on the external server (i.e., "The Vault"). This feature existed in previous versions and continues to function in the same way. Noted new feature: If a multi-instrument PDF snapshot is being stored in the File Repository, in which it contains at least one completed e-Consent survey response, that snapshot will automatically be stored in the Vault. However, a project-level setting named "Store non-e-Consent governed PDF Snapshots on the External Storage server if the snapshot contains a completed e-Consent response" exists on the "Edit Project Settings" page that is set to Yes/Enabled by default, in which it can be disabled if the REDCap administrator wants only e-Consent governed PDF snapshots to be stored in the Vault and thus not store multi-instrument snapshots that happen to contain an e-Consent response in the Vault.
Improvement/bug fix: A new project-level setting "Hide closed/verified data queries from Data Quality results" has been added that can be used with the Data Resolution Workflow. This setting defaults to an Enabled/Checked value, and it can be changed in the DRW/Field Comment Log section of the Additional Customizations dialog on the Project Setup page. If users prefer for closed and/or verified data queries in the DRW to always be visible in results on the Data Quality page, they can uncheck this new setting in the project. NOTE: Beginning in 14.3.13 through (and including) 14.4.1, a mistake was introduced regarding a change in the behavior of closed/verified data queries, in which they were no longer automatically hidden from Data Quality results (whereas in previous versions they were always hidden). That change was a mistake and thus was a bug, which is now fixed here by reverting the default behavior back to its pre-14.3.13 behavior and also by the addition of this new setting that allows users to have both behaviors (i.e., to either hide or show closed/verified data queries from Data Quality results). The default behavior of this setting is the same as the behavior prior to REDCap 14.3.13.
Improvement: The "Help & FAQ" page has been updated with new content (thanks to the FAQ Committee).
Improvements to the Online Designer General user interface improvement that utilizes newer icons. New "Go to field" feature (invoked via Ctrl-G or Cmd-G) allows users to search for a variable by name and then navigate directly to its location in the Online Designer, even if the field is on a different instrument than the current one. Improved and expanded "Quick modify field(s)" popup will appear when users Ctrl-click (or Cmd-click) one or more fields or check the new checkboxes located on the far right of each field. Additions to this popup include the ability to edit the following for multiple fields: branching logic, action tags/field annotation, custom alignment, required status, identifier status, and multiple choice options (including the ability to copy choices - with new choice of location for copied fields, import choices from an existing field, convert a field to a different multiple choice field, and also append new choices using a full-blown choice editor). NOTE: When updating actions tags for one or more fields via the "Quick modify field(s)" popup, there is a new action tag named @DEACTIVATED-ACTION-TAGS that is only used in the Online Designer for the purpose of deactivating (and thus possibly reactivating) action tags. The difference between deactivating action tags and removing action tags from fields is that deactivating them leaves the action tags in a state/format so that they can be easily reactivated later, whereas removing action tags would make it very difficult to restore the action tags of many fields having many different action tags. For example, if a field has the @HIDDEN action tag and is then deactivated, its field annotation will then appear as the following: @DEACTIVATED-ACTION-TAGS @.OFF.HIDDEN, and if reactivated, it will go back to @HIDDEN again. The "Quick modify field(s)" popup also includes an additional, large selector popup to allow users to select many fields on the current instrument that match certain criteria by clicking one or more icons (e.g., clicking the slider icon and then clicking the "add new selections" button will automatically select all slider fields on the page to use for the "Quick modify field(s)" popup). This makes it easy to select many fields on the page very quickly when they all match a certain criteria (i.e., field type, field validation). Change: The drag-field feature to "drag-n-drop" a field to a new location on the instrument now operates differently. Inside of clicking and holding anywhere on a field, the user must now click and hold specifically on the Move icon for the given field in order to ready the field for being moved.
Change/improvement: The Configuration Check page now checks to ensure that the MySQL-specific setting "Generated Invisible Primary Key" (GIPK) is disabled. GIPK was introduced in MySQL 8.0.30. If enabled on the MySQL server, a warning will appear on the page telling the admin how to disable it since GIPK is not compatible with REDCap.
Change: In a MyCap-enabled project, if users switch from classic mode (i.e., non-longitudinal) to longitudinal data collection mode or from longitudinal to classic (via the setting at the top of the Project Setup page), the MyCap task settings and Active task formats will no longer be erased in the project when changing that setting. In previous versions, all MyCap task settings and Active task formats would be completely erased in the project when moving to/from longitudinal mode.
Enhanced e-Consent Framework: Audit Trails: Improved, detailed audit trails for consent form completions and PDF snapshot generations.
Enhanced e-Consent Framework: Change/improvement: When a user views a completed/signed e-Consent response on a data entry form, in which a consent form was used on the survey, near the top of the page will be displayed the version of the consent form that was used. Also, the consent form itself (i.e., the inline PDF or rich text) displayed on the page will always be the consent form under which the participant originally consented. For example, if a participant consented using consent form v2.0, then even though a new consent form (v3.0) has been added to the project at some point afterward, the data entry form for that participant's response will always display consent form v2.0 so that the user will always see the survey response and its consent form exactly as the participant originally viewed it.
Enhanced e-Consent Framework: Change/improvement: When reviewing draft mode changes, if a consent form's anchor Descriptive field is deleted or moved to another instrument, it now gets listed as a critical issue in the list of drafted changes.
Enhanced e-Consent Framework: Change/improvement: When using MLM together with the e-Consent Framework, downloading an instrument PDF of a completed e-Consent survey response (or if the e-Consent survey response is included in a generated PDF that contains non-e-Consent instruments), the e-Consent survey response itself in the PDF will always be rendered in the language in which the participant originally consented.
Enhanced e-Consent Framework: Custom Headers and Footers: Add custom headers and footers to PDF snapshots created via the e-Consent Framework, including the use of text fields, smart variables, and piping.
Enhanced e-Consent Framework: Custom Notes: An optional custom notes field can be utilized for each e-Consent survey for bookkeeping purposes. The custom notes are neither displayed on the survey nor anywhere else in the application.
Enhanced e-Consent Framework: Customizable Consent Forms with Version Control: Design consent forms and manage new versions of consent forms while maintaining historical versions for audit purposes. During the setup process for consent forms, their location can be set in relation to a single Descriptive field on the survey. A consent form can exist as an inline PDF or as rich text. A consent form can be associated with a specific MLM language and/or a Data Access Group if the project users wish to have the consent form be used for a specific language (chosen by the participant) and/or DAG (to which the record has been assigned). This allows for language-specific consent forms and DAG-specific consent forms, if needed.
Enhanced e-Consent Framework: File Naming Customization: Customize the file names of PDF snapshots for e-Consent responses using static text or piping, appended with date-time stamps.
Bug fix: If conditional logic, branching logic, or calculations are being evaluated by server-side processes when submitting a survey page (e.g., alerts, ASIs), in which the logic/calc contains one or more [aggregate-X] Smart Variables, the logic/calc might mistakenly not get evaluated correctly and thus might behave unexpectedly. (Ticket #233984)
Bug fix: In a MyCap-enabled project that is in production status, if a user rejects their current drafted changes, any forms added while in draft mode would appropriately be deleted from the drafted changes; however any MyCap tasks created for those drafted forms would mistakenly remain in the backend database, which could then cause issues later.
Bug fix: In a MyCap-enabled project, MyCap Task schedules would mistakenly not copy over when using the Project XML of a classic/non-longitudinal project to create a new project.
Bug fix: In a MyCap-enabled project, the "Days Offset" value of an event would not automatically populate on the Task Setup page for longitudinal projects.
Bug fix: The "MyCap participants that have joined a project" count on the System Statistics page mistakenly included participants from practice projects.
Bug fix: The MyCap Participant Management page mistakenly displays all participants when there are no records in the user's DAG. (Ticket #233473)
Bug fix: The email sent to the survey participant after clicking the "Save & Return Later" button on a survey might mistakenly appear to be missing the main survey link back to the survey if the survey has no survey title defined (i.e., the title was left blank). (Ticket #234831)
Bug fix: Various user interface elements, such as Bootstrap-style drop-down lists and certain buttons/links, might mistakenly appear with a larger or smaller font than intended. Bug emerged in the previous version.
Bug fix: When enabling a new instrument for MyCap, the task status defaults to "Not Active".
Bug fix: When exporting the results of a Data Quality rule in a project that does not have any Data Access Groups, the resulting CSV file might mistakenly not contain any results but would be empty. Bug emerged in REDCap 14.3.13 (Standard).
Bug fix: When exporting the results of a Data Quality rule that returns more than 10,000 discrepancies, the resulting CSV file would mistakenly only include 10,000 results instead of all the results. (Ticket #229449b)
Bug fix: When fields in a calculated field are being added together using plus signs (e.g., [field1] [field2]), as opposed to using the "sum" function, the field values might mistakenly get concatenated/joined together as text instead of being added together mathematically. Bug emerged in REDCap 14.0.32 LTS and 14.4.0 Standard Release. (Ticket #234858)
Bug fix: When performing piping in a repeating instance context, the wrong repeating instance might mistakenly be assumed in certain situations when no data is saved yet. (Ticket #234557)
Bug fix: When using an "X & Table-based" authentication, and a Table-based user clicks the "Reset password" button on their Profile page, it might mistakenly not actually trigger the password reset process. (Ticket #234884)
Bug fix: When viewing the "View Task Details (all)" dialog in the Online Designer for MyCap-enabled projects, "Invalid Format" would mistakenly be displayed for MyCap tasks created from PROMIS measures.
New action tag @CONSENT-VERSION: This action tag represents the version of the consent form being used by the e-Consent Framework for the current e-Consent survey context (i.e., current record, event, survey, data access group, MLM language, etc.). NOTE: This action tag only adds a new value to the field when its field value is blank and only when the instrument is being completed in an e-Consent survey context. Also, this action tag can only be used if the e-Consent Framework has been enabled for a survey and only if one or more consent forms have been defined for that survey.