Upgrade 14.0.16 LTS Detailed Feature Release

Owned by Christopher Sorensen
Last updated: Aug 21, 2024
20 min read

WashU REDCap Upgraded to this version on 2024-05-23

Version 14.0.16 (released on 2024-03-07)

CHANGES IN THIS VERSION:

  • Bug fix: When viewing the Stats & Charts page in a longitudinal project, the page might mistakenly crash in very specific scenarios when running PHP 8. (Ticket #225493)

  • Bug fix: The API method "Export a File from the File Repository" would mistakenly output an incorrect MIME type for a file being exported. (Ticket #225517)

  • Bug fix: Modifying the value of a Notes field that has the @RICHTEXT action tag would mistakenly not cause the "Save your changes" prompt to be displayed if a user attempts to leave the page afterward. (Ticket #225367)

  • Bug fix: The special function concat_ws() would mistakenly include fields with blank values in its output. It is expected that blank values should not be included. For example, if we have @CALCTEXT(“ and “, [dob1], [dob2], [dob3), it would mistakenly output “2024-03-01 and and 2024-03-01” when field “dob2” is empty/blank, whereas it should instead output “2024-03-01 and 2024-03-01”.

  • Bug fix: If a participant attempts to load a survey using a non-public survey link after the participant's record has been deleted in the project, they would be mistakenly redirected to the REDCap login page, which is confusing. Instead, an appropriate error message is now displayed to let them know the survey is no longer active or that they are no longer a participant. (Ticket #225427)

  • Bug fix: When using the Clinical Data Pull in CDIS, specifically when launching the CDP window in an EHR context, an undefined JavaScript function might produce a JavaScript error, thus causing certain things not to function correctly on the page.

  • Bug fix: When using the Clinical Data Pull in CDIS, the “address-district” demographics field was mistakenly missing, and thus EHR data could not be pulled for it.

  • Bugfix: When MLM is active, matrix headers mistakenly were shown over each line of a matrix field when output as an instrument PDF. (Ticket #225203)

  • Bug fix: If matrix field labels contain
    tags, the downloaded PDF of the instrument might mistakenly display the field labels overlapping each other.

  • Bug fix: When using Double Data Entry as DDE person 1 or 2, records that are locked at the record level would not appear to be locked and might mistakenly allow a user to modify a locked record. (Ticket #225431)

  • Bug fix: When creating an alert in a longitudinal project, the "Email To" option would display an event-ambiguous email field (i.e., "Any Event") that could be chosen. However, in many situations, this might cause the alert not to be sent (or it is attempted to be sent with a blank sender address). To prevent this issue, the "Any Event" field options are now no longer displayed as choices for the "Email To" field for alerts. (Ticket #224839)

  • Bug fix: When using MLM, importing UI translations would mistakenly not be possible in projects with subscribed languages, even when UI overrides are explicitly allowed.

  • Bug fix: When exporting data to R, any backslashes in the R syntax file would mistakenly not get escaped. Now all backslashes are replaced with a double backslash in the resulting R code. (Ticket #225046)

  • Bug fix: When a project's first instrument is a repeating instrument, and a user is performing a data import of new (not existing) repeating instances for another repeating instrument in the project, new empty instances would mistakenly get created for the first instrument when new instances should only get added for the desired repeating instrument. (Ticket #224932)

  • Bug fix: When viewing scheduled alerts on the Notification Log page for alerts that are recurring, the scheduled send time might mistakenly appear to be incorrect in the Notification Log if the alerts are set to recur every X minutes/hours/days, in which X is a number with a decimal (i.e., not an integer). Note: This does not appear to prevent the alert from being sent at the appropriate time, but this is simply a display issue in the Notification Log. (Ticket #225860)

  • Bug fix: When using a mobile device and attempting to open Messenger, the Messenger panel might mistakenly be obscured and not viewable in certain contexts.

  • Bug fix: A fatal error might occur when calling REDCap::saveData() when providing "array" data in an incorrect format to the method while running PHP 8. (Ticket #225896)

  • Bug fix: The API Playground's example R code for the API Export File method was not correct and has been fixed. (Ticket #101454b)

  • Bug fix: When calling the "Import Users" API method and providing the data payload in CSV format, the "forms_export" privileges provided in the CSV might mistakenly not get parsed correctly, which might cause the API script to return an error, specifically when using PHP 8, or it would mistakenly set the user's data export rights to "No Access" across the board for all instruments.

  • Bug fix: The query cache efficiency check on the Configuration Check page might mistakenly display a false positive saying that the MySQL query cache is not efficient when actually it is. (Ticket #225731)

  • Bug fix: It is possible to perform data imports in which the record name contains a line break or carriage return character. Those characters should not be allowed in record names. (Ticket #224506)

Version 14.0.15 (released on 2024-03-01)

CHANGES IN THIS VERSION:

  • Critical bug fix: The code released in REDCap 14.0.14 LTS was mistakenly REDCap 14.2.1 Standard. This was an error with the release process. Our apologies. Please upgrade to 14.0.15 immediately if you are currently on 14.0.14. If there is any error with any of the SQL upgrade script, please skip any line of SQL that fails and continue with the upgrade SQL at the next line until all the SQL has been run. After upgrading, run any SQL that is provided in the Control Center (via the auto-fix option) to fix the database.

Version 14.0.14 (released on 2024-02-29)

CHANGES IN THIS VERSION:

  • Major security fix: A Stored XSS (Cross-site Scripting) vulnerability was discovered in which a malicious user could potentially exploit it by inserting custom JavaScript in a specially crafted way into a field's data value when viewed on the Data Comparison Tool page. The user must be authenticated into REDCap in order to exploit this in a project. Bug exists in all REDCap versions for the past 10 years.

  • Major security fix: A Stored XSS (Cross-site Scripting) vulnerability was discovered in which a malicious user could potentially exploit it by inserting custom JavaScript in a specially crafted way into specific translated labels when using Multi-Language Management. The user must be authenticated into REDCap in order to exploit this in a project. Bug exists in all REDCap versions beginning with v12.0.0.

  • Major security fix: A Stored Cross-site Scripting (XSS) vulnerability was discovered in the File Repository in which a malicious user could potentially exploit it by inserting HTML tags and/or JavaScript in a very specific way inside the folder name of a folder created in the File Repository. The user must be logged in to REDCap and also must have File Repository privileges in the project in order to exploit this. Bug emerged in REDCap 13.1.0.

  • Bug fix: If a user assigned to a Data Access Group is importing records via the Background Data Import, those records would mistakenly not get assigned to the user's DAG. In addition, if record auto-numbering has been selected for the import, it would also not prepend the record names with the DAG ID number and a dash. (Ticket #224833)

  • Bug fix: When using "OpenID Connect & Table-based" authentication, clicking the "Logout" link in REDCap might mistakenly result in a logout error in the Identity Provide/SSO service. Bug emerged in REDCap 13.10.4. (Ticket #224757)

  • Bug fix/change: The "Azure AD" authentication is now referred to as "Microsoft Entra ID (formerly Azure AD)" in the REDCap user interface due to the fact that Microsoft renamed the product to "Microsoft Entra ID" at the end of 2023.

  • Bug fix: A fatal PHP error might occur for PHP 8 when viewing the Record Home Page or Record Status Dashboard for a record on an arm that has no events. (Ticket #225089)

  • Bug fix: When entering text for an alert message when adding/editing an alert on the Alerts & Notifications page, in which the field list menu would appear after entering the "[" character, clicking a field in the field list would mistakenly not inject that variable name into the alert message. (Ticket #224895)

  • Bug fix: When using the repeatable settings in the External Modules configuration dialog, removing a single repeating setting instance would mistakenly remove all repeating instances in the dialog. Bug emerged in REDCap 13.11.0. (Ticket #225171)

  • Bug fix: When using the Data Resolution Workflow, a fatal PHP error for PHP 8 in certain situations when data is being saved in certain contexts, such as data imports, when some data values have been "Verified". (Ticket #225198)

  • Bug fix: If using certain versions of MariaDB, the "YOUR REDCAP DATABASE STRUCTURE IS INCORRECT!" error message might display as a false positive in the Control Center, even when nothing is wrong with the database table structure.

  • Bug fix: When Double Data Entry is enabled, and the current user is either DDE person #1 or #2, in which Form Display Logic has been defined in the project, the Form Display Logic might mistakenly not work correctly when viewing the Record Home Page. (Ticket #225125)

Version 14.0.13 (released on 2024-02-22)

CHANGES IN THIS VERSION:

  • Medium security fix: A Reflected XSS (Cross-site Scripting) vulnerability was discovered on the Data Quality page in which a malicious user could potentially exploit it by inserting custom JavaScript in a specially crafted way into parameters in certain AJAX requests.

  • Bug fix: The EHR launch process in CDIS might mistakenly fail in specific situations where Azure AD is the authentication method in REDCap.

  • Bug fix: The Rapid Retrieval caching system might mistakenly fail with a fatal PHP error in some specific instances. (Ticket #224840)

  • Bug fix: The developer method REDCap::getUserRights() would mistakenly not return instrument-level Data Export Rights information. (Ticket #224887)

  • Bug fix: If using CDIS, the Clinical Data Pull mapping tool might mistakenly throw a JavaScript error. Additionally, Descriptive fields were mistakenly being excluded from the CDP mapping tool.

  • Bug fix: If the @SETVALUE action tag exists on a field on an e-Consent survey, it would mistakenly allow the field's value to be overridden even when the e-Consent setting "Allow e-Consent responses to be edited by users" is not checked. (Ticket #225008)

Version 14.0.12 (released on 2024-02-15)

CHANGES IN THIS VERSION:

  • Bug fix: When the "Auto-suspend users after period of inactivity" setting is enabled, users who recently had their account created but had not logged in yet would mistakenly get auto-suspended. Bug emerged in the previous version. (Ticket #224266)

  • Bug fix: If any text used in an outgoing SMS text message contains an HTML hyperlink, in which the link's text is virtually the same as the link's URL, it would mistakenly display the URL in parentheses after the link text in the resulting SMS message. It should only do this when the link text is different from the URL. (Ticket #109648)

  • Several bug fixes for the External Module Framework.

  • Bug fix: When an Automated Survey Invitation with conditional logic is being evaluated when a record's data is being saved, in which the conditional logic references a field in a repeating instrument or repeating event where the field does not have an X-instance Smart Variable appended or an instance number appended to itself, the logic might not get evaluated as expected.

  • Bug fix: When using the datediff() function in which the Daylight Saving Time barrier is crossed when calculating the result of two datetime values, in specific cases the result might mistakenly be one hour off if using units of "h", "m", or "s" for the function. (Ticket #223682)

  • Bug fix: In some cases when inline PDFs are attached to Descriptive fields, and a user downloads the PDF of the instrument, if the iMagick PHP extension is installed on the web server, there would mistakenly be a blank page following the inline PDFs in the resulting REDCap-generated PDF of the instrument. (Ticket #222014)

  • Bug fix: In places that display a drop-down list of records for the "Test logic with a record" feature, most notably in the branching logic dialog, Survey Queue setup dialog, and ASI setup dialog, the dialog might mistakenly never load if the project contains many thousands of records. For now on, it will display a normal drop-down list if the project contains 1000 records or fewer, and if the project contains more than 1000 records, it will instead automatically revert to displaying an auto-suggest text box to allow the user to manually enter the record name (rather than attempting to display an extremely long drop-down). (Ticket #224531)

  • Bug fix: If the Custom Event Label is used in a longitudinal project and contains any HTML tags, all the tags would mistakenly get stripped out when exporting the project's Project XML file. (Ticket #224571)

Version 14.0.11 (released on 2024-02-08)

CHANGES IN THIS VERSION:

  • Bug fix: When utilizing the project-by-project Unicode Transformation process, which is done using a cron job via Step 2 on the Unicode Transformation page, if processing individual projects that do not have any surveys enabled, it would mistakenly execute several unnecessary, long-running SQL queries on each project lacking surveys, which would make the overall process take much longer to fully complete than it should.

  • Bug fix: It might be possible for users or participants to manipulate an HTTP request in a specially-crafted way in order to upload files of any file type into a Signature field on a data entry form or survey. Note: This does not pose a security issue of any kind, and if certain file extensions are defined in the "Restricted file types for uploaded files" list in the Control Center, then those file types will be blocked immediately and not saved in the system.

  • Bug fix: In some rare cases, the "collation_connection" setting for the REDCap database connection might mistakenly be taking effect, which could thus lead to possible encoding issues when pulling information from or storing information in the REDCap database.

  • Bug fix: The simultaneous user prevention check on data entry forms would mistakenly prevent multiple users from accessing and editing different repeating instances of the same record-event-instrument in a project.

  • Bug fix: On certain pages/dialogs, the calendar datepicker popup might mistakenly fail to be displayed when expected (e.g., when editing an alert). Bug was supposedly fixed in the previous version but still persists in some places throughout the application. (Ticket #223627)

  • Bug fix: When importing Form Display Logic via a CSV file, the checkboxes for the FDL's optional settings would mistakenly all become unchecked after the import. (Ticket #223666)

  • Bug fix: When the "Auto-suspend users after period of inactivity" setting is enabled, users who have not been added to any projects might mistakenly not get auto-suspended. (Ticket #223659)

  • Bug fix: When uploading a CSV file to add or rename Data Access Groups on the DAG page in a project, in which the user provides a unique group name in the CSV file for a DAG that does not yet exist, the error message provided would be confusing as to what the problem is. In this situation, a more detailed error message is provided to inform the user that the unique group name is only used for renaming DAGs and should be left blank when creating new DAGs. (Ticket #223526)

  • Bug fix: When the Rapid Retrieval caching feature is using file-based storage and is utilizing the alternate storage location (instead of using REDCap temp for storage), it might store some of the RR files in the REDCap temp directory by mistake. (Ticket #223738)

  • Bug fix: When using Google Cloud Storage for file storage in the system, uploading a file on the main Send-It page might mistakenly not work successfully. (Ticket #221098b)

Version 14.0.10 (released on 2024-01-30)

CHANGES IN THIS VERSION:

  • Major security fix: A Reflected XSS (Cross-site Scripting) vulnerability was discovered on the "Importing instrument from the REDCap Shared Library" page in which a malicious user could potentially exploit it by inserting custom JavaScript in a specially crafted way into input elements on the page. The user must be authenticated into REDCap in order to exploit this. Bug exists in all REDCap versions for the past 10 years.

  • Major security fix: A Reflected XSS (Cross-site Scripting) vulnerability was discovered in the Database Query Tool in which a malicious user could potentially exploit it by inserting custom JavaScript in a specially crafted way into saved queries on the page. The user must be an admin and must be authenticated into REDCap in order to exploit this. Bug emerged in REDCap 12.3.0.

  • Major security fix: A Reflected XSS (Cross-site Scripting) vulnerability was discovered on the Alerts & Notifications page in which a malicious user could potentially exploit it by inserting custom JavaScript in a specially crafted way into parameters in certain AJAX requests. The user must be authenticated into REDCap in order to exploit this. Bug emerged in REDCap 9.0.0.

  • Major security fix: A Reflected XSS (Cross-site Scripting) vulnerability was discovered on the confirmation page displayed for users who have put in specific requests to the REDCap administrator (e.g., requested a project be moved to production) in which a malicious user could potentially exploit it by inserting custom JavaScript in a specially crafted way into the URL. The user must be authenticated into REDCap in order to exploit this. Bug exists in all REDCap versions for the past 10 years.

  • Medium security fix: A Broken Access Control vulnerability was discovered in which a logged-in user who is not a REDCap administrator could create Custom Application Links and have those open on the left-hand menu for any and all projects in the system. Only admins should be able to create, modify, and delete Custom Application Links in the Control Center. This could be used to trick users into navigating to potentially malicious websites.

  • Medium security fix: Lower-level REDCap administrators (e.g., with "Manage user accounts" rights) could potentially escalate their own admin privileges by utilizing information from certain tables in the database via the Database Query Tool page. Going forward, only administrators with 'Admin Rights' privileges, 'Modify system configuration pages' privileges, or 'Access to all projects and data with maximum privileges' privileges are allowed to access the Database Query Tool.

  • Medium security fix: There is a possibility in very specific situations that a malicious user might be able to reactivate another user's session and take it over after the other user has logged out of REDCap. This would require obtaining the other user's session ID.

  • Minor security fix: Cross-site Request Forgery (CSRF) protection was mistakenly not applied to the user action of deleting arms on the Define My Events page.

  • Minor security fix: If a logged-in user has specific knowledge of the REDCap system, they might be able to manipulate the parameters of a specific AJAX endpoint in order to send custom crafted emails impersonating any email sender (i.e., they can set the email's From address to anything they wish).

  • Major bug fix: On certain pages/dialogs, the calendar datepicker popup might mistakenly fail to be displayed when expected (e.g., when composing survey invitations). Bug emerged in the previous version. (Ticket #223277)

  • Bug fix: The Rapid Retrieval caching feature might mistakenly cause some API calls to hang and eventually time out. (Ticket #223083)

  • Bug fix: Since Microsoft will soon be deprecating their Azure Storage PHP client libraries that are currently used by REDCap, the Azure Storage library has now been replaced in REDCap with new custom-built methods for making calls directly to the Azure Blob Storage REST API. (Ticket #216356)

  • Bug fix: If the first instrument in a project is taken as a public survey, it can end up with two different (but equally valid) return codes, assuming the survey has "Save & Return Later" enabled. However, it could be confusing for users to see two different return codes and think something is wrong. For consistency, the return code on the data entry form will now match the return code displayed to the participant on the survey page. (Ticket #208079)

  • Bug fix: In very specific situations when using branching logic on a multi-page survey that is a repeating instrument/survey, some survey pages might get mistakenly skipped if the repeating instance number is greater than "1" when all fields on the page have branching logic that references field values on the current repeating instance. (Ticket #223126)

  • Bug fix: For Step 2 when editing an alert and setting "Send it how many times?" to "Multiple times on a recurring basis", the number interval of the recurrence could mistakenly only be 4 characters long at the maximum. (Ticket #223020)

  • Bug fix: When a REDCap administrator has limited data export privileges in a project and then calls the Export Report API method, REDCap would mistakenly remove many of the fields in the resulting data set, which should not happen to administrators. (Ticket #223259)

  • Bug fix: When using Multi-Language Management, certain types of fields (yesno, truefalse, matrix field choices) would fail to be properly piped when the fields do not exist on the same form. (Ticket #222446)

  • Bug fix: In some situations, it might be possible for a user or admin to duplicate the process of moving a project to production status, which would inadvertently cause the project to end up in Analysis/Cleanup status instead. (Ticket #222935)

  • Bug fix: When using the @if action tag on a survey question, in which the participant is returning to the survey via their "Save & Return Later" return code, the @if logic might mistakenly not get evaluated correctly on the page to which they return, thus possibly utilizing the wrong action tags for the field. Note: This does not occur for subsequent pages in the survey after returning to the survey but only to the initial page loaded upon their return. (Ticket #223291)

Version 13.7.31 (released on 2024-01-30)

CHANGES IN THIS VERSION:

  • Major security fix: A Reflected XSS (Cross-site Scripting) vulnerability was discovered on the "Importing instrument from the REDCap Shared Library" page in which a malicious user could potentially exploit it by inserting custom JavaScript in a specially crafted way into input elements on the page. The user must be authenticated into REDCap in order to exploit this. Bug exists in all REDCap versions for the past 10 years.

  • Major security fix: A Reflected XSS (Cross-site Scripting) vulnerability was discovered in the Database Query Tool in which a malicious user could potentially exploit it by inserting custom JavaScript in a specially crafted way into saved queries on the page. The user must be an admin and must be authenticated into REDCap in order to exploit this. Bug emerged in REDCap 12.3.0.

  • Major security fix: A Reflected XSS (Cross-site Scripting) vulnerability was discovered on the Alerts & Notifications page in which a malicious user could potentially exploit it by inserting custom JavaScript in a specially crafted way into parameters in certain AJAX requests. The user must be authenticated into REDCap in order to exploit this. Bug emerged in REDCap 9.0.0.

  • Major security fix: A Reflected XSS (Cross-site Scripting) vulnerability was discovered on the confirmation page displayed for users who have put in specific requests to the REDCap administrator (e.g., requested a project be moved to production) in which a malicious user could potentially exploit it by inserting custom JavaScript in a specially crafted way into the URL. The user must be authenticated into REDCap in order to exploit this. Bug exists in all REDCap versions for the past 10 years.

  • Medium security fix: A Broken Access Control vulnerability was discovered in which a logged-in user who is not a REDCap administrator could create Custom Application Links and have those open on the left-hand menu for any and all projects in the system. Only admins should be able to create, modify, and delete Custom Application Links in the Control Center. This could be used to trick users into navigating to potentially malicious websites.

  • Medium security fix: Lower-level REDCap administrators (e.g., with "Manage user accounts" rights) could potentially escalate their own admin privileges by utilizing information from certain tables in the database via the Database Query Tool page. Going forward, only administrators with 'Admin Rights' privileges, 'Modify system configuration pages' privileges, or 'Access to all projects and data with maximum privileges' privileges are allowed to access the Database Query Tool.

  • Medium security fix: There is a possibility in very specific situations that a malicious user might be able to reactivate another user's session and take it over after the other user has logged out of REDCap. This would require obtaining the other user's session ID.

  • Minor security fix: Cross-site Request Forgery (CSRF) protection was mistakenly not applied to the user action of deleting arms on the Define My Events page.

  • Minor security fix: If a logged-in user has specific knowledge of the REDCap system, they might be able to manipulate the parameters of a specific AJAX endpoint in order to send custom crafted emails impersonating any email sender (i.e., they can set the email's From address to anything they wish).

Version 14.0.9 (released on 2024-01-25)

CHANGES IN THIS VERSION:

  • Bug fix: When downloading an Instrument Zip file or various CSV files, the process might crash due to a fatal PHP error if the user has Space or Tab as their preferred "Delimiter for CSV file downloads" (as defined on their Profile page). (Ticket #222524)

  • Bug fix: The simultaneous user prevention check on data entry forms would mistakenly prevent multiple users from accessing and editing different repeating instances of the same record-event-instrument in a project.

  • Bug fix: When using Multi-Language Management, floating matrix headers were not aligned properly on surveys for right-to-left languages. (Ticket #222689)

  • Bug fix: When upgrading from a version prior to REDCap 14.0.1, an SQL error might occur during the REDCap upgrade with regard to an "alter table" statement for the database table "redcap_outgoing_email_sms_log".

  • Bug fix: When viewing the "Stats & Charts" page for any report that has one or more Live Filters selected on the page, and then the user selects an instrument and/or record in the Display Options box near the top of the page, all Live Filter selections would mistakenly get reset back to a blank value. (Ticket #222699)

  • Bug fix: When using Multi-Language Management, the Forms/Surveys tab on the MLM setup page might fail to load due to a JavaScript error.

  • Bug fix: If a file in the Recycle Bin in the File Repository is permanently deleted by a REDCap admin, the file would be marked as having been permanently deleted but would mistakenly still exist in the file storage system. (Ticket #222787)

  • Bug fix: When using CDIS, an issue might occur if REDCap is using Azure AD OAuth2 & Table-based authentication method, particularly during an EHR launch for Clinical Data Pull.

  • Bug fix: When using the text "month", "day", or "year" followed by an opening parenthesis inside quotes in a @CALCTEXT equation, the calculation would not get parsed correctly, thus resulting in a calculation error on the survey page or data entry form. (Ticket #222973)

  • Bug fix: When the calendar datepicker popup is displayed near the rich text editor, in some situations part of the calendar might mistakenly get covered up by the editor's toolbar. (Ticket #223011)

  • Bug fix: When Rapid Retrieval is disabled, REDCap might still be creating *.rr cache files in the temp folder. (Ticket #223076)

  • Bug fix: If an administrator is not a user in a project but clicks the "Create API token now" button on the project's API page, the token would not be created (as expected) but it would mistakenly log the event "Create API token for self" as if it was created. (Ticket #222977)

Version 14.0.8 (released on 2024-01-18)

CHANGES IN THIS VERSION:

  • Major bug fix: When a user views a report and modifies the "report_id" parameter in the URL while on the report's "Stats & Charts" page or when editing the report, in which the report_id is changed to the report_id of a report in another project to which the user does not have access, the user would mistakenly be able to view the report name and the number of results returned from that report from the other project. Note: No identifying data or record names from the other project are able to be accessed using these methods; only the report name and the total count of results returned from the report can be extracted.

  • Bug fix: When viewing the Record Status Dashboard when Data Access Groups exist in a project, in certain situations the RSD page might load a bit slowly due to an excessive amount of SQL queries being run. This was fixed in the previous version, but it only covered specific situations. (Ticket #221998b)

  • Bug fix: When using Clinical Data Mart in CDIS, there were issues in the list of mappable items within CDM projects, in which the following condition types were not mappable as generic entries: encounter-diagnosis-list, problem-genomics-list, problem-medical-history-list, and problem-reason-for-visit-list.

  • Bug fix: If a user was given "Edit Access" rights to a specific report, but they have been given "Add/Edit/Organize Reports" user privileges for the project, if they append "&addedit=1" to the URL when viewing the report, it might appear that they can edit the report. However, clicking the "Save Report" button on the page would actually do nothing and would forever say "Working". So while they aren't able to bypass any report access privileges, it could be confusing because it appears as though maybe they could. (Ticket #222150)

  • Bug fix: If a project is being moved back to Production status from Analysis/Cleanup status, the process of moving it back to Production would mistakenly not clear out the "inactive_time" timestamp in the backend database for the project. This issue has no impact on the application. (Ticket #222175)

  • Bug fix: When using Multi-Language Management, instruments with matrix fields would fail to load due to a JavaScript error. This bug was introduced in the previous version. (Ticket #222211)

  • Bug fix: When using Clinical Data Pull in CDIS, some CDP projects with the auto-adjudication feature enabled might display the adjudication count as a negative number. (Ticket #134564)

  • Bug fix: When using Clinical Data Pull in CDIS, an out-of-memory error could occur when handling large volumes of data being pulled from the EHR.

  • Bug fix: When erasing all data in a project or deleting all records when moving a project to production, the process might take a disproportionately large amount of time to complete (or it might get stuck) if the project contains a large amount of data points (i.e., several million or more rows). The process now deletes data from the redcap_dataX table in smaller batches rather than attempting to delete all rows with a single query.

  • Bug fix: When saving the Survey Login settings in the Online Designer, the confirmation dialog would mistakenly not be displayed due to a JavaScript error.

  • Bug fix: When erasing all data in a project or deleting all records when moving a project to production, the process might mistakenly not delete the 'Survey Login Success' and 'Survey Login Failure' logged events in the project if the Survey Login feature is being utilized. (Ticket #222429)

  • Bug fix: When using Clinical Data Mart in CDIS, the CDM data fetching process might fail when using specific versions of MySQL/MariaDB, specifically MySQL versions prior to 8.0 and MariaDB versions prior to 10.2.1. (Ticket #219308)