Released by redcap on 10/14/2016 Partners Healthcare to upgrade on 11/15/2016 redcap V. 15. 11 Full Release Notes Version 15. 11 (released 10/14/2016) bug fixes & other changes


Version 6.15.4 - (released 7/22/2016)



Download 230.05 Kb.
Page2/5
Date05.05.2018
Size230.05 Kb.
#48138
1   2   3   4   5

Version 6.15.4 - (released 7/22/2016)

BUG FIXES & OTHER CHANGES:

  • Minor security fix: A cross-site scripting vulnerability was found on the Scheduling project page, in which the vulnerability could possibly be exploited by a malicious user (who is a valid REDCap user) who knows how to craft a specific HTTP request to REDCap.

  • Bug fix: If a user had requested an API token in a project, it would mistakenly allow them to send a duplicate request on the API Playground page and on the Mobile App page in a project.

  • Bug fix: Corrupted line feeds (carriage returns) can sometimes get added to Field Labels in data dictionaries. Their origin is unknown, although Microsoft Excel is suspected. This can sometimes cause line breaks to double (i.e., two carriage returns instead of one) when uploading data dictionaries, or can cause line breaks to completely disappear if editing a field in the Online Designer. Any existing corrupted line feeds will now be properly converted and fixed when importing or exporting data dictionaries and when editing a field in the Online Designer. (Ticket #4148)

  • Bug fix: When using min/max range validation on a field having a validation type of datetime or datetime w/ seconds, in which a user enters an out-of-range value on a survey or data entry form, the error message popup that is displayed would mistakenly mangle the format of min/max values in the error message. (Ticket #4478)

Version 6.15.3 - (released 7/15/2016)

  • Bug fix: If the Duo option is enabled for Two-Factor Authentication, then it would mistakenly always return the user to the page "index.php" of the current directory they are in after they log out or after their session times out, even if that page does not really exist in REDCap, which could be very confusing to users. (Ticket #3592)

  • Bug fix: If using the @NOW or @TODAY action tags for date, time, or datetime fields, it would mistakenly set the text field to full width on a survey or data entry form rather than shortening the text field to its typical width based upon its specific validation type. (Ticket #3742)

  • Bug fix: In older versions of Internet Explorer, if a survey respondent opens a survey link, then completes the survey, and then clicks the "Close survey" button afterward, then it might throw a JavaScript error. (Ticket #3721)

  • Bug fix: If a user with E-signature privileges was attempting to e-sign a data entry form that had been previously locked, it would display an erroneous error.

  • Bug fix: The page footer on project pages would sometimes obscure page content.

  • Bug fix: If all the fields in a given section of a data entry form have the action tag @HIDDEN-APP or @HIDDEN-SURVEY, then when viewing the form, the section header above that section would mistakenly be hidden even though some of the fields in the section are still displayed. The section header should only be hidden if all fields in the section are hidden.

  • Major bug fix: When editing a survey's settings via the Survey Settings button on the Online Designer, it might mistakenly fail to save the settings for certain MySQL configurations. (Ticket #3003)

  • Bug fix: Minor formatting error in API documentation for Export Records method. (Ticket #4059)

  • Bug fix: When using Enhanced Choices for radios/checkboxes on surveys, if a choice label has long words, it might mistakenly causes horizontal scrollbars to appear around the choice in certain web browsers.

Version 6.15.2 - (released 7/7/2016)

  • Bug fix: When loading a public survey, it now employs stricter checking to doubly ensure that a public survey link does not get confused with a participant's unique survey link (since there might be a one-in-a-million chance that it could get confused under very specific and rare circumstances).

  • Bug fix: Fixed compatibility issues specifically related to MySQL 5.7 and its default sql_mode setting.

  • Bug fix: If a File Upload field has the @READONLY action tag, and the field already contains an uploaded file for a given record, then when viewing the survey page or data entry form, it would mistakenly allow the user to delete the file and even upload another file afterward. (Ticket #3263)

  • Bug fix: The server-side field validation would mistakenly get triggered on the record ID field when submitting a data entry form or survey if a record's name did not follow its specific field validation format. This would cause the server-side field validation message to constantly appear for that record unnecessarily whenever a form or survey was saved for the record. It now skips the server-side field validation for the record ID field when saving existing records.

  • Bug fix: On the Administrator To-Do List page in the Control Center, the page navigation for the "Completed & Archived Requests" table would become unwieldy if there existed more than 20 pages, thus causing all the page numbers to overflow and take up too much space. It now only displays the first and last handful of pages for navigation.

  • Bug fix: Fixed incorrect language in the "Move project to production" popup on the Project Setup page.

  • Bug fix: When using calculated fields that utilize cross-event calculations in a longitudinal project, Auto-Calculations and Data Quality rule H would mistakenly not be able to process any calculation that references a field on an event that did not contain any data (i.e., an empty event) for a given record. Thus, DQ rule H would not find any discrepancies even when they exist, and Auto-Calculations would not properly get performed. (Ticket #2898)

  • Bug fix: The action tags @HIDEBUTTON and @PASSWORDMASK were mistakenly not being employed on the Online Designer page when utilized for a given field.

  • Bug fix: If using MySQL-over-SSL secure database connection while on PHP 5.1 or 5.2, it might not be able to make successful database connections since REDCap was using the MYSQLI_OPT_SSL_VERIFY_SERVER_CERT flag, which was introduced in PHP 5.3. It now only applies that flag if on PHP 5.3 or higher.

Version 6.15.1 - (released 6/30/2016)

  • New LTS branch based on REDCap 6.15 (Standard) + the changes below.

  • Bug fix: If importing data via the Data Import Tool or API import for a longitudinal project in which multiple events are being imported for a record whose record name is mistakenly in different cases (e.g., "mea-101" vs "MEA-101") in the data being imported, then after importing that data, some of the data will never be displayed in reports in exports and will thus be orphaned. However, all the data is still accessible and viewable on data entry forms and surveys, but just not in exports and reports.

  • Bug fix: If REDCap is configured so that only super users are allowed to create projects and thus normal users must request new projects be created for them, then if a user knows how to send a specifically-crafted request to a certain page in REDCap, they could bypass the request process and actually create a new project on their own without a super user's permission.

  • Bug fix: The option to enable "enhanced radio buttons and checkboxes" on surveys was mistakenly not taking effect on CATs (computer adaptive tests) and Auto-scoring instruments, such as PROMIS assessments, that were downloaded from the REDCap Shared Library.

  • Bug fix: In a production project when a user clicks the "Request delete project" button on the Other Functionality tab of the Project Setup page, it would mistakenly not disable the button after being clicked, which would mistakenly allow users to click it multiple times (although it would correctly be disabled if they left the page and then returned).

  • Change: The "multiple tabs/windows open" error message now additionally notes that if a Cross-Site Request Forgery (CSRF) was just attempted that it was successfully blocked. This is helpful for any app scanners that are scanning REDCap and believe they have found a CSRF vulnerability when in fact it is a false positive.

  • Bug fix: On survey pages, the submit buttons at the bottom of the page were causing the page to become too wide on small screens in some cases if both the Previous Page and Next Page buttons were displayed at the same time.

  • Bug fix: A survey page would not automatically widen if the browser window was widened if the page was initially loaded with a narrow width.

  • Bug fix: When a project's metadata is exported as an ODM/XML file, if a field contains a range validation min or max with a value of "0", it would mistakenly be omitted in the resulting XML file.

  • Bug fix: When creating a new project using an uploaded ODM/XML file, if a field contains a range validation min and max value, then the max value would mistakenly overwrite the min value and leave the max value blank, resulting in incorrect validation range values for the field.

  • Reverted the bug fix for Ticket #1100 since it did not ultimately fix the issue. More work will need to be done in a near-term version to ultimately remedy this. (Refers to bug fix: If a Data Quality rule returns more than 10,000 discrepancies, which is the maximum that it will return, if there have been any discrepancies that have been excluded, then when displaying the discrepancy count to the user, it would mistakenly subtract the excluded count from 10,000 rather than subtracting it from the actual total discrepancy count.)

Version 6.15.0 - (released 6/22/2016)

  • New feature: Enhanced radio buttons and checkboxes for surveys - A new survey option "enhanced radio buttons and checkboxes" can be found on the Survey Settings page in the Online Designer in which a user can enable the feature so that radio buttons and checkboxes are displayed differently on the survey page, in which they appear as large animated buttons that look more modern and stylish than traditional radios and checkboxes. This new feature can be enabled for any given survey in a project where it will transform *all* radios and checkboxes on the survey into the enhanced version. Note: This feature does not work for radios and checkboxes in a matrix.

  • Improvement: Server-side field validation - In addition to the existing client-side field validation that is performed on surveys and data entry forms, REDCap will now also perform server-side validation to validate all submitted values prior to saving them to ensure they are valid values. This means verifying the value via a text field's field validation type, or if a multiple choice field, verifying that the value is indeed a valid choice for the field. If they are considered invalid values, then the value will not be saved, and the page will be reloaded with an error message (similar to the Required Fields error message) informing the user that invalid values were entered and should thus be corrected, if desired. This new server-side validation improves the overall quality of data being entered on surveys and form.

  • New feature: Create custom public survey link - On the "Public Survey Link" page in a project that utilizes surveys, users now have the option to create their own custom public survey link that begins with "http://is.gd" (e.g.,http://is.gd/diabeticsurvey), in which the custom URL will simply redirect to the public survey in their project. They may enter a desired URL, and it will check if the URL has already been taken. If not, it will store that custom URL in the project so that it is always able to be obtained on the Public Survey Link page.

  • New Action Tag: @HIDEBUTTON - Hides the 'Now' or 'Today' button that is typically displayed to the right of date, time, and date/time fields.

  • New Action Tag: @APPUSERNAME-APP - In the REDCap Mobile App, this action tag sets a field's value to the app username of the current mobile app user - i.e., their username in the mobile app, which is not necessarily the same as their REDCap server username that can be captured using @USERNAME. NOTE: For use only in the REDCap Mobile App.

  • Improvement: Updated "Help & FAQ" page. Has better navigation and is easier to read.

  • Improvement/change: If a user has had access to REDCap for more than 7 days and they are logging in to REDCap's home page, then it will redirect them to the My Projects page after a successful login. This is to save them a click, assuming that they have no need to view the home page at this point. Note: Due to certain limitations, this feature is only available for installations using "LDAP", "Table-based", or "LDAP & Table-based" authentication methods.

  • Improvement: Users can now only send the request one time for moving a project to production or requesting that a production project be deleted. In previous versions, the request could be sent many times and could thus cause confusion for the administrator regarding which request should be processed. Additionally, any user that has submitted either of these types of requests may also manually cancel the request by clicking a "Cancel request" button next to the disabled button where the request was originally submitted.

  • Improvement: Administrators can now add comments to items in the Control Center To-Do List. A comment can be added or edited for any item in the To-Do List.

  • Major bug fix: If using the median() function in a calculated field in which there are an even number of non-blank values being used in the function for a given record, then it would mistakenly return an incorrect value when viewing the calculated field on a survey or data entry form. However, if the value was calculated via Auto-Calculation via a data import or Data Quality rule H, then the result would be correct.

  • Major bug fix: If an authenticated user is on a data entry form that has been locked and/or e-signed, and the user knows how to manipulate the webpage in specific ways (e.g. JavaScript methods via their web browser's console) for malicious purposes, they could potentially submit data on the form and modify data values even though the form is locked.

  • Bug fix: If a radio button field (including Yes/No and True/False fields) has a @READONLY action tag, in which that field is being used on a survey where question pre-filling is being performed via query string or form submit and also where that same field's value is being piped somewhere else on the survey page, then the piped value would mistakenly change on the page if the choice label next to the read-only radio button was clicked. (Ticket #1881)

  • Bug fix: For certain server configurations, certain pages would cause a PHP fatal error to do case sensitivity when referencing REDCap's ToDoList PHP class.

  • Bug fix: If using the Data Resolution Workflow in a project, it was mistakenly not displaying the field-level data changes inside the table in the DRW popup but instead was only displaying the actions related to the DRW module. It now correctly displays both the actions and the data changes as it did previously.

  • Bug fix: For data entry forms that begin with one or more slider fields, inside of the user's cursor getting placed on the slider fields as it should, it would mistakenly skip over them and place the cursor in the field that follows them further down the page. (Ticket #2239)

  • Bug fix: When using a survey theme on a survey page, the text color for the "Returning?" link, "Survey Queue" link, and page number text would mistakenly not get incorporated into the survey theme colors, thus sometimes making them hard to read if close enough to the background color used.

  • Change: Modified the "Table-based User Mgmt" link on the Control Center's left-hand menu so that its text says "Add Users (Table-based Only)" instead for greater clarity.

  • Bug fix: When importing a text field with "datetime w/ seconds" validation in which its date is either MDY or DMY format (either via Data Import Tool or via API import), if the "seconds" time component is missing from the end of the value, then it will mistakenly prepend the time component with a "0" in the error message that is returned. This does not affect any data because it fails field validation.

  • Bug fix: When downloading the entire logging record of a project on its Logging page, if any field values contain a "less than" (<) sign followed immediately by a number or letter, then it would mistakenly truncate the Data Changes column for that row in the resulting CSV file. (Ticket #1788)

  • Change: Added new video "Mobile App Project Setup" on the REDCap Mobile App page in a project that discusses the process of setting up the mobile app for a given project.

  • Change: If an entire data entry form is disabled due to a user's form-level privileges being set to "read-only", the user would mistakenly not be able to add an E-signature to the form even if they have E-signing privileges. This is inconsistent since they can Lock or Unlock the form but cannot E-sign it. Users with E-signing privileges will now be able to e-sign a data entry form that is disabled. This is allowable since Locking and E-signing privileges are separate from data entry privileges.

  • Bug fix: If a Data Quality rule returns more than 10,000 discrepancies, which is the maximum that it will return, if there have been any discrepancies that have been excluded, then when displaying the discrepancy count to the user, it would mistakenly subtract the excluded count from 10,000 rather than subtracting it from the actual total discrepancy count. (Ticket #1100)

  • Bug fix: The "reset" link for a matrix of radio button fields was mistakenly getting displayed on the line above the radios rather than below them, thus messing up some of the formatting of the matrix.

Version 6.14.2 - (released 6/8/2016)

  • Change: A link to the Control Center was added (for super users only) at the top left of a project page (to the right of the "My Projects" link).

  • Bug fix: Permittable HTML tags that were manually entered in a calendar event's Notes field are no longer interpreted but are mistakenly escaped and displayed as-is on the calendar event. Example: In the mouseover tooltip for a calendar event on the Calendar page, instead of bolding the text when using , it would instead display it explicitly as "". Bug emerged in REDCap 6.14.1.

  • Bug fix: If an authenticated user has special knowledge of REDCap's architecture, they could potentially set or remove the project-level expiration date of a user in a project to which they have access, even if the user does not have privileges to access the User Rights page in that project.

  • Bug fix: If using the GET or POST pre-fill method for pre-filling survey fields, it would mistakenly fail to perform the pre-filling action on checkbox fields having option values of two characters or more in length. (Ticket #1243)

  • Bug fix: If an authenticated user has special knowledge of REDCap's architecture, they could manually call a certain page that would create a new project with a blank project title, even if they do not have project creation privileges. (Ticket #1246)

  • Bug fix: If a survey queue page has many completed surveys, in which it hides them and displays the "view all" link, then if the participant clicked the "view all" link, it would mistakenly not display the hidden completed surveys in the table. Bug emerged in version 6.13.0.

  • Change: All links pointing to pages on the Trac wiki have now been replaced with their corresponding pages on the new REDCap Community website (https://community.projectredcap.org) since the Trac wiki at devguard.com has now been officially retired.

  • Bug fix: The REDCap Hook documentation notes that the global variable $conn should be used for database connections. However, that variable is mistakenly not defined at the time any hook is called and thus is not able to be utilized.

  • Bug fix: In certain cases when using Shibboleth authentication, it would mistakenly not set the user's last login time correctly in the redcap_user_information table. (Ticket #1251)

Version 6.14.1 - (released 5/25/2016)

  • Improvement: A field's Section Header and Field Annotation are now displayed in the Codebook for the project.

  • Medium security fixes: Several cross-site scripting vulnerabilities were found on various pages throughout REDCap, in which these vulnerabilities could possibly be exploited by a malicious user (who is a valid REDCap user) who knows how to inject specific malicious text into field labels and other various field attributes, which then get displayed on certain pages. (Ticket #1234)

  • Major bug fix: If using the CDC's SAMS authentication, there is the possibility that the REDCap session could mistakenly persist via the user's browser's session cookie on their computer, despite the fact that the session was destroyed on the REDCap server.

  • Bug fix: When viewing the REDCap upgrade module on Mac OS X, the text inside the SQL upgrade script textbox might mistakenly not display line breaks incorrectly and thus might cause SQL errors if executed as is.

  • Bug fix: Some JavaScript? errors were occurring in Internet Explorer 8, which caused some functionality to work and some pages not to render correctly.

  • Bug fix: If a super user is submitting production Draft Mode changes in which the changes are not automatically approved, it would mistakenly not add the event to the To-Do List in the Control Center.

  • Change: Updated some of the language in the Install module to provide better guidance and clarity for the installation process, and also to remove language that caters heavily to phpMyAdmin as a preferable MySQL client. Additionally, text was added to stating that MariaDB is a completely compatible alternative for MySQL as a database back-end.

  • Bug fix: If using Two Factor Authentication, it was mistakenly not using the web server's default value for the "Secure" cookie attribute for the Two Factor cookies created, as per changes for session cookies in version 6.14.0.

  • Change: The attribute autocomplete="off" was added to all text input fields on surveys and data entry forms (and to the form tag itself) to allow institutions to better comply with certain regulatory requirements, even though most modern browsers ignore this attribute.

  • Bug fix: If the Double Data Entry module is enabled for a project, the Project Statistics table and the Current Users table would mistakenly overlap on the Project Home page. (Ticket #1233)

  • Bug fix: When selecting the Import Users API method on the API Playground page, it would mistakenly throw an error and crash the page. (Ticket #1226)

  • Change/bug fix: When exporting data via the Export Records API method, specifically in flat JSON format, it might mistakenly return the record names as different data types, in which some may be returned as numbers while others as strings. This should not affect anything adversely but might be confusing to users. For consistency, it now returns all record names as strings (i.e., surrounded by quotes) when exported in flat JSON format. (Ticket #1230)


Download 230.05 Kb.

Share with your friends:
1   2   3   4   5




The database is protected by copyright ©ininet.org 2024
send message

    Main page