Version 6.11.2 - (released 1/16/2016)
-
Major bug fix: When using Table-based authentication, in which a new user account is created and the user receives an email to set their password, in some cases it would mistakenly cause multiple false logins after loading the page, which might possibly trigger the auto-lockout feature. If this happens, the user would have to wait until after the set lockout period has passed, but it is possible that the auto-lockout could occur again, thus preventing the user from gaining access to REDCap for a while. This does not occur on all occasions but only randomly. (Ticket #1071)
-
Medium security vulnerability: It was discovered that SQL Injection might be possible on the File Repository page if a malicious user knows how to send a specifically-crafted request to REDCap to exploit the vulnerability.
-
Change: When performing the field mapping step in the Dynamical Data Pull (DDP) module in a project, it would display a question mark icon next to each field in the tree of source fields even if the metadata web service does not provide a "description" attribute for the field. This could be confusing since the icon would essentially serve no purpose in this case. It now only displays the icon if a description is actually provided by the metadata web service for a given field.
-
Bug fix: The Import Users API method had a mistake in its documentation, in which it said the "content" parameter should be "user_rights" when it should instead be "user".
-
Bug fix: If a survey has the "Save & Return Later" feature enabled and also allows respondents to edit completed responses, then the Return Codes export on the "Data Exports, Reports, and Stats" page would mistakenly leave blank all the return codes for completed responses in the exported CSV file.
-
Bug fix: When using the REDCap Mobile App page in a project, in which the project has been set up on the mobile app and then the user has performed an emergency data dump from the app, if a file from a Signature field or File Upload field was uploaded to the Mobile App File Archive, its download icon on the page would mistakenly say "Excel CSV". That should only happen for CSV files, such as a logging file or data dump CSV on that page. (Ticket #1074)
-
Change: When a project is in production status, it was too difficult for users to find the Check For Identifiers page, so it has now been added to the bottom of the Project Setup page when the project is in production.
-
Bug fix: When opening the Add/Edit? Field popup in the Online Designer, it was mistakenly displaying the Field Annotation section for Section Headers when it should not be displayed for them. (Ticket #1072)
-
Bug fix: When HTML tags and/or CSS is used inside the Field Label of a required field and a user or survey participant submits the page without having entered a value for the field, it would display the Field Label in a popup when listing which fields have a missing value, but it would mistakenly strip out all HTML in the Field Label. It now maintains all the HTML and styling when displaying it inside the required field popup.
-
Bug fix: In a longitudinal project that has multiple arms and the first instrument is enabled as a survey, when adding the first event to an empty arm, it would display an erroneous warning message saying that the first event of the arm was moved to another position, which is not correct and should not be displayed in this scenario. (Ticket #1070)
-
Bug fix: When the Dynamic Data Pull (DDP) module is enabled for a project, on certain occasions the DDP Mapping page might mistakenly display a field at the bottom of the mapping table and list it erroneously as a composite field.
-
Bug fix: If the Secondary Unique Field feature is enabled in a project, there are certain occasions on which a user or participant might be able to bypass the uniqueness check when submitting values on a form or survey.
Version 6.11.1 - (released 12/22/2015)
-
Change/improvement: When users are being assigned to a role while being granted access to a project on the User Rights page, it now displays a checkbox option to have the user emailed in order to notify them of having been granted access to the project. In previous versions, there was no way to notify a user when being added to a project via role assignment. (Ticket #1051)
-
Bug fix: When using the plugin/hook method REDCap::getPDF() for an instrument that has been enabled as a survey, it would mistakenly return the form version of the PDF rather than the survey version of the PDF, which includes the survey title, instructions, and survey completion time.
-
Bug fix: Several places in REDCap currently send an email in which the From and To address are the same (e.g., emailing a survey Return Code, emailing a confirmation that someone has downloaded a Send-It file, when a Table-based user recovers their password), but that can sometimes cause the email not to be received by the recipient because it can get flagged as spam by certain email services. In those cases, REDCap now uses the email address of the Project Contact Person as to email sender for greater compatibility.
-
Bug fix: The "Map of Users" page in the Control Center would mistakenly no longer load the map due to changes in the Google Maps API. (Ticket #1058)
-
Bug fix: If a user is on the File Repository page in a project and selects the "All Exports/Types?" to filter data export files, it would mistakenly display the files from the last export instead. (Ticket #1060)
-
Bug fix: If a user is on the File Repository page in a project and makes a selection in the drop-down list to filter data export files, in which it will return zero files for that selection, then when the page is redisplayed it would mistakenly hide the "filter by" drop-down, thus making it impossible to make another selection, and the user would be forced to click the Back button in their browser and click on a tab above.
-
Bug fix: When copying a project or creating a new project from a Project Template, it would mistakenly not copy certain project attributes from the original project, such as if the Randomization module is enabled.
-
Bug fix: When using the Randomization module in a project and moving the project to production after some records have been randomized while in development status, it would mistakenly leave the "Randomize record" events in the project's Logging history when all records are being deleted during the move-to-production process. It now removes those logged events from the Logging.
-
Bug fix: The plugin/hook method REDCap::getSurveyLink() would mistakenly return a survey link if provided with a record name for a record that does not yet exist. Also, in a longitudinal project it would mistakenly return a survey link for a record that has not been created in a given arm when an event_id from that arm has been passed as a parameter in the method, and if the link was used by a respondent, it would create the record in the other arm. In these situations, it should instead return NULL.
Version 6.11.0 - (released 12/18/2015)
-
NEW FEATURES & IMPROVEMENTS:
-
New API methods (please see the API documentation embedded in REDCap for details regarding these methods)
-
Arm import/delete - for longitudinal projects only; requires API Import privileges and Project Design/Setup? privileges
-
Event import/delete - for longitudinal projects only; requires API Import privileges and Project Design/Setup? privileges
-
Import instrument-event mappings - for longitudinal projects only; requires API Import privileges and Project Design/Setup? privileges
-
Import metadata, i.e. data dictionary - available only in development status; requires API Import privileges and Project Design/Setup? privileges
-
Import users (import new users into a project while setting their user privileges, or update the privileges of existing users in the project.) - requires API Import privileges and User Rights privileges
-
Create project
-
Allows a user to create a new REDCap project while setting some project attributes, such as project title, project purpose, enable/disable record auto-numbering, enable the project as longitudinal, and enable surveys in the project.
-
This method requires a Super API Token that must be granted to a user by a REDCap administrator on the API Tokens page in the Control Center.
-
After the super token has been granted, the user can view the super token on their My Profile page.
-
Improvement: Added support for hosting REDCap in Google Cloud AppEngine? (with Google Cloud Storage). When hosted on the Google Cloud Platform, you can set file storage option to “Google Cloud Storage” on the File Upload Settings page and provide the names of the buckets where the files will be stored. It also works seamlessly to connect with Google Cloud SQL that would host the MySQL backend for REDCap.
-
Improvement: REDCap now supports secure connections to MySQL using SSL/TLS. The following PHP variables must be added into database.php in the main "redcap" directory (the first 3 are required at minimum, while the last 2 might be optional for certain configurations).
-
$db_ssl_key = ''; // e.g., '/etc/mysql/ssl/client-key.pem'
-
$db_ssl_cert = ''; // e.g., '/etc/mysql/ssl/client-cert.pem'
-
$db_ssl_ca = ''; // e.g., '/etc/mysql/ssl/ca-cert.pem'
-
$db_ssl_capath = NULL;
-
$db_ssl_cipher = NULL;
-
Improvement: Users may now download and upload arms and events as a CSV file on the “Define My Events” page, as well as download and upload the instrument-event designations as a CSV file on the “Designate Instruments for My Events” page. Using these methods, users can now fully reconstruct the structure of a project if they wish to copy it, in which they could download the data dictionary file, arms file, events file, event mappings file, and data export file, and then upload all of them into a new project to recreate it. In previous versions, this could only be done for classic projects, but this now allows it to be done for longitudinal projects. When uploading the CSV file for arms, events, or event mappings, it will display a preview to the user to show what changes will be made, such as which things may be added, modified, deleted, or stay the same.
-
Improvement: “select all” and “deselect all” links were added to the “Designate Instruments for My Events” page to allow users to more easily check off the checkboxes if many instruments and/or events exist in the project.
-
Improvement: When assigning projects to Project Folders, there is now a checkbox option to hide archived projects in the project list. This should make it easier for users to ignore those projects during the folder assignment process.
-
Improvement: A new optional API parameter named "filterLogic" was API method "Export Records". filterLogic should be a string of logic text (e.g., [age] > 30) for filtering the data to be returned by this API method, in which the API will only return the records (or record-events, if a longitudinal project) where the logic evaluates as TRUE. This parameter is blank/null by default unless a value is supplied. Please note that if the filter logic contains any incorrect syntax, the API will respond with an error message.
-
Improvement: The Activity Graphs page in the Control Center now includes two new charts: 1) Database Usage (MB), and 2) Usage by Uploaded Files (MB).
* BUG FIXES & OTHER CHANGES:
-
Change/improvement: If the Survey Login feature is enabled in a project, it now performs a password mask for the text fields on the survey login form in order to obscure the participant's password value(s). In previous versions, the password fields were displayed as clear text.
-
Changes to existing API methods
-
Change: For the API method “Export Users”, many more user privilege rights are included in the response. The following is the full header list: username,email,firstname,lastname,expiration,data_access_group,data_access_group_id,design,user_rights,data_access_groups,data_export,reports,stats_and_charts,manage_survey_participants,calendar,data_import_tool,data_comparison_tool,logging,file_repository,data_quality_create,data_quality_execute,api_export,api_import,mobile_app,mobile_app_download_data,record_create,record_rename,record_delete,lock_records_all_forms,lock_records,lock_records_customization,forms
-
Change: For the API method “Export Users”, when requesting a response in CSV format, form-level rights are returned in a different format in order to prevent possible duplication of other new user privileges that are returned, in which all form rights will now be consolidated into a single column named “forms” (whereas in previous versions each form was represented as an individual column). The last column of the CSV string returned will have “forms” as the header, and the value will be each [unique] form name and its numerical value as a colon-separated pair with all the form value pairs strung together as a single comma-separated string (e.g. “demographics:1,visit_data:3,baseline:1”). See a full CSV example below of two users exported from a project.
username,email,firstname,lastname,expiration,data_access_group,data_access_group_id,design,user_rights,data_access_groups,data_export,reports,stats_and_charts,manage_survey_participants,calendar,data_import_tool,data_comparison_tool,logging,file_repository,data_quality_create,data_quality_execute,api_export,api_import,mobile_app,mobile_app_download_data,record_create,record_rename,record_delete,lock_records_all_forms,lock_records,lock_records_customization,forms harrispa, test1@gmail.com,Joe,User1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,"demographics:3,baseline_data:1,visit_lab_data:1,patient_morale_questionnaire:1,visit_blood_workup:1,completion_data:1,completion_project_questionnaire:1,visit_observed_behavior:1" taylorr4, test2@gmail.com,Joe,User,2015-12-08,group_a,1,0,0,0,2,1,1,1,1,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,"demographics:3,baseline_data:1,visit_lab_data:1,patient_morale_questionnaire:1,visit_blood_workup:1,completion_data:1,completion_project_questionnaire:1,visit_observed_behavior:1"
-
Change: For the API method “Export Users”, when requesting a response in XML format, the main parent tags at the beginning and end of the response will no longer be but instead will be to be less confusing (since “records” often denotes something else in REDCap) and also to be more consistent with how other API methods return XML items.
-
Change: For the API method “Export Users”, the new “data_access_group_id” field was added, in which it returns the numerical group ID number that the “data_access_group” field used to return in previous versions. And now, the unique group name of a user’s Data Access Group is returned for the “data_access_group” field rather than the numerical group ID number.
-
Change: The API method “Export Instrument-Event Mappings” now returns a different structure if exporting as JSON or XML (however, the CSV format will remain the same). It will now export with “arm_num”, “unique_event_name”, and “form” as attributes of each item/mapping, as seen in the JSON/XML examples below.
-
JSON example:
[{"arm_num":1,"unique_event_name":"event_2_arm_1","form":"demographics"}, {"arm_num":1,"unique_event_name":"event_2_arm_1","form":"baseline_data"}, {"arm_num":3,"unique_event_name":"visit_2_arm_3","form":"completion_data"}]
- 1event_2_arm_1
- 1event_2_arm_1
- 3visit_2_arm_3
-
Improvement: For “Export Project Information” API method, the following two project attributes were added:
-
secondary_unique_field – The variable name of the secondary unique field defined in the project (if applicable).
-
display_today_now_button – Value will be “0” or “1” (i.e. False or True). If “0”, then do NOT display the today/now button next to date/datetime fields on data entry forms and surveys. If “1” (default), display them.
-
Change: When using an API token associated with a super user account, the API now recognizes the API user as having maximum privileges (i.e., super user privileges) with regard to API requests, whereas in previous versions it only inferred the user's privileges literally from what is defined on the project's User Rights page, which was inconsistent with how super user rights are recognized by REDCap in the front-end user interface.
-
Change/improvement: The Control Center's System Statistics page now has the counts for Total Logged Events and Dynamic Data Pull (DDP) separated as separate AJAX calls since it was causing the whole table to load very slowly on the page.
-
Small security fix: When a table-based user would reset their password, the password value would mistakenly be displayed on the page (although invisible) for a fraction of a second before the page immediately redirected elsewhere once the page loaded.
-
Bug fix: Small issue with PHP autoload function that only affects specific PHP configurations, in which it would throw a fatal PHP error when attempting to install REDCap.
-
Bug fix: If using Google OpenID authentication and the REDCap web server does not have cURL installed, it would throw an error during login.
-
Change: If using Google OpenID authentication and a user logs in for the first time, it will now capture the user's first name, last name, and email address and add them to the user's REDCap account automatically.
-
Improvement: When installing REDCap, it is now possible to use the MySQL socket value in the database configuration by adding the PHP variable $db_socket to database.php in the main "redcap" directory.
-
Bug fix: If a user has some kind of Data Export privileges but does not have Add/Edit? Reports privileges, when the user navigates to the "Data Exports, Reports, and Stats" page, it mistakenly displays a blank page and thus will not let them view a report or export data. (Ticket #1055)
-
Bug fix: The Field Note text of certain left-aligned fields (e.g. Notes fields) when displayed on surveys or forms would mistakenly begin wrapping their text to the next line after only going halfway across the webpage. Field Notes now extend to the full width of their column in the question table.
-
Bug fix: When executing an API request in the API Playground for particular web server configurations, it would mistakenly not return anything from the request with an HTTP status code of "0". This was improved in version 6.9.7 but still gave issues for some.
Version 6.10.1 - (released 12/03/2015)
-
Medium security fixes: Several cross-site scripting vulnerabilities were found on various pages throughout REDCap, in which these vulnerabilities could possibly be exploited by a malicious user (who is a valid REDCap user) who knows how to craft specific HTTP requests to such pages or can trick other authenticated users to navigate to specifically-crafted URLs.
-
Change: Updated the Help & FAQ page
-
Bug fix: When importing data via the API with the "returnContent" parameter set as "ids" in which the "format" (or "returnFormat") parameter is set as "json", then it would mistakenly not put quotes around non-numerical record names that are returned in the API's response. Also, it would mistakenly not escape certain characters in the record names if the response is returned as "json" or "csv" for the "format" (or "returnFormat") parameter.
Version 6.10.0 - (released 11/25/2015)
-
NEW FEATURES & IMPROVEMENTS:
-
New feature: Project Folders
-
Project Folders are a way for users to organize the projects on their My Projects page by putting them into groups. The folder can be given a name and can be color-coded (by setting a text color and background color) so that it displays boldly in the My Projects page.
-
Once a folder has been created, the user can assign any number of projects to a folder (and can even assign a single project to multiple folders). This allows the projects to be grouped together under that folder when displayed on the user’s My Projects page.
-
Project Folders are for personel organization, so no one else can see a user’s folders (except for REDCap administrators when viewing the user’s projects on the Browse Projects page in the Control Center).
-
New feature: Survey themes
-
3 new options were added to the Survey Settings page for any given survey (accessed via the Online Designer):
-
Size of survey text – Set the survey text to a bigger font size (Normal, Large, or Very Large).
-
Font of survey text – Set the font family of all the text displayed on the survey (Arial, Georgia, Tahoma, and more).
-
Survey theme – Set the color scheme for the survey. There are 10 predefined themes available that users may use, but if they do not prefer them, users can easily click the Customize button to customize the color scheme of the survey any way they want, in which it will open up 8 different options for modifying the colors of various elements in the survey. Also, users may create their own custom survey theme to save the theme with a specified name, after which they may easily use it their saved theme in the future for another survey.
-
A “survey design preview” box is displayed on the Survey Settings page so that the user can see how their survey design choices will make their survey look to respondents.
-
Create institution-specific themes: REDCap administrators with access to their MySQL database can create their own installation-specific themes by adding them to the redcap_surveys_themes database table (add new row to the table with NULL value for “ui_id” field). The easiest way to do this is to create a new theme on the Survey Settings page in a project and save that customized theme, and then find that theme in the redcap_surveys_themes database table and set its ui_id value as NULL, after which it will appear for all users as an official REDCap survey theme in the theme drop-down list.
-
New feature: A project's Survey Invitation Log is now downloadable in CSV format.
-
Improvement: On the Define My Events page in a longitudinal project, it no longer displays the Days Offset and Offset Range columns in the events table if the Scheduling module is not enabled for the project. Since those columns are only utilized during scheduling, this provides a simpler and less confusing interface for users when scheduling is not being used. When creating a new event in this case, the event name is the only thing that needs to be provided, after which the order of that event or any event in the current arm can be change using drag-n-drop by dragging that event's row in the table.
-
Improvement: New styling options were added to the rich text editor for survey instructions and survey completion text, such as setting text color and background color, inserting tables, copy-paste options, and indentation options.
-
BUG FIXES & OTHER CHANGES:
-
Major bug fix: For surveys that have the survey option "Allow respondents to return and modify completed responses?" enabled for a multi-page survey, then some responses might appear to be completed (i.e., they appear in the Completed Responses drop-down list of records) even though they have not truly been completed (they appear as "[not completed]" in the drop-down list). This fix will retroactively fix the existing records and will also prevent this issue from occurring in the future.
-
Improvement: If using Two-Factor Authentication with the Twilio SMS/phone option enabled, then the Table-based User Management page in the Control Center will now allow administrators to include a user's "Expiration time for 2-step login code" in the CSV upload file when creating user accounts in bulk.
-
Improvement: Better handling of memory on the web server in order to prevent large data exports and large reports from hitting a memory limit.
-
Improvement: The Survey Queue now displays better on mobile devices.
-
Improvement: If a survey participant has added or modified any data on a survey page and then attempts to exit the survey by closing their browser or browser tab before saving their changes, it will now display the "Save your changes?" prompt in a similar fashion to the prompt that is currently displayed when exiting a data entry form prematurely.
-
Improvement: The hook/plugin method REDCap::logEvent() now accepts a new optional parameter $project_id that can be used to specify the project for which the event should be logged when in a system-level context or alternatively to specify the project_id for another project when in a project-level context.
-
Change: In the "Edit Field" popup on the Online Designer, the Field Annotation box has been moved over to the bottom left of the popup dialog to distinguish it more from the Field Note box while at the same time helping to keep the popup itself more compact for most field types.
-
Bug fix: The HTML tag was mistakenly not whitelisted as a safe HTML tag to utilize in field labels, survey instructions, etc. This would inadvertently cause the tag to get HTML-escaped and thus get displayed to the user on the page.
-
Bug fix: When viewing the "Data History" popup for a File Upload field on a data entry page, it would mistakenly not display the logged event(s) where a file was uploaded for that field. (Ticket #1043)
-
Bug fix: When using the Twilio telephony services and using the designated phone field for survey invitations, it would mistakenly not display the participant's phone number on the Survey Invitation Log. Also, it would not allow users to click on the "Responded?" icon in the Participant List in order to view the response on the data entry form.
-
Bug fix: When using the hook/plugin method REDCap::logEvent() in a hook, it would mistakenly not display correctly on a project's Logging page. (Ticket #1042)
-
Bug fix: If a user is attempting to import date or datetime fields (either via API or Data Import Tool) that are not in the specified date format, it would return a slightly incorrect error message, in which it would not mention that date or datetime fields can also be imported in Y-M-D format.
-
Bug fix: If there exist two or more adjacent Text fields on a survey or data entry form, in which those Text fields have some form of field validation with min/max range validation, then there is the possibility that if the validation error message gets displayed for a field and then later gets displayed again for another field below it, it may mistakenly display multiple popup messages on top of each other so that it makes it impossible for the user to close them all. This can result in the inability to return to data entry on the page, thus forcing the user to have to reload the page, possibly losing any data entered. (Ticket #1044)
-
Change: When setting up a new Automated Survey Invitation, the checkbox option "Ensure logic is still true before sending invitation?" is no longer checked by default since it could unwittingly cause confusion or issues in certain use cases when users simply left it checked.
-
Change: When importing data in CSV format via API or Data Import Tool, all blank rows will now be ignored instead of returning an error. This is to avoid the common mistake by users of leaving some lines as blank in the CSV file since most users assume the blank line would be ignored anyway.
-
Bug fix: If a user purposefully injects HTML tags into a survey's title for styling purposes, then those tags would mistakenly get displayed literally (e.g. "My Survey Title") in certain places in the project, such as the survey list in the Participant List, Survey Invitation Log, and Survey Queue.
Share with your friends: |