#Alerts

Beginning with the release of InterSystems IRIS® data platform 2022.3, InterSystems corrected the license enforcement mechanism to include REST and SOAP requests. Due to this change, environments with non-core-based licenses that use REST or SOAP may experience greater license utilization after upgrading. To determine if this advisory applies to your InterSystems license, follow the instructions in the FAQ linked below.

This table summarizes the enforcement:

InterSystems has encountered a defect that causes some upgrades of HealthShare® Health Connect to fail. This only affects instances that are not licensed for the use of FHIR® and that have interoperability-enabled namespaces. Under these conditions, the upgrade fails with an <HSFHIRErr> error.

This defect only impacts upgrades to version 2024.1 of HealthShare Health Connect.

The affected version, 2024.1.0.263.0, has been removed from distribution.  A new Point Release is available:

If you have any questions regarding

In evaluating an IBM Support notification, InterSystems has determined a potential impact for our customers. The notification in question is:

Memory Leak in std::string for programs built with xlclang++ 16.1.0 in the presence of the 17.1.1 libc++.a

This issue affects versions 2022.x and 2023.x of

• InterSystems IRIS® data platform
• InterSystems IRIS for Health™
• HealthShare® Health Connect

It also affects other InterSystems products based on the InterSystems IRIS family of products.

As described in the notification, the potential exists for a memory leak, which can eventually impact application

InterSystems has corrected two defects regarding connectivity. These defects and their corrections are independent of each other.

This alert addresses them both because there are point releases containing both corrections.

Both defects only impact versions 2019.1.4 and 2020.1.4 of:

• InterSystems IRIS®
• InterSystems IRIS for Health™
• HealthShare® Health Connect

Neither defect impacts any released version of HealthShare Unified Care Record®, Information Exchange, Health Insight, Patient Index, Provider Directory, Care Community, Personal Community, or Healthcare Action Engine.

The first defect

InterSystems has corrected two defects.

The first defect can cause an ECP application server to hang. This defect is only relevant to ARM and IBM Power processors; it is present in version 2022.1.2 and 2022.1.3 of InterSystems IRIS®, InterSystems IRIS for Health™, and HealthShare® Health Connect. The correction is identified as DP-423661. The defect is addressed in all future versions. 

The second defect can, in rare circumstances, cause dejournaling to hang. This defect is present in versions 2020.4, 2021.x, 2022.x, and 2023.1 of InterSystems IRIS®, InterSystems IRIS for Health™, and

InterSystems has corrected a defect that causes increased process memory usage.

Specifically, the increased consumption of local process partition memory occurs when executing $Order,  $Query, or Merge on local variables.  While this will have no detrimental impact for most running environments, environments that support a large number of processes or closely limit Maximum Per-Process Memorycould be impacted.  Some processes may experience <STORE> errors.

The defect exists in 2023.1.0.229.0 but it is reposted as 2023.1.0.235.1 with the fixes included, to expedite the correction without clients

This post is part of the HealthShare HS2022-01 Alert communications process.  The same information is also distributed:

• By Email
• On the Product Alerts & Advisories page
• On the WRC Distribution Page InterSystems Documents

There are 22 alerts in the HealthShare HS2022-01 Alert communication.  The Alert Summary is in the table below, and the detail is contained in the attached document: HS2022-01-Communication

December 13, 2021 - Advisory: Vulnerability in Apache Log4j2 Library Affecting InterSystems Products

InterSystems is currently investigating the impact of a security vulnerability related to Apache Log4j2.

The vulnerability — impacting at least Apache Log4j2 (versions 2.0 to 2.14.1) — was recently announced by Apache and is reported in the United States National Vulnerability Database (NVD) as CVE-2021-44228 with the highest severity rating, 10.0.

Please see this page for more details about the vulnerability and updates on whether InterSystems Products are affected.

November 19, 2021 - Advisory: Apache Web Server provided with InterSystems kits – Vulnerability reports

InterSystems kits include an Apache web server, which provides a convenient way for customers to interact with the Caché/IRIS Management Portal without needing to install an external web server; however, this web server should never be used for production instances, and customers must install a web server that fits their specific needs and security/risk requirements.

Recent tests have noted some security issues with the currently included Apache web server.

October 26, 2021 – Alert: Missing Locks after ECP Database Server Restart or Failover

InterSystems has corrected a defect that can violate application locking guarantees in a distributed cache cluster (ECP configuration), which can lead to application integrity issues. This defect affects:

• All major releases and maintenance versions of InterSystems IRIS and InterSystems IRIS for Health, starting with 2020.1.0

The defect can only occur when an application server successfully performs ECP recovery after a restart or failover of the data server, as follows:

• If processes running on the application

July 21, 2021 – Alert: Incorrect Query Results with Non-Standard ‘GROUP BY’ Query

InterSystems has corrected a defect that can cause incorrect query results. This defect affects:

• All major releases and maintenance versions of InterSystems IRIS and InterSystems IRIS for Health, starting with 2019.1.0

A query block may encounter the defect only if it meets all the following conditions:

• The query block contains a GROUP BY clause but does not include any aggregates, such as COUNT(*).
• The SELECT clause includes a field that is not in the GROUP BY clause*, and the query block contains a WHERE

Dear HealthShare Customer:

This post is part of the HealthShare HS2021-03 Alert communications process.  The same information is also distributed:

• By Email to HealthShare customers
• On the Product Alerts & Advisories page
• On the WRC Distribution Page InterSystems Documents

March 23, 2021 – Alert: Potential Data Integrity Issue with Mirror Dejournaling

InterSystems has corrected a defect that can cause data inconsistency issues on non-primary mirror members in extremely rare circumstances. This defect affects all released versions of InterSystems products.

If the defect occurs, it happens silently during normal operation on a mirrored system. The result of this defect is that a mirror member fails to dejournal a subset of journal records, which then leads to data inconsistency across mirror members. This affects both failover and async members.

InterSystems has identified an issue with product distributions containing Certificate Authority certificates that expire at the end of 2020. This issue does not affect system operation or system security in any way, although it does generate alerts about expiring certificates in the cconsole.log or messages.log files. The messages may be ignored and there are instructions below to eliminate them.

The issue affects the following versions:

• Caché and Ensemble 2017.1, 2017.2, and 2018.1
• All released versions of InterSystems IRIS and InterSystems IRIS for Health
• HealthShare products based on

February 11, 2021 – Advisory: Incomplete Query Results with ‘ORDER BY <row ID field> DESC’ – HealthShare

InterSystems has corrected a defect that can cause incomplete query results.  This defect affects the platforms underlying HealthShare and HealthShare Health Connect:

• InterSystems IRIS and InterSystems IRIS for Health 2019.1.0, 2019.1.1, and 2020.1.0

See Alert: Incomplete Query Results with ‘ORDER BY <row ID field> DESC’ for further detail

Customers using HealthShare Personal Community should evaluate the number of proxy relationships they have established or removed.

February 11, 2021 – Alert: Incomplete Query Results with ‘ORDER BY <row ID field> DESC’

InterSystems has corrected a defect that can cause incomplete query results. This defect affects:

• InterSystems IRIS and InterSystems IRIS for Health 2019.1.0, 2019.1.1, 2019.2, 2019.3, 2019.4, 2020.1.0, 2020.2, and 2020.3
• HealthShare Health Connect 2019.1.0, 2019.1.1, 2020.1.0
• HealthShare Products 2019.2, 2020.1 and 2020.2

(In HealthShare and HealthShare Health Connect, this defect only affects Personal Community with 64,000 patient proxies and possibly customer-built custom queries.

Dear HealthShare Customer:

This post is part of the HealthShare HS2020-09 Alert communications process.  The same information is also distributed:

• By Email
• On the Product Alerts & Advisories page
• On the WRC Distribution Page InterSystems Documents

There are 3 alerts in the HealthShare HS2020-09 Alert communication.  The Alert Summary is in the table below, and the detail is contained in the document: HS2020-09-Communication

This message contains six recent HealthShare Advisories, which are available below.

• Advisory: Using Browser Back Button may result in user seeing two patient's data at once in Classic Clinical Viewer
• Advisory: Consent May Be Overridden at the System-Level for Clinical Information Type Consent Regardless of the "Allow Override Consent" Setting
• Advisory: Clinical Viewer Password Auto Completes when Saved
• Advisory: Migrating from Full HealthShare Kit to HSAP kit may later cause Caché to IRIS Conversion Issues
• Advisory: Moving to IRIS-based Health Connect or IRIS for Health from HSAP when

InterSystems has corrected a defect that may cause Windows Telnet processes that are secured using SSL/TLS to hang indefinitely; this may then cause an instance to become unresponsive. This defect is present only on Windows platforms.

This defect affects:

• Caché and Ensemble 2018.1.4
• HealthShare Health Connect (HSAP) 15.032 built on C/E 2018.1.4
• InterSystems IRIS and InterSystems IRIS for Health 2020.3

The problems caused by this defect can occur only when the instance is running Windows Telnet.

Dear HealthShare Customer:

This post is part of the HealthShare HS2020-08 Alert communications process.  The same information is also distributed:

• By Email
• On the Product Alerts & Advisories page
• On the WRC Distribution Page InterSystems Documents

There are 2 alerts in the HealthShare HS2020-08 Alert communication, and outlined in the Alert Summary table below.  The detail is contained in the attached document: HealthShare HS2020-08.

These alerts do not affect HealthShare Health Connect or HSAP customers

This message contains four recent HealthShare Advisories, which are available below.

• Advisory: FHIR Medication asNeededBoolean Not Always Correct
• Advisory: Clinical Viewer and Management Portal Log Out Synchronization Issue
• Advisory: Failure to access linkage engine libraries in Patient Index
• Advisory: Failure to access linkage engine libraries in Provider Directory

These advisories are also on the InterSystems Product Alerts and Advisories page

October 15, 2020 – Advisory: FHIR Medication asNeededBoolean Not Always Correct
InterSystems has corrected an issue that occurs in certain cases

InterSystems has corrected a defect that can cause a build-up of orphaned processes consuming system resources. In extreme cases, this can cause a system to become unresponsive.

This defect affects the following versions:

• Caché and Ensemble 2018.1.4
• InterSystems IRIS and InterSystems IRIS for Health 2019.4, 2020.1, and 2020.2
• HealthShare Health Connect (HSAP) 15.032 built on Ensemble 2018.1.4
• HealthShare Health Connect 2020.1

No other InterSystems product versions are affected by this issue.  Specifically, earlier versions of Caché and Ensemble, Health Connect 2019.1 and 2019.1.

This message contains two recent HealthShare Advisories, which are available below.

• Advisory: Consent API allows for the creation of consent policies for non-existing MPI IDs
• Advisory: Issue with Consent Processing in the Operational Data Store

These advisories are also on the InterSystems Product Alerts and Advisories page

September 1, 2020 – Advisory: Consent API allows for the creation of consent policies for non-existing MPI IDs

InterSystems has corrected a defect when using the Consent API, where it is possible to associate a consent policy with an MPI ID that does not yet exist.

This message contains three recent HealthShare Advisories, which are available below.

• Advisory: ODS Not Storing Observations When Terminology Translations Are Used
• Advisory: Composite Record Definition Must Reference Implemented Linkage Definition
• Advisory: Potential for Outdated Terms of Use to be Presented in Personal Community

These advisories are also on the InterSystems Product Alerts and Advisories page

June 30, 2020 – Advisory: ODS Not Storing Observations When Terminology Translations Are Used

InterSystems has corrected a defect that may be experienced if a terminology mapping

InterSystems has corrected a defect that can lead to missing resource data in FHIR search results.

This problem exists for:

• HealthShare Unified Care Record 2020.1.0 b7015

This defect occurs due to an incorrect resource being deleted from the search index. Subsequent FHIR Resource requests against the FHIR Repository may return incomplete results due to that missing index. Any type of FHIR resource data can be lost, and depending on when the defect occurs, the same FHIR request could return different result sets.

This defect only affects FHIR resources at the HealthShare ODS.

InterSystems has corrected a defect that can cause FHIR searches to return incomplete results. The defect manifests because a FHIR update interaction deletes an incorrect resource from the search index. Although the data still exists in the repository, subsequent searches may return incomplete results due to the missing entry in that index.

This defect affects InterSystems IRIS for Health 2020.1 and HealthShare Unified Care Record 2020.1. (In HealthShare, this defect only affects FHIR resources at the ODS.

Dear HealthShare Customer:

This post is part of the HealthShare HS2020-06 Alert communications process.  The same information is also distributed:

• By Email
• On the Product Alerts & Advisories page
• On the WRC Distribution Page InterSystems Documents

There are 2 Health Insight alerts in the HealthShare HS2020-06 Alert communication.  The Alert Summary is in the table below, and the detail is contained in the attached document: HS2020-06-Communication

Dear HealthShare Customer:

This post is part of the HealthShare HS2020-05 Alert communications process.  The same information is also distributed:

• By Email
• On the Product Alerts & Advisories page
• On the WRC Distribution Page InterSystems Documents

There are 3 alerts in the HealthShare HS2020-05 Alert communication, including the previously posted "Alert: Possible Data Integrity Issues with Online Backup of Large Databases"  The Alert Summary is in the table below, and the detail is contained in the attached document: HS2020-05-Communication

InterSystems has corrected two defects that affect online backup of very large databases. Backups taken via external methods, such as snapshots or direct file copies, are not affected. These defects exist in all released versions of all InterSystems products.

The first defect only affects databases with more than 2³¹ blocks. It results in a degraded database after restoring from an online backup. For example, databases that have a block size of 8 KB (the default) are only affected if they are larger than 16 TB. The correction for this defect is identified as RJF437.

The second defect affects

This message contains three recent HealthShare Advisories, which are available below.

These advisories are also on the InterSystems Product Alerts and Advisories page

• Advisory: A manager from one facility could view users from another facility
• Advisory: Significant Performance Issues with ListEncounterRelationships()
• Advisory: The Lab Results Table in Clinical Viewer does not display "IM" results.

May 12, 2020 - Advisory: A manager from one facility could view users from another facility

InterSystems has corrected a defect that could allow a manager of users for one facility to view a