Back to top

REDCap - Version Upgrades

REDCap - Version Upgrades

In an effort to ensure the security of our local instance of REDCap, as well as to provide our end users the latest features available the Research Electronic Data Capture (REDCap) Support Team routinely performs version upgrades. 

These upgrades are performed as needed and generally require some some amount of downtime. As such, the REDCap Support Team makes every effort to provide end users with advance notice via email notification and/or messaging on the REDCap homepage. 

Additionally, the REDCap Support Team will post information regarding all upgrades (e.g., version number, date of installation, bug fixes, new/modified features) below:

Version Number/Installation Date

Bug Fixes and Other Changes

 

REDCap 8.10.18 (LTS)
Installation Date: 6/9/2019
Previous Version: 7.4.11 (LTS)

  • Bug fix: When creating a Custom Record Status Dashboard that has filter logic, in which the logic contains Smart Variables and also the logic references fields in repeating instruments or repeating events, the dashboard might mistakenly not display the correct records. (Ticket #64045)
  • Bug fix: Some text strings, especially URLs that get cleaned for security purposes, might get mistakenly broken and might cause some pages not to load. (Ticket #64433)
  • Bug fix: If data values are being piped onto a form/survey (into field labels, etc.) in a longitudinal project, in which the values are being piped from another event (e.g., [other_event][field:checked]) and also the piping fields have colons in them (e.g., [field:value], [field:checked]), it might mistakenly cause the data not to get piped but would stay blank on the page.
  • Fixes and updates for the External Module framework, including a fix for module icons not displaying correctly on the left-hand project menu.
  • Bug fix: When using the PDF Auto-Archive for a survey in a project that has the project-level setting "Character encoding for exported files" set to "Chinese (UTF-8)" on the "Edit a Project's Settings" page in the Control Center, the Auto-Archive version of the PDF will mistakenly have unusually wide spacing for some text in the PDF, whereas PDFs of the survey downloaded from the data entry form will have typical spacing.

This version upgrade also includes bug fixes and upgrades from intermediate versions as listed below:

Version 8.10.17 - (released 5/24/2019)

  • Medium security fix: A Cross-Site Scripting (XSS) vulnerability was discovered on many pages, in which a malicious user could potentially exploit it by adding specific user-defined HTML that gets displayed on certain webpages throughout the application (e.g., in field labels on instruments; in survey instructions).
  • Bug fix: The field mapping page for Clinical Data Pull (CDP) and Dynamical Data Pull (DDP) Custom would mistakenly not load the field table correctly if attempting to map new source fields for the project.
  • Bug fix: When suspending or unsuspending a user on the Browse Users page in the Control Center, the user search feature above will mistakenly no longer perform auto-complete functionality when typing in that text box (unless the page is refreshed). (Ticket #64071)
  • Bug fix: When running a Data Quality rule or performing a data import of fields used in a calculation, the resulting calculations that get saved might be incorrect if the project is longitudinal and if Smart Variables are used in the rule's logic. (Ticket #63606)
  • Bug fix: When running Data Quality rule H or performing a data import of fields used in a calculation, the resulting calculations that get saved might be incorrect if the project is longitudinal and if Smart Variables are used in the calculation. (Ticket #63156)
  • Bug fix: When an Automated Survey Invitation has conditional logic that references fields on multiple events, including an event that does not yet have any data saved for it, then the ASI might mistakenly not get triggered appropriately if the project is both longitudinal and also has either repeating events or repeating instruments. (Ticket #59942)
  • Bug fix: If an MDY- or DMY-formatted date/datetime field is piped into the choice label of a drop-down field, then the date value might get scrambled and not formatted correctly when displaying the date inside the drop-down label on a form or survey. (Ticket #64223)
  • Bug fix: If users are not allowed to create/copy projects but must request them be created/copied, then when an administrator is approving a "Copy Project" request in which some users are in user roles in the project but the requester has chosen not to copy the user roles into the new project, then it could cause the newly created project to have a "ghost" role (with no apparent name) that is still attached (in certain regards) to the old project. For example, if a user in the "ghost" role had an API token in both the new and original project, then when using the token to make API requests in the new project, it might mistakenly think that the token belongs to the old project instead. (Ticket #63667)
  • Bug fix: An example link on the "Help & FAQ" page was mistakenly linking to the wrong example website.

Version 8.10.16 - (released 5/17/2019)

  • Bug fix: The Clinical Data Pull (CDP) would not function successfully on Cerner systems because part of REDCap’s OAuth2 authorization process for FHIR only worked for Epic.
  • Bug fix: If using MySQL 8 for the REDCap database, the Calendar page in a project might mistakenly not display any calendar events on the page. (Ticket #63434)
  • Bug fix: In certain situations, the External Module framework might mistakenly call a function twice on the Data Comparison Tool page, thus causing the page to crash fatally and preventing it from loading in certain projects.
  • Bug fix: The Clinical Data Pull (CDP) would not function successfully on Cerner systems because FHIR requests for pulling labs and vitals were mistakenly not utilizing the correct format for LOINC codes passed in the request's query string.
  • Bug fix: If a survey has the PDF Auto-Archiver enabled (with or without the e-Consent Framework enabled), when the survey is completed, it would mistakenly log the action as a Data Export action as if a user has manually downloaded the PDF. It should not log this event and is confusing to users.
  • Bug fix: When using the Twilio telephony services for surveys, in which a telephone/number field has been designated as the "phone number field for survey invitations", it would mistakenly not display the record name on the Survey Invitation Log to prevent users from viewing it *unless* the Designated Email Field was enabled for the project or if a Participant Identifier had been entered in the Participant List. (Ticket #49955)
  • Bug fix: When viewing a non-saved instance of a repeating event on a data entry form, the form status icons on the left-hand menu might mistakenly show the cumulative status of all the existing saved instances of the repeating event when instead it should display a gray stack icon since the current form-event-instance has not yet been saved. (Ticket #63956)
  • Bug fix: When opening the "Set up Survey Queue" popup in the Online Designer, if the project contained many records (e.g., 1000+) and also many surveys, then the popup might not be able to open at all.
  • Bug fix: When a survey participant partially completes a public survey and then returns to the survey to complete it later, it would mistakenly say "Response is only partial and is not complete" in the PDF if a user downloads the response as a PDF from the data entry form. (Ticket #62831)

Version 8.10.15 - (released 5/10/2019)

  • Bug fix: When enabling the Clinical Data Pull (CDP) module in a project, it would mistakenly say "Enable DDP on FHIR" in the Logging. It should instead say "Enable the Clinical Data Pull (CDP) module" in the Logging since that module was renamed and is no longer called "DDP on FHIR".
  • Bug fix: The FHIR web service requests made by the Clinical Data Pull module would mistakenly make calls to the FHIR "Observation" endpoint using a format that was not compatible with some Epic installations. This was modified to a slightly more compatible format. (Ticket #63080)
  • Bug fix: When clicking the form status stack icon on the Record Home Page or Record Status Dashboard for a repeating instrument/event, the popup displaying all the repeating instances would sometimes not be positioned correctly on the page and might be too narrow.
  • Bug fix: When using the @DEFAULT action tag in a repeating survey, it might mistakenly think that the current survey has data and thus would prevent the action tag from operating, even when no data exists for that survey on that repeating instance.
  • Bug fix: When importing data (via the Data Import Tool or API import) for a repeating event, if the field "redcap_repeat_instance" is not included as a field in the imported data set, instead of returning an error message, it would mistakenly allow the data to get imported. While this causes no problems for the first imported batch of data, any subsequent imports would mistakenly get piled on top of the existing data in the database (rather than updating the existing values), thus causing duplicate/multiple rows of data to pile up in the database for a given record/event/field, which could have various negative consequences, such as making some project pages very slow. Now it will instead return an error message if data for a repeating event is being imported in which the field "redcap_repeat_instance" is not included as a field in the imported data set. (Ticket #63128)

Version 8.10.14 - (released 5/3/2019)

  • Bug fix: Certain types of HTML tags in a field label might cause parsing issues when exporting to stats packages, especially SAS. To prevent this, all HTML tags will now be removed from field labels as they are included in the stats package syntax files. (Ticket #57751)
  • Bug fix: When calling the "Export Records" API method, if any invalid values were passed in the API request parameters "events", "fields", or "forms", it would often ignore the incorrect value and would mistakenly not return an error. Additionally, in this scenario it might mistakenly return all events, all fields, or all forms, respectively, rather than limiting the data returned to only the valid values in those filter parameters. (Ticket #54273)
  • Bug fix: If a production project is in Draft Mode, and a matrix field's label has been modified *and* the field has data saved for one or more records, this is now considered a critical issue during the production change approval process because of specific cases where changing a matrix field's label can change its meaning and thus negate the existing data - much more so than with regular non-matrix fields. (Ticket #60834)
  • Bug fix: If a repeating instrument is enabled as a repeating survey, and then later the instrument is set to no longer be repeating via the "repeatable instruments" dialog on the Project Setup page, it would mistakenly still display the repeating survey icon (i.e., green circle arrow) next to the instrument in the Online Designer. (Ticket #60869)
  • Bug fix: If running a REDCap server with PHP 7.3, then the PDF Auto-Archiver would fail, as well as attempts to add PDF attachments to confirmation emails when surveys are completed. In all cases, it would crash with an HTTP 500 sever error. (Ticket #55868)
  • Bug fix: Some Smart Variables, especially those related to repeating instance, would mistakenly not pipe correctly inside survey instruction text and survey completion text.

Version 8.10.13 - (released 4/26/2019)

  • Bug fixes and updates for External Module framework
  • Bug fix: If hyperlinks exist inside multiple choice labels on a survey that has Enhanced Choices enabled, the hyperlinks might mistakenly not be displayed in the correct color (depending on the survey design settings) and thus might not be readable.
  • Bug fix: For multi-page surveys having fields with branching logic, in very specific situations some pages of the survey might mistakenly get skipped over. (Ticket #62299)
  • Bug fix: When a hook or External Module is using REDCap::saveData() on a project page and importing data into another project, it may mistakenly change the global variable $Proj to point to the other project, thus causing possible issues on the page after the REDCap::saveData() method has been called.
  • Bug fix: When importing data for a repeating instrument or event (via API or Data Imort Tool), it would mistakenly be possible to import a non-integer number value (e.g., 2.1, 5.44) for the redcap_repeat_instance field.
  • Bug fix: The Action Tag @NONEOFTHEABOVE fails to work if it references a choice not wrapped in quotes and is also followed by other text in the Field Annotation - e.g., ""@NONEOFTHEABOVE=0 @INSTANCETABLE_HIDE". (Ticket #61939)
  • Bug fix: When using the Twilio telephony services for surveys, in which a telephone/number field has been designated as the "phone number field for survey invitations", it would mistakenly not display the record name on the Survey Invitation Log to prevent users from viewing it. Since a field's value is being used, the response is already de-anonymized (i.e., a user can connect the participant in the Participant List to a specific record), thus it should not hide the record name in the Survey Invitation Log. (Ticket #49955)

Version 8.10.12 - (released 4/19/2019)

  • Minor security fix: A Cross-Site Scripting (XSS) vulnerability was discovered on the Data Import Tool page, in which a malicious user could potentially exploit it by manipulating data values for a specific field being imported in the CSV data file.
  • Bug fixes and updates for the External Module framework
  • Bug fix: On the Online Designer, when using the "Test logic with a record" feature for the Advanced Branching Logic Syntax in the "Add/Edit Branching Logic" popup or the "Test calculation with a record" for a Calculation in the "Add/Edit New Field" popup, it would mistakenly say that there was an error in the syntax every time if the project is longitudinal. (Ticket #54822)
  • Bug fix: On the Survey Settings page, if a survey has the e-Consent Framework enabled, and then an administrator disables the e-Consent Framework for all projects in the system (via the Modules/Services Configuration page in the Control Center), then the Survey Settings page would mistakenly still display the e-Consent Framework options. (Ticket #62075)
  • Bug fix: When the Double Data Entry module is enabled in a project, and the current user is DDE person #1 or #2, it would not display the form status icons with the correct color on the Record Status Dashboard but would instead mistakenly always display them as gray status icons. This bug emerged in the previous version. (Ticket #62212)
  • Bug fix: The Clinical Data Pull (CDP) would not function successfully on Cerner systems because part of REDCap’s OAuth2 authorization process for FHIR only worked for Epic.

Version 8.10.11 - (released 4/12/2019)

  • Major bug fix: The DateDiff+Today/Now cron job would sometimes crash due to a fatal PHP error caused when processing the [survey-link] Smart Variable in the message of an Automated Survey Invitation. This would occur only under very specific conditions, and it would result in many projects/records not having their ASI datediff logic being processed, thus the ASI's survey invitations would not get successfully scheduled in these cases and might cause invitations from other unrelated projects not to get scheduled either. (Ticket #61346, #61213)
  • Major bug fix: When a project is using a public survey that has "Save & Return Later" enabled with "Allow respondents to return without needing a return code" enabled, then if a participant clicks the "Save & Return Later" button on the public survey and leaves the survey open on the "Your survey responses were saved!" page while another participant partially or fully completes the survey, and then if the original participant clicks the "Continue Survey Now" button on the "Your survey responses were saved!" page, then the original participant will mistakenly create a brand new record/response whenever they submit survey page again after returning. (Ticket #61764)
  • Bug fix: When viewing the Field Comment Log popup on a data entry form, if the username in the User column is very long, it would mistakenly not wrap in the table but instead would overflow into the next column. Note: This was only partially fixed in a previous version. (Ticket #60923)
  • Bug fix: In a project that has sent many survey invitations (e.g., >50,000), it could cause both the Public Survey Link page and the Participant List page to load very slowly and in some cases never fully load at all.
  • Bug fix: When using the Clinical Data Pull, it would mistakenly make a POST request (instead of a GET request) to the Conformance Statement (metadata) endpoint. This would only cause issues with certain EHRs/configurations. (Ticket #61549)
  • Bug fix: For some pages in REDCap, the PHP constant "PAGE" might mistakenly get set as "/index.php" rather than "index.php", which could cause problems for existing External Modules or hooks that must utilize the value of PAGE to determine the current location. This has now been changed so that any slashes at the beginning of PAGE will be trimmed off before it gets defined. (Ticket #61776)
  • Bug fix: When exporting data in CSV Labels format for projects whose language is set to a language other than the default English, it would mistakenly always display *all* the choice labels for checkbox fields in the export file, rather than outputting the choice labels for only the checkbox options that had been selected for that field. (Ticket #60620)
  • Bug fix: When the Double Data Entry module is enabled in a project, and the current user is DDE person #1 or #2, it would not display the form status icons with the correct color on the left-hand menu when viewing a record but would instead mistakenly always display them as gray status icons. (Ticket #57484)
  • Bug fix: The DateDiff+Today/Now cron job would mistakenly get run for projects that had been deleted in the past 30 days. It now ignores any projects that have been deleted by a user.
  • Bug fix: When using the e-Consent Framework for a survey, the resulting PDF of the consent survey would mistakenly not obey the project-level PDF Customization setting to show or hide the REDCap logo/URL under specific conditions. This would vary depending on if certain settings were set for the e-Consent Framework, such as having first/last name fields defined or consent version. (Ticket #58221)
  • Bug fix: When using the e-Consent Framework for a survey, if custom PDF header text is set under the project-level PDF Customization settings, it would mistakenly not get displayed on the resulting PDF of the consent survey.

Version 8.10.10 - (released 4/4/2019)

  • Minor security fix: If a malicious user is able to find the URL endpoint at which REDCap Messenger's message history can be downloaded as a CSV file for a given conservation, they could potentially exploit it by manipulating the query string of the HTTP request, which might allow them to download other users' conversations to which they do not have access.
  • Minor security fix: If the hook functions file (as defined on the General Configuration page in the Control Center) begins with "http" or "ftp", then REDCap will not attempt to call/include that path.
  • Major bug fix: When using Smart Variables in the conditional logic of an Automated Survey Invitation, in which the logic also contains a datediff function using "today" or "now" as a parameter in the function, it would often cause the ASI cron job to not correctly parse the logic and thus not schedule the invitations at the correct time, or it might mistakenly cause the cron job to crash unexpectedly without finishing scheduling all other ASIs for other surveys.
  • Bug fix: When using branching logic or a calculation that contains a X-event-name or X-instance Smart Variable connected, in which it references an event or instance that does not exist (e.g., [previous-event-name] while on the first event), it would not fail gracefully but would mistakenly display an error message saying that the logic/calculation is incorrect.
  • Bug fix: When completing an Adaptive survey or Auto Scoring survey from the REDCap Shared Library, the "redcap_survey_complete" hook would mistakenly not pass a value for the "record" and "response_id" parameters in the hook. (Ticket #60668)
  • Bug fix: If the Clinical Data Pull feature is enabled for a project, it would still mistakenly display "DDP" (instead of "CDP") in a couple places in the project (Record Status Dashboard, Logging page).
  • Bug fixes and updates for External Modules framework
  • Bug fix: A single LOINC lab was mistakenly missing from the field mapping page for Clinical Data Pull.
  • Bug fix: If a multi-page survey contains a page in which every field on the page is a Descriptive field and also has branching logic, it would mistakenly always skip the page regardless of whether all the fields were hidden by branching logic.
  • Bug fix: When the redcap_survey_identifier field is displayed in a report or data export, it would mistakenly only display the participant identifier value on the first event of a given record and would not display it if the first instrument was a repeating instrument. It now always displays the participant identifier value in the redcap_survey_identifier column of a report/export for every row/item for a given record. (Ticket #59811)
  • Bug fix: The FHIR web service requests made by the Clinical Data Pull module would mistakenly make calls to the FHIR "Observation" endpoint using a slightly incorrect format according to HL7's FHIR standards. This does not appear to affect CDP when interfacing with Epic but when interfacing with other EHR vendors (notably Cerner). (Ticket #61150)
  • Bug fix: The code for generating the Survey Queue setup table was mistakenly referencing variables that had not been defined. However, this did not affect anything. (Ticket #61030)
  • Bug fix: If the setting "Auto-suspend users after period of inactivity" is enabled, and some users who are suspended have not had any activity within the designated period of inactivity, then if the user has a sponsor and the user's sponsor puts in a request to have them unsuspended, the user would mistakenly get re-suspended within a day. (Ticket #58909)
  • Bug fix: If a normal user is copying a project and is also in a User Role, it would mistakenly not give them their current role's privileges in the new project but instead would give them the privileges that they had before being put into a role in the copied project. (Note: The user will always be removed from the user role in the new project and will always be given User Rights and Project Setup/Design Privileges.) (Ticket #55767)
  • Bug fix: If an administrator is viewing the table of users on the Browse Users page, if they check the checkbox next to a user and then click the "Fetch for selected" link (under "Time of latest password reset"), it would display an erroneous error message about no users being selected if all the selected users are suspended. It should instead work for all table-based users regardless of whether the users are suspended or not. (Ticket #60625)
  • Bug fix: When exporting an Project XML file containing data from a project, if any multiple choice option labels contain ASCII control codes, it would mistakenly prevent the data from being restored completely in the new REDCap project being created. (Ticket #34968)
  • Bug fix: The plugin/module method named "REDCap::evaluateLogic" might mistakenly not interpret logic correctly it it contains checkbox fields and if the project is classic/non-longitudinal. (Ticket #60998)

Version 8.10.9 - (released 3/24/2019)

  • Medium security fix: A Cross-Site Scripting (XSS) vulnerability was discovered on many pages, in which a malicious user could potentially exploit it by manipulating the query string of an HTTP request.
  • Major bug fix: When the Clinical Data Pull (CDP) is enabled on a project, if extra data is imported from the EHR for several patients at one time via the cron job (after a user has already pulled some patient data from the EHR for those patients), in certain cases it might mistakenly not clear out data from another patient whose data is being fetched and thus inadvertently add one patient’s data to another patient.
  • Bug fix: Some data exports were not getting correctly logged as "Data Export" on the project logging page, specifically when downloading PDFs with data and downloading an "exported data file" or an "exported syntax file". It now lists "Data Export" as the proper Action for these events and also displays them when filtering the logging page by event="Data Export". (Ticket #59278)
  • Bug fix: When updating the value of the Secondary Unique Field or the designated survey email field for a project that is either longitudinal or has repeating events/forms, it would mistakenly not log the value change across all events/instances as it should since a new value for those fields gets propagated to every event/instance in the project to keep them all in sync. They now all get logged as separate logged events, which allows the value to always appear in the Data History widget on the data entry page. (Ticket #59586)
  • Bug fix: When performing piping of a field with the Smart Variable [X-instance] appended to the field variable, it would sometimes mistakenly not perform the piping at all. (Ticket #59671)
  • Bug fix: When performing piping of the Smart Variable survey-time-completed or survey-date-completed with the parameter ":value" appended to the end of it, it would mistakenly throw an error on a survey or data entry form if it was being used in branching logic or in a calculated field. (Ticket #59885)

Version 8.10.8 - (released 3/15/2019)

  • Minor security fix: A Cross-Site Scripting (XSS) vulnerability was discovered on certain pages, in which a malicious user could potentially exploit it by manipulating the query string of an HTTP request.
  • Bug fix: Incorrect text was displayed in the Edit User popup on the User Rights page that mistakenly referenced "Clinical Data Pull" instead of "DDP" in projects with DDP Custom enabled.
  • Bug fix: If the REDCap web server is running on PHP 5.3 or 5.4, it would cause the Create Project page to not fully be displayed and would prevent users from creating new projects. (Ticket #57121)
  • Bug fix: If a survey that has Survey Auto-Continue enabled is a repeating instrument and is then followed by another survey that is a repeating instrument, then if respondent completes the first survey, it will mistakenly take them to repeating instance #2 of the following survey, thus skipping over instance #1.
  • Bug fix: Fixed typo in Clinical Data Pull error message. (Ticket #59005)
  • Bug fix: When launching patients in the EHR embedded window for the Clinical Data Pull, in certain situations, especially if the user does not have access to all the FHIR end-points (often due to a limitation in their EHR privileges), it might mistakenly cause the FHIR access token in the database to get removed for that user for that patient, thus resulting in an error message to the user stating that there are no available access tokens that can be used.
  • Bug fix: When using the Data Resolution Workflow, the Resolve Issues page might mistakenly display negative counts for certain data query statuses.
  • Bug fix: When importing data where the field "redcap_repeat_instance" has a numerical value but the current event/form in the data (i.e., CSV row) does not exist on a repeating instrument or repeating event, it would mistakenly allow the data to be imported, but the imported data would immediately be orphaned since that data would not be accessible in the user interface. It now gives an error for this situation. This issue was supposedly fixed in the previous version (and the version before that), but mistakenly it would sometimes display a false positive for this issue and return the error under legitimate circumstances, specifically when only checkbox fields were being imported (not including the record ID field, event name, or repeat fields). (Ticket #57699)
  • Fixes and updates for the External Module Framework
  • Bug fix: When viewing the REDCap login page on a mobile device (device width <575 pixels), it would mistakenly display a "Go to My Projects" button on the page. (Ticket #59494)
  • Bug fix: When using the Data Resolution Workflow in a project and opening a data query on a field on a data entry form, the floating Save button that appears next to the field when the field is selected was mistakenly not being displayed in the correct location on the page if the field, specifically when navigating from a link on the Resolve Issues page for a radio button field. (Ticket #59373)
  • Bug fix: When using the "Test logic with a record" feature when setting up an Automated Survey Invitation, on certain occasions it might return an incorrect response. (Ticket #59030).
  • Bug fix: The HTML character code " " might mistakenly get displayed in the text of PDFs downloaded for an instrument but only if downloading the blank PDF (without data). (Ticket #58790)
  • Bug fix: When using the Randomization module with strata fields, in which one or more strata fields exist as part of a matrix of fields, it would mistakenly cause a JavaScript error to occur on the data entry form where the strata fields are located, thus preventing the form from being saved successfully. (Ticket #59639)
  • Bug fix: The field count for projects on the My Projects page was mistakenly not including Descriptive fields. This could be confusing for users. It now includes all fields in the field count now. (Ticket #60004)
  • Bug fix: When performing piping of a field with the Smart Variable [next-event-name], [previous-event-name], or [event-name] prepended to the field variable, it would sometimes mistakenly not perform the piping at all. (Ticket #44559)

Version 8.10.7 - (released 2/21/2019)

  • Bug fix: When importing data where the field "redcap_repeat_instance" has a numerical value but the current event/form in the data (i.e., CSV row) does not exist on a repeating instrument or repeating event, it would mistakenly allow the data to be imported, but the imported data would immediately be orphaned since that data would not be accessible in the user interface. It now gives an error for this situation. This issue was supposedly fixed in the previous version, but mistakenly in the previous version it would sometimes display a false positive for this issue and return the error under legitimate circumstances. (Ticket #57699)
  • Bug fix: The example Java code generated by the API Playground for the "Export Records" API method contained an error. (Ticket #58488)
  • Bug fix: Some specific PROMIS assessments that are downloading from the REDCap Shared Library as part of a battery might be mistakenly labeled as "Auto-scoring" or "Adaptive" in the Online Designer after being downloaded when such instruments are actually neither "Auto-scoring" nor "Adaptive". (Ticket #58488)
  • Bug fix: If using the Survey Auto-Continue feature to continue to a survey that is a repeating survey instrument, if any repeating instances have already been created for that repeating survey, then after completing the first survey, it would mistakenly say that the repeating survey has already been completed. It should instead advance the respondent to the next available repeating instance of the repeating survey so that a new repeating instance can be added via survey. (Ticket #58624)
  • Bug fix: When exporting an Project XML file containing data from a project, if any text field values contain ASCII control codes, it would mistakenly prevent the data from being restored completely in the new REDCap project being created. (Ticket #34968)
  • Bug fix: Fixed a typo in the Twilio configuration instructions. (Ticket #58731)
  • Bug fix: When downloading the Project XML file (metadata only) for a project, it might mistakenly begin and end the XML filename with an apostrophe.

Version 8.10.6 - (released 2/15/2019)

  • Text changes: The “DDP on FHIR” feature was renamed “Clinical Data Interoperability Services”. The main (and currently only) feature under the “Clinical Data Interoperability Services” umbrella of services is the “Clinical Data Pull” (CDP). Other services will be added in future versions of REDCap, such as “Clinical Data Mart”.
  • Bug fix: After the initial schedule is generated for a record on the Scheduling page, if the user modifies one of the dates in the schedule so that it is the same as the maximum date or minimum date (if a min/max is set for an event), then on certain occasions it would mistakenly display a popup saying that the new date is out of range when in fact it is not.
  • Bug fix: Several project pages might appear too narrow for specific screen sizes. Bug emerged in REDCap 8.10.4.
  • Bug fix: Updated an outdated item on the Help & FAQ page regarding how often the ASI cron job runs (Ticket #58205).
  • Bug fix: When using the @DEFAULT action tag to have a date/datetime field reference itself from a previous repeating instance on a repeating instrument, it would mistakenly not pipe in the value correctly on the first instance of that instrument, thus mangling it with a value of "[]" or "00-00-0000" or other non-sensical value. (Ticket #17157)
  • Bug fix: When using the Data Resolution Workflow in a project and opening a data query on a field on a data entry form, the floating Save button that appears next to the field when the field is selected was mistakenly not being displayed in the correct location on the page. (Ticket #57905)
  • Bug fix: For specific server configurations and project sizes, the project Logging page might take an exorbitant amount of time to load when initially loading the page. (Ticket #58251)
  • Bug fix: When importing data where the field "redcap_repeat_instance" has a numerical value but the current event/form in the data (i.e., CSV row) does not exist on a repeating instrument or repeating event, it would mistakenly allow the data to be imported, but the imported data would immediately be orphaned since that data would not be accessible in the user interface. It now gives an error for this situation. (Ticket #57699)
  • Bug fix: If REDCap's "Easy Upgrade" functionality is enabled and the REDCap web server is running PHP 5.3 or 5.4, it would mistakenly allow administrators to use Easy Upgrade to upgrade to REDCap 8.11.0 (Standard) or higher. It should not allow this upgrade path since REDCap 8.11.0+ requires PHP 5.5.0 or higher.
  • Bug fix: When calling the API method "Export Survey Participants" while utilizing the designated survey email field in the project, it would mistakenly omit the values for the participant's email address or record name in the API response. (Ticket #58349)
  • Bug fix: When calling the API Method "Export Records" with the "format" parameter set to "odm", it would mistakenly not include all files from File Upload and Signature fields, which are expected to be base64-encoded inside the ItemDataBase64Binary tags in the resulting XML. (Ticket #54301)
  • Bug fix: On the To-Do List page in the Control Center, if an administrator clicks the icon to add a comment to a To-Do List item, the "Submit" button in the resulting popup displayed would not be sized or positioned correctly. (Ticket #54301)

Version 8.10.5 - (released 1/31/2019)

  • Bug fix: If an individual project was set to "Offline" status by an administrator, any survey invitations in that project that had been scheduled to send would mistakenly still send. Invitations should not be sent out unless the project is in "Online" status. (Ticket #57045)
  • Bug fix: Many API requests would mistakenly return a "503" HTTP status code error on certain errors when it should instead return a "400" error.
  • Bug fix: When downloading a PROMIS Battery from the REDCap Shared Library, it would mistakenly not display the battery survey pages according to the PROMIS guidelines, in which the battery title should be displayed on every page (not the title of each individual assessment) and that the survey instructions are only seen on the first assessment of the battery. This will only affect batteries that will be downloaded in the future from the Shared Library. Also, although these particular title and instructions settings will be set when a battery is downloaded, it will always be possible for a user to modify the title and/or instructions afterward, if they wish (though it is not preferred).
  • Bug fix: When a participant completes a PROMIS adaptive survey or PROMIS auto-scoring survey that finishes after only one question, it might mistakenly not save the survey completion time of the survey response.
  • Bug fix: The last column in the Participant List table might not be displayed fully. (Ticket #57184)
  • Bug fix: Under certain conditions, REDCap Messenger's "System Notifications" section would mistakenly not display the messages for that section in the Messenger panel. (Ticket #57247)
  • Bug fix: When selecting to view Report B on the "Data Exports, Reports, and Stats" page for a longitudinal project, if the report is displayed as a multi-page report and specific events have been selected as a filter by the user, then if the user selects another report page to view using the page drop-down selector, it would mistakenly lose the event filter for the report (because the "events" parameter would not get included in the URL) and thus would display rows from every event on the page. (Ticket #57254)
  • Bug fix: For certain server configurations, when REDCap is creating a cache of a project's record list in a database table (as an invisible, back-end process to the user), it might mistakenly doubly UTF8-encode some record names, resulting in a database query error, thus causing the record list caching process to constantly fail and possibly display an outdated list of records in the user interface (e.g., Record Status Dashboard). (Ticket #56523)
  • Bug fix: If a Custom Record Status Dashboard has filter logic that references fields from a repeating instrument, it might mistakenly return an empty set, thus resulting in a dashboard with no records displayed, when it is known that some records should be displayed. Bug emerged in REDCap 8.10.4 (LTS). (Ticket #57234)
  • Bug fix: The lab field "Ketones Ur-mCnc" (LOINC 49779-2) was mistakenly missing from the DDP on FHIR list of mappable fields.
  • Bug fix: The cron job "AutomatedSurveyInvitationsDatediffChecker2" might mistakenly crash if SQL fields are piped into the email subject or email message of Automated Survey Invitations that contain datediff + today or now in the ASI conditional logic. (Ticket #57356)
  • Bug fix: When editing the project title, purpose, etc. in the Modify Project Settings popup on a project's Project Setup page, if Research is selected for Purpose, then the fields for entering the Name of the P.I. would mistakenly not wrap together, thus leaving the last name field on a row by itself. (Ticket #57417)
  • Bug fix: When exporting Report B (i.e., without creating a new report from the selections of Report B) on the "Data Exports, Reports, and Stats" page, if a specific instrument is not selected but "All instruments" are left selected, it might mistakenly not list any fields in the resulting stats package syntax file (for R, SAS, Stata, SPSS), thus preventing the exported data from loading properly in the stats package.
  • Bug fix: On the Cron Jobs page in the Control Center, the suggested command to set up the REDCap cron job on a Windows server was mistakenly not escaping paths that contained a space in them. This has been fixed to present the correct command. (Ticket #57426)

Version 8.10.4 - (released 1/24/2019)

  • Major bug fix: When a project is using a public survey that has "Save & Return Later" enabled with "Allow respondents to return without needing a return code" enabled, then if a participant clicks the "Save & Return Later" button on the public survey and leaves the survey open on the "Your survey responses were saved!" page while another participant partially or fully completes the survey, and then if the original participant clicks the "Continue Survey Now" button on the "Your survey responses were saved!" page, then the original participant will mistakenly have the other participant's response loaded for them on the survey page.
  • Bug fix: When using REDCap::getData() in a module, plugin, or hook, in which some filter logic is passed as a parameter and is expected to return an empty result set (because there are no matches for the filter logic), it might instead mistakenly return results with blank values for all fields being returned (with the exception of the record ID field and pseudo-fields, such as redcap_event_name), even though those fields might actually have non-blank values. (Ticket #56806)
  • Bug fix: When a user selects to display "ALL" records on the Record Status Dashboard in a project containing a large amount of records, if the page ends up crashing due to too many records being displayed, then the user would mistakenly never be able to view the Record Status Dashboard again without it crashing (because it remembers to show all records the next time the page is visited). (Ticket #56662)
  • Bug fix: If a calc field utilizes Smart Variables in its calculation, and a user performs a data import or executes Data Quality rule H, then other calculated fields in the project might have their value mistakenly set as the calculated result of the other calc field, thus overwriting the correct value of that other calc field. This is rare but can occur in specific situations depending on the structure of the project and the order of the calc fields involved. (Ticket #56731)
  • Bug fix: If the Data Resolution Workflow is enabled in a project, then incorrect language is displayed inside the "Data Quality rules were violated!" popup on a data entry form whenever a Data Quality rule has "real time execution" enabled.
  • Bug fix: When viewing the Field Comment Log popup on a data entry form, if the username in the User column is very long, it would mistakenly not wrap in the table but instead would overflow into the next column.
  • Bug fix: When a user attempts to access a REDCap project that has been set to "Offline" on the "Edit a Project's Settings" page by an administrator, it would mistakenly display the default system-offline message rather than the project-offline message. (Ticket #56938)
  • Bug fix: Certain project pages might not display correctly on tablets (causing the main right-hand window to display below the left-hand menu), especially if the project's language is set to a non-English language. (Ticket #56872)

Version 8.10.3 - (released 1/22/2019)

  • Minor security fix: A Cross-Site Scripting (XSS) vulnerability was discovered on certain pages, in which a malicious user could potentially exploit it by manipulating the query string of an HTTP request.
  • Bug fix: In server environments with PHP error reporting enabled, it would display a deprecation notice regarding the constructor of several PHP classes. (Ticket #55557)
  • Bug fix: When viewing an individual user on the Browse Users page in the Control Center, if the user is a Table-based authentication user and their secondary or tertiary email address has not yet been verified, then it would mistakenly not display the buttons to auto-verify the address or re-send the verification email to the user. This only occurs if the user is a Table-based user.
  • Bug fix: When a form or survey is submitted, in which there do not exist any fields on the instrument that are used in a calculated field anywhere in the project, then it would mistakenly trigger the calculation of all calc fields in the project. It should instead only trigger calculations if a field being submitted is used in a calculation. (Ticket #55192)
  • Bug fix: The "Export Survey Participants" API method would mistakenly not include some participants in the resulting API response if those participants had not first been viewed by a user either on the Participant List page or on the data entry form for the survey instrument that was passed as a parameter in the API request. Once a user had viewed the data entry form or Participant List for that instrument, the participants would then appear in the API export. (Ticket #55517)
  • Bug fix: When creating a project and selecting the option to upload a REDCap Project XML file, if the user fails to upload an XML file and then clicks the "Create Project" button, it would mistakenly create an empty project. It should instead give a warning to the user to upload an XML file and prevent the user from submitting the page. (Ticket #55731)
  • Bug fix: When a user makes a request to an administrator that a project be copied, it would mistakenly not check off some of the checkboxes on the Copy Project page when the administrator loads the page via the link in the email or via the To-Do List. This includes the following options: All report folders, All data quality rules, All project bookmarks, and All custom record status dashboards. (Ticket #55751)
  • Bug fix: When attempting to rename a record to "0" on the Record Home Page, it would fail and return an error message to a user. (Ticket #55723)
  • Bug fix: When using the Smart Variables form-link, form-url, survey-link, or survey-url to create links/URLs either to or from a repeating instrument or repeating event, it might mistakenly add the instance number of the current context to the URL when instead it should evaluate whether or not the instance number makes sense to be added to the target URL. (Ticket #54776)
  • Bug fix: When using Twilio telephony services for surveys, U.S. phone numbers having the area code "463" would mistakenly not work for SMS or voice calls unless the number has a "1" prepended to it. (Ticket #55668)
  • Bug fix: When adding/editing/deleting a Report Folder or assigning/unassigning a report to a Report Folder and then closing and re-opening the Report Folder popup, the user would mistakenly no longer be able to perform any actions inside that popup (as if its elements were locked). (Ticket #55878)
  • Bug fix: When a user enters an incorrect password on the login page, it might mistakenly cause some of the custom login text (if any) to become disproportionally enlarged. (Ticket #55945)
  • Bug fix: When creating/editing a record on a data entry form, in which the record name contains a forward slash or back slash, it may cause a Data Quality rule with Real Time Execution not to get triggered correctly or cause the Required Field popup alert not to display correctly. (Ticket #56093)
  • Bug fix: If a participant partially completes a survey using the "Save & Return Later" feature, in which there is no email address associated with that participant (either via the participant list or via the designated survey email invitation field), then the page that gets displayed immediately after clicking the "Save & Return Later" button might mistakenly display the text "You have just been sent an email containing a link for continuing the survey" for a moment and then suddenly disappear, which could be confusing.
  • Bug fix: When inline images are used for Descriptive fields on a survey or form, then if the user is viewing the page on a mobile device and the image's native width is smaller than the width of the page, it would mistakenly not resize it correctly and would make it too small on the page. It now makes the image wider on the page for better viewing of it.
  • Bug fix: When printing a page in the Control Center, the left-hand menu would mistakenly not be removed from the print-out when using Firefox. (Ticket #56340)
  • Bug fix: The "Announcement text to display at top of Home page and My Projects page" would mistakenly not get displayed at the top on the REDCap Home Page if the "Additionally display text on login page?" option is set to "No". (Ticket #56618)
  • Bug fix: If the biomedical ontology auto-suggest functionality is disabled as the system level, it would mistakenly prevent users on the Online Designer from setting a min or max limit for a Text field in the "Add Field"/"Edit Field" popup. (Ticket #56499)
  • Bug fix: When entering a number- or integer-validated text field on a form or survey on an Android device, it would mistakenly open the full keyboard when typing in the field rather than displaying a more appropriate number-centric keyboard. (Ticket #56447)
  • Bug fix: When entering a number-validated text field on a form or survey on an iOS device, it would mistakenly open the full keyboard when typing in the field rather than displaying a more appropriate number-centric keyboard.
  • Bug fix: "event_id" was mistakenly not listed as a reserved field name to prevent users from using it as a field's variable name. (Ticket #56627)
  • Bug fix: When an administrator is approving a "Move project to production" request on the To-Do List page, the To-Do List popup would mistakenly not automatically close after the request was approved or if the admin clicked Cancel to close the request. (Ticket #56457)
  • Bug fix: When using the @MAXCHECKED action tag for a checkbox field, if a user clicked on the checkbox’s label (rather than on the checkbox itself), it would appear to keep the checkbox unchecked if the @MAXCHECKED limit has been reached, but it would mistakenly save the checkbox as checked. (Ticket #56658)
  • Bug fix: For specific screen widths, the nav items at the top of the page on the Home page, My Projects page, etc. would mistakenly not be visible.
  • Bug fix: When performing a data import in projects with repeating instruments or repeating events, the "redcap_repeat_instance" field could mistakenly be imported with a value of "0", which should never be allowed because it must always be an integer larger than "0". (Ticket #28842)
  • Bug fix: If a required field is changed to be a Descriptive field, it would still mistakenly display the "must provide value" text below the Descriptive field's label on a survey page or data entry form. (Ticket #56719)
  • Bug fix: After selecting the "Export Reports" API method in the API Playground, the "Report ID" drop-down list would mistakenly not get rendered correctly, thus preventing users from utilizing it on that page. (Ticket #56707)
  • Bug fix: When using the survey-link or survey-url Smart Variable in the email message for an Automated Survey Invitation, in which the instrument name is appended to the Smart Variable (e.g. [survey-link:survey_2]), then if the appended instrument name is different from the survey instrument for the current ASI, it would mistakenly replace the Smart Variable with the link to the current ASI survey rather than with the explictly specified one. (Ticket #55400)
  • Bug fix: When using the first-event-name or last-event-name Smart Variable in branching logic or in a calculated field, in certain cases it might not get interpreted correctly, thus mistakenly resulting in a branching logic error message on a survey page or data entry form. (Ticket #56583)
  • Bug fix: When setting the conditional logic for an Automated Survey Invitation in a longitudinal project, if any fields are prepended with the Smart Variable [event-name], it would cause the ASI not to send the invitation if step 2 had the "Ensure logic is still true before sending invitation?" option selected while Step 3 was set to "Send immediately". (Ticket #55919)
  • Bug fix: When setting the conditional logic for an Automated Survey Invitation in a longitudinal project, if any fields are prepended with the Smart Variable [event-name] and the user selected a record from the "Test logic with a record" drop-down, it would mistakenly return "False" even when the condition is actually True.
  • Bug fix: When setting the branching logic for a field in the "Add/Edit Branching Logic" popup on the Online Designer, if a user selected a record from the "Test logic with a record" drop-down, it would mistakenly return "False" even when the condition is actually True. (Ticket #56623)
  • Bug fix: When a repeating instrument is being used as a survey and is being displayed in the Survey Queue, then it may mistakenly display the text "All surveys in your queue have been completed" on the Survey Queue if only 6 surveys have been completed in the queue (including all instances of the repeating survey), which could be confusing to respondents who might want to keep taking the repeating survey. Since a repeating survey is by definition open-ended and can be taken over and over again without end, the Survey Queue should never state "All surveys in your queue have been completed" if the queue contains at least one repeating survey. (Ticket #56540)

Version 8.10.2 - (released 12/28/2018)

  • New LTS branch based on REDCap 8.10.1 (Standard)

Version 8.5.27 - (released 12/28/2018)

  • Bug fix: When entering choices for a multiple choice field in the "Add Field"/"Edit Field" popup in the Online Designer, in which a dash/hyphen exists in the raw coded value of a choice, it would mistakenly recode the value rather than allowing the dash/hyphen, which is an acceptable character in the coded value.

Version 8.5.26 - (released 12/21/2018)

  • Bug fix: The upgrade module for version 8.5.25 was crashing and thus not allowing administrators to complete the upgrade to 8.5.25 or higher. (Ticket #55324)

Version 8.5.25 - (released 12/20/2018)

  • Bug fix: The "Test URL" buttons have been removed from the "DDP on FHIR" page in the Control Center because they did not work most of the time, thus giving administrators the impression that the URL entered was incorrect.
  • Bug fix: When accessing REDCap using DDP on FHIR while in an EHR-embedded window, if the session ended and the user logged back in, it would mistakenly not remember that the user is inside the embedded window and would thus not hide all appropriate elements from the user interface that it should.
  • Bug fix: For DDP on FHIR, the coded multiple choice options for sex, race, and ethnicity were not complete and, in some cases, incorrect for certain EHR configurations. During the upgrade process, these choice options for existing DDP on FHIR projects will have both their data and metadata translated into the new options. The field sex will now have options M, F, and UNK, while ethnicity and race will be replaced by a long list of LOINC codes to represent them properly.
  • Bug fix: When an administrator is viewing the "API Tokens" page in the Control Center or the "Manage All Project Tokens" tab on a project's API page, the "Last Used" column for a given user might mistakenly display "Never" instead of the last time the user made an API request for the project. This appears to occur due to a case sensitivity issue with the username, in which the case of the user seen on the Browse Users page in the Control center does not exactly match the case of the username with which the user logged in or with which the user is listed on the project's User Rights page. (Ticket #54748)
  • Bug fix: When using the "Preview" and "Test email" functionality when composing a survey invitation in a multi-arm project, if any fields are being piped into the email, in which the field being piped is prepended with the unique event name of an event from an arm other than specifically Arm 1, then it mistakenly would not replace the field with the text "PIPED DATA" as expected but would instead replace it with "______". (Ticket #54559)
  • Bug fix: When creating a new record in a non-longitudinal/classic project that only contains one data collection instrument, if the user clicks the Cancel button on the data entry form before saving/creating the record, it would mistakenly just reload that form rather than redirecting the user back to the "Add/Edit Records" page. (Ticket #54752)
  • Bug fix: When calling the API Method "Export Project XML", it might mistakenly not include all files from File Upload and Signature fields even though the exportFiles parameter had been set to TRUE (assuming that returnMetadataOnly=FALSE). (Ticket #54301)
  • Bug fix: When viewing a record on a data entry form in a project that contains one or more repeating instruments, it would mistakenly only display the number of repeating instances of a form on the left-hand instrument menu if the user was currently viewing any form that had been set as a repeating instrument. It should always display the number of repeating instances next to each repeating instrument on the left-hand menu for a given record. (Ticket #54846)
  • Bug fix: When viewing a record on a data entry form in a project that contains one or more repeating instruments, for all repeating instruments displayed on the left-hand instrument menu, it would mistakenly display the form status stack icon representing the status color of the first instance of the repeating instrument rather than displaying an icon representing all the instances (e.g., red stack icon representing all instances having "complete" status, blue stack icon representing mixed status types). This excludes the icon displayed for the currently selected form/instance, which was correctly displaying the form status icon of the currently viewed repeating instance. (Ticket #54846)
  • Bug fix: When using the data search feature on the "Add/Edit Records" page in a project, in which no results are returned from a given search, in some cases the "Searching..." text might mistakenly still be displayed afterward (instead of the text being hidden), thus incorrectly implying that the search has not yet finished. This could be confusing and mislead the user. (Ticket #54818)
  • Bug fix: When using an SQL field that contains a comma in the results for the data values that are returned from the SQL query, after selecting and saving an option with a data value that contains a comma, it will save the value correctly but in certain cases may mistakenly cause the value to not get pre-selected when a user returns later to the form, which could cause a blank value to mistakenly overwrite the saved value unbeknownst to the user if the form is saved again. (Ticket #54988)
  • Bug fix: If a project's metadata is exported via the Project XML file, in which a multiple choice field contains an HTML break tag (<br>) in its choice option label, then if a new project is created from the XML file, it might mistakenly add extra choices to that field if any text exists after the HTML break tag for a given choice. (Ticket #55122)

Version 8.5.24 - (released 12/7/2018)

  • Major bug fix: The "Export Records" API method mistakenly fails and will never complete due to a fatal PHP error. Bug emerged in REDCap 8.5.23. (Ticket #54340)
  • Bug fix: When clicking the "Close Survey" button after completing a survey, in certain cases REDCap will not be able to close the tab, and certain browsers might mistakenly redirect the user to the page where survey access codes are typically entered. (Ticket #54305)

Version 8.5.23 - (released 12/6/2018)

  • Bug fix: For certain server configurations related to PHP’s decoding of HTML entities, the Survey Settings page might not be able to properly store or display the survey instructions text or the survey completion text if they contain certain non-Latin characters.
  • Bug fix: Users would mistakenly be allowed to use the @DEFAULT action tag for Signature fields and File Upload fields. This can cause synchronicity issues of a single file being associated with multiple fields, and thus should not be allowed. It will now ignore the @DEFAULT action tag if used for such fields.
  • Bug fix: When viewing the Draft Mode production changes page in a project, if the project had been initialized in the REDCap Mobile App, then it would mistakenly give the warning "Please note that they *may* be affected by these changes and may not be able to successfully imported their data from the app afterward..." even though no current users have Mobile App user privileges anymore. It should only be displaying the warning if at least one person in the project still has Mobile App privileges and has initialized the project in the app at some point in the past.
  • Bug fix: When exporting data via the "Export Records" API method with type="eav" and providing Filter Logic as a parameter in the API request in which no records should be returned based on that filter logic, it would mistakenly return all records instead.

Version 8.5.22 - (released 11/28/2018)

  • Bug fix: If a user is viewing a project's Record Status Dashboard in which some records has been assigned to Data Access Groups, then under certain rare conditions (e.g., users bookmarking a link to the RSD after a DAG has been deleted in the project) users might not see all the records on the RSD anymore, which could be confusing. (Ticket #53335)

Version 8.5.21 - (released 11/21/2018)

  • Major bug fix: If a slider field on a data entry form has a value set, and then the user clicks the balloon icon next to any field to open the Field Comment Log popup, it would mistakenly set the slider value to 50, sometimes unbeknownst to the user. This does not occur on survey pages but only data entry forms. (Ticket #53371)
  • Major bug fix: If a multi-arm longitudinal project has Automated Survey Invitations and an ASI's conditional logic becomes true for a given record, it might mistakenly not schedule the survey invitation. (Ticket #53427)

Version 8.5.20 - (released 11/16/2018)

  • Bug fix: Certain web browsers (e.g., Chrome) would mistakenly be allowed to pre-fill Notes fields on a survey page or data entry form, which might also cause other fields on the page (such as Text fields or Radio button fields) to have values inserted into them as well.
  • Bug fix: Under certain conditions when a field on a survey/form is using the @DEFAULT action tag, and the survey/form has already been saved at least once (i.e., does not have gray form status icon), it might mistakenly display the red bar on the right side of the field as if the value has changed even though it has not.
  • Bug fix: When downloading certain PROMIS Adaptive or Auto-Scoring instruments from the REDCap Shared Library, viewing a completed survey response on its data entry form might mistakenly display a popup error due to malformed branching logic, specifically for the T-Score field.
  • Bug fix: If a user has "De-Identified" or "Remove all tagged Identifier fields" privileges and then exports a PDF of a form with saved data, then any multiple choice fields that are tagged as an Identifier field would still have all their choices displayed, although it would not display which choice was selected, which is confusing because it appears as if the field has a blank value rather than having its value redacted due to user privileges. In this situation, it now no longer displays the field choices but instead says "[*DATA REMOVED*] so that the user understands that the saved value was removed from the PDF.
  • Bug fix: The FHIR scope "patient/Patient.read" was missing when "DDP on FHIR" makes calls to the EHR. This caused "DDP on FHIR" not to function for some EHRs, such as Cerner. (Ticket #53285)
  • Bug fix: When using "DDP Custom" or "DDP on FHIR" in which a value already exists in REDCap for a mapped DDP field but a blank value exists (i.e., is missing) for the field in the EHR/source system, it would mistakenly prompt the user to overwrite the existing value with the blank/missing value. Missing values from the EHR/source system should instead just be ignored. (Ticket #53258)
  • Bug fix: When exporting the PDF of saved data (all records) on the Other Export Options tab on the "Data Exports, Reports, and Stats", if any data is being piped into a field note, field label, etc., it would mistakenly pipe the values from the first record into the text of all the subsequent records in the PDF.

Version 8.5.19 - (released 11/9/2018)

  • Major bug fix: Only for certain versions of Internet Explorer, if a user with lock/unlock privileges enters a data entry form that is already locked, then clicks the Unlock button at the bottom of the form, enters some data, and then clicks the Lock checkbox to lock the form again, it would submit the form immediately after checking the Lock checkbox, thus locking the form again, but it would mistakenly not save any of the data that had been entered on the form prior to being locked again.
  • Bug fix: When downloading multiple Adaptive or Auto-Scoring instruments from the REDCap Shared Library into the same project, the T-Score field and Std Error field would conflict and thus cause those fields on the subsequent instruments to be renamed, in which it would append random alphanumeric characters to the variable names. This would make it difficult to have the same variable names consistently if all the same instruments were downloaded in different projects.
  • Bug fix: If a user enters a value for a datetime field on a form or survey and then immediately removes the value, they would mistakenly be presented with a validation error message, which should not occur. This could cause the user to be stuck in an infinite loop on the page, in which the prompt keeps appearing, thus causing the user to have to reload the page and possibly lose any data entered. (Ticket #52024)
  • Bug fix: If using the Data Resolution Workflow in a project, and a user views an open query, it would mistakenly display data values for all fields in the query, even if the user has "No Access" user privileges to that field's data entry form. In this case, it now redacts the data value and instead displays a message stating that the field's value cannot be displayed because the user does not have view access. (Ticket #49956)
  • Bug fix: If the REDCap installation has the "Survey Base URL" set on the "General Configuration" page in the Control Center, then if a survey participant is viewing a Survey Queue for a record and then clicks the "Begin Survey" button for a given survey, it would mistakenly send the participant to the the wrong URL, in which it would be using the default "REDCap Base URL" instead of the "Survey Base URL". (Ticket #52502)
  • Bug fix: If viewing the Record Status Dashboard in a project where only one arm exists, but the arm is not arm "1" but another number, then clicking the record name link in the dashboard table will mistakenly take the user to the first arm, where the record does not exist. (Ticket #52575)
  • Bug fix: If a multi-arm longitudinal project has surveys using Automated Survey Invitations on multiple arms, in which at least one of the ASI's condition logic references a field/event on another arm, then if that ASI condition becomes true for a given record, it would mistakenly schedule the survey invitation even if the record does not exist on that arm. The record must exist on a given arm before a survey invitation can be scheduled for that arm for that record. (Ticket #52174)
  • Bug fix: On the Control Center's System Statistics page, the "Data values pulled from source system via DDP" count for both DDP Custom and DDP on FHIR would mistakenly inflate the true count. This was caused by mistakenly counting temporal values multiple times in longitudinal projects or in projects with repeating instruments/events if the same value was imported into multiple events/instances for a given record. This often depends on the window of time (i.e., day offset) being used, in which a larger day offset value would pull in more duplicate values.
  • Bug fix: When using "DDP on FHIR" in a project that does not have any demographics fields mapped on the DDP Field Mapping page, then if a patient is launched inside the REDCap window from within the EHR user interface, and the user chooses to add the patient to a project, then it would return a strange JSON-encoded message and would mistakenly take the user to the wrong page if they clicked "View patient in project" immediately after creating the record.
  • Bug fix: When using "DDP on FHIR" with the setting "Convert source system timestamps from GMT to local server time?" set to "Yes" on the "DDP on FHIR" setup page in the Control Center, it might sometimes mistakenly not pull in some temporal data (e.g., labs, vitals) when the data value's date of service is close to the edge of the window of time in which REDCap is querying from the EHR. For example, if a lab field's associated date field has a value of 2018-11-06, and the DDP Adjudication window has a +-3 day offset value set, which should search for all values from 2018-11-03 to 2018-11-09 (including those days), then some values saved on 2018-11-03 or on 2018-11-09 might not get returned from the EHR. This bug is the result of the data being stored in GMT/UTC time in the EHR while REDCap is querying the EHR using the local time.
  • Bug fix: When using Google Authenticator as a Two-Factor Authentication option, and an Account Manager (as opposed to an Administrator) clicks the "Send Google Authenticator instructions via email" button for a user on the Browse Users page in the Control Center, it would mistakenly fail and give an error message. This only occurs if the user clicking the button is an Account Manager. (Ticket #52597)
  • Bug fix: If a user clicks the "Show plots only" or "Show plots & stats" button on the "Stats & Charts" page in a project, it will mistakenly display the "Download image" button for fields on the page that do not have a graph displayed, in which clicking the button for such fields would cause it to download an unopenable/unviewable PNG file. (Ticket #51565)
  • Bug fix: If a field on a repeating event or repeating instrument has branching logic, in which fields in the logic exist on that same repeating event/instrument, then the field might mistakenly not get displayed in the PDF export with saved data.
  • Bug fix: If REDCap is set up to connect to the MySQL database via SSL, it would mistakenly not display the "REDCap server is offline!" message to users if the database connection failed. Additionally, for installations not using an SSL database connection, the "REDCap server is offline!" message would be inconsistent in its text being displayed depending on whether the user was on the REDCap Home Page/My Projects page as opposed to accessing a page in which "/redcap_vX.X.X/" appears in the URL (where X.X.X is your current version). (Ticket #51758)
  • Bug fix: If a user's account was suspended due to inactivity and afterward an administrator unsuspended the user using the green "Unsuspend User" button on the Browse Users page under the "View User List By Criteria" tab (as opposed to unsuspending a single user when viewing the user account under the "User Search" tab on that page), then if the cron job that suspends users due to activity gets run before the user logs in to REDCap the next time, the cron job would mistakenly suspend them again. (Ticket #52768)
  • Bug fix: If a participant is returning to a multi-page survey that has the "Save & Return Later" option enabled, and the survey exists on a repeating event or is a repeating instrument, then if the current survey page being opened by the participant is not the first repeating instance of the survey but is a later repeating instance, then it might mistakenly start the participant on the wrong page of the survey to which they are returning. It normally should take them to the page containing the last question having data. (Ticket #50898)

Version 8.5.18 - (released 11/2/2018)

  • Minor security fix: A Cross-Site Scripting (XSS) vulnerability was discovered on certain pages, in which a malicious user could potentially exploit it by manipulating the query string of an HTTP request.
  • Minor security fix: An SQL Injection vulnerability was found on surveys pages and data entry pages in which a malicious user could potentially exploit it by manipulating the query string of an HTTP request.
  • Major bug fix: If a user has "De-identified" or "Remove all tagged Identifier fields" data export user privileges in a project, and then the user downloads a PDF of a data entry form with saved data, in which the form is a repeating instrument or repeating event, it would mistakenly not remove the appropriate data from the PDF as required according to their user privileges. (Ticket #52190)
  • Bug fix: When performing a data import (either via API or via Data Import Tool) in which the first instrument of a record is locked, it would mistakenly prevent the data import from completing, thus resulting in an error, even if the user is not attempting to update values on the first instrument.
  • Bug fix: The data dictionary import process would fail if any calculated fields in the data dictionary contained Smart Variables in their calculation. (Ticket #51346)
  • Bug fix: If using a custom record label in a longitudinal project, in which the custom record label references a field that exists on an event that is not the first event of the current arm, then it might not display the custom record label at all. (Ticket #50733)
  • Bug fix: Some cron jobs were mistakenly shifting by a minute or two each day with regard to the time they should be run by the system. They will now be run at the exact minute they are expected to based on their previous run time + their defined frequency to run.
  • Bug fix: When using DDP on FHIR to add a patient to a project from inside the EHR interface, in certain cases the add-patient process would fail and simply return a dialog saying "ERROR".
  • Bug fix: If a report in a project is created, copied, reordered, or deleted, then on occasion it may mistakenly cause many (or all) of the existing reports to be reordered in a seemingly random fashion. (Ticket #42809)
  • Bug fix: When using the Publication Matching module, if REDCap is upgraded to a newer version after an email has been sent to a PI regarding a possible publication match, then the link in the email would not redirect to the correct webpage properly. (Ticket #52023)
  • Bug fix: If custom Homepage Announcement text is set for the system and the current user is sponsor of a user, then the custom text would mistakenly not stretch as wide as the My Projects table. (Ticket #51782)
  • Bug fix: If a field on a repeating event/form has a specific repeating instance number that is referenced in a calc field or branching logic (e.g., [weight][2] > 150), then even if the specific repeating instance of the event/form exists, it will throw an error on the data entry form or survey page if the field itself does not have a value saved for the repeating instance that is explicitly referenced.
  • Bug fix: When using certain non-English languages for the translated text in a project, the title/hover-over text for the repeating survey icon in the Online Designer would mistakenly get truncated. (Ticket #52126)
  • Bug fix: When piping data from a repeating event/instrument onto another instrument or event, especially a non-repeating instrument/event, then the PDF download of that instrument with saved data might mistakenly not pipe the data into the labels in the PDF.
  • Bug fix: In a multi-arm project using the Scheduling module, opening a record from the Calendar page and then clicking "view schedule" from the calendar popup would load the "View or Edit Schedule" page but might mistakenly not pre-select the record in the record drop-down list on that page.
  • Bug fix: The plugin/hook/module method REDCap::getReport now more strictly checks the value of the third parameter ($exportAsLabels) to ensure it is a boolean. (Ticket #52382)
  • Bug fix: When using a bookmarked link of a page in the Plugins, Hooks, and External Modules documentation after REDCap is upgraded to a newer version, then the bookmark would not redirect to the correct webpage properly. (Ticket #51824)
  • Bug fix: If a conversation in Messenger is attached to a project, it would mistakenly display the HTML <br> tag when hovering over the conversation title. (Ticket #52308)
  • Bug fix: If certain Smart Variables (e.g., [survey-queue-link]) are used in the email text of an Automated Survey Invitation, which also uses datediff with "today" or "now" as a datediff parameter, then it would prevent the ASI+datediff cron job from fully running. Note: This would only affect a small percentage of the total invitations being sent out. (Ticket #51081)

Version 8.5.17 - (released 10/17/2018)

  • Bug fix: When using the Twilio Telephony Services for surveys and setting up an Automated Survey Invitation in which the Invitation Type is "SMS Invitation (contains survey link)", it would mistakenly add the survey link twice to the SMS message. And in the version of REDCap just prior to this one, it was mistakenly adding the survey link if it was not included in the SMS message for the ASI, which should not occur because the instructions state that the survey link will not be automatically added to the SMS when using the "SMS Invitation (contains survey link)" invitation type. So if using "SMS Invitation (contains survey link)" invitation type, it will not add the survey link unless the [survey-url] Smart Variable is used in the SMS message for the ASI. (Ticket #50596)
  • Bug fix: If a field exists on a repeating instrument, and a value is being imported for that field (via Data Import Tool or API) in which no value is provided for the redcap_repeat_instrument field for that row of data, it would mistakenly allow the data to be imported without errors, and that data might become orphaned and be inaccessible on certain pages (e.g., Record Home Page, Record Status Dashboard) after the import has completed.
  • Bug fix: In certain cases, the left-hand project menu might display the link "View/Edit Records" when instead it should always display the "Add/Edit Records" unless the user does not have "Create Record" privileges.

Version 8.5.16 - (released 10/5/2018)

  • Bug fix: If a user attempts to create a new record on the Add/Edit Records page, in which the record contains a tab character (via copy-and-pasting the record name from elsewhere), it would mistakenly not inform the user that tab characters are not permitted in record names and would simply remove them when loading the Record Home Page for that new record. (Ticket #50347)
  • Bug fix: If a user adds Custom Event Labels for a longitudinal project, and then converts the project to classic/non-longitudinal format, the Custom Event Label for the first event would mistakenly still appear on the Record Home Page. Custom Event Labels should only appear when a project is longitudinal. (Ticket #49885)
  • Bug fix: The notification in the Control Center that informs REDCap admins that a new External Module update is available would mistakenly display versions of modules that were not compatible with the current REDCap version. However, if the admin clicked the blue button to visit the REDCap Repo and then returned back to REDCap afterward, it would temporarily resolve this issue. (Ticket #49957)
  • Bug fix: If a user creates a thread in REDCap Messenger that is connected to a project, and then navigates into a different project, in which the Messenger panel is initially closed while in that project, then when the background AJAX call for Messenger runs after being on a page for 60 seconds, it would mistakenly cause a JavaScript error and might cause some functionality of Messenger not to work correctly. (Ticket #24930)
  • Bug fix: The plugin/hook/module method named REDCap::evaluateLogic might not interpret the event context correctly depending on the value passed as the $event parameter. (Ticket #49420)
  • Bug fix: In a longitudinal project that is in production, if a user attempts to un-designate an instrument for an event on the "Designate Instruments for My Events" page, specifically using the CSV file upload option, it would mistakenly allow the user to do so, even though only REDCap admins should be able to un-designate instruments for events while in production. (Ticket #48290)
  • Bug fix: When using a date or datetime field with DMY or MDY format as the record ID field, it would mistakenly not save the record name correctly when trying to create the record, but instead it would mangle the date format. (Ticket #49373)
  • Bug fix: If branching logic or a calculation on a repeating instrument or repeating event utilizes the Smart Variable "current-instance" (e.g., [yesno_var][current-instance]*1), then when viewing the first repeating instance of that instrument/event, it would mistakenly not perform the branching logic or calculation correctly if the value for that field in the logic/calc changes while on that page. (Ticket #50094)
  • Bug fix: When using the Twilio Telephony Services for surveys and setting up an Automated Survey Invitation in which the Invitation Type is "SMS Invitation (contains survey link)", it would mistakenly add the survey link twice to the SMS message. (Ticket #50596)
  • Bug fix: When running Data Quality rule F, in which some fields being evaluated exist on a repeating instrument, it might mistakenly display them in the list of discrepancies when in fact it is a false positive. (Ticket #49640)
  • Bug fix: Calculated fields would sometimes hit a precision limit in JavaScript and mistakenly return a blank value for the calc field rather than the correct numerical result, which might need to be displayed in scientific (exponential) notation. (Ticket #50578)
  • Bug fix: When using LDAP or LDAP & Table-based authentication, it was mistakenly not allowing users to be assigned to a user role in a project if the username contained a space. (Ticket #50791)

Version 8.5.15 - (released 9/30/2018)

  • Bug fix: When hitting the Enter button while inside a date or datetime field that triggers calculations or branching logic on the same page of a form or survey, it might mistakenly display erroneous error prompts stating that something is syntactically incorrect with the calculation or branching logic, which is not the case.
  • Bug fix: When piping a value from a date or datetime field into the @DEFAULT action tag of another date/datetime field that has either MDY or DMY date format, the value would mistakenly get mangled and thus be incorrect when the page initially loads. (Ticket #17157)
  • Bug fix: When uploading a file for a File Upload field, under certain conditions it might mistakenly cause multiple rows to be added to the redcap_data database table for that record. (Ticket #50178)
  • Bug fix: When using DDP on FHIR and opening a record on the Record Home Page while viewing it inside the EHR, a JavaScript error might mistakenly occur, thus sometimes preventing the DDP adjudication dialog from opening.
  • Bug fix: When creating a new Table-based user in the Control Center, in which the user's attributes contain special/non-Latin characters, then depending on the server's MySQL collation_connection, it might not save the user's attributes correctly in the database but may instead mistakenly garble them. This bug was supposedly fixed in REDCap 8.5.13 but was mistakenly not. (Ticket #48983)
  • Bug fix: When mapping an EHR field on the DDP mapping page in a longitudinal project using DDP on FHIR, and clicking the "Copy mapping to other event" for a given field, it might mistakenly also copy the category header that immediately follows that field, which makes the page look confusing to the user.

Version 8.5.14 - (released 9/20/2018)

  • Major bug fix: If a user has data export privileges of "De-identified" or "Remove all tagged Identifier fields", and then the user exports a report in which every field in the report gets removed due to their export privileges, then it would mistakenly export data for *all* the fields in the entire project. (Ticket #48976)
  • Major bug fix: If a user attempted to put a production project into Draft Mode on the Online Designer page, it would fail and merely reload the page. (Ticket #49866)
  • Bug fix: If a field was using @DEFAULT, @NOW, or @TODAY action tags, and that field was also being piped into text somewhere on that same page, then the field values would mistakenly not get piped when the page initially loads. (Ticket #49839)

Version 8.5.13 - (released 9/19/2018)

  • Bug fix: When viewing the To-Do List in the Control Center, some requests might mistakenly still show up in the request counts even though the requester's account has been deleted from the REDCap system. (Ticket #48846)
  • Bug fix: Certain database queries that check to make sure that a project's reports are in the correct order were getting run more than necessary, which would sometimes cause certain pages in a project to run slowly.
  • Bug fix: After editing the branching logic of a field in the Online Designer, it would mistakenly chop off the first character in the branching logic when displaying it in red text on the page for the field. (Ticket #49098)
  • Bug fix: When using DDP on FHIR to add a patient to a project, in some cases it would navigate to an incorrect non-existing record named "Undefined" in the REDCap project after clicking "View patient in project" button after creating the record via DDP on FHIR.
  • Bug fix: When using DDP on FHIR, some LOINC codes related to Multiple Sclerosis were mistakenly missing from the DDP field mapping page.
  • Bug fix: When creating a new Table-based user in the Control Center, in which the user's attributes contain special/non-Latin characters, then depending on the server's MySQL collation_connection, it might not save the user's attributes correctly in the database but may instead mistakenly garble them. (Ticket #48983)
  • Bug fix: The To-Do List page in the Control Center would mistakenly display with the action buttons overlapping the previous column in the table. (Ticket #49096)
  • Bug fix: When using DDP on FHIR, the information page/popup that describes how to use DDP to users was mistakenly missing the specific codings required for the three demography fields "sex", "race", and "ethnicity". The required multiple choice codings for those fields are now listed in the DDP on FHIR informational page that is accessible on the DDP on FHIR Control Center page and via the popup on a project's Project Setup page.
  • Bug fix: When launching multiple patients using DDP on FHIR inside the EHR interface (i.e., multiple tabs during same session), if the user returned to an older tab/patient during the same session, it might mistakenly confuse it with the latest patient that was loaded, thus losing that tab's proper context for the patient and causing confusion for the user.
  • Bug fix: If using MySQL 8.0 as the database, in certain cases the Control Control might erroneously display the "Database structure is incorrect" warning even though nothing is wrong with the database tables. (Ticket #49580)
  • Bug fix: When exporting a project's Project XML file, for certain server configurations, it would cause the XML file to have all linefeeds removed from Section Headers and Field Labels. Note: This fix will not fix any Project XML files that have already been generated but will fix this issue for any XML files generated in the future. (Ticket #48719)
  • Bug fix: If there exists piping, calculations, or conditional logic using the Smart Variables first-event-name or last-event-name that happens to be prepended to a checkbox field, in which a checkbox choice is explicitly specified inside parentheses, it would mistakenly return a list of all the checked-off checkbox labels instead of the checked-off status for the specified choice. (Ticket #49378)
  • Bug fix: When a user attempts to place a production project into draft mode, it might mistakenly just reload the same page with no changes, thus preventing the project from being put in draft mode. (Ticket #6346)
  • Fixes and updates for External Modules Framework
  • Bug fix: If an External Module was using the API endpoint for assets (non-PHP pages), it would mistakenly enforce authentication on those assets, which would cause issues for certain authentication types, such as Shibboleth.

Version 8.5.12 - (released 9/7/2018)

  • Bug fix: When setting the value of the Rate Limiter on the General Configuration page in the Control Center, it would display a soft validation error if a value was entered that was less than 60. It should instead allow all integers to be entered with a minimum possible value of "0".
  • Bug fix: If a POST request to REDCap exceeds the maximum number of POST parameters according to the max_input_vars setting in the PHP.INI configuration file, it might truncate the parameters sent and mistakenly not display an error message, thus only saving part of the data submitted without informing the user of such. It now properly returns an error message to let the user knows if this ever occurs. This includes API requests. (Ticket #47117)
  • Bug fix: Updated some outdated text on the "Administrators & Acct Managers" page in the Control Center. (Ticket #47531)
  • Bug fix: If a record in a project has some survey invitations scheduled, and then the record is renamed, its associated invitations would mistakenly get disassociated from the record, thus causing the invitations not to get delivered. (Ticket #47887)
  • Bug fix: If a user placed their cursor into any text input field and clicked their Backspace button on their keyboard, it would cause a JavaScript error. In most cases, this would go unnoticed; however, some browsers might display a popup alerting the user of this error, which could confuse the user.
  • Bug fix: The REDCap cron job was mistakenly being counted toward "Page Hits" as displayed on the Control Center's Activity Graphs page. (Ticket #46074)
  • Bug fix: When using the e-Consent Framework in a project, in which a record has an e-Consent PDF file associated with it and a user deletes the record, it would mistakenly not delete the record's e-Consent entry. This would cause problems if another record was created later using the same record name, in which it would prevent the saving of that new record's e-Consent file. (Ticket #38660)
  • Bug fix: When using "Japanese (Shift JIS)" for a project's "character encoding for exported files" setting, and the project's PDF Customization setting has the PDF header text (e.g., Confidential) in Kanji/Japanese, then the PDF header text would mistakenly not display correctly in the PDF. (Ticket #48035)
  • Bug fix: LDAP allows for spaces to be used in usernames, and even though REDCap users could successfully log into REDCap while having a space in their username, REDCap would not allow such users to be added to projects, in which it would display an error message stating "User names can only contain letters, numbers, underscores hyphens and periods". If using "LDAP or "LDAP & Table" authentication, it will now allow users to be added to a project via the User Rights page even if their username contains a space. (Ticket #48169)
  • Bug fix: When using literal date or datetime values inside a datediff() function in the "Add/Edit Branching Logic" popup in the Online Designer and testing the logic against a record, it might mistakenly state the field should be hidden when instead it should be shown (or vice versa). Related, if using literal dates inside a datediff() function in the branching logic of a field, and a user goes to export a PDF with saved data of that field's instrument for an existing record, the field might mistakenly be hidden in the PDF when instead it should be shown (or vice versa). (Ticket #47717)
  • Bug fix: When using "Japanese (Shift JIS)" for a project's "character encoding for exported files" setting, the Kanji text might not display correctly if the PDF is opened on certain devices. The remedy this, the internal font in the PDF has been changed from Gothic to Kozmin. (Ticket #48035)
  • Bug fix: When using a Stop Action on a checkbox on a survey, in which the "Enhanced checkbox and radio button" option is enabled for the survey, then if a participant triggers the Stop Action but chooses to "Continue survey" (rather than ending the survey), it would mistakenly not uncheck the checkbox choice they had selected. (Ticket #48273)
  • Bug fix: Using an X-instance Smart Variable that is appended to a variable or Smart Variable containing a parameter with a colon (e.g., [mycheckbox:checked][last-instance]) might mistakenly not be parsed correctly, thus possibly returning an incorrect value. (Ticket #48251)
  • Bug fix: When the record ID field in a project has field validation, and the Scheduling page is being used in a longitudinal project to create a new record (assuming record auto-numbering is not enabled), the Scheduling page would mistakenly not employ the field validation if a record name was entered in an incorrect format. This only occurs for certain field validation types. (Ticket #46643)
  • Bug fix: When using the Smart Variables "previous-event-name" or "next-event-name" in a calculated field while viewing the first or last event, respectively, it would mistakenly display the error prompt stating that there was an error in the calculation. Instead, it now silently replaces those with a blank value (wrapped in quotes) in the equation to prevent an error from occurring in order to force a blank value to be returned. (Ticket #48631, 48669)
  • Bug fix: When using the X-event-name Smart Variables as prepended to a field variable, in which the variable name contains a number, it might not parse the Smart Variable correctly, thus causing it to replace it with a blank value or the value from the wrong event. (Ticket #48576)
  • Bug fix: If PHP's Multi-Byte String extension is not enabled on the web server, then REDCap might throw a fatal PHP error when attempting to send an email. (Ticket #48757)
  • Bug fix: Some data entry forms, especially for records that have repeating instruments with many repeating instances saved (i.e., hundreds or more), would load very slowly, sometimes causing the page to time out and never fully load. They should now load much faster. (Ticket #40634)
  • Bug fix: When calling the method REDCap::getPDF inside a hook in a project, in which the current user does not have full data export privileges, the method would mistakenly fail to output the PDF. The method should work regardless of the user's project-level rights. (Ticket #48756)

Version 8.5.11 - (released 8/15/2018)

  • Bug fix: When cross-event branching logic is used on a field in a longitudinal project, in which some events being referenced in the logic do not contain any data for a given record, in some cases the PDF export of an instrument would mistakenly not correctly determine if the field should be hidden or not in the PDF, and thus it might hide the field when it should display it (or vice versa). This bug only affects the PDF. (Ticket #42206)
  • Bug fix: The action of creating or modifying a Custom Record Status Dashboard was mistakenly not getting logged on the project Logging page.
  • Bug fix: The default browser behavior of navigating back to the previous page after a user clicks their keyboard's Backspace button was mistakenly occurring in "search" input type fields, which are predominate in External Modules and their configuration pages.
  • Bug fix: An error message on the Data Import Tool had incorrect text. (Ticket #47040)
  • Bug fix: In longitudinal projects in production, the "select all" and "deselect all" links on the "Designate Instruments for My Events" page would mistakenly allow the user to select/deselect already-designated instruments. Instead it should only allow the user to select/deselect instruments that are not yet designated. (Ticket #47020)
  • Bug fix: Small SQL issue caused if upgrading to 8.5.10 from an earlier version. (Ticket #47020)
  • Bug fix: In a longitudinal project that has multiple arms and is also using the Double Data Entry module, the Record Status Dashboard would mistakenly not display any form status icons on the page for a user that is Double Data Entry person 1 or 2.
  • Bug fix: When viewing non-project pages (e.g., My Projects, Control Center) in a mobile browser (small device/screen), the "Help & FAQ" and "Training Videos" options would mistakenly not appear in the top menu. (Ticket #47237)
  • Various fixes and updates for the External Modules framework

Version 8.5.10 - (released 8/9/2018)

  • Bug fix: If any projects used Twilio telephony services for surveys and had an Automated Survey Invitation set to use the "Participant's Preference" as the delivery method, then new invitations scheduled by the ASI might mistakenly not include a survey link if an individual participant's preference is "Email Invitation". (Ticket #42868)
  • Bug fix: When executing a custom Data Quality rule that contains a single variable in the logic, extra discrepancies might mistakenly be returned in some cases, especially if the project is longitudinal and/or contains repeating instruments/events. (Ticket #45695)
  • Bug fix: When piping the Smart Variable [previous-event-name] or [next-event-name] when it is prepended to a variable name, it might mistakenly replace it incorrectly by replacing just the Smart Variable (but not the field variable) with six underscore characters or with nothing (depending on the context). (Ticket #46001)
  • Various fixes and updates for the External Modules framework
  • Bug fix: The PHP LogicTester class mistakenly contained some debugging code that prints SQL out on the page. (Ticket #46864)

Version 8.5.9 - (released 8/3/2018)

  • Major bug fix: When upgrading from a REDCap version lower than 8.4.0 to version 8.4.0 or higher, if any projects used Twilio telephony services for surveys and had an Automated Survey Invitation set to use the "Participant's Preference" for the delivery method, then new invitations scheduled by the ASI might not include a survey link (when needed) upon being scheduled. (Ticket #42868)
  • Bug fix: When using the E-signature feature at the bottom of a data entry form, if the username is in an incorrect case or has trailing spaces, it would mistakenly fail during the initial E-signature login. It should instead be trimming the username of any whitespace at the beginning or end, and should be evaluating the username as case insensitive since this is how the regular login behaves.
  • Bug fix: If an external module has its configuration permissions set to "Require module-specific user privilege" on the External Modules page in the Control Center, and a user has been given the rights to configure the module in a project, then if a REDCap administrator opened the User Rights page in the project to edit that user's module rights and unchecked every module and saved it, the user would mistakenly still have access to the modules to which they previously had access. This only occurs when all modules are unchecked on the User Rights page. (Ticket #44112)
  • Bug fix: When using a logo on a survey and also using the "Save & Return Later" feature, if a respondent chose to return to a survey, then upon loading the survey page to enter their return code, a JavaScript error would occur on the page. (Ticket #46143)
  • Bug fix: When using Twilio telephony services for surveys and having it make voice calls to participants, each voice call would mistakenly have an unnecessarily long pause at the beginning of the call.
  • Bug fix: When importing data values for a repeating event via Data Import Tool or via API but not including the form status field in the imported data set for any of the instruments on which the imported fields are located, those repeating instances on the repeating event might get orphaned in some user interfaces, such as in the Record Status Dashboard, and thus do not become visible until the user attempts to create a new instance through the user interface and then saves the form. (Ticket #46285)
  • Bug fix: AAF Authentication was mistakenly being excluded during CSRF token check.
  • Bug fix: When piping the Smart Variable [event-name] when it is prepended to a variable name, it might mistakenly replace it incorrectly by replacing it with the current event name without square brackets around it. (Ticket #46001)
  • Bug fix: In certain cases Smart Variables were not getting evaluated correctly when used inside the conditional logic of Automated Survey Invitations, thus causing invitations not to get scheduled appropriately. (Ticket #44104)
  • Bug fix: On the Project Modifications page, when clicking the Compare button to view the differences between old and new choices of a multiple choice field, it would mistakenly always display "0" for the record count for every choice, even if some records do have that choice saved. This issue appears to only occur in specific versions of PHP. (Ticket #25851)
  • Bug fix: In a report or via the API, if the user is requesting specific records and also specific events to be returned, if there is no data for those events for those records, then it would mistakenly return empty "ghost" rows as if data does exist on those events, which is confusing. (Ticket #46342)

Version 8.5.8 - (released 7/30/2018)

  • Critical security fix: An SQL Injection vulnerability was found on several pages that could be potentially exploited by manipulating the URL query string of an HTTP request by a malicious user, including non-REDCap users through publicly available URL end-points that do not enforce authentication. It appears very unlikely that this vulnerability could be used to extract information from a REDCap database. But if enough knowledge is known about REDCap internally, it might be possible for an outsider to upload files into random projects in REDCap; however, there is no evidence that those same files could be executed or downloaded, and thus the files would essentially be orphaned (would not be accessible through the user interface in any way) and would simply take up unnecessary space on the file server. This bug appears to exist in every version of REDCap since version 4.0.0.
  • Major bug fix: On survey pages, data entry forms, and other pages where conditional logic and calcs are evaluated, those pages may take an exorbitant amount of time to load (and in some cases may never successfully load at all). This appears to only affect certain Windows server environments.

Version 8.1.20 - (released 7/30/2018)

  • Critical security fix: An SQL Injection vulnerability was found on several pages that could be potentially exploited by manipulating the URL query string of an HTTP request by a malicious user, including non-REDCap users through publicly available URL end-points that do not enforce authentication. It appears very unlikely that this vulnerability could be used to extract information from a REDCap database. But if enough knowledge is known about REDCap internally, it might be possible for an outsider to upload files into random projects in REDCap; however, there is no evidence that those same files could be executed or downloaded, and thus the files would essentially be orphaned (would not be accessible through the user interface in any way) and would simply take up unnecessary space on the file server. This bug appears to exist in every version of REDCap since version 4.0.0.
  • Major bug fix: On survey pages, data entry forms, and other pages where conditional logic and calcs are evaluated, those pages may take an exorbitant amount of time to load (and in some cases may never successfully load at all). This appears to only affect certain Windows server environments.

Version 8.5.7 - (released 7/18/2018)

  • Major bug fix: On some occasions, DDP on FHIR was mistakenly not parsing all the data being received from the EHR, thus some clinical data values from the EHR were not being stored in REDCap.
  • Bug fix: When using the biomedical ontology search for a text field on a form or survey, it was mistakenly including Semantic Types Ontology (STY). It now excludes Semantic Types Ontology from biomedical ontology search unless field validation is STY. (Ticket #44910)
  • Bug fix: In REDCap Messenger, it might display that there are unread messages for the user to read even though there are none.
  • Bug fix: When a survey has "Save & Return Later" enabled, and a respondent clicks the "Start Over" button upon returning to the survey, the survey page mistakenly does not display the survey instructions at the beginning of the survey. (Ticket #44838)
  • Bug fix: The record drop-down list displayed in the Online Designer both in the "Add/Edit Branching Logic" popup and also in the "Add/Edit Field" popup for calc fields would mistakenly not display the Custom Record Label and Secondary Unique Field labels.
  • Bug fix: The record drop-down list displayed in the Online Designer both in the "Add/Edit Branching Logic" popup and also in the "Add/Edit Field" popup for calc fields would be too long for projects with large amounts of records, which could cause the page to load very slowly or not load at all. To remedy this, the record drop-down list now only displays the first 200 records.
  • Bug fix: The rendering of the Participant List was unnecessarily slow due to some incorrect queries that were pulling information not needed. This fix should make the Participant List load much faster, especially for larger projects with thousands of records.
  • Bug fix: In the "Compose Survey Invitations" popup on the Participant List page, the "Previously Sent Email" drop-down list displayed under "Load message box with text from a previous email?" would mistakenly load email text containing static, unique survey links from previously sent invitations (which could cause major issues if used verbatim for new invitations) when instead it should have been loading the invitation text containing the Smart Variable [survey-url] in place of the static survey link.

Version 8.5.6 - (released 7/11/2018)

  • Bug fix: The cron job that checks for updates for External Modules would mistakenly only run if REDCap stats reporting had been set to "auto". (Ticket #44324)
  • Bug fix: When creating/editing an Automated Survey Invitation and in Step 3 setting the option "Send after lapse of time" that would result in a send time occurring in the year 2038 or afterward, it would mistakenly set the send time to be 1/1/1970 or 12/31/1969 instead. (Ticket #44459)
  • Bug fix: When using the Smart Variables [form-link] and [record-name] inside the email subject or email message of an Automated Survey Invitation, it would mistakenly not pipe the record name into the form link URL for [form-link] and would mistakenly replace [record-name] with "______" instead of the real record name. (Ticket #44549, #44550)
  • Bug fix: The "DDP on FHIR" page that gets displayed inside the EHR user interface was mistakenly missing a link to the "DDP on FHIR" information page that provides all the information about that module.
  • Bug fix: If a slider field exists on an instrument that is currently locked, the user would mistakenly still be able to modify the slider position and value. Note: This would not affect the slider's value at all since the instrument could not be saved until it was unlocked. So at most, this could cause confusion. (Ticket #44608)
  • Updates and fixes for the External Module Framework
  • Bug fix: In a calculated field or in branching logic that has cross-event logic while referencing a field that exists on a repeating instrument from another event, it would mistakenly assume instance #1's value to always be blank/null for that field and thus cause the logic or calculation to come to an incorrect result. (Ticket #44474)
  • Bug fix: If a suspended user gets unsuspended by an administrator either via the Browser Users page in the Control Center or via a Sponsor Dashboard request, the user would mistakenly get suspended again within the next day if they did not log into REDCap soon after being unsuspended.
  • Bug fix: If a sponsor had made a request to an administrator via an action in the Sponsor Dashboard, if the administrator was using a link in the email to process requests (as opposed to using the To-Do List), the administrator might mistakenly try to process the same request twice, which could cause issues. Now if an administrator attempts to process an already-processed request, it will display an error message letting them know that it has already been processed and therefore cannot be processed again.
  • Bug fix: Users might mistakenly receive a notification email stating that they have an unread message in a conversation in REDCap Messenger, even though the conversation has been deleted.

Version 8.5.5 - (released 7/2/2018)

  • Bug fix: When using the [survey-queue-link] Smart Variable with custom text to display, in certain situations it may mistakenly cut off the first word of the custom text or not display the custom text at all. (Ticket #44224)
  • Bug fix: When setting an account expiration time for a user on the Browse Users page (via "View User List By Criteria"), if the administrator's date format preference is set to Y-M-D on their My Profile page, then the pre-filled expiration time in the Set Account Expiration popup might mistakenly be in Y-M-D H:M:S format when instead it should only be in Y-M-D H:M format, thus throwing a date-formatting error when submitting the action. (Ticket #44228)
  • Bug fix: If using MySQL 8.0 or later for REDCap's database, it would erroneously display the "database structure is incorrect" error in the Control Center when nothing is really incorrect about the database tables. (Ticket #42594)
  • Bug fix: Minor changes to some database tables, which were mistakenly created with BTREE indexes, which is a type of index that is not compatible with some versions of MySQL or MariaDB.

Version 8.5.4 - (released 6/29/2018)

  • Major bug fix: If an Automated Survey Invitation has conditional logic containing a datediff() function that is explicitly using "now" as a parameter, the cron job that runs several times a day to trigger any datediff+now ASIs would mistakenly fail to schedule invitations for this ASI. Note: The issue does not exist for datediff+today ASIs but only for datediff+now ASIs. (Ticket #43783)
  • Bug fix: When clicking the +- options at the top of a survey page to increase or decrease the font size of the survey text, in some cases with particular nested HTML tags, it would mistakenly compound the size changes unnecessarily, thus causing the font size to be too large or too small for some blocks of text.
  • Bug fix: When downloading a "compact" PDF containing data, if a multiple choice field contains many choices (e.g., >20) it might mistakenly display only that field on a page by itself.
  • Bug fix: When downloading the CSV file of users on the Browse Users page in the Control Center, it would mistakenly have the resulting filename ending with ".csv.csv" instead of just ".csv". (Ticket #43774)
  • Bug fix: When referencing a repeating instance number in the conditional logic of an Automated Survey Invitation and then selecting a record using the "Test logic with a record" option, it would mistakenly cause a PHP fatal error. (Ticket #44104)
  • Bug fix: When a user has De-identified data export privileges in a project and attempts to export a PDF containing data, in which MDY- or DMY-formatted date/datetime fields are being piped into labels in that PDF, then instead of the piped values being replaced with "[*DATA REMOVED*]" as expected, they would mistakenly be replaced with "00.00.0000 REMOVED*]". (Ticket #44123)
  • Bug fix: If an external module has its configuration permissions set to "Require module-specific user privilege" on the External Modules page in the Control Center, then if a user in a project gives another user the rights to configure that module, it would save that setting correctly. However, if the user reloaded the User Rights page to edit that same user's rights again, it would mistakenly appear that the user no longer has config permissions for that module (i.e., the module's checkbox would be unchecked), even though they were just given such rights. (Ticket #44112)

Version 8.5.3 - (released 6/22/2018)

  • New LTS branch based on REDCap 8.5.2 (Standard)

 

Who should I contact for more information?

Please contact the REDCap Support Team at redcap@childrensnational.org.

Related Links