Page tree
Skip to end of metadata
Go to start of metadata
  • Version 9.9.0 (released on 2020-04-30)

    CHANGES IN THIS VERSION:

    • New feature: DAG Switcher
      • Users assigned to Data Access Groups (DAGs) can optionally be assigned to multiple *potential* DAGs, in which they may be given the privilege of switching in and out of specific DAGs on their own whenever they wish.
      • When assigned to multiple DAGs, the user will see a blue banner at the top of every project page, which will present them with the option to switch to another DAG. NOTE: Users may not move themselves into another DAG unless someone with rights to this page has explicitly granted them privileges to be in multiple DAGs.
      • To assign a user to multiple DAGs, navigate to the Data Access Groups page in a project where you will see the DAG Switcher near the bottom of the page. Then follow the directions provided there. The DAG Switcher feature is completely optional and can be used in any project that has Data Access Groups.
      • NOTE: The DAG Switcher feature does not override a user's current DAG assignment, as set on the Data Access Groups page or on the User Rights page.
      • This feature is the result of integrating the “DAG Switcher” external module that was built by Luke Stevens. We thank him for his contribution and for agreeing to let us integrate this useful module into REDCap. NOTE: Because the “DAG Switcher” external module is not compatible with this integrated functionality in v9.9.0, when upgrading REDCap to 9.9.0 or higher, if the “DAG Switcher” external module is already installed and enabled on your REDCap system, it will be automatically disabled at the system level during the upgrade process to prevent a conflict.
    • Minor security fix: Due to a Cross-Site Scripting (XSS) vulnerability, the JavaScript library jQuery 3.4.1 was updated to version 3.5.0. (Ticket #82867)
    • Minor security fix: A Cross-Site Scripting (XSS) vulnerability was discovered where a malicious user (who must be logged in) could potentially exploit it by adding some specific HTML tags and/or JavaScript into the query string of the Data Access Groups page.
    • Improvement/change: Users are now able to utilize dots/periods/full stops in the codings of choices for checkbox fields. In previous versions of REDCap, this was not allowed for checkbox fields. (Ticket #83002)
    • Improvement/change: By popular demand, users may once again utilize dots/periods/full stops in Missing Data Codes. They are no longer forbidden. They were originally allowed for Missing Data Codes, but then removed in REDCap 8.5.0. Now that checkboxes can have dots/periods in their codings as of v9.9.0, it is no longer an issue for Missing Data Codes to use them too. (Ticket #83002)
    • Bug fix: When using the Dynamic Data Pull (DDP Custom) module and clicking the Save button in the adjudication dialog, it would correctly save the data but might mistakenly crash and display an error message in the dialog afterward. Note: This issue does not affect the CDP or Data Mart modules. (Ticket #82879)
    • Bug fix: The Missing Data Codes in the Additional Customizations popup on the Project Setup page could mistakenly be modified or removed while collecting data in production, which could cause issues with the saved data during analysis and in reports. It now displays a warning prompt to the user beforehand to inform them that re-labeling or removing Missing Data Codes after data collection has begun could cause data issues, but they will still be allowed to make modifications to the codes if they wish. (Ticket #82977)
    • Bug fix: When using Missing Data Codes in a project and selecting a missing data code for a radio button field on a data entry form, the missing data codes popup would mistakenly not close after the code had been clicked. (Ticket #82977)
    • Bug fix: When exporting data to Stata, it would mistakenly output the incorrect syntax in the .do file for text fields with datetime_seconds validation. (Ticket #83001)
    • Bug fix: When using a Super API Token for the API method "Export REDCap Version", it would mistakenly fail with a fatal PHP error. Bug emerged in REDCap 9.8.0. (Ticket #83068)
    • Bug fix: If upgrading to 9.5.24 LTS or higher or upgrading to 9.8.5 Standard or higher, the upgrade SQL script might throw a MySQL error during the upgrade process due to a foreign key constraint on a database table. (Ticket #83098)
    • Bug fix: Slider fields that are vertically aligned and have the "Display number value (0-100)?" option enabled will mistakenly display the number value field too narrowly and thus will not display the full value if its value is "100". (Ticket #83234)
    • Bug fix: If running REDCap on the Google App Engine platform and the email quota has been exceeded when sending outgoing emails, it would mistakenly crash with a fatal PHP error. It now continues to run and finish the script instead of halting the script with an error.

    Version 9.8.5 (released on 2020-04-24)

    CHANGES IN THIS VERSION:

    • Medium security fix: A Cross-Site Scripting (XSS) vulnerability was discovered where a malicious user or survey participant could potentially exploit it by adding some specific HTML tags and JavaScript into a Text field on a survey page or data entry form, after which such HTML would get reflected back on the page and get executed for another user.
    • Major bug fix: If a multi-arm longitudinal project is collecting data via public surveys across multiple arms at a time, in which each public survey has its own URL that corresponds to a distinct arm, then if survey participants are submitting a survey at near the same time but for a different arm, then it is possible that those two responses might mistakenly get saved with the same record name, even though the records exist in different arms. This is easily remedied by renaming the record in one of the arms afterward, but it may be hard to detect when it occurs and might be confusing for users when it does.
    • Major bug fix: If a user in a longitudinal project clicks the "Delete data for this form only" button at the bottom of a data entry form, in which multiple instruments on the current event contain data for the current record, if all the data on that event had been imported via data import *and* no values for form status fields were imported during the data import process *and* no user ever clicked a Save button on an instrument in that event after the import was performed, then all the data on all instruments in that event would mistakenly get deleted, when instead it should only delete the data from the current instrument.
    • Bug fix: When using the Twilio telephony services in a project, specifically for surveys, if someone replies back to an initial SMS message they received in order to begin a survey, it might mistakenly reply back to them saying "Auto-Reply: This SMS phone number is not monitored".
    • Bug fix: If the Twilio telephony services have been enabled at the system level but have been set to be hidden to normal users on the Project Setup page, then even though Twilio had been enabled for a given project, it would still hide the Twilio option to the user on the Project Setup page. It now displays it if it is already enabled for the project. Additionally, if an administrator was using the "View project as user" setting and impersonating a project user with Project Design/Setup privileges, they would still see the Twilio option on the Project Setup page even when Twilio is not enabled yet in the project, in which the Twilio option is set at the system level to be hidden from all normal users.
    • Change/improvement: If MariaDB 10.4.6 is being used, which is known to have issues regarding the "optimizer_switch" configuration value and thus sometimes not returning some query results correctly from the database, a warning message will be displayed in the Control Center recommending that MariaDB be upgraded to a newer version. (Ticket #72984)
    • Bug fix: When entering conditional logic for Automated Survey Invitations or adding branching logic via the Online Designer, if the logic contained certain Smart Variables (.e.g., [survey-date-completed]), the logic check status displayed immediately below the logic text box would mistakenly state "Error in syntax" even when the logic's syntax is correct.
    • Bug fix: In certain cases, if a large amount of external modules have been installed at the system level in REDCap, it could prevent the REDCap installation from reporting its weekly stats to the REDCap consortium.
    • Bug fix: If a large amount of HEAD requests hit a survey page, it might cause a disproportionate amount of load to be put on the web server and database server. (Ticket #82501)
    • Bug fix: If questions are being prepopulated on a survey using the @DEFAULT action tag, in which those fields are also being piped to other places on that same survey page, then the piping would mistakenly not occur when the survey page loads but only after one of the piped fields' values are modified on the page. Bug emerged in REDCap 9.8.0. (Ticket #82678)
    • Bug fix: When clicking the "+ Add new" button to add a new repeating event for a record on the Record Home Page in a longitudinal project, it might cause the entire instrument/event table to disappear from the page. Bug emerged in REDCap 9.8.0.
    • Bug fix: The advanced function isblankormissingcode() would mistakenly not work correctly when used in the equation of a calculated field. (Ticket #82653)
    • Bug fix: When a survey participant attempts to close their browser window by clicking the "Close survey" button on the page after completing the survey, if their browser prevents the tab/window from being closed, then the text displayed on the page afterward would mistakenly always be in the language of the system-level language setting rather than the project-level language. (Ticket #82631)
    • Bug fix: The generic "Alert" jQuery UI dialog would often have its title and/or buttons displayed in hard-coded English rather than using the language file's text for that particular project in which it is being displayed. (Ticket #81638)
    • Bug fix: Dots/periods were mistakenly allowed to be used in the raw coded values for Missing Data Codes. Dots/periods are not compatible to be used in checkbox codings and thus cannot be used as Missing Data Codes. (Ticket #82476)
    • Bug fix: When using a field from a repeating instrument in the logic of a Data Quality rule, in which the logic is trying to find instances of the field where its value is blank (e.g., [field] = ""), it might mistakenly not return the expected results in the discrepancy list. (Ticket #82201)
    • Bug fix: When using Data Quality rule I to find Missing Data Codes, the rule would mistakenly ignore checkbox fields and not include them in the results. (Ticket #82636)
    • Bug fix: When using the "View project as user" feature, the left-hand menu would mistakenly display all the reports in the project rather than displaying only the reports to which the user being impersonated has access to view. (Ticket #82697)
    • Bug fix: When setting up Randomization in a project that is not longitudinal and then later the project is converted to a longitudinal project, it would cause issues and might prevent the randomization process from working properly. (Ticket #82757)

    Version 9.8.4 (released on 2020-04-17)

    CHANGES IN THIS VERSION:

    • Major bug fix: If running certain versions of PHP (PHP 5.5 and 5.6 are suspected), then no pages will load and thus will throw a fatal PHP error when navigating into a REDCap project. (Ticket #82421)

    Version 9.8.3 (released on 2020-04-16)

    CHANGES IN THIS VERSION:

    • Improvement/change: Statistics regarding the counts of EHR data values imported into REDCap via Clinical Data Mart and Clinical Data Pull are now stored more efficiently in the database back-end.
      • This allows the overall CDM and CDP stats to display faster on the System Statistics page in the Control Center.
      • Also, a new FHIR Statistics page has been added to the Control Center for viewing tables and graphs displaying the counts for the different types of data (e.g., labs, medications, demography) being pulled from the EHR over time.
      • Note: The "Data values pulled from source system via CDP" count on the System Statistics page has been removed since it was never very accurate and was mostly misleading as to what it implied.
    • Minor security fix: A Blind SQL Injection vulnerability was found using the Data Search feature, in which a malicious user could potentially exploit it by manipulating the query string or POST parameters of an HTTP request.
    • Bug fix: When using the [previous-event-name] and [next-event-name] Smart Variables when prepended to field variables in piping, calculations, or logic, they might mistakenly point to the previous/next designated event of the current instrument rather than the previous/next designated event of the field to which the Smart Variable is prepended. Note: This does not affect [previous-event-name] and [next-event-name] when they are used as standalone without being prepended to a field. (Ticket #81976)
    • Bug fix: If Twilio SMS and Voice Call Services have been enabled at the system level on the Modules/Services Configuration page in the Control Center, but they have been set to "No, hide all information about Twilio services" for the setting "Display information about Twilio services to all users on Project Setup page in a project?", then users would mistakenly still see the SMS and Voice Call options in the alert setup dialog when creating a new alert on the Alerts & Notifications page.
    • Bug fix: When viewing Report B for a project that contains repeating instruments, the "total number of records queried" in the report might mistakenly be incorrect and not match the "number of results returned".
    • Bug fix: When downloading a PDF of an instrument or survey, it would mistakenly display the project title as the PDF header instead of the survey title or instrument title. Bug emerged in REDCap 9.8.0. (Ticket #82070)
    • Bug fix: When a project is using Twilio telephony services for Alerts & Notifications but not for surveys, if someone received an SMS message from an alert being triggered and responded back to it, it would then respond back to the person saying that they need to enter a valid survey code. This is confusing if the Twilio functionality is not being utilized for surveys. Instead, in this case it will return another message stating that the phone number is not being monitored, thus implying that replying to it will do nothing.
    • Bug fix: When a project is using Twilio telephony services for Alerts & Notifications but not for surveys, the Configure Twilio Settings dialog on the Project Setup page would mistakenly always force the user to select at least one survey invitation type checkbox, even when not using Twilio for surveys.
    • Bug fix: When exporting data to SAS, it might throw an error when loading the CSV data into SAS in some cases if a field variable name ends in a number. Additionally, if the project is utilizing Missing Data Codes, it might throw an error on a numerical field if some of the Missing Data Codes are non-numerical.
    • Bug fix: Custom Record Status Dashboards that are set to sort by a field's value would mistakenly sort in a case sensitive manner when instead it should be sorting in a case insensitive manner. (Ticket #82092)
    • Bug fix: When clicking the "All Status Types" link on the Record Status Dashboard, it would mistakenly hide the [+] buttons next to the status icons of repeating instruments. Instead they should remain displayed. (Ticket #82092)
    • Bug fix: If a survey participant partially completes a survey that has the "Save & Return Later" option enabled, the mechanism to send an email to the participant after clicking the "Save & Return Later" button would mistakenly throw a JavaScript error and not send the email. This bug was thought to have been fixed in REDCap 9.8.1 but mistakenly was not. (Ticket #82158)
    • Bug fix: If custom "Help & FAQ" text has been defined, then the navigation bar would mistakenly obscure the custom text on the "Help & FAQ" page. (Ticket #82192)
    • Bug fix: When a production project is in draft mode and a user deletes an entire instrument in draft mode, it would mistakenly delete any Descriptive field attachments that belong to fields on that instrument from the live version of the instrument in production, thus permanently losing the attachments. (Ticket #82322)
    • Bug fix: When a survey participant is viewing their Survey Queue, in which it contains a repeating survey, the "Take this survey again" button next to the repeating survey would mistakenly not be visible in the survey queue when viewing the page on a mobile device with a narrow screen. (Ticket #82335)

    Version 9.8.2 (released on 2020-04-09)

    CHANGES IN THIS VERSION:

    • Critical bug fix: When collecting data using a public survey where multiple participants are entering data near-simultaneously (i.e., submitting the survey within the same fraction of a second), some scenarios may arise in which those multiple responses could get mistakenly merged together as a single record rather than as separate new records. When this occurs, it appears in the logging that one participant has created the record while another participant modified the record afterward, in which it should instead log the events as two separate "create response" events. It is difficult to know when this kind of incident has occurred, and if discovered, might take some work (using the Logging page as a reference) to split the record back into separate proper records and resave them. While this issue occurs very seldom, the worst-case scenario can be if the survey allows the participant to download their responses as a PDF or have their responses emailed to them after completing the survey, in which it might possibly result in a privacy leak if private and/or identifying information (e.g., PHI) has been entered on the survey. (Ticket #81104, #81559)
    • Bug fix: Any REDCap plugins or module pages that utilize the HtmlPage::PrintHeaderExt() method would see the main DIV on the page mistakenly left-aligned when it should instead be centered on the page.
    • Bug fix: An error would occur when using Data Mart or Clinical Data Pull when importing EHR values from a patient’s Problem List.
    • Bug fix: A database query would fail invisibly but do little harm when importing data to a project via the REDCap Mobile App. (Ticket #81815)
    • Bug fix: If the e-Consent Framework is enabled on a survey that is a repeating instrument, in which the first name, last name, and/or date of birth fields (designated in the e-Consent Framework options) also exist on that same survey/instrument, then those name/DOB values would mistakenly not pipe correctly when REDCap adds them to the footer of the e-Consent PDF and also to the Identifier column in the PDF Archive table in the File Repository. Unfortunately, it is not possible to fix the missing piped values for survey responses that have already gone through the e-Consent process prior to this bug fix. (Ticket #81790)
    • Bug fix: The IE-specific Conditional Comments to detect Internet Explorer 9 (e.g., <!--[if IE 9]>) were mistakenly not formatted correctly and might cause some users using Internet Explorer to have issues loading pages.
    • Bug fix: When exporting a Project XML file for a project via the API, the resulting XML file would mistakenly be missing a lot of the project settings, such as surveys, Alerts & Notifications, Data Quality rules, reports, etc. (Ticket #81879)
    • Bug fix: When using the Clinical Data Pull (CDP) feature, the new line separator for storing repeated values (labs, vitals, medications...) was changed slightly. Those repeated values in CDP are stored in a single field using a string separator containing line breaks. The previous new line separator was mistakenly causing false positives in the CDP adjudication table when checking for new values to adjudicate.
    • Bug fix: A link in the "Piping" section of the "Help & FAQ" page would point to a non-existent page on the Vanderbilt REDCap server.
    • Bug fix: When editing an alert and changing Step 1A from the second option (form save + conditional logic) to the third option (only conditional logic), it would mistakenly not save the alert correctly and might cause the dialog not to reload properly when editing that same alert again later.

    Version 9.8.1 (released on 2020-04-03)

    CHANGES IN THIS VERSION:

    • New feature: New “Shibboleth & Table-based” authentication method
      • Similar to “LDAP & Table-based” authentication, this new method allows one to use the existing Shibboleth authentication in REDCap while also having Table-based authentication for external users.
      • This method can be enabled on the Security & Authentication page in the Control Center, along with some customizable settings near the bottom of that page. Once enabled, the login screen will display two tabs to allow users to choose between Shibboleth login and local (Table-based) login.
      • Documentation on how to set up: https://redcap.vanderbilt.edu/redcap_v9.8.1/Help/shib_table_help.php
      • Thanks to the following folks for their work on this effort: Philip Chase and Kyle Chesney, with testing and help from Taryn Stoffs and Andy Martin.
    • Minor security fix: A Cross-Site Scripting (XSS) vulnerability was discovered on several pages, in which a malicious user (who must be logged in) could potentially exploit it by adding some specific HTML tags into places in REDCap where such HTML gets reflected back on a page that a user is viewing.
    • Bug fix: When calling the API method "Export Metadata (Data Dictionary)" and providing values for the "fields" parameter, it would mistakenly ignore that parameter unless the "forms" parameter was also provided with a value. Bug emerged in the previous release.
    • Change: The downloadable Python example code provided in the API Playground has been improved.
    • Bug fix: The plain text section of outgoing emails (which is not ever displayed by most email clients unless they do not support HTML email) would mistakenly have links converted into text and might have unnecessary tabs or line breaks. Most extra tabs and line breaks have been removed from the plain text section of emails, and all links in the email body will have their URL extracted and placed in parentheses directly following the link text so as not to lose that information. (Ticket #80878)
    • Bug fix: The redcap_connect.php file was mistakenly not returning an HTTP 500 status error in the incident that the database connection fails. Following the upgrade to this version, REDCap will prompt administrators to replace their redcap_connect.php file.
    • Bug fix: If a survey participant partially completes a survey that has the "Save & Return Later" option enabled, the mechanism to send an email to the participant after clicking the "Save & Return Later" button would mistakenly throw a JavaScript error and not send the email. (Ticket #81287)
    • Bug fix: Certain tables displayed throughout a project, such as in the Record Status Dashboard, reports, etc., might mistakenly not have their table header float correctly when scrolling down a long page, in which a duplicate table header might appear strangely at the bottom of the page instead. Bug emerged in REDCap 9.8.0.
    • Bug fix: When using a Super API Token to create a new project via the API, it would mistakenly thrown a fatal PHP error. Bug emerged in REDCap 9.8.0.
    • Bug fix: If still using the old bit.ly (j.mp) URL shortener service for public surveys (instead of the newer https://redcap.link URL shortener), then when fetching a short survey link on the Public Survey Link page, it would appear to spin forever and never return the shortened URL. This is due to BITLY changing how their API web service works.
    • Bug fix: The new database table redcap_projects_user_hidden (added in v9.8.0) mistakenly did not have the table collation explicitly set, which could cause it to be set to an undesired value.
    • Bug fix: Some reports and data quality rules in longitudinal projects might run 2x-10x slower than expected in certain situations, such as if a field in the report filter logic or DQ logic does not have a prepended event name or if the report filter has "all events" selected for a filter field drop-down. The slowness is especially pronounced in projects having large numbers of events defined and/or a large amount of records in the project. (Ticket #79830)
    • Bug fix: When viewing the participant list of a longitudinal project containing multiple arms, the paging drop-down list for the participant list would mistakenly provide an incorrect number of participants for the given survey/event and might not be able to display subsequent pages in the participant list after changing the paging drop-down list to select another page to view. (Ticket #81118)
    • Bug fix: When viewing a drop-down field with auto-complete enabled, depending on the labels of the drop-down choices, some choices might mistakenly wrap their text to the second line inside the drop-down. (Ticket #81340)
    • Bug fix: If an administrator is using the "View as [user]" feature in a project in which the user selected has had their access expired in that project, it would mistakenly display the error message to the admin telling them that their user rights in the project have expired, thus preventing them from doing anything in the project, including preventing the admin from even disabling the "View as [user]" feature. (Ticket #81536)
    • Bug fix: If a project does not have record auto-numbering enabled, and the record ID field has min/max validation, then the min/max validation would mistakenly not be applied when a user is entering a new record name via the Record Status Dashboard or Add/Edit Record page. (Ticket #81117)

    Version 9.8.0 (released on 2020-03-26)

    CHANGES IN THIS VERSION:

    • New feature: Surveys to capture custom information during project status transition (optional)

      • On the User Settings page in the Control Center, four optional fields have been added to allow you to utilize public surveys to capture custom information from users when projects transition to a new status (i.e., project creation, move to Production status, move to Analysis/Cleanup status, mark as Completed). This allows administrators to create custom surveys to capture all the info they desire from users during these project transitions. The survey will be presented inside an iframe on the page, in which the user must complete the survey before completing the process on the page. You may use any or none of these fields.
      • NOTE: Administrators will not be forced to complete any of the public surveys set below but will be exempt from this process.
    • New feature: “View Project As...” feature

      • When inside a project, administrators will see a “View project as user” drop-down on the left-hand project menu that will allow them to select a user in the project, after which they will have that user’s user privileges applied to them while in the project for the duration of their REDCap session.
      • The “View project as…”feature is a project-level feature, so administrators can only impersonate users inside a project (as opposed to non-project contexts in REDCap). Additionally, admins may impersonate users in multiple projects during the same session.
      • When impersonating a user, a green banner will appear across the top of the project page to remind the admin that they are currently viewing the project as that user.
      • On data entry forms, the @USERNAME action tag and all [user-X] smart variables will operate using the impersonated user’s values.
      • When performing actions in the project while viewing the project as another user, all logged events in the project will still reflect the true user (the impersonator) rather than the user being impersonated.
      • When an administrator enables or disables the “View project as…” feature, it logs this particular action on the project Logging page. However, only administrators will be able to see these specific logged events when viewing the Logging page since they are only meant for admin purposes.
      • If the user being impersonated has been assigned to a Data Access Group, then when viewing the project as that user, the impersonator will be simulated as being in that DAG also and thus will only be able to view and create records in that user’s DAG.
    • New feature: New "Mapping Helper" utility for Clinical Data Mart (CDM) and Clinical Data Pull (CDP)

      • During the field mapping process in CDP and Data Mart projects, users may optionally use the Mapping Help page, which will provide methods for easily extracting all data for a single patient (using a medical record number) to help find all the LOINC codes associated with the data in that patient’s record.
      • This tool will be especially useful when mapping Laboratory values, as it will provide the LOINC codes for all data values for the patient, and thus allow the user to take those LOINC codes and use them in the field mapping for CDP and Data Mart, which will make the mapping process significantly faster and more efficient.
    • Project life cycle changes

      • Change: The "Archived" project status has been removed and converted into a built-in Project Folder named "My Hidden Projects", as now seen at the bottom of each user’s My Projects page. If users wish to hide any projects from their My Projects list, they may click the Organize button on that page and place the projects into that new Project Folder. NOTE: Any already-archived projects will be automatically placed there and will have their project status set as "Analysis/Cleanup" to match the projects’ general behavior prior to the upgrade.
      • Change: The "Inactive" project status has been renamed to "Analysis/Cleanup" status to help reinforce that cleaning and analyzing the data is the next logical step after data collection in Production status.
      • New feature: Projects that are in "Analysis/Cleanup" status can now optionally have their project data set as "Locked/Read-only" or "Editable" (see the top of the Project Setup or Project Home page). This will give users more control to prevent data collection from happening while in this project status.
      • Change: New records can no longer be created while in "Analysis/Cleanup" status. If users wish to create records, the project must be moved back to Production status.
      • New feature: Mark a project as "Completed": If users are finished with a project and wish to make it completely inaccessible, they may mark the project as Completed. Doing so will take it offline and remove it from everyone's project list, after which it can only be seen again by clicking the Show Completed Projects link at the bottom of the My Projects page. Once marked as Completed, no one in the project (except for REDCap administrators) can access the project, and only administrators may undo the Completion and return it back to an accessible state for all project users. Marking a project as Completed is typically only done when users are sure that no one needs to access the project anymore, and they want to ensure that the project and its data remain intact for a certain amount of time.
    • Minor security fix: A Cross-Site Scripting (XSS) vulnerability was discovered on the Scheduling page, in which a malicious user (who must be logged in) could potentially exploit it by adding some specific HTML tags into places in REDCap where such HTML gets reflected back on a page that a user is viewing. (Ticket #80773)
    • Improvement/change: When using the Clinical Data Mart feature while the system setting “Allow normal users to create new projects?” is set to “No”, the admin approving the “project creation” request is no longer required to have Data Mart privileges in their REDCap account nor access to the EHR system in order to approve the user’s request to create the Data Mart project.
    • Bug fix/change: 350 Laboratory fields (including 30 related to COVID-19) and their associated LOINC codes were not originally included on the field mapping page for Clinical Data Pull and Clinical Data Mart.
    • Improvement/change: The EHR demography field “Is deceased?” is now included on the field mapping page for Clinical Data Pull and Clinical Data Mart and is now added automatically when creating a new Data Mart project.
    • Change: Underlying technical changes

      • REDCap now incorporates the use of Webpack and NPM to better keep front-end packages up to date more easily and also to help bundle many of them automatically.
      • Each REDCap page now loads the three JS files /Resources/webpack/js/bundle.js, /Resources/js/Libraries/bundle.js, and /Resources/js/base.js. The libraries jQuery, Bootstrap, etc. are no longer included in base.js but are now inside either file named bundle.js.
      • If you are a developer and have an external module that references a JS or CSS file from REDCap core (as opposed to an asset bundled with your module), you should check your module code because you may need to modify the path for those files for REDCap 9.8.0+.
      • The global function files ProjectGeneral/form_renderer_functions.php and Surveys/survey_functions.php have had their content removed and moved into classes as static methods. These files will still exist until the end of May 2020 in Standard Release, but in releases afterward they will be completely removed. If a plugin, hook, or external module includes/requires these files in a version of Standard Release prior to the end of May 2020, a note at the top of the project page will be displayed to inform the user/admin/developer that it is no longer needed to include/require these files and that those references should be removed from the custom code being called on that page.
      • The endpoint “/PDF/index.php” has been removed and has now been replaced with “/index.php?route=PdfController/index”. The developer method REDCap::getPDF() still works exactly the same way as in previous versions.
    • Bug fix: If a user has "No access" data entry form level privileges for the first instrument in a project, the Data Search feature on the "Add/Edit Records" page would mistakenly not include the record ID field in the search. (Ticket #80282)
    • Bug fix: If a checkbox field exists on a repeating event or repeating instrument and is utilized in a calculation or branching logic, in which the field is referenced on another repeating instance than the current repeating instance, then while the checkbox's checked value will save correctly, if a field choice is unchecked later, it might mistakenly not clear/delete the checked value successfully. (Ticket #78956)
    • Bug fix: If using "LDAP" or "LDAP & Table-based" authentication, any user containing an apostrophe in their LDAP username would mistakenly not be able to be added to a user role in a project, in which it would fail silently when attempting to add a user to a role. (Ticket #79647)
    • Bug fix: If a user attempts to add a field comment to a field on a data entry form prior to creating the record (via Save button), when the user clicks the "Save and then open Field Comment Log" button to reload the page, the cursor's focus might mistakenly be on a field on the form underneath the dialog rather than inside the dialog, possibly causing the user to get stuck and not be able to enter a field comment successfully. (Ticket #80511)
    • Bug fix: When clicking the Compose Survey Invitations the first time on the Participant List page in a project, it might mistakenly not load the list of participants to email inside the popup, but it would load it successfully if the popup was closed and then reopened. (Ticket #80584)
    • Bug fix: A database query would fail invisibly but do no harm whenever a record is renamed in a project. (Ticket #80895)
    • Bug fix: A database query would fail invisibly but do no harm whenever previewing a survey theme in the Online Designer. (Ticket #80940)
    • Bug fix: A database query would fail invisibly but do no harm whenever viewing a survey response on a data entry form. (Ticket #80901)
    • Bug fix: In a multi-arm longitudinal project that has record auto-numbering disabled, if the record names contain non-Latin/multi-byte characters, then the record names would mistakenly get scrambled whenever rebuilding the record list. (Ticket #74092)
    • Bug fix: A database query would fail invisibly in certain scenarios surrounding the piping of repeating instances, which might cause the piping not to work correctly. (Ticket #80901)
    • Change: The Python code generated by the API Playground has been changed/improved to better handle JSON-formatted outputs.
    • Bug fix: When performing a data import (via API or Data Import Tool) for a multi-arm project, in which a record is being imported into multiple arms during the import, the record might not initially appear as if it has been created in the subsequent arms when viewing the Record Status Dashboard (even though it had been created in the arm correctly). Note: This issue would automatically resolve itself within five days of the import. (Ticket #55039)
    • Bug fix: When using the randomization module in a project, the act of randomizing a record does not trigger any Alert & Notifications if an alert was set to be triggered based on the randomization field or strata fields having their values changed. (Ticket #80985)
    • Bug fix: When using the randomization module in a project, the act of randomizing a record does not trigger the REDCap hook "redcap_save_record".
    • Bug fix: If survey notifications have been enabled on a survey that is a repeating instrument or is on a repeating event, then the link back to the survey response on the data entry form would mistakenly always point back to the first instance of that instrument rather than to the correct instance. (Ticket #81009)
    • Bug fix: A database query would fail invisibly in certain API methods being called. (Ticket #81041)
    • Bug fix: A database query would fail invisibly in very specific occasions when using the Online Designer to add/edit fields. (Ticket #81020)
    • 9.8.0: Bug fix: A database query would fail invisibly to the redcap_log_view_requests table when a user is logging in to REDCap. (Ticket #81056)

    Version 9.7.8 - (released 3/12/2020)

    BUG FIXES AND OTHER CHANGES:

    • Major bug fix: If a participant is taking a public survey (via the public survey link) that allows them to "Save & Return Later", in which the survey requires Return Codes to be used in order to return to the survey, then if the participant returns to the survey using the private/unique survey link (rather than the public survey link), it would mistakenly allow the participant to view their responses without having entered the return code first. However, if they clicked the "Save & Return Later" button again on the survey after returning, then the next time they return to the survey, it would correctly require that they enter a return code. This does not occur for follow-up surveys but only for public surveys with "Save & Return Later" enabled using return codes.

    • Bug fix: If the feature "File Upload field enhancement: Password verification & automatic external file storage" is enabled for the system and for a given project, a file uploaded into a File Upload field in the project would be stored on the external server mistakenly using the user's filename of the file rather than the filename of the file as it is stored in the backend of REDCap. This could potentially cause naming conflicts and prevent the file from being stored successfully on the external server. It will now store the file on the external file server using REDCap's backend "stored_name" filename for the file.

    • Bug fix: If entering a value on a data entry form for a field that is designated as a Secondary Unique Field, in which a value is entered that duplicates a value in another record in the project, if the user clicks the Enter key on their keyboard after typing the value (instead of clicking outside the field or clicking the Tab button), it would correctly display the error dialog popup about the duplicate value, but the dialog would mistakenly not be able to be closed, thus forcing the user to reload the page and potentially lose any data entered thus far on the page. (Ticket #79910)

    • Bug fix: When importing data via the API or Data Import Tool, an alert might not get sent/scheduled for any records that are being created during the data import if the data being imported is expected to trigger an alert. This does not affect existing records but only records that did not exist prior to the data import.

    • Various fixes and updates for the External Module Framework.

    • Bug fix: The Configuration Check page in the Control Center was mistakenly noting that the PHP cURL extension was "recommended" when it should instead state that it is "required". This is because so many major features in REDCap rely on cURL specifically. The warning for cURL on the Config Check page has now been modified accordingly to accurately reflect this. (Ticket #80121)

    • Bug fix: The REDCap hook named "redcap_survey_complete" would get mistakenly called when a survey participant would attempt to return to a completed survey that has the "Save & Return Later" option disabled - i.e., when it displays the message "Thank you for your interest, but you have already completed this survey". (Ticket #80109)

    • Bug fix: When exporting data in CDISC ODM XML format, in certain situations, the resulting XML might mistakenly omit the ending ODM tag - e.g., "</ODM>". (Ticket #80084)

    • Bug fix: When a calculated field exists on a repeating event and its calculation references fields on the same event, in which one or more of those fields exist on instruments that are not designated for that event, then while the calculation would work correctly when viewing the calc field on a survey or data entry form, it would mistakenly return a ""/blank value for the calc field when performing a data import or running Data Quality rule H. (Ticket #79874)

    • Bug fix: The text for the confirmation email set at the bottom of the Survey Settings page for an instrument in the Online Designer would mistakenly have extra line breaks added between all the text if the email text was saved and then the page was re-opened later and saved again, thus adding more extra space each time. (Ticket #79836)

    • Bug fix: If a custom Data Quality rule has logic that contains a field that is utilized in both a repeating and non-repeating context, especially for a longitudinal project, then it might not return all the correct discrepancies. (Ticket #80102)

    • Bug fix: When viewing the "Stats & Charts" page for a user-defined report (i.e., not report A or B) that has filter logic defined, the "missing" count displayed in the descriptive stats table for a given field might mistakenly be a negative number. (Ticket #79994)

    • Bug fix: If using "LDAP" or "LDAP & Table-based" authentication, any user containing an apostrophe in their LDAP username would mistakenly not be able to be added as a user on a project, in which it would display a popup error message when attempting such. (Ticket #79647)

    Version 9.7.7 - (released 3/3/2020)

    BUG FIXES AND OTHER CHANGES:

    • Minor security fix: A Cross-Site Scripting (XSS) vulnerability was discovered on the Send-It upload page and the Survey Link Lookup page in the Control Center, in which a malicious user (who must be logged in) could potentially exploit it by adding some specific HTML tags into places in REDCap where such HTML gets reflected back on a page that a user is viewing.

    • Bug fix: Twenty "Laboratory" fields, two "Vital Signs" fields, and their associated LOINC codes were mistakenly missing from the field mapping page for Clinical Data Pull and Clinical Data Mart.

    • Bug fix: If a URL is included in a message posted on REDCap Messenger (including those sent via General Notifications from an administrator), the URL might not get displayed properly as a clickable link if the URL is immediately followed by a dot/period or a line break/carriage return.

    • Bug fix: If a longitudinal project with repeating instruments or repeating events contains a report that has simple filters (i.e., fields selected via drop-down options) where a field is selected along with the "All events" option, OR if the report has advanced filter logic that references fields that exist on both repeating and non-repeating instruments/events, in which the fields on repeating instruments/events do not have anything appended to them, such as a numeral instance designation or instance Smart Variable and those fields also do not have a unique event name explicitly prepended to them, then the report might return incorrect results *if a field in the logic exists on both repeating and non-repeating events in the project*. This appears only to occur if the report setting "Show data for all events or repeating instruments for each record returned" is left unchecked. (Ticket #79058)

    • Bug fix: When clicking the "Use advanced logic" link when building a report that has simple filters (i.e., fields selected via drop-down options), in which a filter field is selected with the "All events" option, when creating the advanced filter logic, it would mistakenly fail to prepend the field with "[event-name]" and thus would throw an error that says the logic is invalid when attempting to save the report.

    • Bug fix: When sending emails, REDCap was mistakenly attempting to employ DKIM in all outgoing emails, which might cause emails to no longer be received if hosting REDCap on certain platforms, such as AWS. To ensure emails keep sending as expected, the usage of DKIM is no longer attempted when sending emails.

    • Bug fix: When sending survey invitations via the Participant List, if some invitations are sent first and then the user clicks the Compose Survey Invitations button to send another batch without leaving the page, the survey invitation message text would appear to still be the same for the new batch as with the previous batch but instead it would actually send the default invitation text that gets loaded in the text editor when opened the first time. This could cause users to mistakenly send the wrong text in the invitation when sending multiple batches on that page at a time. (Ticket #79507)

    • Bug fix: When using Missing Data Codes in a project, and a missing data code is saved for a checkbox field on a record, then that field would mistakenly be returned as a discrepancy in Data Quality rule G. (Ticket #79553)

    • Bug fix: If a slider field has the "Display number value?" option checked for it, then when entering data on a survey or form, if the slider has focus put on it (either by tabbing through the survey/form, or if an instrument is opened in which the slider is the first field on the instrument), then a value of "50" would get initially displayed in the slider's associated text box even though the slider value is actually blank/null and will remain so until the slider is clicked or if the user uses their keyboard's left/right arrow keys. So seeing the value of "50" when the slider gets focus might give the impression that its value has been set when in fact it has not been set yet. This has been changed so that the text box value only changes when the slider value itself has been changed by the user, thus eliminating this ambiguity regarding the slider's current value. (Ticket #79430)

    • Bug fix: While REDCap prevents users from viewing all pages of a given report at the same time if it estimates that the report contains more than 500k data points, it would mistakenly calculate the number of total data points incorrectly while determining this. (Ticket #79657)

    Version 9.7.6 - (released 2/28/2020)

    BUG FIXES AND OTHER CHANGES:

    • Minor security fix: A Cross-Site Scripting (XSS) vulnerability was discovered on a page in the External Module Framework, in which a malicious user (who must be logged in) could potentially exploit it by manipulating the query string parameters in the URL.

    • Minor security fix: A Cross-Site Scripting (XSS) vulnerability was discovered on several pages, in which a malicious user (who must be logged in) could potentially exploit it by adding some specific HTML tags into places in REDCap where such HTML gets reflected back on a page that a user is viewing.

    • Minor security fix: All web links on REDCap pages that link to an external website and contain the target="_blank" attribute, which opens the website in a new browser tab, will automatically have the HTML tag attribute 'rel="noopener noreferrer"' added to the link's underlying HTML. This will occur automatically and invisibly for links either added by user input on forms/surveys or those that are hard-coded as part of REDCap itself. This will improve overall security to prevent the passing of referrer information from REDCap onto the third-party website.

    • Bug fix: The Configuration Check page in the Control Center was mistakenly still checking the communication with the old bit.ly and is.gd URL shortener services, even though the newer redcap.link URL shortener has been enabled. It now instead checks the communication with the redcap.link service if the redcap.link URL shortener is enabled.

    • Bug fix: If a text field that has min/max validation is changed to another field type, such as a drop-down, in the Online Designer, it would mistakenly not nullify the min/max validation values for the field when saving it as a new field type, which would cause an error to be displayed when downloading the data dictionary and then re-uploading it. (Ticket #29422)

    • Bug fix: When using Live Filters in a report, if any of the Live Filter fields have choices whose label contains HTML tags, it would mistakenly display the HTML tags inside the Live Filter drop-downs at the top of the report.

    • Change: When using the Clinical Data Pull (CDP) feature and viewing a project page inside an EHR user interface, it might display the yellow warning at the top of the page that Internet Explorer 9 and 10 are not fully compatible with REDCap. From now on, it will only display that warning for normal project viewing and not in the EHR-embedded view.

    • Various fixes and updates for the External Modules Framework.

    • Bug fix: The PHP function for validating URLs for certain outgoing HTTP calls from REDCap might mistakenly allow certain invalid URLs to pass the validation test.

    • Bug fix: If a longitudinal project with repeating instruments or repeating events contains reports with report filter logic that references fields on both repeating and non-repeating instruments/events, in which the fields on repeating instruments/events do not have anything appended to them, such as a numeral instance designation or instance Smart Variable, then the report might return incorrect results *if a field in the logic exists on both repeating and non-repeating events in the project*. This appears only to occur if the report setting "Show data for all events or repeating instruments for each record returned" is left unchecked. (Ticket #79058)

    • Bug fix: If using the Missing Data Codes feature in a project that also has Randomization enabled, it would mistakenly allow the missing data codes icon to appear next the randomization field on the data entry form. The missing data codes icon should never appear for the randomization field because it is not applicable there. (Ticket #79057)

    • Bug fix: If the "Import Records" API method was called or if a user was saving a survey or data entry form that triggered the calculation of calc fields on other instruments/events, then the internal record list cache in the project would mistakenly get reset in the back-end database, thus forcing the cache to be rebuilt the next time a report, record dashboard, or record list was viewed in the project. This could cause unnecessary slowness for the project and possibly affect performance of the entire REDCap server in some cases.

    • Bug fix: If a new data collection instrument is added to a production project that is currently in draft mode, in which the user has submitted some field/form changes to an administrator and is awaiting approval, it is mistakenly possible for the user to enable that instrument as a survey. Instead it should display a notice on the Survey Settings page that the instrument cannot be enabled as a survey until the project is no longer in draft mode (i.e., after the submitted changes have been approved). (Ticket #79192)

    • Bug fix: When using iOS and entering data on a survey or data entry form, "number"-validated text fields would not enforce the client-side validation and would mistakenly allow non-numerical values to be entered. This has been fixed so that it will now display the number pad keyboard to allow only numbers and a dot decimal as an option. Note: If the field has "number (comma as decimal)" validation, then it will instead use the full QWERTY keyboard (this is a limitation of iOS) instead of the number pad keyboard. (Ticket #79317)

    • Bug fix: In a longitudinal project, if an alert that has a field that is piped into the alert's message or subject, in which the field variable is not prepended with the unique event name, then when that alert gets triggered by saving a form/survey, it would mistakenly not pipe the field's value correctly unless the field's event's unique event name had been explicitly referenced by another field in the message text, subject text, or conditional logic.

    • Change: On the User Settings page in the Control Center, the text for the setting "Allow normal users to add or modify events and arms on the Define My Events page for longitudinal projects while in production status?" has been modified for better clarity regarding how this setting behaves.

    Version 9.7.5 - (released 2/21/2020)

    BUG FIXES AND OTHER CHANGES:

    • Major bug fix: Surveys and data entry forms were mistakenly displaying the "errors exist" popup relating to branching logic errors in many situations.

    Version 9.7.4 - (released 2/21/2020)

    BUG FIXES AND OTHER CHANGES:

    • Minor security fix: A Cross-Site Scripting (XSS) vulnerability was discovered on several pages, in which a malicious user (who must be logged in) could potentially exploit it by adding some specific HTML tags into places in REDCap where such HTML gets reflected back on a page that a user is viewing. This mostly involves the names/labels of data collection instruments.

    • Major bug fix: A user with "No Access" Data Export privileges in a project would [correctly] neither be able to perform data exports nor access the Data Export Files tab in the File Repository, but if that user had been given the direct URL to download a specific archived data export file from the File Repository (i.e., exported by another user in the project at a previous time) or if they were simply guessing URLs through trial and error by modifying the "id" URL parameter for the "FileRepository/file_download.php" end-point, they would be able to successfully download that data file even though they have no data export privileges. Note: The user must have access to the project in order to do this. (Ticket #72652)

    • Change: When the Easy Upgrade feature is displaying a list of versions for upgrading to, the word "Recommended" has been removed from the most recent version in the list because the word would inadvertently wrap to the next line and make it seem as if the second version in the list is the recommended version. (Ticket #77911)

    • Bug fix: If a user is piping a field that uses the BioPortal Ontology Service, and they're wanting to pipe the field's coded value and not the choice value, then adding ":value" to the variable name (e.g., [icd10:value]) would mistakenly return the choice label and not the coded value.

    • Bug fix: On the CDIS Standalone Launch page, the "Go to projects" button would not work when clicked due to a JavaScript error. (Ticket #78558)

    • Various fixes and updates to the External Module Framework.

    • Change: Added extra check on the Configuration Check page when attempting to communicate with the WebDAV server (if using it for file storage).

    • Bug fix: If a user is suspended, the page displaying the notice that they are suspended when the user attempts to log in would mistakenly throw an invisible JavaScript error in the browser console. (Ticket #78850)

    • Bug fix: In completed survey responses on a repeating survey, if there is somehow no Form Status value (in the back-end database) for the survey instrument or if its value was somehow set to "Incomplete" mistakenly (e.g., through direct database interaction via an external module), then if the current repeating instance of the survey that is being viewed is not the first instance, it would mistakenly set the value of the first instance of the survey to "Completed" whenever someone views the instrument/survey page.

    • Bug fix: When adding/editing a calc field in the Online Designer, the "Valid"/checkmark indicator and "Clear calculation" link were mistakenly obscured by the calculation's equation textarea right above them. (Ticket #78545)

    • Bug fix: The word "Page" used to display the page number in PDFs of exported instruments was mistakenly hardcoded instead of coming from the language translation file. (Ticket #78771)

    • Bug fix: If the @DEFAULT action tag is used on a field, then users would always receive the "save changes?" prompt when attempting to leave the form without clicking a Save button, even when no field values had been changed. Instead it should only display this prompt when the form has no data (i.e., has gray form status icon) and leaving the form. It should not display the prompt every time afterward. (Ticket #78807)

    • Bug fix: When attempting to add a user via the User Rights page to a project that currently has no users, it would mistakenly return no user suggestions when typing the username in the text field. (Ticket #78929)

    • Bug fix: When performing a data export of a report to a stats package, in which the first instrument in the project is a survey and the report is set to output all survey-related fields (e.g., completion timestamp), then if the record ID field is the first field in the report, the resulting syntax file for the stats package would mistakenly be missing the survey completion timestamp for the first instrument, thus causing the data not to load properly into the stats package.

    • Bug fix: When using the dateRangeBegin parameter for the "Export Records" API method, if the dateRangeEnd was left blank or not included as a parameter in the API request, then the API would not function correctly and would mistakenly return no data in the API response.

    • Bug fix: A third-party PHP library was using code that is deprecated in PHP 7.4. (Ticket #79001)

    • Bug fix: If a field on a data entry form or survey has an @HIDDEN action tag and also has branching logic, then in certain cases the field might flicker (i.e., appear then disappear momentarily) when the page initially loads. (Ticket #78697)

    Version 9.7.3 - (released 2/13/2020)

    BUG FIXES AND OTHER CHANGES:

    • Change/improvement: Inclusion of the SweetAlert2 JavaScript framework for displaying custom dialogs.
      • Note to External Module creators: The SweetAlert dialogs may be used by external modules as of v9.7.3 and higher.
      • It is worth noting that Internet Explorer 9 and 10 are not supported by SweetAlert2. So if users are using IE 9 or 10, the SweetAlert dialogs will not be displayed for them.
    • Change: To wean users off of using Internet Explorer 9 and 10, any users using IE 9 or 10 will see a thin, yellow banner at the top of all project pages, which will inform them that their browser is not fully compatible with REDCap and thus will encourage them to upgrade to IE11 or use another browser. Technically, IE 9 and 10 will be supported till July 2020 in Standard Release, but this warning is mostly preemptive in preparation for that.
    • Bug fix: When copy-and-pasting text from Microsoft Word (or similar products) into the rich text editor used throughout REDCap, the underlying HTML that is added to the rich text editor after the paste would be extremely bloated and superfluous. Additionally, for field labels on instruments, it could cause the text to become so long (although appearing to be normal length) that it might cause some text to be truncated when downloading->uploading the Data Dictionary. To prevent this issue, it now automatically removes a lot of the extra, hidden styling and unnecessary HTML when copy-and-pasting text into the rich text editor. (Ticket #77555)
    • Bug fix: The pseudo user "site_admin" (which is only used as a default account when authentication is disabled) could mistakenly be added to a conversation in REDCap Messenger by a user. As a result, it might mistakenly send the administrators a notification email that the "site_admin" has unread messages in Messenger. Users will now no longer be able to find "site_admin" when searching for users to add to a Messenger conversation. (Ticket #78117)
    • Bug fix: In the Edit Field dialog in the Online Designer, the "Enable auto-complete" option for drop-down fields was mistakenly covered up by the Choices textbox directly above it, thus making it impossible to enable or disable that option for a drop-down field.
    • Bug fix: The Clinical Data Pull (CDP) code was mistakenly referencing a PHP method that no longer exists in the Standard Release branch. This would produce any undesirable response in certain situations when using CDP. (Ticket #78123)
    • Bug fix: When running Data Quality rule A, B, or F for projects that are longitudinal and/or have repeating instruments/event, it might mistakenly run out of memory and return an error message to the user, even when the project doesn't appear to have a large amount of records.
    • Various fixes and updates for the External Module Framework.
    • Bug fix: If the Secondary Unique Field (SUF) is used in a longitudinal project in which the value of the SUF is currently blank and then a data entry form or survey containing the field is saved where the field's value still remains blank, then if the SUF exists in events that currently do not have data (i.e., it has gray status icons for all forms in the event), then it would mistakenly save a blank value for the SUF in those empty events, thus causing their form status icon to be red instead of gray, which could be confusing to users.
    • Bug fix: If a custom Data Quality rule has logic that contains a field from a repeating instrument in a non-longitudinal project, then it might mistakenly not find valid discrepancies that exist for that DQ rule in reference to data from repeating instruments.
    • Change: For survey participants using Internet Explorer 6, 7, or 8, rather than failing silently, survey pages now display an error message letting them know that the page is not compatible with IE 6-8 and recommends they upgrade or use another browser.
    • Bug fix: On the Project Setup page of a DDP-enabled or CDP-enabled project, the step to "Set up Dynamic Data Pull (DDP)"/"Set up Clinical Data Pull (CDP)" would have its progress icon mistakenly set to "Complete!" (big checkmark icon) when the project is in production status, regardless of whether the field mapping setup had actually been completed, which was confusing. It now can only be marked as "Complete!" if the user clicks the "I'm done!" button, which is how it has always behaved while in development status.
    • Bug fix: When uploading a file or signature for a File Upload field on a repeating instrument or repeating event, in which record auto-numbering is enabled in the project, then the project's Logging page would mistakenly add an unnecessary "Created Record" event immediately before the "Uploaded Document" event in the logging history.
    • Bug fix: If REDCap has two-factor authentication enabled and it is set to enforce 2FA only for certain IP addresses, it would mistakenly only support IPv4 changes and would not support IPv6. It now supports IPv6 ranges/subnet masks. (Ticket #77195)
    • Bug fix: If users were using Internet Explorer 11 with Compatibility View enabled, it would get logged mistakenly as Internet Explorer 7 in the redcap_log_view database table.
    • Bug fix: If a project has the Data Resolution Workflow enabled, and a user clicks the "Export" button on the Resolve Issues page in the project, the resulting CSV file would mistakenly have the text comments truncated in the First Update and Last Update columns. Those should be truncated on the webpage view but not in the CSV export file.
    • Change: When clicking the "View past invitations" or "View past notifications" button on the Survey Invitation Log and Alert Notification Log, respectively, it now defaults to displaying the page with the most recently sent invitations/notifications, whereas previous versions would default to the first page (i.e., the oldest sent). This change should provide a more intuitive experience for users.
    • Bug fix: If logic or calculations contain a checkbox field whose variable name ends with "min", "max", or "log", then it might cause the logic/calculation to be considered invalid or syntactically incorrect while being parsed, thus resulting in an error message in many places. (Ticket #78083)
    • Bug fix: In the API Playground, the "csvDelimiter" parameter was mistakenly missing as a drop-down in the user interface for the API methods "Export Records" and "Export Reports". (Ticket #77754)
    • Bug fix: When viewing the "Stats & Charts" page for a user-defined report (i.e., not report A or B) that has filter logic defined, the "missing" count displayed in the descriptive stats table for a given field might mistakenly be incorrect if the report is displaying fields from a repeating instrument or repeating event. (Ticket #77050)

    Version 9.7.2 - (released 2/6/2020)

    BUG FIXES AND OTHER CHANGES:

    • Bug fix: The logic parsing algorithms in REDCap might mistakenly fail and not return accurate results when the logic contains an empty/blank value (represented as two quotes/apostrophes) on either side of an "=" operator or an "<>" operator, such as ' ""<>"" ' or ' ""=1 '. While such logic is less likely to be entered in this form by a user, some logic could end up in this form prior to parsing after certain Smart Variables in the logic are replaced by literal values during the logic-processing phase. This means that logic used in certain Data Quality rules or report filter logic, among other places, might not behave accurately. Bug emerged in REDCap 9.5.11 (LTS) and 9.7.0 (Standard).
    • Change: When viewing reports, it now displays "report execution time" in seconds near the top of the report. This denotes the total server execution time that it took to create the report. Note: This does not account for the rendering time of the report (i.e., via JavaScript), which can sometimes take several seconds or more (if the report is large) for a user's web browser to actually render the report's HTML on the page.
    • Bug fix: Users could mistakenly access the Online Designer and Data Dictionary pages in an Inactive project and thus could make field changes, which should only be allowed while in Development or Production status. (Ticket #66286)
    • Bug fix: If an administrator is processing a "Delete Project" user request for a production project, then it might mistakenly not display the "Delete Project" prompt when loading the project's Other Functionality page while processing the request.
    • Bug fix: If a field on a form or survey has the @DEFAULT action tag, and that same field has its value being piped into somewhere else on the same page, then when the form/survey is initially loaded with no data saved for it yet (i.e., has gray status icon), the piping of the default value would mistakenly not occur when the page is initially loaded but only after the field's value is modified while on that page.
    • Bug fix: If using Table-based authentication, and a user was somehow added to a project even though the user has not yet had a REDCap user account created for them, then when attempting to delete the user from the project or modify their user rights, it would always return an erroneous error message, which prevents the user from being modified or deleted from the project.

    Version 9.7.1 - (released 2/4/2020)

    BUG FIXES AND OTHER CHANGES:

    • Medium security fix: A Cross-Site Scripting (XSS) vulnerability was discovered on many pages, in which a malicious user (who must be logged in) could potentially exploit it by adding some very specific, malformed HTML tags with certain attributes into places in REDCap where such HTML gets reflected back on a page that a user is viewing. This includes field labels, field choice labels, survey instructions, etc. on data entry forms and surveys, as well as other places throughout REDCap where user input is displayed on a webpage.
    • Change: If REDCap is running on a version of PHP that is not one of the currently supported versions of PHP (according to https://www.php.net/supported-versions.php), it will display a warning in the Server Info section at the top right of the main Control Center page that recommends that PHP be upgraded soon to one of the supported versions.
    • Bug fix: There is a small chance that a cron job might have multiple simultaneous instances running of the job when there should only ever be one instance of it running. This mostly applies to External Module cron jobs since most internal cron jobs in REDCap have built-in ways of preventing issues with this.
    • Bug fix: Nine "Laboratory" fields and their associated LOINC codes were mistakenly missing from the field mapping page for Clinical Data Pull and Clinical Data Mart.
    • Bug fix: When using the operators "&&" and "||" in place of "and" and "or", respectively, in report filtering logic, it would mistakenly fail to filter the report correctly. Bug emerged in the previous version. (Ticket #77738)
    • Change: In the Online Designer's Edit Field dialog, the textarea boxes (field label, field choices, and action tags) are now slightly bigger and are all resizable.
    • Bug fix: Reports were loading unexpectedly slowly in certain cases where report logic was being used when data from repeating instruments/events were being displayed in the report.
    • Bug fix: Reports that contained the record ID field and also contained fields from repeating instruments/events were mistakenly displaying blank rows in the report (i.e., all fields in the row were blank *except* for the record ID field) if the report contained filtering logic that evaluated as TRUE on the first repeating instance. If the filtering logic did not evaluate as TRUE on the first repeating instance (but perhaps on other repeating instances), the blank row would not be displayed, as expected.
    • Bug fix: When creating a new project using a super API token via the Create Project API method using a Project XML file, it would mistakenly output some junk code in the API response that was only meant for debugging purposes. (Ticket #77798)
    • Bug fix: When using a logic tester to validate if logic has correct syntax (e.g., when creating a Data Quality Rule, adding report filter logic), if the logic contained certain Smart Variables, it would mistakenly say that the logic is not correct syntax when it actually is correct. (Ticket #77741)
    • Bug fix: When using certain Smart Variables inside the the Custom Label for Repeating Instruments, it might mistakenly replace the Smart Variable with a blank value rather than the correct value when displaying the custom label in the repeating instrument tables on the Record Home Page and in the drop-down of repeating instances at the top of data entry forms. (Ticket #77575)
    • Bug fix: If any Automated Survey Invitations get triggered via the ASI DataDiff cron job (because an ASI has conditional logic that contains datediff+today/now) in a longitudinal project, then invitations might not get successfully scheduled if the conditional logic refers to a field on an event for which its instrument has not been designated. For example, if we have logic such as "[event1][field1] = '2'", and field1's instrument is not designated for event1, then invitations would never get scheduled by the ASI datediff cron job when attempting to process this logic. (Ticket #77812)

    Version 9.7.0 - (released 1/31/2020)

    BUG FIXES AND OTHER CHANGES:

    • New feature: REDCap-branded URL Shortener (https://redcap.link)
      • The “Get short survey link” and “Create custom survey link” buttons on a project’s Public Survey Link page now utilize the REDCap-branded URL Shortener (https://redcap.link) instead of BIT.LY and IS.GD, which are third-party websites utilized by previous versions.
      • For administrators, a new “URL Shortener” link on the Control Center’s left-hand menu will take you to the “All-Purpose REDCap URL Shortener” page, which allows an admin to take *any* URL and shorten it as a custom redcap.link URL. We ask that you please try to limit the usage of this feature to only REDCap-related and work-related things.
      • NOTICE: Since this feature is ultimately supported by Vanderbilt, which pays for the hosting and infrastructure on AWS, it is a requirement that the REDCap server must have reported its REDCap stats to the consortium first in order to be able to use the REDCap URL Shortener. If the server’s REDCap stats have never been submitted, then the feature will return an error when attempting to create a redcap.link URL and will note this requirement in the error message.
      • To disable this feature and revert back to using BIT.LY and IS.GD for URL shortening for public survey links, you can run the following SQL query on your REDCap database: UPDATE redcap_config SET value = '0' WHERE field_name = 'enable_url_shortener_redcap';
    • Change/improvement: By popular demand, the "Send test email" link/feature has been re-added to all the following places where emails are composed: Email Users page in the Control Center, Automated Survey Invitations setup dialog, Compose Survey Invitations dialog for Participant List, Compose Survey Invitation dialog at the top right of data entry form, and the Confirmation Email setting on the Survey Settings page.
    • Major bug fix: Most non-project types of actions by users were mistakenly not being logged in REDCap due to a query that failed when inserting a new row into the redcap_log_event database table. All project-level logging was correctly being logged, but non-project activities (such as creating users, resetting passwords, etc.) were mistakenly not getting logged. Bug emerged in REDCap 9.6.0 Standard. (Ticket #77584)
    • Bug fix: On the Activity Log page in the Control Center, the popover that appears when mousing-over the gear icon next to each logged event would mistakenly stay visible, even when the user mouses-off of the gear icon. (Ticket #77044)
    • Bug fix: When putting the cursor in the Variable Name text box in the Edit Field dialog in the Online Designer, if the variable name is longer than 26 characters and the project is currently in production status in Draft Mode, it might mistakenly pile several different dialogs on top of each other and make it impossible to close them all. This is often exacerbated if clicking the "X" icon or Escape key when attempting to close the dialogs. (Ticket #75072)
    • Bug fix: It might mistakenly report an error that the "database structure is incorrect" in the Control Center or on the Configuration Check page when in fact the database structure is correct. And if the "Easy Upgrade" feature is enabled, the "Auto-Fix" option would fail if attempted. This issue is due to a previous fix that was meant to address idiosyncrasies in MySQL 8.0 but did not fully, and in fact the previous fix caused issues with installations that were not running MySQL 8.0. So this should now fix the issue on all versions of MySQL where these errors are occurring. (Ticket #76872)
    • Change: In a production project where repeating instruments/events are enabled, if a user opens the Repeating Instrument/Event setup dialog on the Project Setup page, in which one or more checkboxes are checked already in the setup, a warning dialog with red text will be displayed to inform the user that unchecking any of the checkboxes might cause data to be orphaned and thus will cause any data already collected from repeating instances to disappear indefinitely from the user interface, reports, and exports. This warning will help users to be aware of this possibility that might affect their data and thus might have otherwise caused confusion. (Ticket #66801)
    • Bug fix: If using the Clinical Data Pull in a project, and the setting “Convert source system timestamps from GMT to local server time?” is set to “Yes” on the Clinical Data Interoperability Services page in the Control Center, then if a user in the project is adjudicating data values, in which a single temporal value (i.e., Labs or Vitals) is displayed on multiple fields/events within the adjudication popup for that record, then that value’s associated timestamp would mistakenly get shifted by the same amount (e.g., by 6 hours if in Central Time) for *every* time that value is displayed in the popup. Thus the timestamp value would be incorrect for every place where it is displayed in the popup except for the first one. Note: This issue does not affect the data value being imported at all.
    • Bug fix: When viewing the Project Modification Module for a production project in Draft Mode, it might mistakenly display false positives for field changes as if some fields are being modified when in fact they are not. This can happen if the old field attributes and new field attributes are the same except that one has Windows newline characters (which represent line breaks in text) and the other has Linux newline characters, or vice versa. So the text looks the same on the page, but REDCap thinks they are different and thus flags them as yellow on the page. When comparing them, it no longer pays attention to what type of newline character is being used. (Ticket #76811)
    • Change: At the top right of the main Control Center "Notifications" page, it now displays the following server info: PHP version, MySQL/MariaDB version, and the web server OS type (Windows vs Linux/Unix).
    • Bug fix: If a field's branching logic contained the datediff() function with a literal date (e.g., "01-01-2020") as one of the first two parameters in the function, in which the date value was either in MDY or DMY date format, then certain server-side logic-parsing operations (e.g., Data Quality rule A and B, the use of branching logic in downloaded PDFs) would fail to work correctly.
    • Bug fix: Data Quality rule F would use a bit too much web server memory while processing. (Ticket #77606)
    • Change: If using WebDAV for file storage and the WebDAV connection file on the web server cannot be read by REDCap for some reason (e.g., due to a file/folder permissions issue), then it would prevent much of REDCap from working correctly and not give any clue as to what was causing it, making it difficult to troubleshoot. To prevent this issue, it now fails more gracefully and provides an error message on what the exact problem is in this particular case.
    • Bug fix: If exporting a report to a stats package (SAS, SPSS, R, Stata) in which the first instrument in the project is enabled as a survey and the record ID field is the only field from the first instrument that is included in the report, then the resulting syntax file for the stats package would mistakenly reference the survey timestamp field of the first instrument, and since that timestamp field would not be included in the CSV data file in the export, it would cause errors to occur when loading the exported data into the stats package. (Ticket #77574)

    Version 9.6.5 - (released 1/28/2020)

    BUG FIXES AND OTHER CHANGES:

    • Improvement: Adaptive and Auto-scoring instruments (i.e., PROMIS assessments) that have been downloaded from the REDCap Shared Library may now have their survey responses deleted via the Delete button at the bottom of the data entry form when viewing the survey response. In previous versions, if an Adaptive and Auto-scoring instrument had been partially completed or the wrong one had been taking accidentally, there was no way to remove the existing response since the whole response was locked afterward. Now the "Delete data for THIS FORM only" button appears at the bottom to allow users to remove the response if they wish to add another to replace it. (Ticket #77086)
    • Major bug fix: Some specific server installations (most notably Linux servers running PHP 7) would result in many fatal PHP errors when running or enabling external modules, thus making the REDCap installation mostly unusable in some cases. A patch has been issued to the External Module Framework to fix this. Bug emerged in REDCap 9.6.4 (Standard).
    • Bug fix/change: Email Alerts converter has been removed - The Email Alerts external module has diverged from Alerts & Notifications in both its feature set and its back-end storage structure to the point where the option to convert alerts from the Email Alerts module into Alerts & Notifications is no longer a viable or reliable option, and in some cases the converter has caused major issues on some installations by not successfully converting alerts correctly. To prevent further damage, the EA->A&N converter will be removed from the user interface (it exists as a green button at the top right of the "Configure Email Alerts" page, which opens a dialog popup). This change will not in any way affect the functionality of the Email Alerts external module or the Alerts & Notifications feature, and they will both continue to function and exist separately with no conflict to each other. NOTE: This fix/change is only relevant if you have the Email Alerts external module installed on your REDCap system. REVERTING BACK: If for some reason you want to expose the EA->A&N converter feature to use it again, you may execute the following SQL query on the MySQL database, after which the green converter button will appear again in all projects where the Email Alerts module has been enabled: UPDATE redcap_config SET value = '1' WHERE field_name = 'email_alerts_converter_enabled'; WARNING: Please be aware that no guarantee is given regarding the success of the EA->A&N converter if you choose to re-enable it and use it. It is HIGHLY recommended that you leave it disabled.
    • Bug fix: Certain types of cookies created by REDCap were not getting stored correctly in a user's browser if the “session.cookie_secure” setting is set to “On” in the server’s PHP.INI configuration file while using a version of PHP lower than PHP 7.3.0. For example, this would likely prevent the Google reCAPTCHA feature from working successfully on public surveys, thus preventing survey participants from taking those surveys. This bug emerged in the previous release.
    • Bug fix: When a user adds a full REDCap survey link (as opposed to using the [survey-link] smart variable) into the rich text editor when composing a survey invitation (i.e., in the "Compose Survey Invitations" popup or "Automated Survey Invitations" popup), the warning dialog that suggests to remove the hard-coded survey link would mistakenly get displayed multiple times on top of itself, thus making it impossible for the user to actually close them all and forcing the user to refresh the page. (Ticket #77086)

    Version 9.6.4 - (released 1/27/2020)

    BUG FIXES AND OTHER CHANGES:

    • Improvement: If the "email notifications for administrators" option is enabled on the To-Do List page, then when a user cancels a "move project to production" request or a "delete production project" request, it now sends an email notification to the REDCap administrator to inform the admin that the request was cancelled so that the admin does not attempt to process it (even though the admin will be prevented with an error message if they try to process it). In previous versions, the request would have been cancelled silently by the user without ever notifying the admin.
    • Change: The Configuration Check page now makes a suggestion that the PHP setting "session.cookie_secure" be set to "On" in the PHP.INI configuration file if you are running REDCap over SSL/HTTPS. Doing this is not required, but it is recommended since it improves the overall security of the REDCap system.
    • Bug fix: If running REDCap on MySQL 8.0, it might mistakenly report an error that the "database structure is incorrect" in the Control Center or on the Configuration Check page when in fact the database structure is correct. This is due to the ZEROFILL attribute for numeric field types that exist in MySQL 8.0. Note: This issue was thought to have been fixed in the previous release but was not. (Ticket #76872)
    • Bug fix: The project templates created during a fresh install of REDCap contained fields that mistakenly conflated the concepts of sex and gender (e.g., having "Gender" as the field label with "sex" as the variable name) and often did not provide enough inclusive options as choices. These fields in the project templates have thus been modified.
    • Bug fix: When viewing a project's Logging page and the text displayed in the last table column is very long with no spaces, it might mistakenly overflow out of the table and sometimes off the page.
    • Various bug fixes and changes for the External Module Framework.
    • Due to changes in the default cookie settings in the Google Chrome browser (in Chrome v80 and later), any REDCap pages embedded on another website (via iframe) might mistakenly not be able to start an authenticated session successfully when logging in to REDCap. This may also affect surveys' ability to collect some data and behave correctly if the survey page is embedded on another website. REDCap now manually sets the cookie "SameSite" attribute with the value "None" by default in all compatible web browsers for all cookies generated by PHP in REDCap. Note: This is only applicable for REDCap installations using SSL/HTTPS that have the setting “session.cookie_secure” set to “On” in the server’s PHP.INI configuration file. If session.cookie_secure is not set to On, then the SameSite cookie attribute will not be added by REDCap.
    • Bug fix: The main Notifications page in the Control Center and the Configuration Check page might not load completely if using PHP 5.5 or 5.6. Bug emerged in the previous REDCap version.
    • Bug fix: A couple words were mistakenly not translated on Copy Project page. (Ticket #77083)
    • Bug fix: If a user has clicked the "Request delete project" button on the "Other Functionality" page in a production project, after which they then click the "Cancel request" button to cancel that project-deletion request, then an administrator who is processing user requests via email notifications (as opposed to via the To-Do List) might not realize that the request was cancelled and thus might process the request and mistakenly delete the user's project unwittingly.
    • Bug fix: The Clinical Data Interoperability Services (CDIS) now works more correctly for provider apps when using with the Cerner EHR system. In the previous versions, it was not working successfully.
    • Bug fix: When launching the Clinical Data Pull (CDP) feature as a REDCap window inside the EHR, it would mistakenly force the user to log in to REDCap every time they had a new EHR session. It should instead only ask the user to log into REDCap the first time and then remember it for all other times afterward in the future.

    Version 9.6.3 - (released 1/21/2020)

    BUG FIXES AND OTHER CHANGES:

    • Major bug fix: If the Twilio telephony feature has been disabled at the system level on the Modules/Services Configuration page in the Control Center, then when adding/editing an alert on the Alerts & Notifications page in a project, the alert's Email From, To, CC, BCC, and Subject values would mistakenly all get set to a blank value when saving a new or existing alert. (Ticket #76760)
    • Change/improvement: The text box fields for logic have been increased in size and made resizable for the following places: the Survey Queue setup popup in the Online Designer, the Add/Edit Branching Logic popup in the Online Designer, and the Advanced Filter Logic when creating/editing reports.
    • Bug fix: The Survey Confirmation Email feature might mistakenly display too many line breaks in the email text when viewing it on the Survey Settings page for an instrument or when viewing the received confirmation email in an email client.
    • Bug fix: When importing data via API or Data Import Tool, it would mistakenly output a bunch of seemingly random text (e.g., "redcap_repeat_instrument, $repeat_instrument: ...") that was only meant for debugging purposes.
    • Bug fix: When using a rich text editor that exists inside a modal dialog (e.g., the "Create new alert" dialog, the "Automated Survey Invitation" setup dialog), the rich text editor's "Table" menu option would not function correctly and would prevent users from adding a table to their rich text.
    • Bug fix: If running REDCap on MySQL 8.0, it might mistakenly report an error that the "database structure is incorrect" in the Control Center or on the Configuration Check page when in fact the database structure is correct. This is due to the ZEROFILL attribute for numeric field types that exist in MySQL 8.0. (Ticket #76768)
    • Bug fix: If the setting "Auto-suspend users after period of inactivity" is enabled, and some users who are suspended have not had any activity within the designated period of inactivity, then if the user has a sponsor and the user's sponsor puts in a request to have them unsuspended, the user would mistakenly get re-suspended within a day. (Ticket #58909)
    • Bug fix: The email content text box was mistakenly too short in the Compose Survey Invitations popup on the Participant List page.
    • Bug fix: When clicking the "Cancel" button on a data entry form, it would mistakenly display the alert "Are you sure you wish to CANCEL and lose all changes made on this page?" when no values had actually changed on the page, which could be confusing to users. It now only displays the alerts when values have been added or modified. (Ticket #76818)
    • Bug fix: When using Missing Data Codes in a project where a field in the project has the same value as a missing data code but has the @NOMISSING action tag, it would mistakenly interpret the field value as a missing data code in the following places: 1) the Data History popup on a data entry form, and 2) in the CSV Labels data export file. (Ticket #76813)
    • Bug fix: When using Missing Data Codes in a project, if a file has been uploaded for a File Upload field and then a user clicks the "M" icon next to the field to open the missing data code choices, if they then click "[Clear value]", it would mistakenly hide the filename of the existing uploaded file, even though the user might choose to cancel the operation and not delete the file. This could be confusing to the user since it is hiding the file's filename prematurely in the process of entering a missing data code, thus making it appear as if perhaps the file has been deleted when in fact it has not. (Ticket #76810)

    Version 9.6.2 - (released 1/20/2020)

    BUG FIXES AND OTHER CHANGES:

    • Improvement: New options for Alerts & Notifications
      • A “Trigger Limit” setting was added to Step 1 in the Add/Edit Alert popup that allows users to define where and to what extent within a record that the alert will be triggered. Its options include “only once per record”, “only once per event”, “only once per instrument regardless of the event”, and others that are displayed if the project contains repeating instruments/events. The trigger limit will help users to limit alerts to only be triggered on certain parts of a record and/or so many times within a record to achieve the behavior they desire for their notifications. Note: For non-longitudinal projects that do not have repeating instruments, this option (Step 1C) will not be displayed at all since it would contain only one choice: “only once per record”. (Ticket #70860)
      • The “every time” option of the “Send it how many times?” setting in Step 2 has been expanded to have sub-options to provide more possible scenarios in which an alert will be triggered. In previous versions, the only option was to set an alert to be triggered “every time the form/survey in Step 1B is saved”, but now it contains two new variations: “every time the form/survey in Step 1B is saved with new or modified data” and “every time the form/survey in Step 1B is saved with new or modified data (ignoring calc fields)”.
      • Recurrence maximum - When setting an alert to send multiple times in a recurring fashion in Step 2, a new option has been added to limit the maximum number of recurrences (i.e., the total times the alert will be sent on its repeated schedule). In previous versions, the alert would continue sending indefinitely at its defined interval (typically until conditional logic became no longer true), but now the alert can be set to repeat up to 9999 times at the interval that has been defined.
    • Major security fix: An “information leakage” security vulnerability was discovered, in which a malicious user could exploit it by manipulating the URL’s query string parameters for certain paths used to access External Module pages. This is not related to any specific External Module but is a vulnerability in the External Module Framework bundled with REDCap. The user could potentially access the contents of any plain-text files (excluding PHP files) that exist on the REDCap web server, including files that sit outside the server’s web root, which could include files with sensitive information. Note: In order to exploit this, the user must be a valid user that is currently logged in. This exploit is not able to reveal the contents of any PHP files on the server but other plain-text files instead, such as files with file extensions TXT, JSON, XML, or YAML. And in order to view the contents of a file, the malicious user must first know or guess the exact filename *and* directory location of the file on the server.
    • Improvement: If the Custom Record Label and/or Secondary Unique Field are being used in a project, their values will now be displayed on the Calendar page when viewing the Day or Agenda tab for any calendar event connected to a record in the project.
    • Improvement/change: On the Alerts & Notifications page, users may now edit a deactivated alert. This is especially useful if a user is setting up part of an alert and wishes to make incremental edits to the alert prior to re-enabling it.
    • Improvement: A new setting "Utilize the Display Name in all outgoing emails?" was added to the "Configuration for Outgoing Emails" section on the Control Center's "General Configuration" page. This setting allows administrators to disable the email Display Name feature in all outgoing emails from REDCap. This feature might need to be disabled if your institution is having a disproportionate amount of emails not being received due to email servers blocking them, sometimes due to the usage of the display name. This setting is enabled by default when upgrading or installing REDCap. (Ticket #75941)
    • Improvement: On the Clinical Data Interoperability Services (CDIS) page in the Control Center, a new helper popup was added to assist admins in quickly determining their EHR's "Patient Identifier String". A new button "Find patient identifier string" will appear on the page, and after clicking it, it will ask the administrator to enter the Social Security Number of any patient in the EHR system, which will return a list of all patient identifier strings that are available in the EHR. After finding the identifier string that corresponds to MRNs in the EHR system, that string can then be pasted and saved on that page so that the Clinical Data Mart and Clinical Data Pull services can begin functioning fully.
    • Change/improvement: The TinyMCE library was upgraded from v4.9.2 to v5.1.5.
    • Bug fix: External Modules could not be enabled if the user was using Internet Explorer. (Ticket #76276)
    • Bug fix: When exporting data into SAS, it would result in errors upon loading into SAS for datetime fields if Missing Data Codes are not utilized in the project.
    • Bug fix: When exporting data into SAS, it would mistakenly not apply choice label formats onto multiple choice values when loading into SAS.
    • Bug fix: If a REDCap plugin, hook, or external module is calling REDCap::saveData() from outside the scope of the project in which it is saving the data, then if any Automated Survey Invitations in the project have conditional logic, then those ASIs might not get triggered successfully because in most cases the logic will never evaluate to TRUE. (Ticket #75607)
    • Various fixes and updates for the External Module Framework
    • Bug fix: When clicking the table header for a date or datetime field in a report, in which the dates/datetimes are in either MDY or DMY date format, it would mistakenly not sort the values correctly in the report. (Ticket #76377)
    • Bug fix: If the Survey Confirmation Email setting has been enabled at the bottom of the Survey Settings page for a data collection instrument, and then a user disables it by setting its drop-down value to "No" and then saves the page, then even though the setting does get properly disabled upon save, if a user re-opens the Survey Settings page again later, it would mistakenly display the Survey Confirmation Email setting as still being enabled - even though it is not. (Ticket #76354)
    • Bug fix: If the User Settings option "Allow normal users to move projects to production?" is set to "No, only Administrators can move projects to production," and email notifications are enabled for administrators to receive these user requests via email, then if a user requests that a project be moved to production but then cancels their own request on the Project Setup page, an administrator could still move the project to production afterward if they click the link received in the email (however, this could not be done via the To-Do List interface). This could cause some projects to have all their data mistakenly deleted if the requesting user clicked the wrong option in the "move to production" dialog and didn't notify the admin immediately afterward so that the admin would not approve their request. From now on, if the admin clicks the link in the email and the user has already cancelled the request, it will display an error to the admin and prevent them from approving the deleted request. (Ticket #76068)
    • Bug fix: When executing a custom Data Quality rule in a longitudinal project, in which the rule's logic references fields on multiple events, in certain scenarios it might mistakenly display a false positive discrepancy from another unrelated event that is not referenced in the logic. (Ticket #76090)
    • Bug fix: When viewing a project's Calendar page, the Agenda tab might mistakenly display "No calendar events to display" even though one calendar event is being displayed.
    • Bug fix: When accessing the "Help & FAQ" page via the top nav bar on the My Projects page and Control Center pages, the search box at the top of the "Help & FAQ" page would be mostly obscured when initially loading the page, thus making it unusable until you scrolled down the page some to reveal it.
    • Change: In the Add/Edit Alert popup on the Alerts & Notifications page, the Alert Expiration option has been moved upward in the popup so that it is now part of Step 2.
    • Bug fix: In the Add/Edit Alert popup on the Alerts & Notifications page, the "Add Attachments" button in the popup would mistakenly not do anything, thus preventing users from adding attachments to their alerts. (Ticket #76541)
    • Bug fix: The email Display Name will no longer be utilized for the "REDCap access granted" emails and "Verify your email address" emails that are sent to users from REDCap because the Display Name for these particular emails were causing them to get disproportionately flagged as spam by many institutions' email servers, thus preventing users from receiving them. (Ticket #75941)
    • Bug fix: When using the CSV import functionality for the field mapping page of the Clinical Data Pull (CDP) feature, it would mistakenly not allow composite mapping of fields (i.e., many-to-one or one-to-many mapping) and thus might ignore some field mappings included in the CSV import file.
    • Bug fix: If data had been entered into multiple instances of a repeating instrument or repeating event and then that instrument or event was later set to no longer be repeating (while there still exist other repeating instruments/events in the project), then the orphaned data from the repeating instances might mistakenly get included and displayed in reports or data exports. And in some cases, this orphaned data might cause Data Quality rule H to behave erratically, such as stating that there are some discrepancies to fix, but after clicking the button to auto-fix them, it would say that "0" were fixed.
    • Bug fix: For many popup dialogs whose content is obtained from an AJAX call that returns a JSON-encoded payload, there are some cases where the popup might fail to open if there are certain non-Latin/UTF-8 characters in the text that will be displayed in the popup (e.g., Field Comments dialog, Survey Login dialog, Survey Queue Setup dialog, Edit Matrix Fields dialog). A new process has been added to most of these places to ensure that at least some of the content gets displayed in the dialog popup rather than never being able to open the dialog at all. (Ticket #76619)
    • Bug fix: If an alert has been created in which its content/message contains one or more Smart Variables that allow you to provide custom text, such as survey-link, form-link, and survey-queue-link (e.g., [survey-link:prescreening:My Custom Text]), then if the Smart Variable's custom text contains a forward slash "/", then it would mistakenly prevent the alert's notification from being sent.
    • Bug fix: If Missing Data Codes are enabled in a project, then the Missing Data Codes "M" icon on a data entry form would mistakenly be displayed and would function even when the entire form is disabled due to limited user rights or if viewing an un-editable survey response. Note: Clicking an option in the Missing Data Codes popup would change the value of the associated field, but since there would be no way to save that value, it would never affect any data. (Ticket #76688)
    • Bug fix: When a user requests changes in a production project, the display name for the "Review & Approve Project Changes" email sent to the REDCap admin gets set to the project contact name instead of the user's first and last name. (Ticket #76685)
    • Bug fix: If exporting a report in JSON format via the REDCap API, in which the report has filter logic defined and contains many thousands of records that will be returned, the beginning of the JSON string returned in the API response might mistakenly get malformed and begin with "[,{" instead of "[{". (Ticket #76602)
    • Bug fix: When importing data via the API in "EAV" format for a repeating instrument or repeating event, many of the normal checks that ensure that the fields "redcap_repeat_instrument" and "redcap_repeat_instance" have valid values where mistakenly getting bypassed and thus not performing all the necessary checks to ensure the best data quality during the import. For example, importing a field on a repeating instrument but leaving the "redcap_repeat_instance" field blank would not return an error but would instead assume the value is "1", which should not be assumed. (Ticket #75854)

    Version 9.6.1 - (released 1/10/2020)

    BUG FIXES AND OTHER CHANGES:

    • Major bug fix: If the Twilio telephony feature has been disabled at the system level on the Modules/Services Configuration page in the Control Center, then when adding/editing an alert on the Alerts & Notifications page in a project, the "Email From", "Email To", and "Subject" settings would mistakenly not be displayed and thus would prevent users from creating or editing an alert. (Ticket #76266)

    Version 9.6.0 - (released 1/9/2020)

    NEW FEATURES, BUG FIXES, AND OTHER CHANGES:

    • New feature: SMS and Voice Calls for Alerts & Notifications
      • If Twilio services have not been disabled at the system level for the REDCap installation, then users may now send a notification as an SMS text message and/or as a one-way voice call for any given alert in a project by setting them up on the Alerts & Notifications page.
      • The Twilio telephony services must first be enabled on the project on the Project Setup page (the same way it has in the past when utilizing Twilio for surveys and survey invitations), and once enabled, using the Twilio configuration dialog users may choose to utilize Twilio in the project for surveys (default), alerts, or both surveys and alerts.
      • Once enabled for alerts, inside the Add/Edit Alert dialog on the Alerts & Notifications page users will see the options to send a notification as an email, SMS message, or voice call. If SMS or voice call is chosen, it will hide all email-specific settings and will reveal the “Phone Number” fields for entering the phone numbers of one or more recipients of the notification, which may include the following: the phone numbers of all project users (from their My Profile account settings), any fields having integer validation or phone validation, and the survey participant’s phone number (if also using Twilio services for surveys).
      • Note: Just as when SMS messages are sent and when voice calls are made via Twilio for surveys, REDCap has a cron job that runs every 2 minutes that will automatically delete all logs on the Twilio website for any SMS messages sent or voice calls made via Alerts & Notifications. This is for privacy reasons to remove any potentially sensitive information (e.g., recipient phone numbers) that might be stored in Twilio’s logs.
      • New system-level settings for Alerts & Notifications have been added to the “Modules/Services Configuration” page in the Control Center that allow REDCap administrators to disable the phone-related settings listed below (similar to the ones that currently exist regarding email address usage in alerts). Note: These settings are enabled by default when upgrading to 9.6.0 or higher or when installing REDCap.
        • Option: “Allow normal users to use project variables for phone fields and integer fields in the project for an alert's recipient phone numbers?
        • Option: “Allow normal users to manually enter email addresses as freeform text for an alert's recipient phone numbers?”
    • New feature: New REDCap class method for plugins/modules/hooks: getLogEventTable($project_id) - Method will return the database table name for a specified project by providing its project_id. If $project_id is null or not provided, it will return “redcap_log_event” by default.
    • Change/improvement: Added four new redcap_log_event database tables for new projects to improve server performance when REDCap is querying logging data for a project. Note: This will not improve performance when querying the logging records of existing projects but only applies to projects created after upgrading to v9.6.0 or higher.
    • Change/improvement: To protect the performance of the REDCap server, safeguards have been added to prevent users from running more than five Data Quality rules simultaneously for a given project. If this is detected, REDCap will automatically kill all but the newest five Data Quality rule requests that are still running and will display an error message on the page explaining this.
    • Minor security fix: REDCap now automatically removes the "X-Powered-By" response header produced by the REDCap server so that it doesn't reveal the server's PHP version (the default behavior), which is considered to be a minor security issue.
    • Bug fix: If the record ID field has min/max validation, it would mistakenly prevent records from being created on the "Add/Edit Records" page and "Record Status Dashboard" if a record ID was entered in the correct format but whose value was out of range. It should allow the creation of the record even when out of range. (Ticket #60352)
    • Bug fix: If any Alerts & Notifications get triggered via the Alerts DataDiff cron job (because an alert has conditional logic that contains datediff+today/now), then it might not perform all piping correctly if any field variables are piped into the email subject, email content, or are used for recipients or attachments.
    • Bug fix: If an alert is set to be triggered "Using conditional logic during a data import or data entry" and is set to send "Just once", then if the conditional logic has become true when importing or entering data for a repeating instrument, it would mistakenly keep sending a new notification every time the record is saved (assuming the logic is still true). Instead it should only send it once (per repeating instance).
    • Bug fix: If any Alerts & Notifications get triggered via the Alerts DataDiff cron job (because an alert has conditional logic that contains datediff+today/now), then they might mistakenly only get scheduled once per record rather than for all events and all repeating instances within a given record. Warning: This fix might inadvertently cause the cron job to schedule/send any alerts that were supposed to have been scheduled/sent in the past but mistakenly were not sent because of this bug. There is unfortunately no way to prevent this.
    • Bug fix: When attempting to change the version of an External Module while using Firefox, it would mistakenly fail due to a JavaScript error. (Ticket #76009)
    • Change/improvement: The TinyMCE library was upgraded from v4.7.2 to v4.9.2.
    • Bug fix: The act of deleting a custom record status dashboard would mistakenly not get logged on the project's Logging page.
    • Bug fix: When exporting data into SAS, it would result in errors upon loading into SAS for multiple choice fields that contain only numerical codings (including True/False, Yes/No, and form complete status fields) and also for number/integer fields, but only if Missing Data Codes are not utilized in the project.
    • Bug fix: Some CSS (i.e., affecting "a.btn") was added to REDCap's styling in a recent version that was mistakenly overriding some Bootstrap CSS, which might negatively affect some REDCap plugins, hooks, or modules. (Ticket #75943)
    • Bug fix: If the setting "Domain whitelist for user email addresses" is enabled and Table-based authentication is being used, then the "Set Up Password Recovery Question" popup would mistakenly fail to enforce the domain whitelist if a user attempts to modify their primary email address in that popup. (Ticket #75990)
    • Bug fix: For users with visual impairments that are using screen reader software on survey pages, there are certain conditions, such as if the Text-To-Speech feature is enabled on that survey, where screen readers might not be able to interpret all the labels on the page correctly.
    • Bug fix: When viewing a project's Logging page using Internet Explorer or Edge browser, if the username is long as displayed in the logging table, it might cause some of the columns in the table to overflow onto each other, thus making them nearly unreadable. (Ticket #76109)
    • Bug fix: False positives may appear as discrepancies when running Data Quality rule F in a longitudinal project when fields have branching logic that does not have a unique event name explicitly prepended to all field variables in the logic. (Ticket #66789)
    • Bug fix: When attempting to add a new user on the User Rights page in a project, if a user being searched for has a first or last name that contains undecipherable/mangled characters, then it would fail to return any users in the auto-suggest list as the user types the user's username. (Ticket #76053)
    • Version 9.5.3 - (released 12/31/2019)

      BUG FIXES & OTHER CHANGES:

      • Improvement: New content was added to the "Help & FAQ" page
      • Bug fix: For branching logic, calculated fields, or other logic, if "IF" statements are nested in the logic, then in some cases the logic might not get parsed correctly and might produce an error or behave unexpectedly. For instance, this will occur if the logic contains "if(if(..." with no spaces between each "if(". (Ticket #75506)
      • Bug fix: When branching logic on a data entry form or survey attempts to hide a checkbox field and thus erase its values (i.e., uncheck all its checkboxes), if any of the checkbox options contains a dash/hyphen in its coded value, it would mistakenly display an error message saying that branching logic errors exist, which is not true. (Ticket #75346)
      • Bug fix: When creating a project using a Project XML file that contains multiple reports, each subsequent report that gets created in the new project would mistakenly contain all the fields from all previous reports in that project. (Ticket #75517)
      • Bug fix: If administrators must approve the creation of new projects on a user's behalf, then if the user had selected one or more Project Folders to which the new project should be assigned, the new project would mistakenly get assigned and connected to the administrator processing the request instead of to the user making the request, which could cause errors for the requester later on if they attempt to add or remove that project to/from a Project Folder. (Ticket #75004)
      • Bug fix: When exporting the PDF of an instrument, in which the instrument has no data (i.e., has a gray form status icon) and the instrument is also not the last instrument in the project, it might mistakenly display the instrument title (or survey title/instructions, if enabled as a survey) while the rest of the page in the PDF would remain blank. It should instead not include the page at all in the PDF export. (Ticket #73896)
      • Bug fix: If the setting "Domain whitelist for cross-domain HTTP access control" is set on the Security & Authentication page in the Control Center, in which multiple domains have been set, then it would mistakenly only allow the last domain defined in the list. (Ticket #75848)
      • Bug fix: If using MySQL 8 for the database while viewing "View User List By Criteria" on the "Browse Users" page in the Control Center, selecting "Active in past X" or "Not active in past X" from the drop-down list would always mistakenly return no results. (Ticket #75429)
      • Bug fix: If a custom Data Quality Rule contains more than one field in a project with repeating events or repeating instruments, then if none of the fields in the rule's logic exist on a repeating event/instrument, it might mistakenly return duplicate discrepancies of those fields on one or more repeating instances. (Ticket #75839)
      • Bug fix: If a custom Data Quality Rule in a longitudinal project references fields in repeating events/instruments, in which the rule logic does not explicitly specify the event name or repeating instance designation for the field, then it might return an "ERROR" message stating that the logic has syntactical errors, which is not true.
      • Fixes and updates for the External Module Framework.
      • Bug fix: If a longitudinal project with repeating instruments or repeating events contains reports with report filter logic that references fields on both repeating and non-repeating instruments/events, in which the fields on repeating instruments/events do not have anything appended to them, such as a numeral instance designation or instance Smart Variable, then the report might return incorrect results. This appears only to occur if the report setting "Show data for all events or repeating instruments for each record returned" is left unchecked. (Ticket #75792)
      • Bug fix: When exporting data into SAS, it would result in errors upon loading into SAS for multiple choice fields that contain only numerical codings (including True/False, Yes/No, and form complete status fields) if Missing Data Codes are not utilized in the project.
    • Version 9.5.2 - (released 12/20/2019)

      BUG FIXES & OTHER CHANGES:

      • New feature: Built-in activation process for external modules (system-level setting - enabled by default)
        • All modules that have been set as “Discoverable” in the system will now have a “Request Activation” button displayed next to them when viewing the list of available modules on the External Modules page in a project. If a user with Project Setup/Design privileges in the project clicks the button, it will add a new item to the To-Do List in the Control Center (and also send an email to the REDCap administrator if admin email notifications are enabled) that will ask the admin to activate the module. Once the admin has activated the module for the user, the user will receive an email informing them that the module has been activated for the project.
        • Note: This option can be disabled to hide this button for all discoverable modules (e.g., if you wish to use your own module activation process) at the top of the “Modules/Services Configuration” page in the Control Center.
      • New feature: Users can self-activate an external module for a project (module level setting - disabled by default)
        • For any given module that has been enabled in the system and that has also been set as “Discoverable”, a REDCap administrator may optionally set a module setting (in the Configure Module popup for the module in the Control Center) that will allow any user with Project Setup/Design privileges in a project to activate the module in their project on their own (i.e., without an administrator having to enable it for them).
        • Since this is a module-level setting, it is completely opt-in by the REDCap administrator for any given discoverable module.
      • New feature: Standalone Launch for CDP and Data Mart - When using the Clinical Data Pull or Clinical Data Mart functionality, it is no longer required for users to have to log in to the EHR and launch the embedded REDCap window inside the EHR interface as a means of establishing a connection between their REDCap account and the EHR. This is now optional. Users may now alternatively establish a connection with the EHR by logging into to the EHR via a prompt while inside REDCap. If a user in REDCap attempts to pull clinical data from the EHR, in which it determines that the user has not established a connection yet with the EHR, it will prompt them to log into their EHR directly in their web browser, after which it will redirect them back to REDCap to begin pulling the clinical data from the EHR. Thus setting up a REDCap launch button in the EHR interface is no longer required but optional since the connection can now be completely established on the REDCap side alone. NOTE: For those using Epic, this means that creating an FDI Integration Record and Menu Record are no longer mandatory as part of the general CDIS setup process.
      • Improvement: In Alerts & Notifications when clicking the "Preview Message by Record" option, it now displays the Custom Record Label and/or Secondary Unique Field value in the record drop-down list in the dialog.
      • Improvements and changes when exporting data from REDCap into SAS
        • Full integration of the Missing Data Code functionality in the SAS data export syntax file to prevent issues when loading data containing Missing Data Codes into SAS.
        • Note: The SAS Pathway Mapper file has been removed and is no longer utilized. Users exporting data to SAS will now need to manually modify the path of the CSV data file in their .SAS syntax file to reflect its locally saved path on the device.
      • Bug fix: If a survey has the "Save & Return Later" option enabled but the "Allow respondents to return and modify completed responses" option is disabled, then if a participant attempts to return to a survey that was taken via a public survey link, then it might cause the participant's web browser to keep redirecting endlessly and thus prevent them from accessing the survey again.
      • Bug fix: When renaming a data collection instrument via the "Choose action" button in the Online Designer, if the instrument being renamed is enabled as a survey, the dialog prompt that asks the user to additionally rename the survey title would mistakenly have the current survey title listed as blank/"" in the dialog text. Also, in very specific cases, renaming the instrument might mistakenly cause it to get mistakenly deleted altogether as an instrument.
      • Bug fix: When creating a new record in a project via a data import (API or Data Import Tool), in which the data being imported should trigger an Automated Survey Invitation (ASI), then for certain multi-arm projects the data import might mistakenly not trigger the ASI to schedule a survey invitation (although the ASI could get triggered later if data were added/modified for that record).
      • Bug fix: If a project is created where the value of "Purpose of Project"->"Other" contains an apostrophe, then it might mistakenly cause the Project Setup page to throw a JavaScript error and thus might prevent some things from working on the page. (Ticket #75179)
      • Bug fix: When copying a project via the Copy Project method, it would mistakenly not copy the Email Display Name value for any Automated Survey Invitations that had been set up for surveys in the project. (Ticket #75641)
      • Bug fix: When deleting and/or replacing an email attachment for an alert on the Alerts & Notifications page, it might mistakenly not remove the existing attachment file.
      • Bug fix: When opening the Compose Survey Invitations popup on the Participant List page, the "Select a previously sent email..." drop-down list in the popup would mistakenly display HTML tags in the drop-down's labels when it should strip out any HTML tags there.
    • Version 9.5.1 - (released 12/11/2019)

      BUG FIXES & OTHER CHANGES:

      • Improvement: When using the Data Resolution Workflow and exporting all data queries in a CSV file, the following attributes are now all exported as their own separate columns in the CSV file: record name, event name, data access group, data quality rule, and field name. In previous versions, some of these attributes existed together in a single column and thus were harder to parse out individually. Additionally, the following columns have been added to the CSV export file: Current Query Status, Time Raised, and Time Resolved. (Ticket #30092)
      • Major bug fix: When clicking the "Remove file" link on a data entry form or survey page when attempting to delete a file or signature for a File Upload field or Signature field, it would mistakenly fail and prevent the user from successfully deleting the file. Bug emerged in v9.5.0. (Ticket #75030)
      • Minor security fix: A Cross-Site Scripting (XSS) vulnerability was discovered, in which a malicious user could potentially exploit it by manipulating the POST request parameters of a specific HTTP request.
      • Bug fix: Some English language on the Alerts & Notifications page was mistakenly not translated in the previous version.
      • Bug fix: In certain situations where the first instrument is a survey and a survey participant completes any given survey in the project, after which they are immediately presented with the Survey Queue, it might mistakenly show some surveys as not being completed in the queue, even when they are or if they have a form status of "Complete" (2). (Ticket #75005)
      • Bug fix: When using the Clinical Data Mart to pull EHR data, it might mistakenly no longer import the ICD-9 or ICD-10 values when importing data for the Problem List. Bug emerged in v9.4.2.
      • Bug fix: Sixteen "Laboratory" fields and their associated LOINC codes were mistakenly missing from the field mapping page for Clinical Data Pull and Clinical Data Mart.
      • Bug fix: When importing data (via API or Data Import Tool) into a non-longitudinal project, in which the imported data contains the redcap_event_name field with a blank value, it would mistakenly keep adding duplicate rows in the redcap_data database table for the record ID field. This would not adversely affect anything in the user interface though. (Ticket #74561)
      • Bug fix: When importing data (via API or Data Import Tool) into a project with repeating instruments and/or repeating events, in which the imported data contains the values belonging to a repeating instance, it would mistakenly keep adding duplicate rows in the redcap_data database table for the record ID field. This would not adversely affect anything in the user interface though. (Ticket #74561)
      • Bug fix: When a user creates a custom data quality rule for a project containing repeating events and/or repeating instruments, in which the instance (e.g., [current-instance], [2]) is not appended to all repeating variables in the logic, it might return duplicate discrepancies, no discrepancies, or discrepancies from the wrong event of a given record. (Ticket #74976)
      • Bug fix: When a user creates a custom data quality rule in a project that is either longitudinal or contains repeating events/instruments, the real-time execution of data quality rules might be very inconsistent or inaccurate depending on whether any event-based or instance-based Smart Variables are used or not used in the data quality rule logic. (Ticket #74036)
      • Bug fix: When Alerts & Notifications are grandfathered in or converted via the Email Alerts external module, Auto-Notify plugin, or some other back-end method, if the Sender's address (the From address) of a given alert is defined as a REDCap field variable (e.g., "[my_from_email]") instead of a literal email address, then while the user interface would allow the variable to be used, it would mistakenly not successfully send the alert's notification email when triggered. (Ticket #75112)
      • Bug fix: If the setting "Auto-suspend users after period of inactivity" is enabled, and some users who are suspended have not had any activity within the designated period of inactivity, then if the user has a sponsor and the user's sponsor puts in a request to have them unsuspended, the user would mistakenly get re-suspended within a day. (Ticket #75231)
      • Bug fix: If a project is created where the value of "Purpose of Project"->"Other" contains an apostrophe, then it might mistakenly cause the Project Setup page to throw a JavaScript error and thus might prevent some things from working on the page. (Ticket #75179)
      • Bug fix: When using the Data Resolution Workflow and exporting all data queries in a CSV file, the record name might not mistakenly not be displayed in the Record column in the CSV file. (Ticket #75215)
      • Bug fix: A JavaScript error was occurring in the function calcChangeCheck(), which gets run for calculated fields are triggered on forms and surveys. (Ticket #75255)
      • Bug fix: If a user is attempting to enable the Twilio telephony services in a project, REDCap will automatically set the URL for Voice/Messaging in the Twilio account via the Twilio API, and it will do so for only the phone number entered into the Twilio phone number field in the Twilio setup dialog on the Project Setup page. But if the phone number field is left blank in the Twilio setup dialog when the Twilio services are being enabled, it would mistakenly set the Voice/Messaging URL for *all* phone numbers associated with that Twilio account. This could overwrite the Twilio configuration of other Twilio phone numbers being utilized in that Twilio account.
    • Version 9.5.0 - (released 12/05/2019)

      BUG FIXES & OTHER CHANGES:

      • New Action Tag: @HIDDEN-PDF - Hides the field only in the downloaded PDF of one or more instruments (including blank PDFs, PDFs with data, and compact PDFs with data). Note: Other @HIDDEN action tags will not hide fields inside PDF exports, so @HIDDEN-PDF must be used specifically to hide fields in PDFs.
      • New hook functions
        • redcap_pdf - Allows for the interception of a PDF being generated or the manipulation of the $metadata or $data arrays that will be used to generate the PDF.
        • redcap_email - Allows REDCap's normal email-sending process to be intercepted or have the email parameters manipulated prior to sending. The parameters passed into this hook function are the exact same ones utilized by the REDCap::email() method.
      • Improvement: More rich text editors - The rich text editor is now available when composing survey invitations. This includes composing Automated Survey Invitations or invitations to be sent via the Participant List or via the Survey Options on data entry forms.Improvement: The rich text editor is now available on the Email Users page in the Control Center and also for the Survey Confirmation Email option on the Survey Settings page.
      • Improvement: The Configuration Check page now checks if any hook functions are missing from the Hook Functions file used by the REDCap installation. If any are missing, instructions are provided in order to add them.
      • Medium security fix: If a very tech-savvy user knows how the data dictionary upload process works, then they could manipulate certain POST parameters in a request to REDCap and thus be able to bypass the protection that prevents regular users from adding or modifying a Dynamic SQL Field on an instrument. If they are successful, they could potentially add a Dynamic SQL Field with whatever SQL query they wish and thus possibly extract sensitive information from the REDCap database (from any project or database table), albeit in a very limited format (i.e., in the form of drop-down field choices). (Ticket #20988)
      • Major bug fix: When exporting a Project XML file for a project containing a survey that utilizes the Survey Confirmation Email setting, in which a file attachment exists for the confirmation email, it would mistakenly export the doc_id value as-is in the XML file and thus create a new project having that same doc_id value for the confirmation email's attachment. This would cause the new project's attachment to point to the other project's file (rather than to a newly created file), and so if the attachment got deleted in the new project, it would mistakenly also remove the file in the original project and vice versa (assuming these projects exist on the same REDCap server). And if the Project XML file originated from a different REDCap server, then there is a chance that the file attachment in the new project might mistakenly point to any file stored in the entire REDCap system, including a file that might contain sensitive information (PHI). This could potentially expose sensitive information to a survey participant who is not authorized to access it.
      • Change/improvement: The HTML tags THEAD and TFOOT are now officially allowed for use in HTML-based user-provided input, such as field labels, survey instructions, etc. (Ticket #74574)
      • Improvement: Major performance improvement with regard to web server RAM usage when using the method REDCap::evaluateLogic() a lot in a module, hook, or plugin. In some cases where it was being called hundreds of times in a single request, it might cause PHP to run out of memory.
      • Change: If the "File Upload field enhancement: Password verification & automatic external file storage" setting has been enabled in a project, then when a user attempts to delete a file for a File Upload field (including the deletion of older revisions for that field), it is now required for users to provide a reason (in the text box in the "Delete file?" popup) in order delete the file. In previous versions, providing a reason was only optional.
      • Bug fix: If alerts from the Email Alerts external module are being converted into Alerts & Notifications, during the conversion process it will now additionally disable each original Email Alert individually to prevent a possible issue of the old Email Alerts somehow running via a cron job even though the Email Alerts module will have been disabled for the project after the conversion has been completed.
      • Bug fix: When the REDCap Shared Library is disabled at the system level, it would still mistakenly be available to use within projects. (Ticket #74474)
      • Change: All English language on the Alerts & Notifications page was translated.
      • Bug fix: If a user has Survey Distribution Tools rights but does not have Project Setup/Design rights, then if no surveys have been enabled in the project yet and the user clicks the Survey Distribution Tools link on the left-hand menu, they are presented with an "Access Denied" message, which is confusing because it pertains to the Online Designer and not to the Survey Distribution Tools page. This has been changed to give a more accurate and helpful error message. (Ticket #73168)
      • Bug fix: When using Shibboleth authentication, it was mistakenly not recording the time of the user's login in the redcap_log_view table in the database. (Ticket #72847)
      • Bug fix: If a user attempts to use the @CHARLIMIT or @WORDLIMIT action tags on the record ID field, it would display the words/characters remaining immediately below the record ID field on the first instrument, but it would not actually work there. It was never intended for these action tags for work for the record ID field, so this behavior could be confusing. It has been modified so that these action tags will simply be ignored and not used for the record ID field. (Ticket #74690)
      • Bug fix: If a closing square bracket ] exists in a choice label of a multiple choice field, then if that field is referenced in the branching logic of a field on a survey/form, it might cause the branching logic to not work correctly. (Ticket #74878)
      • Bug fix: If a multiple choice field was changed to a descriptive field, it would mistakenly maintain the old field choices in the metadata for that field. Those choices would never get utilized on a form or survey at all but could be seen on the Codebook page. (Ticket #74685)
      • Bug fix: In some instances where users must request from administrators that their project be moved to production, clicking the "Cancel request" button to cancel the "move to production" request might mistakenly display the wrong message to the user, thus causing some confusion. (Ticket #74420)
      • Bug fix: If any non-Latin/multi-byte characters exist in a record name in a project, then when REDCap builds the record list (an internal, invisible process) to display all the record names on the Record Status Dashboard, reports, Add/Edit Records page, etc., it might mistakenly garble the record names, thus causing them not to display correctly anymore. (Ticket #58989)
      • Bug fix: If a user attempts to import data for a repeating instrument or repeating event in which the redcap_repeat_instance field has a value greater than "9999" or less than "1", it would silently accept the value without displaying an error and would mistakenly not save the data correctly. (Ticket #74376)
    • Version 9.4.2 - (released 11/22/2019)

      BUG FIXES & OTHER CHANGES:

      • Improvement: Line breaks may be preserved in data values in CSV data exports - When creating/editing a report, the section "Additional report options" contains a new setting: "Remove line breaks/carriage returns in all text data values (only applicable for CSV Raw and CSV Label data exports)". This setting will be enabled by default for all existing reports and for any new reports being created. The option will effectively enabled (i.e., will remove line breaks) when exporting Reports A and B in order to be consistent with their current behavior in previous versions. This option is only used for CSV data exports and not for reports or exports to statistical analysis packages. (Ticket #32418)
      • Improvement: Added “Copy” and “Paste” options to the [right-click] context menu for all rich text editors.
      • Bug fix: The server-side processing of logic and branching logic might mistakenly fail with an error if the logic contains a checkbox variable name in which a checkbox choice containing a dash ("-") is referenced (e.g., [my_checkbox(193-1)] = "1").
      • Fixes and updates for the External Module Framework
      • Bug fix: A JavaScript error was being thrown on the Survey Settings page. (Ticket #74014)
      • Bug fix: A JavaScript error was being thrown on the Online Designer's "Edit Field" dialog when attempting to set a checkbox field choice's coded value to the value "length". This would mistakenly prevent the user from saving their changes to the field. (Ticket #74024)
      • Improvement: When creating a Clinical Data Mart project, there are two new fields that exist on the Medications instrument: RxNorm display and RxNorm code. These fields will capture the RxNorm values (if available) for each medication that is imported into the project from the EHR.
      • Bug fix: Alerts would mistakenly still send recurring notifications after a project had been deleted. This would occur for up to 30 days after the project deletion, after which the project would get truly removed from the back-end database tables.
      • Bug fix: When adding the left/middle/right Slider labels via the Online Designer, it would mistakenly not save the labels correctly in certain circumstances, thus causing the middle label to become the right label if a left label is not defined, for example. (Ticket #74198)
      • Bug fix: When enabling an instrument as a survey in the Online Designer, if the user clicks on the "Set Up My Survey" tab at the top of the "Survey Settings" page, it will mistakenly cause the survey settings not to get saved properly when the user is enabling an instrument that is not the first instrument in the project. (Ticket #74085)
    • Version 9.4.1 - (released 11/15/2019)

      BUG FIXES & OTHER CHANGES:

      • Improvement: A custom email “display name” can be set for the email sender when sending an email for Alerts & Notifications, the Survey Email Confirmation option on the Survey Settings page, and when sending survey invitations via Automated Survey Invitations, via the Participant List, or via the Compose Invitation option on a data entry form.
      • Improvement: The email “display name” for most outgoing emails is now automatically populated and thus is able to be displayed in the recipient’s email client. Previous versions did not use the display name but left it blank for outgoing emails. For user requests that are triggered by users, such as production change requests, API token requests, etc., the user’s first and last name from their My Profile page will be used automatically as the display name in those emails. For emails originating from REDCap administrators that are automated by the system, the email display name will the “Name of REDCap Administrator” setting (from the General Configuration page) or else the “Contact name to display on Home page” (from the Home Page Configuration page), which is dependent upon the type of email being sent.
      • Improvement: New system-level setting “Suppress usage of the Universal FROM Email address for specified email domains” on the General Configuration page - If the setting “Universal FROM Email address” is enabled for the system, then the Universal FROM Email address will be used for all outgoing emails. But if one or more domain names (e.g., vanderbilt.edu) are specified for “Suppress usage of the Universal FROM Email address for specified email domains”, then the Universal FROM Email address will NOT be used for any outgoing emails in which the FROM/sender's email address matches one of those domains. Instead the FROM/sender's email address will remain as-is.
      • Improvement: The module/plugin method REDCap::email now has new parameters that can be passed to it: BCC, FromName, and Attachments. The parameter BCC represents the email address of someone being BCC'd on the email (if using more than one email address, they must be separated by commas and/or semicolons). The parameter FromName represents the sender's email display name that will be displayed in the recipient's email client next to the sender's email address (e.g., "Rob Taylor"). And the parameter Attachments should be an array of one or more file attachments, in which the array keys will represent the file name as seen in the email client and the corresponding array values will represent the full file path of the attachment file on the REDCap server. A new example is provided on the "Developer methods for Plugins, Hooks, & External Modules" page to illustrate how to use these new parameters.
      • Minor security fix: An SQL Injection vulnerability was found on the File Repository page, in which a malicious user could potentially exploit it by manipulating the query string of certain HTTP requests utilized within that page.
      • Bug fix: When adding an attachment file for an Alert, it would mistakenly not attach the file to the outgoing notification if the file's size exceeded 3 MB. It now correctly allows the attachment file size no greater than the smallest of the following two values: 1) the maximum allowed file size of attachment files in the current REDCap installation (as defined in the Control Center), or 2) the typical maximum attachment size for most email clients, which is 10 MB. (Ticket #67970)
      • Bug fixes and changes for the REDCap External Module Framework
      • Bug fix: If using a File Upload field as an Alert's email attachment, the file would mistakenly fail to get attached to the outgoing email notification. Bug emerged in REDCap version 9.4.0 (Standard).
      • Bug fix: When performing a CSV data export of a report in a project that contains many records (e.g., tens of thousands), in which the report has some filters defined, it might mistakenly produce a CSV file that with no headers on the first line, but instead the first line of the CSV file would be blank.
      • Bug fix: When performing a JSON data export of a report in a project that contains many records (e.g., tens of thousands), in which the report has some filters defined, it might mistakenly produce invalid JSON that has two or more commas separating some records (instead of just a single comma).
      • Bug fix: When downloading the PDF of an instrument with data, if the PDF includes a repeating instrument/event, it might mistakenly only display the first repeating instance in the PDF or might not display any repeating instances at all. (Ticket #73478)
      • Bug fix: When using a Data Quality rule that has real-time execution enabled while the Data Resolution Workflow feature is enabled, if a discrepancy is found while submitting data on a data entry form, some wrong text would be displayed inside the popup dialog that displays the discrepancies. (Ticket #73449)
      • Bug fix: Seven "Vital Signs" fields and their associated LOINC codes were mistakenly missing from the field mapping page for Clinical Data Pull and Clinical Data Mart.
      • Bug fix: If an alert is set to "Send on next [X]" or "Send after lapse of time", it might mistakenly not send the very first notification if it is set to send multiple times as a recurring notification. However, it would still correctly send all recurring notifications after the first one (whether or not the first one sent). (Ticket #73663)
      • Bug fix: The Clinical Data Pull (CDP) informational popup on the Project Setup page was mistakenly missing some important information about the need for users to initially launch the embedded REDCap window inside their EHR before they may begin utilizing CDP.
      • Bug fix: When exporting a PDF of one or more instruments, it would sometimes not be able to output correctly the number representing the total pages in the PDF (e.g., the "9" when displaying "Page 1 of 9" at the top right). It would sometimes mistakenly display a strange rectangle character instead. Due to various technical limitations, this issue could not be corrected for all scenarios, so for the time being, the total page count (i.e. the text "of X" at the top right) has been completely removed from all PDFs. Thus it now only displays "Page 1", "Page 2", etc., at the top right rather than additionally displaying the total page count after the current page number. (Ticket #70886)
      • Bug fix: When entering data into a number-validated field on a survey while using a mobile device, it would mistakenly prevent the usage of the backspace key on the device's keyboard. Bug emerged in REDCap v9.4.0. (Ticket #73747)
      • Bug fix: When using Missing Data Codes in a project, and a checkbox field on a data entry form has a missing data code entered for it, in which that checkbox is set to be a "required" field, it would mistakenly display the "Some fields are required" prompt for that field. (Ticket #73700)
      • Bug fix: When using Missing Data Codes in a project, and a datetime field on a data entry form is used in the calculation of a calculated field on that same page, it would mistakenly append a space+"0" to the datetime field's value when selecting a missing data code for that field, thus causing the data not to save correctly for the datetime field after clicking a Save button to save the form. (Ticket #73698)
      • Bug fix: Data Quality rule F might return false positives or might not return some discrepancies for fields that exist on repeating instruments or repeating events in which those fields' branching logic contains Smart Variables. (Ticket #72025, #73543)
      • Bug fix: A JavaScript error occurs on a survey when deleting the file for a File Upload field, in which it might cause branching logic on the page not to be triggered after the file deletion if any fields on the page have branching logic that utilizes that File Upload field. Bug emerged in REDCap 9.4.0 Standard. (Ticket #73793)
      • Change: The icons for Project Bookmarks and Custom Application Links that are displayed on a project's left-hand menu have been updated as Font Awesome icons to match all the other icons on the menu.
      • Bug fix: If using WebDAV as the file storage method for uploaded files in REDCap, it would mistakenly return an error if any valid files that are 0 bytes in size were attempted to be uploaded and stored. (Ticket #73681)
      • Bug fix: If using the Universal FROM Email Address, it would mistakenly set the "Sender" (i.e., the "-f" sendmail parameter) as the real sender's address and not as the Universal FROM Email Address, which would cause emails not to send successfully for certain systems (e.g., AWS SES). Bug emerged in REDCap 9.4.0 Standard. (Ticket #73866)
      • Bug fix: If a survey title contains any HTML tags, those HTML tags would not transfer to the new project when creating a project from the Project XML file of the original project. (Ticket #73914)
      • Bug fix: When using Missing Data Codes in a project, if a File Upload field has a missing data code saved for it, it would mistakenly display a "Download" button for the field on reports and also would mistakenly output the text "[document]" in a CSV Raw or Labels export file. (Ticket #73907)
      • Bug fix: When using Missing Data Codes in a project, in which a user is exporting data containing missing data codes in CSV Labels format, it might mistakenly display the raw missing data code value for some field types instead of the label for the missing data code.
      • Change: The popup for displaying Project Notes on the My Projects page might not behave correctly under certain conditions. It is now displayed in a better format to avoid these issues. (Ticket #71813)
    • Version 9.4.0 - (released 11/07/2019)

      NEW FEATURES, BUG FIXES, & OTHER CHANGES:

      • New feature: Missing Data Codes (i.e., “Data Missingness” functionality)
        • Fields that have a blank/missing value may be marked with a custom 'Missing Data Code' to note why the value is blank. These missing codes may be used to aid in data analysis by specifying why a field lacks a value. Users may enable custom missing data codes at the project-level in the Additional Customizations popup on the Project Setup page. The missing codes should be coded just like the choices of a multiple choice field with code + comma + label, in which the codes can only have letters, numbers, dots, dashes, and underscores (e.g., '-999, Not asked' or 'UNK, Unknown'). If no codes are entered, this feature will remain disabled. After missing data codes have been set up in a project, you will see an 'M' icon next to each field when viewing a data entry form. Click the icon to open your list of missing data codes, and select one. Once selected, it will save the missing code as the literal data value for the field. Missing data codes can be used for any field type (e.g., date, slider, file upload fields).
        • If utilizing missing data codes, the functionality will be enabled on all fields by default, and the code will be saved as the literal data value for the field.
        • New action tag @NOMISSING can disable the missing data option for a given field
        • Behavior with branching logic – If a field should be hidden by branching logic, REDCap will ask the user (except on surveys) if they wish to delete the value of the field being hidden. But if the field has a missing data code saved for it, it will still hide the field but will not remove the missing data code as the field’s value. This allows a field to still be “blank” and have a missing code while being hidden by branching logic.
        • New isblankormissingcode() function for branching logic, logic, and calculations - Returns a boolean (true or false) if the field value is blank/null/"" or if the value is a Missing Data Code, in which Missing Data Codes have been explicitly defined in the project on the Project Setup page under Additional Customizations. E.g. isblankormissingcode([age]), in which if "age" has a value of "UNK" (which might be a Missing Data Code in a project), then it will return TRUE. And if the field has any non-blank/non-null value that is also not a Missing Data Code, it will return FALSE.
        • Missing data codes can be imported via API, Data Import Tool, or REDCap::saveData (for plugins/hooks/modules)
        • All the missing data codes are displayed for reference at the top of the Codebook page
        • When creating/editing a report, a new option exists under the “Addition report options” section: “Display any Missing Data Codes in place of blank values (where applicable)”. This option will allow users (based on their preference) to show or not show the Missing Data Codes (if they have been saved for any field in any record) in the report or export.Note: In PDF exports of data collection instruments, any Missing Data Codes will be represented as blank values in the PDF.
        • Changes for Data Quality Rules
          • DQ rule A and B (for finding blank values) will continue to return only truly blank values and thus will not return fields with missing data codes saved as the value.
          • New rule - DQ “Rule I (Fields containing missing data codes)” has been added as a new rule for specifically finding fields with missing data codes saved as the value.
          • DQ rule F (Hidden fields that contain values) will ignore fields that have a missing data code saved as the value because it is allowable for such fields to be hidden by branching logic while still maintaining a missing data code as a value.
    • Improvement: If the Clinical Data Mart has been enabled for the system, the Control Center's System Statistics page now lists the following stats related to Data Mart under the "Modules Utilized" section: 1) Records with data values imported via Data Mart, and 2) Projects with data values imported via Data Mart.
    • Improvement/change: If a user is viewing a data entry form that has been enabled as a survey and then clicks "Compose survey invitation" in the survey options at the top right of the page, if they compose and send an invitation that is marked to be sent "Immediately", it will display a popup to inform the user that it is recommended that they leave the page very soon before the respondent has a chance to enter any data on the survey page. This is done because if the respondent begins entering data on the survey immediately after receiving the invitation, and then the user (while still viewing the data entry form) saves the form, the user could unwittingly erase the respondent's data values that were just entered.
    • Change: When enabling the Twilio telephony services in a project, REDCap no longer performs a check to ensure that Twilio's "Request Inspector" feature is disabled. Due to technical issues with not being able to automatically disable the Request Inspector via Twilio's API for some REDCap server configurations, REDCap no longer forces the Request Inspector to be disabled but instead provides text to inform users during the Twilio setup process that it is *highly* recommended that they disable the Request Inspector manually in their Twilio account (especially if collecting identifying information) and provides information on where/how to do such.
    • Change: REDCap now utilizes PHPMailer for all emails sent out.
    • Improvement/change: If the Universal “From” Email Address option is being utilized for the system, the sender’s email address now gets set as the Display Name in the email received. In previous versions, no Display Name is ever set for outgoing emails. So instead of the recipient only seeing that the sender is no-reply@vumc.org (assuming this to be the catch-all universal address, for example), it instead will appear to be from “joe.user@gmail.com <no-reply@vumc.org>. This is an improvement because it provides the recipient with more context with regard to who the sender is.
    • Bug fix: When editing a field in the Online Designer, if the field contains a backslash (\) in any field attribute, such as field label, note, annotation, etc., it would mistakenly replace it with two or three backslashes when displaying the field's attributes in the Edit Field popup dialog. (Ticket #73203)
    • Bug fix: When the API method "generateNextRecordName" is called, it would return a fatal PHP error and mistakenly not complete the API request. (Ticket #73143)
    • Bug fix: When exporting the Project XML file for a project that contains a "Dynamic Query (SQL)" field, there is a chance that the choices of the SQL drop-down field might contain identifying information (e.g. PHI) - depending on the query - and thus might output that identifying information in the metadata of the resulting Project XML file, which might bypass user privileges with regard to data exports. To prevent this possible issue, any SQL fields contained in Project XML files will have all their options removed from the XML file. (Ticket #73126)
    • Bug fix: A user whose REDCap account is suspended could mistakenly load the Clinical Data Pull (CDP) page when launched as an embedded page inside the EHR. However, the user would not be able to access any CDP projects and would not be able to add any EHR data to them.
    • Bug fix: If a data collection instrument was previously set as a repeating instrument or was part of a repeating event, then if data was collected on multiple repeating instances of the instrument, and then the instrument was set to no longer be repeating, viewing that instrument afterward might mistakenly cause some data from the now-orphaned repeating instances to be displayed as data values for the fields on the instrument, thus possibly causing the data values for instance #1 to get overwritten if the instrument was then saved.
    • Bug fix: When a multiple choice field is opened for editing in the Edit Field popup on the Online Designer, it might mistakenly display a space at the beginning of each choice in the "Choices" text box (with the exception of the first choice). However, this would not affect how the choices would be displayed on a data entry form or survey.
    • Bug fix: When not currently using "Table-based" or "LDAP & Table-based" authentication in which a user had previously been created as a Tabled-based user, it would mistakenly display the "Reset Password" button option for the user when viewing their account on the Browse Users page in the Control Center. This button is not applicable and thus should not be displayed.
    • Bug fix: If the Universal "From" Email Address option is being utilized for the system, any alerts that have notifications sent out will mistakenly have the Universal "From" address (rather than the true sender that is defined in the alert) as the "from" address listed in the "View Notification" dialog in the Notification Log.
    • Bug fix: If a user is modifying a calc field's equation via the Online Designer, in which certain Smart Variables are used in the calculation, then when the user attempts to save the edited calc field, it would prevent them from doing so and would display an erroneous error message saying that the calculation is not syntactically valid. And if the user is an administrator, it would allow it to be saved but would mistakenly display the error message.
    • Version 9.3.8 - (released 11/01/2019)

      BUG FIXES & OTHER CHANGES:

      • Improvement: When using the CDIS services Clinical Data Pull and Clinical Data Mart, users may now import medications with statuses other than “active”, such as “stopped”, “on-hold”, and “completed” medications. (Previous versions only imported “active” medications.) In CDP, these have been added as three new fields that can be mapped on the project mapping page. In Data Mart, medications with any of the four statuses now get imported into the Medications repeating instrument, and a new field named “Medication status” was added to the Medications instrument to store the status value for each medication.
      • Bug fix: If values of different data types/lengths are being used in the datediff() function, it might return incorrect or unexpected results. Instead, it will now consider both parameters as the same data type (as being both dates, both datetimes, or both datetimes w/ seconds) as determined from the length of the longest parameter value when datediff() is processing the calculation. For example, if the values "2019-10-02" and "2019-10-03 12:00:00" are being used in a datediff() with "h" units, it will thus consider the first value as equivalent to "2019-10-02 00:00:00" and thus return a value of "36".
      • Bug fix: When completing a Twilio-enabled survey as either an SMS survey or Voice Call survey, it would mistakenly not trigger any Alerts & Notifications. (Ticket #72159)
      • Bug fix: When creating a new Alert in a project that does not have an Alerts yet, the drop-down list for the "Send on next..." option in Step 2 in the Alert popup would mistakenly be empty with no options to choose. (Ticket #72816)
      • Bug fix: When using the Data Search feature in a project containing more than 20,000 records, in which the Record ID field is selected by default in the drop-down list when the page loads, it would still mistakenly search for the entered term across all fields in the project rather than just across the Record ID field if the user did not change the selected field in the field drop-down list.
      • Bug fix: When using the email domain whitelist while adding a new Table-based user that has an email address that is valid for the email domain whitelist but is not in the exact same case (e.g. "gmail.com" vs "Gmail.com"), then it would mistakenly set the user's email address to a blank value when creating their account, which would cause their password-reset email not to be sent to them. (Ticket #72822)
      • Bug fix: When downloading a file via Send-It, in which the filename contains a comma, some web browsers might throw an error, thus preventing the user from successfully downloading the file. (Ticket #72538)
      • Bug fix: When viewing an embedded audio file for a Descriptive field on a survey or data entry form, it would mistakenly cut off part of the audio controls when being viewed in Internet Explorer. (Ticket #71532)
      • Bug fix: When using the Publication Matching module in the Control Center, it might mistakenly get rate-limited by PubMed due to too many requests in a small amount of time, thus causing emails to be sent out mistakenly to PI's with 0 publications. It now waits a little longer between requests to PubMed to prevent this. (Ticket #58322)
      • Bug fix: If an administrator does not have the user account option checked for "Allow this user to create or copy projects?", it would mistakenly not allow them to create or copy projects. Administrators should always have this privilege, which overrides their account level setting. (Ticket #72288)
      • Bug fix: Four LOINC labs were mistakenly missing from the field mapping page for Clinical Data Pull and Clinical Data Mart.
    • Version 9.3.7 - (released 10/25/2019)

      BUG FIXES & OTHER CHANGES:

      • Improvement: Major performance improvement when loading the Participant List page for projects with surveys. For projects with thousands of records or more, this page should be significantly faster.
      • Improvement: Performance improvement for record searching on the "Add/Edit Records" page when entering part of a record name in the "Enter a new or existing [Record ID]" text box. For projects with thousands of records or more, this functionality should be much faster.
      • Improvement: Performance improvement for projects using record auto-numbering, in which the process of generating the record name of the next potential record is much faster, especially for projects with many records.
      • Change: The "Data Search" feature on the "Add/Edit Records" page will no longer allow users to search over "All fields" if a project contains more than 20,000 records. This is done for performance reasons so that it does not bog down the database server.
      • Bug fix: When exporting a report for a project that has lots of records (~10k+) and also has repeating instruments/events enabled, then if the report contains one or more sort fields in Step 4 (other than the Record ID field), then the report might not properly sort the resulting data or it might mistakenly have some rows of data missing in the resulting data. Note: This does not affect reports but only data exports. Bug emerged in REDCap 9.3.6.
      • Bug fix: Data Quality rule F might return false positives for fields that exist on repeating instruments or repeating events in which those fields' branching logic contains Smart Variables. (Ticket #72025)
      • Bug fix: When using Automated Survey Invitations (ASIs) in a project where a given ASI should be triggered for Instrument B when an instrument/survey (Instrument A) is completed, if a survey invitation for Instrument B has already been scheduled to be sent via the ASI, and then a user sets Instrument B's Form Status as "Complete" on the data entry form (as opposed to completing it as a survey or by setting it as complete by clicking the "Save & Mark Survey as Complete" button on the data entry form), then it would mistakenly not delete the invitation scheduled for Instrument B. (Ticket #71902)
      • Change: When creating a new Clinical Data Mart project, all the text fields for labs and vital signs values no longer have number validation on them. The field validation has been removed in order to handle some of the newer non-numerical data types that might be output by FHIR for labs and vitals.
      • Bug fix: If a project's record count has not been pre-calculated and stored in the redcap_record_counts database table, then a user imports some records, and then they navigate to a page that displays the record count but does not display a list of records (e.g., Project Home Page), the record count might get mistakenly out of sync and report the wrong number of records in the project until it is reset at some point in the future.
      • Bug fix: If a calculation or branching logic references a checkbox field on another instance of a repeating instrument/event, it might mistakenly display an error saying that there is an error with the calculation or branching logic, respectively.
      • Bug fix: When an Alert is triggered in a project, immediately after the notification gets sent, the REDCap script would halt suddenly with a PHP error that says "An unknown error has caused the REDCap page to halt...". This would only occur on certain web server configurations, especially those using a secure SSL/TLS connection to the MySQL database server. (Ticket #72412)
      • Bug fix: If hosting REDCap on Google App Engine, it might mistakenly not send all emails if several emails are being sent in a batch by a single request.
      • Bug fix: When using the Clinical Data Mart, if a user had no privileges to run a Data Mart revision multiple times, then the warning "You can not run this revision" warning might mistakenly be displayed to the user even if the revision had never been run.
      • Bug fix: Users could mistakenly upload a data dictionary that contains a Matrix Group Name with trailing spaces, which would be accepted during the upload but would cause issues when trying to modify the matrix via the Online Designer.
      • Bug fix: If a calculated field's equation references fields that exist on repeating instruments/events that do not yet have any data in them, then the calc field might mistakenly display an error message on the data entry form or survey page when trying to perform the calculation. This mostly occurs when the field(s) being referenced exist outside of the current event being viewed. (Ticket #64805)
      • Bug fix:When exporting a PDF of one or more instruments with saved data,if all fields in the final section of an instrument have branching logic,then on certain occasions the section header immediately preceding that final section might mistakenly get displayed in the PDF when instead it should not.(Ticket#71134)
    • Version 9.3.6 - (released 10/11/2019)

      BUG FIXES & OTHER CHANGES:

      • Improvement: Performance improvement for large data exports that might have previously taxed the REDCap servers or might have failed to complete altogether for some large projects. An internal auto-batching mechanism is now utilized to limit the performance hit to the servers (both database and web server) when exporting large quantities of data (via API or user interface) in order to improve the user experience and to prevent REDCap processes from using up too many server resources. Note: This does not necessarily mean that data exports will be faster; in fact, some exports might be slightly slower as a means of preserving server resources used by REDCap processes.
      • Improvement: Performance improvement for when REDCap is generating the record list cache for a project, especially for projects with Data Access Groups. For each project, REDCap maintains a record list in a database table that is used throughout a project. This record list improves overall performance, especially for large projects. Every few days the record list cache is automatically rebuilt internally. The process of rebuilding the record list is now more efficient, faster, and less error-prone than in previous versions.
      • Improvement/change: The Codebook now denotes if an instrument is enabled as a survey, in which it is noted immediately to the right of the instrument name.
      • Minor security fix: A Cross-Site Scripting (XSS) vulnerability was discovered on survey pages, in which a malicious user could potentially exploit it by manipulating the URL on the page as a means of injecting JavaScript into a calculated field on the page.
      • Change: Users will no longer be allowed to display all pages of a report (by selecting “ALL” from the report’s page selection drop-down list) if it has been determined that such a report would display more than 500,000 data points (i.e., table cells) on the report page. This is to help prevent users from causing performance degradation to the REDCap server and also to improve user experience (assuming the page would take a very long time to load and might even cause the user’s web browser to crash).
      • Bug fix: When using a survey theme, the "Save signature" button in the popup for a Signature field would always be displayed as blue rather than conforming to the survey theme.
      • Bug fix: Stats for Clinical Data Pull projects were not being reported successfully when an institution reports its REDCap stats.
      • Bug fix: The System Statistics page in the Control Center was still saying "Dynamic Data Pull" instead of "Clinical Data Pull".
      • Bug fix: For projects containing Data Access Groups, the record list might get out of sync and mistakenly not display some records or record-DAG assignments properly if the project has a large number of records (e.g., >5000).
      • Fixes and updates to the External Module Framework
      • Bug fix: The collapse functionality was not working correctly for the tables displayed on the REDCap Mobile App page under the “App Data Dumps” tab.
      • Change: If any projects have enabled both the Randomization module and the Double Data Entry module together in the same project, it now displays a warning at the top of the Project Home page to inform the users that these two are not compatible with each other and thus might cause various issues if used together in the same project.
      • Bug fix: The cron job for Alerts & Notifications might mistakenly put the wrong notifications stuck in a "sending" state, in which some might never send.
      • Change: Added new database table indexes for improved performance.
      • Bug fix: If a longitudinal project contains a Custom Record Label whose fields are not prepended with a unique event name, it might mistakenly not display the Custom Record Label correctly in some contexts, such as the Record Home Page. Bug emerged in 9.1.14 LTS and 9.3.5 Standard. (Ticket #71812)
      • Improvement/change: The API method "Export Project Info" now includes a new attribute named "external_modules", which will output a comma-delimited list of all External Modules that are enabled in that project. Note: It will include only the unique module name (not the module title or module version).
      • Bug fix: The redcap_connect.php file was mistakenly not setting the database collation_connection and charset settings immediately after the database connection has been established. It has now been updated to include this. Note: The previous version also had this similar change, but this fix addresses something else that didn’t get completely done in the previous release.
      • Bug fix: For Alerts & Notifications, if an alert is set to "send immediately" and "every time the form/survey is saved", then a user uploading a file for a File Upload field on that form when the form is already complete would mistakenly cause the notification to be sent (meaning that the alert is triggered by the upload itself and not by the form being saved via clicking the Save button). (Ticket #70650)
      • Change: The drop-down record list near the top of the Data Quality module now only displays the first 10,000 record names for projects containing more than 10,000 records. This is to prevent excessive load on the server and also to prevent the user's browser from crashing for very large projects.
    • Version 9.3.5 - (released 10/3/2019)

      BUG FIXES & OTHER CHANGES:

      • Improvement: If the "File Upload field enhancement: Password verification & automatic external file storage" setting has been enabled in a project, then when a user attempts to delete a file for a File Upload field (including the deletion of older revisions for that field), it will provide a text box in the "Delete file?" popup in order to allow the user to optionally provide a reason for why they are deleting the file (if they wish), after which this reason will be logged on the Logging page.
      • Improvement: The bottom of the "Clinical Data Interoperability Services" page in the Control Center has a new setting "Allow the patient's email address to be imported from the EHR?". It is initially set to "No", but if changed to "Yes", it will display the "email address" field in the field mapping tree for both Clinical Data Pull and Clinical Data Mart, thus allowing users to import a patient's email address into REDCap, if they desire. Previous versions of REDCap did not allow the patient email address to be imported. (Ticket #70967)
      • Bug fix: When exporting and importing a Project XML file of a REDCap project that contained slider fields with slider labels, the slider labels would mistakenly not get preserved in the new project created from the Project XML file. (Ticket #60742)
      • Bug fix: The CDIS services (Clinical Data Pull, Clinical Data Mart) were only utilizing the valueQuantity attribute in FHIR for lab values and were mistakenly ignoring other FHIR attributes that might be available, such as valueCodeableConcept, valueString, valueRange, valueRatio, valueSampledData, valueAttachment, valueTime, valueDateTime, valuePeriod. This means that some data from the EHR might appear not to import into REDCap because REDCap was not looking for them in the correct place. These other FHIR attributes, while used far less than valueQuantity, are still possible places where data may be retrieved. CDP and Data Mart now both check these attributes when extracting FHIR data from an EHR. (Ticket #70325)
      • Bug fix: Smart Variables would mistakenly not work when used in the conditional logic of a survey in the Survey Queue. (Ticket #70640)
      • Bug fix: Certain Smart Variables (e.g., current-instance) would mistakenly not work when used in the Custom Record Label. (Ticket #71051)
      • Bug fix: When exporting and importing a Project XML file of a REDCap project that contained reports and report folders, the reports might mistakenly not get assigned correctly into their respective report folders in the new project created from the Project XML file. (Ticket #70986)
      • Bug fix: Data Quality rule F might return false positives for fields that exist on repeating instruments or repeating events in which those fields' branching logic contains Smart Variables. (Ticket #71211)
      • Bug fix: A single LOINC lab was mistakenly missing from the field mapping page for Clinical Data Pull and Clinical Data Mart.
      • Bug fix: If an alert has an "alert expiration" time set, then the Notification Log would mistakenly display projected send times that exist beyond the expiration time for any recurring notifications on that alert.
      • Bug fix: If a custom Data Quality rule contains logic that references values in repeating instruments or repeating events, it might not return valid discrepancies in its results or might return false positives. (Ticket #70868)
      • Change: Updated phpmailer library to version 6
      • Bug fix: The record list might get out of sync and mistakenly not display some records or record-DAG assigments properly if the record list cache has not completed while users are importing new records via API, Mobile App, or Data Import Tool.
      • Bug fix: The redcap_connect.php file was mistakenly not setting the database collation_connection and charset settings immediately after the database connection has been established. It has now been updated to include this.
    • Version 9.3.4 - (released 9/25/2019)

      BUG FIXES & OTHER CHANGES:

      • Major bug fix: If a user is importing data via the API into a locked instrument, it might mistakenly allow the data to be modified. It should not allow data to be modified once an instrument is locked. Bug emerged in REDCap 9.1.6 (LTS) and 9.2.3 (Standard).
      • Minor security fix: A Cross-Site Scripting (XSS) vulnerability was discovered on the "Customize & Manage Locking/E-signatures" page, in which a malicious user could potentially exploit it by manipulating the Lock Record Custom Text values on the page in a very specific way.
      • Minor security fix: A Cross-Site Scripting (XSS) vulnerability was discovered on the "Alerts & Notifications" page, in which a malicious user could potentially exploit it by manipulating an alert's email subject in a very specific way.
      • Improvement: On the Survey Settings page, the "Redirect to a URL" option now allows the Smart Variable [survey-url] to be used - e.g., [survey-url:other_survey]. (Ticket #70613)
      • Change: If the "Name of REDCap Administrator" setting is set to something other than blank/null on the "Edit a Project's Settings" page in the Control Center for a given project, then the blue button on the project's left-hand menu will have the button text as "Contact X" (where X is the name entered) rather than the hard-coded text "Contact REDCap Administrator". (Ticket #70799)
      • Bug fix: If a user that is not an administrator copies a project with some External Modules enabled and clicks the option to copy “all settings for External Modules”, it would result in a fatal error and not copy the project successfully.
      • Bug fix: When using a survey theme, the "Upload file" button in the popup for a File Upload field would always be displayed as blue rather than conforming to the survey theme.
      • Bug fix: When using the Publication Matching module in the Control Center, it might mistakenly get rate-limited by PubMed due to too many requests in a small amount of time, thus causing emails to be sent out mistakenly to PI's with 0 publications. It now waits a little longer between requests to PubMed to prevent this. (Ticket #58322)
      • Bug fix: When uploading an allocation table as a CSV file on the Randomization module's Setup page, if the CSV file is UTF-8 encoded and contains a BOM (Byte Order Mark), then it would mistakenly display an error and prevent if from being uploaded. (Ticket #70808)
      • Bug fix: If the Secondary Unique Field is enabled and also contains an @DEFAULT action tag, then it could mistakenly allow that default value to get saved across multiple records (rather than enforcing it as unique). In this scenario, it now auto-checks the default value when the form/survey is immediately opened to prevent the possibility of that default value not getting checked. (Ticket #70775)
      • Bug fix: If a calculated field contains a colon inside its equation, then when exporting the project's data dictionary or Project XML file and reimporting them, it would mistakenly remove all colons inside the calc field's equation. (Ticket #56279)
      • Bug fix: The "Compare" button on the Data Comparison Tool might not display correctly or might fail to function if using a non-English language for the project. (Ticket #70871)
    • Version 9.3.3 - (released 9/11/2019)

      BUG FIXES & OTHER CHANGES:

      • Major bug fix: Some code in the External Modules Framework was not compatible with PHP 5.5, thus causing every page to crash after installing or upgrading to REDCap 9.1.11 (LTS) or 9.3.2 (Standard Release). (Ticket #70186)
      • Bug fix: When using the Clinical Data Pull or Clinical Data Mart to import EHR data into a REDCap project, in certain situations a valid FHIR access token stored in the REDCap database might mistakenly get deleted, thus it would no longer be usable by the user to which it belonged.
      • Bug fix: When surveys are embedded in iframes in certain web pages, then File Upload fields might not work on the survey. Bug emerged in REDCap 9.3.0.
      • Bug fix: If deploying REDCap on Microsoft Azure using Azure Quick Start, for certain configurations the REDCap cron job might crash unexpectedly and then cause normal REDCap pages not to load, resulting in a fatal PHP error. (Ticket #70090)
      • Bug fix: If values from fields are piped into the choice labels of drop-down fields in a project, then when downloading the PDF of that instrument with data, it would mistakenly not pipe the data into the choice labels but just display the field variable names in the PDF. (Ticket #70080)
    • Version 9.3.2 - (released 9/5/2019)

      BUG FIXES & OTHER CHANGES:

      • Improvement: The "Cancel" button on data entry forms now displays a confirmation prompt after being clicked to ask the user if they truly wish to cancel and lose all their changes. (Ticket #22360)
      • Bug fix: When using the Twilio telephony module for sending survey invitations while also using Automated Survey Invitations, if the ASI has "Participant Preference" as the invitation type, then if a record is being created on a survey page or data entry page, in which it immediately triggers the ASI to be scheduled/sent, it would mistakenly send the invitation via email rather than via the participant's preferred delivery method. And if those participants do not have an associated email address, then the invitation would simply fail to send, as noted in the Survey Invitation Log.
      • Bug fix: After uploading a file for a File Upload field on a form or survey, it might mistakenly display the text "lang_send_it" rather than the text "Send-It" for the Send-It link on the field.
      • Bug fix: For specific PHP installations, the PHP function "cal_days_in_month" could not be found by the cron job and would cause the Automated Survey Invitation's Datadiff cron job to crash unexpectedly. (Ticket #69757)
      • Bug fix: If the "Universal FROM" email address is set for the REDCap installation, that email address would mistakenly not get used when sending Alerts & Notifications but would instead send the email with its "From" address as the same as the Reply-To address (i.e., the sender). (Ticket #69787)
      • Bug fix: Emails for Alerts & Notifications would mistakenly fail to send if hosting REDCap on Google Cloud's Google App Engine infrastructure.
      • Bug fix: When using Automated Survey Invitations (ASIs) in a longitudinal project with multiple ASIs where a given ASI has conditional logic and is also set to be triggered off of the completion of another survey, although the ASI might get correctly triggered when a survey is completed, it might mistakenly not get triggered when that same survey is completed as a data entry form (with its form status set as "Completed", which should be equivalent to the survey being completed with regard to ASI conditions). (Ticket #69539)
      • Bug fix: Some English language phrases were mistakenly not translated with regard to certain actions related to uploading files for File Upload fields. (Ticket #69117)
      • Bug fix: When viewing the Project Revision History page for a production project, it might mistakenly not say "Approved Automatically" for some revisions that were approved automatically, thus creating some confusion and making it appear as if the user approved their own request, which is not true. (Ticket #69825)
      • Change: When a user copies a project that has Double Data Entry enabled, it will no longer have Double Data Entry enabled in the new project by default but instead will require that an administrator enable it for that new project.
      • Bug fix: For Alerts & Notifications, if an alert is set to be sent "just once" and is not set to "send immediately", then after the email notification has been scheduled and then sent, saving the record again would mistakenly cause the alert to get scheduled again, thus resulting in unwanted duplicate notifications to the recipient. This would not occur unless the record was modified after a previously-scheduled notification had already been sent.
      • Bug fix: If a multiple choice field contains a choice label containing "<$", such as "1, <$20", then it might cause all following choices for that field to be truncated and not displayed when viewing an exported PDF of the data entry form.
    • Version 9.3.1 - (released 8/29/2019)

      BUG FIXES & OTHER CHANGES:

      • Improvement/change: When an administrator is reviewing the email from a user requesting to have a project deleted (via a button click on the Other Functionality page for production projects), the email subject now includes the project ID (PID) to allow admins to track emails for projects more easily and not get them confused with one another.
      • Bug fix: When using the Data Resolution Workflow in a project, users on the Resolve Issues page would not be able to utilize the filter drop-downs in the table due to a JavaScript error.
      • Bug fix: If using the Twilio telephony services when REDCap's authentication is set to "Shibboleth", it would mistakenly not be possible to initiate a voice call via SMS, such as when sending an SMS for a public survey, in which the SMS says to reply back in order to begin a voice call. (Ticket #68974)
      • Bug fix: Some English language phrases were mistakenly not translated with regard to certain actions related to uploading files for File Upload fields. (Ticket #69117)
      • Bug fix: When importing data (via Data Import Tool or API) into a repeating instrument in a classic/non-longitudinal project, it would mistakenly allow the import to complete successfully even when the "redcap_repeat_instrument" field is missing from the import file, in which it could erroneously add duplicate rows of the data in the database back-end (rather than updating the existing values already in the database). It now correctly returns an error in this case if the "redcap_repeat_instrument" field is missing or blank when importing data for a repeating instrument.
      • Bug fix: When importing data (via Data Import Tool or API) into a repeating instrument or repeating event, in which the form complete status field is not included in the import data set, the form status would not get appropriately logged when it gets automatically added to the database back-end.
      • Bug fix: When importing data (via Data Import Tool or API) into a repeating instrument or repeating event, if the record does not already exist in the project, it might mistakenly not add the record ID field value to the database back-end during the import process, thus causing the record to appear not to exist (or to have no data) on certain pages in the project, such as the Record Status Dashboard.
      • Bug fix: When exporting data via the API "Export Records" method with type=eav for a project with repeating forms/events, it would mistakenly not order the values for a given record according to the repeating instance number but would instead mix up all the instances' values within that record without any order. (Ticket #69190)
      • Bug fix: When the content size of a POST request on the REDCap web server exceeds PHP's "post_max_size" setting, in the error message displayed it mistakenly reports the post_max_size in Bytes rather than in MB, which is inaccurate and confusing. (Ticket #69352)
      • Bug fix: When creating/modifying a report on the "Data Exports, Reports, and Stats" page and using a certain web browser (e.g., Safari, IE), users would mistakenly not be able to click inside the text fields in Step 2 where it says "Type variable name or field label". (Ticket #68312)
      • Bug fix: Some survey links might mistakenly still work and load the survey page, even though their respective instrument or event has been deleted in the project. (Ticket #66810)
      • Bug fix: On the Survey Settings page in a project, if the setting "Allow survey respondents to view aggregate survey results after completing the survey?" is enabled, and then the user attempts to add a URL to the "Redirect to a URL" setting but mistakenly enters an invalid URL, the user might get stuck in a popup loop where it is impossible to close both of the popups that appear on the page, thus forcing them to have to reload the page and lose anything they had set. (Ticket #67096)
      • Bug fix: If a checkbox field exists on a repeating instrument, and that instrument contains either branching logic or a calculated field that references the checkbox field on another instance of that instrument (e.g., "if ([mycheckbox][previous-instance] = '1', ..., ...)"), then when the instrument is saved, it could cause any checked checkboxes from *other* repeating instances to get saved for the current instance. (Ticket #69199)
      • Fixes and updates for the External Modules Framework
    • Version 9.3.0 - (released 8/15/2019)

      NEW FEATURES, BUG FIXES, & OTHER CHANGES:

      • New feature: File Version History for File Upload fields (project-level setting)
        • This feature allows a new file to be uploaded onto a File Upload field that already has a file uploaded for it. If a file has already been uploaded, the field will have a new link “Upload new version”, and after being clicked, it will allow the user to upload another file without having to delete the existing one. The old/existing file will not be deleted but will still be accessible as an older version of that file in the Data History popup (by clicking the “H” icon next to the field). Within the Data History popup, a user may view, download, or delete any existing version of the file that exists, in which all versions of the file will be displayed in a table format and listed in chronological order with regard to being uploaded.
        • “Import File” API behavior: When the File Version History feature is enabled for a project, and the “Import File” API method is used to import a file into a File Upload field that already has a file saved for it, the new file will overwrite the existing file but keep the existing file in the File Version History, thus not deleting it. This is different for projects that have the File Version History disabled, in which importing a new file will delete the existing file.
        • For all upgrades/installs, this feature will be enabled for the system and for all projects. It may be disabled for all projects by disabling the system-level setting, which is located on the Modules/Services Configuration page in the Control Center. Alternatively, it may be left enabled at the system level, and you may set it so that all new projects (created in the future) will have the feature enabled or disabled, which can be done on the Default Project Settings page in the Control Center. While this feature will be enabled by default for all projects, if you wish to disable it for all existing projects, then you may run the following SQL on the database after the upgrade: UPDATE redcap_projects SET file_upload_versioning_enabled = 0;
      • New feature: File Upload field enhancement: Password verification & automatic external file storage (project-level setting) - requires PHP 5.6.0
        • This feature allows users to utilize extra functionality regarding the use of File Upload fields in a project. It must first be enabled at the system level (at the bottom of the Modules/Services Configuration page in the Control Center). It is disabled by default for all projects, but users with 'Project Setup & Design' rights can enable it for a project in the Additional Customizations popup on a project's Project Setup page.
        • How it works: Any user that is uploading a file for a File Upload field on a data entry form or survey will be asked to confirm that the file is the correct file. And when on data entry forms specifically, it will additionally ask the user to enter their REDCap password as part of the verification process. Once confirmed, the file will successfully upload, and in addition to saving the file normally in REDCap, it will also store a duplicate copy of the file on a secure, external server using the configuration settings defined in the Control Center.
        • The connection to the external file server can be set up as WebDAV or SFTP, in which the details/credentials must be provided when enabling this system-level setting at the bottom of the Modules/Services Configuration page in the Control Center.
        • This feature may be utilized for projects wishing to adhere to certain regulatory compliance, such as 21 CFR Part 11 for FDA trials. Please note that enabling this feature does not make the feature or your REDCap installation automatically “Part 11 compliant”. It is assumed that if using this for Part 11 compliance that you have already gone through all the processes of documenting and validating your REDCap environment (or parts of it) to validate it as “Part 11 compliant” beforehand.
      • Improvement: The Control Center's left-hand menu now contains a text field for entering a project's PID (project ID), after which it will direct the user to that project. This provides a quick way of navigating to a project when you have the PID.
      • Improvement: The Data History Popup for File Upload fields now provides more detailed information, such as the filename of the uploaded file.
      • Improvement: When using the Clinical Data Mart feature and fetching data from the EHR, it now provides to the user a summary of all the types of data that were imported during the fetch and how many data points were imported for each category (e.g., Demographics, Medication Order).
      • Minor security fix: A Cross-Site Scripting (XSS) vulnerability was discovered on the Data Import Tool page, in which a malicious user could potentially exploit it by manipulating the CSV data import file in a very specific way and then uploading it on the page. Note: This issue does not occur for administrator accounts but only for regular users.
      • Minor security fix: Some SQL Injection vulnerabilities were found on the Calendar and Scheduling pages, in which a malicious user could potentially exploit them by manipulating the query string or POST parameters of an HTTP request.
      • Bug fix: When using the "Export Records" API method and using the dateRangeBegin and/or dateRangeEnd parameter with type=eav, then the dateRangeBegin and dateRangeEnd parameters would mistakenly get ignored in the request. This only occurs for "eav" type and not for "flat" type.
      • Bug fix: When using the Twilio telephony module for sending survey invitations while also using Automated Survey Invitations, if the ASI has "Participant Preference" as the invitation type, then in certain cases (but not all the time) it would mistakenly send the invitation via email rather than via the participant's preferred delivery method. And if those participants do not have an associated email address, then the invitation would simply fail to send, as noted in the Survey Invitation Log.
      • Bug fix: If any REDCap usernames contain a space (since spaces are allowed in Active Directory usernames), it would not be possible for administrators to view that user on the User Information page when selecting that user or searching for that user on the page. (Ticket #68259)
      • Bug fix: In the Alerts & Notifications module, if an alert is set to be triggered by conditional logic only and is set to send multiple times as a recurrence and also has the "ensure logic is still true" option checked, then if a notification gets scheduled when a user saves a data entry form or survey page (because the conditional logic becomes true) and then later on saves another form/survey, which causes the conditional logic to no longer be true, it would mistakenly fail to remove the recurring notification from the Notification Log. The notification does not get sent in the end, which is correct, but it is mostly confusing to the user because it remains in the Notification Log until that point.
      • Bug fix: When running REDCap on specific Windows server environments, email notifications might mistakenly not get sent via Alerts & Notifications. (Ticket #68696)
      • Bug fix: The Python example code generated in the API Playground for the "Import File" method contained an error.
      • Bug fix: Date fields and datetime fields would mistakenly not get sorted correctly in a report when clicking their header at the top of the report table. (Ticket #22139)
      • Bug fix: Some minor database transactions might mistakenly cause an InnoDB deadlock. This would not necessarily cause any performance problems but might be displayed as an error in the database log.
      • Bug fix: When the [survey-link] Smart Variable is piped into various settings (e.g., field label, ASI email, Alerts & Notifications email), if it has [first-event-name] or [last-event-name] prepended to it, it might mistakenly output a link that does not work because it has no value for the "href" attribute in the link's HTML. (Ticket #68697)
      • Bug fix: When using the Scheduling module and scheduling dates that traverse the Daylight Saving Time change in the Fall season, it could cause all generated dates that occur after the Fall DST change to be one day earlier than they should be. (Ticket #68944)
    • Version 9.2.5 - (released 8/1/2019)

      BUG FIXES & OTHER CHANGES:

      • Change: Minor changes to Clinical Data Mart
        • When creating a Data Mart project, it is now optional for a user to provide a list of MRNs when setting the initial Data Mart configuration. If some MRNs are provided, empty records containing only those MRNs will be automatically created/seeded in the project after the first Data Mart revision has been approved by an administrator.
        • After the first Data Mart revision has been approved, the MRN list on the Data Mart page will no longer be visible because the Fetch button will now fetch data based solely on the MRNs associated with records in the project (rather than using an MRN list from the configuration page, which was the case for older versions of Data Mart). So from this point on, the Data Mart will fetch data for ALL records in the project that have an MRN associated with it.
      • Bug fix: If a user is completing a survey by clicking the "Save & Mark Survey as Complete" button on a data entry form (as opposed to completing it on the survey page itself), it would mistakenly not delete any scheduled invitations/reminders for the survey that was just completed. This would cause confusion because the respondent would receive an invitation to a survey that had already been completed. (Ticket #67777)
      • Bug fix: If using both a project-level and survey-level survey invitation email field in a project, then in certain cases, such as if a record has a value the project-level email field but not for the survey-level email field, the Survey Invitation Log and Participant List might mistakenly not display the correct email address and might also not display the record name for a given invitation/participant. (Ticket #68046)
      • Bug fix: If an alert in a longitudinal project has File Upload fields as attachments, in which it is set to use the file for the "[Current Event]" (as opposed to a specific event in the project), then it might mistakenly fail to attach the file to the notification.
    • Version 9.2.4 - (released 7/26/2019)

      BUG FIXES & OTHER CHANGES:

      • Major bug fix: When attempting to send/schedule an email manually via the Participant List, it would mistakenly fail to do so and would note that "0" invitations were scheduled/sent. Bug emerged in REDCap 9.2.3 (Standard).
    • Version 9.2.3 - (released 7/26/2019)

      BUG FIXES & OTHER CHANGES:

      • Medium security fixes: Several SQL Injection vulnerabilities were found on certain pages related to the Mobile App, the API, Shared Library, Data Comparison Tool, and the Calendar, in which a malicious user could potentially exploit them by manipulating the query string or POST parameters of an HTTP request.
      • Major bug fix: Some pages related to the Calendar, such as the calendar popup and some background AJAX requests for setting calendar event attributes, were mistakenly not checking to ensure that the user had "Calendar" user privileges when accessing those pages. This was also true for the "Scheduling" module, in which no user privileges at all were being applied to any pages related to Scheduling. All pages related to Scheduling should have been applying the "Calendar" user privileges. They have been changed so that now all Scheduling pages are connected to "Calendar" user privileges, and the User Rights page now lists "Calendar & Scheduling" together as a user right option (only display "& Scheduling" for that item when the Scheduling module is enabled) to help re-enforce to the user that the same user rights are applied to both Calendar and Scheduling, which is how it was intended to behave originally.
      • Improvement: In a project with repeating instruments, the Record Home Page now displays a count of total instances of a given repeating instrument next to the instrument name in the tables of instances displayed at the bottom of that page.
      • Improvement/change: When an administrator is reviewing drafted production changes, the pre-filled "confirmation email" option on that page now includes the project ID (PID) in the subject of the email to the requester to allow admins to track emails for projects more easily and not get them confused with one another.
      • Bug fix: When performing a data import, in which the data import file contains many thousands of fields, it could cause the import process to crash unexpectedly and not finish because of a MySQL #2006 error due to some SQL queries being too long, which occurs when a query's length exceeds the MySQL "max_allowed_packet" setting. Many queries involved in the data import process have been modified to deal with the possibility of long queries being constructed. (Ticket #67401)
      • Bug fix: The Browse Users page might mistakenly display an internal SQL query on the page. (Ticket #66980)
      • Bug fix: All REDCap logos should have had the Registered Trademark symbol rather than "TM", according to the trademark owned by Vanderbilt University.
      • Bug fix: If date or datetime fields were used in a calculated field in a multi-page survey, in which the survey page containing the calculation is being skipped due to all fields on the page being hidden by branching logic or action tags, then it would mistakenly cause the date/datetime field's value to have its date format mangled and then saved in an incorrect format. (Ticket #67473, #67255)
      • Bug fix: For certain project setups that utilize a multi-page survey that has fields with branching logic referencing fields on repeating instruments, some pages of the survey might mistakenly get skipped if all the fields on the page have branching logic.
      • Bug fix: For certain project setups that utilize a multi-page survey that has fields with branching logic, some pages of the survey might mistakenly take an extremely long time to load if all the fields on the page have branching logic.
      • Bug fix: When editing a user role on the User Rights page in a project, users could mistakenly set a blank value as the role name, which would cause issues with being able to utilize it and even delete it. It now prevents users from setting a role name with a blank value. (Ticket #67636)
      • Bug fix: The Smart Variables [survey-time-completed] and [survey-date-completed] would mistakenly not work when referencing repeating surveys or surveys on a repeating event, in which an instance number or [X-instance] Smart Variable is appended to them (e.g., [survey-time-completed:followup][last-instance]). (Ticket #67636)
      • Bug fix: If a development project has some Alerts & Notifications set, and some records have been entered and have subsequently triggered some alerts, then if the project is moved to production, in which all records are kept and not deleted, then it would mistakenly delete everything in the Notification Log, including erasing all notifications already sent and erasing all recurring notifications that should be sent in the future. It should only delete the Notification Log if the user chooses to delete all records when moving the project to production.
      • Bug fix: If adding new table-based users in bulk via a CSV file on the "Add Users (Table-based Only)" page in the Control Center, if the user already exists in the system but is somehow not a table-based user (which can happen if using LDAP+Table authentication), then it would mistakenly convert that existing user to a table-based user and send them an email to set their password.
    • Version 9.2.2 - (released 7/19/2019)

      BUG FIXES & OTHER CHANGES:

      • Major bug fix: When using a Data Quality Rule with Real-time Execution enabled in a project with the Randomization module enabled, in which during the randomization process the DQ rule returns a discrepancy for one or more strata fields used in the randomization configuration, it would properly prevent the randomization process from occurring but would mistakenly remove that whole allocation row from the allocation table, which means that that particular randomization allocation could never be used afterward because it was permanently deleted. This could cause major problems for the project. (Ticket #67062)
      • Major bug fix: If a user has access to a project but does not have "File Repository" access in that project, then if they know how to manipulate certain URLs in REDCap, they might be able to download files uploaded into the "User Files" section of the File Repository page in that project. Note: They would not be able to download files from the "Data Export Files" section or "PDF Survey Archive" section, but only from the "User Files" section. (Ticket #22974)
      • Bug fix: The Browse Users page might mistakenly display an internal SQL query on the page. (Ticket #66980)
      • Bug fix: Although it is recommended that the @NOW action tag only be used for datetime fields, if a date field has @NOW, it would mistakenly fail to generate a date value (as if using @TODAY) when the field is blank. In previous versions, this worked correctly. Bug emerged in REDCap 9.2.0.
      • Bug fix: An Australian institution name was mistakenly hard-coded into the code on the login page when using the "AAF (Australian Access Federation) & Table-based" authentication method. (Ticket #66984)
      • Bug fix: If the REDCap web server is not able to make outbound HTTP requests, it might cause the Online Designer page to load slowly (or not at all) when attempting to edit an instrument. (Ticket #67017)
      • Bug fix: In a multi-page survey when all the fields on a given survey page are hidden due to branching logic, in which the page will be automatically skipped, it would mistakenly only skip a maximum of 100 pages at a time, which could be confusing when it displays a blank survey page to the respondent after skipping 100 pages. (Ticket #66721)
      • Bug fix: The results of an SQL field might not get parsed/displayed correctly for certain SQL queries that return a number as the value of the first field of the query. (Ticket #67285)
      • Bug fix: If the PDF Auto-Archiver is enabled for a survey that is set to "offline", if a participant follows a survey link to attempt to take the survey, it would appropriately inform them that the survey is offline, but it would mistakenly save a PDF in the PDF Survey Archive of a blank record. For the participant, everything seems to operate normally despite this issue. (Ticket #61335)
      • Bug fix: After exporting the Project XML file for a longitudinal project that contains events with a "<" followed by a space in the event name (e.g., "event < 2"), it would mistakenly throw an error when attempting to create a new project from the XML file. (Ticket #61324)
      • Bug fix: When entering the Smart Variable [survey-time-completed] or [survey-date-completed] into branching logic in the "Add/Edit Branching Logic" popup in the Online Designer, it would mistakenly note that there is an error in the logic. (Ticket #67232)
      • Bug fix: When clicking the arrow icon or pencil icon on the Codebook page in order to modify the field in the Online Designer, it might cause the rich text editor not to load correctly for field labels in the "Edit Field" popup.
    • Version 9.2.1 - (released 7/12/2019)

      BUG FIXES & OTHER CHANGES:

      • Bug fix: The Smart Variable [user-email] was mistakenly not working. (Ticket #66937)
    • Version 9.2.0 - (released 7/12/2019)

      NEW FEATURES, BUG FIXES, & OTHER CHANGES:

      • 10 new Smart Variables
        • [project-id] - The Project ID (i.e., PID) of the current REDCap project.
        • [user-fullname] -The current user's first and last name (as listed on their My Profile page).
        • [user-email] - The current user's primary email address (as listed on their My Profile page).
        • [redcap-base-url] - The base web address for the REDCap installation.
        • [redcap-version] - The current REDCap version number of the REDCap installation.
        • [redcap-version-url] - The base web address of the current REDCap version directory for the REDCap installation.
        • [survey-base-url] - The base web address for surveys for the REDCap installation.
        • [instrument-name] - The unique instrument name of the current survey or data entry form. It will return a blank value if not in an instrument context.
        • [instrument-label] - The instrument label of the current survey or data entry form. It will return a blank value if not in an instrument context.
        • [survey-title] - The survey title of the instrument specified by the 'instrument' parameter (if provided). If the 'instrument' parameter is not provided, the current survey instrument will be used, else it will return a blank value if not in an instrument/survey context.
      • 4 new Action Tags
        • @NOW_SERVER - Loads the REDCap server's date+time into a blank Text field - similar to the @TODAY tag but additionally includes the time portion. If the field has validation, the value will adjust to match the date format. NOTE: The time used will be the REDCap server's local time, which might be different from the user's local time if in another timezone. Also, do not use this tag on fields with branching logic because it will always prompt the user to erase the value, so look at using @HIDDEN instead if you wish to hide the field.
        • @TODAY_SERVER - Loads the REDCap server's date into a blank Text field - similar to the @NOW tag but without the time portion. If the field has validation, the value will adjust to match the date format. Also, do not use this tag on fields with branching logic because it will always prompt the user to erase the value, so look at using @HIDDEN instead if you wish to hide the field.
        • @NOW_UTC - Loads the current UTC/GMT date+time into a blank Text field - similar to the @TODAY tag but additionally includes the time portion. If the field has validation, the value will adjust to match the date format. NOTE: The time used will be the current UTC/GMT time, which might be different from the user's local time if in another timezone. Also, do not use this tag on fields with branching logic because it will always prompt the user to erase the value, so look at using @HIDDEN instead if you wish to hide the field.
        • @TODAY_UTC - Loads the current UTC/GMT date into a blank Text field - similar to the @NOW tag but without the time portion. If the field has validation, the value will adjust to match the date format. Also, do not use this tag on fields with branching logic because it will always prompt the user to erase the value, so look at using @HIDDEN instead if you wish to hide the field.
      • Improvement: The email sent to the REDCap administrator that contains a link to the page for reviewing production project changes now includes the project ID (PID) in the email subject to allow admins to track emails for projects more easily and not get them confused with one another. (Ticket #48141)
      • Bug fix: If the rich text editor in the Online Designer was used to style the field label of the record ID field, this styling would not be reflected when the record ID field label is displayed at the top of the data entry forms but instead the HTML would mistakenly be removed from the field label on the page. This would also occur if the record ID's field label was styled manually with HTML (i.e., not using the rich text editor). Note: On other pages throughout a project, any HTML in the record ID's field label is intentionally removed. (Ticket #66237)
      • Bug fixes and updates for the External Module Framework
      • Bug fix: The Bootstrap version change in REDCap 9.1.1 mistakenly caused tabs to no longer function on the login page when using the "AAF (Australian Access Federation) & Table-based" authentication method. (Ticket #66411)
      • Bug fix: If a user utilizes an HTML tag for styling a REDCap Messenger conversation or tags a user in a conversation, then it would mistakenly display raw/uninterpreted HTML in the Messenger conversation window. (Ticket #66433)
      • Bug fix: When exporting a PDF containing data of an instrument or survey, if any radio button fields displayed in the PDF have a multiple choice option with "0" as the raw/coded value, then that radio button choice would always be marked as "selected" in the PDF, even if it is not truly selected on the webpage (i.e., is not the real value). (Ticket #66394)
      • Bug fix: When viewing the popup of repeating events (but not repeating instruments) for a record on the Record Status Dashboard after clicking the "stack" status icon for a given record/event/instrument, it would mistakenly not display the piped version of the Custom Event Label (if defined) for each event displayed in the table in the popup. This has always worked when viewing a list of repeating instruments that have a Custom Repeating Instrument Label, but was not working if it was a repeating event that had a Custom Event Label. (Ticket #14382)
      • Bug fix: If a data quality rule's logic contains fields from a repeating instrument or repeating event, in which neither an instance number nor an X-instance Smart Variable is not appended to those fields in the logic, then if the "real-time execution" option is enabled for the data quality rule and if a user submits the repeating instrument/event on which those fields are located, it might mistakenly return a false positive for a discrepancy existing, even if the logic does not evaluate as TRUE for the current repeating instance. (Ticket #66244)
      • Bug fix: The icon/link that users can click to navigate to the REDCap Messenger informational page was mistakenly not visible in the Messenger left-hand panel. It should have been displayed to the left of the "Create new conversation" button. It has been fixed so that it is visible now.
      • Bug fix: The rich text editor for field labels and section headers in the Online Designer was mistakenly being enabled by default for new fields being created. It was actually intended that it should be disabled by default for new fields, but could always be enabled manually by the user, if desired. (Ticket #66422)
      • Bug fix: If a report has report logic containing fields from a repeating instrument or repeating event, the report might mistakenly return an extra row (which is mostly gray-colored since it pertains to a non-repeating row of data) if instance 1 of the record evaluates as TRUE for the report logic. This only appears to occur if the "Show data for all events or repeating instruments for each record returned" option is checked in Step 3 of editing the report. (Ticket #64767)
      • Bug fix: When setting up the Survey Login feature in the Online Designer, the drop-down lists displaying fields that can be selected as login fields would mistakenly display HTML tags in the drop-down labels if the fields contained any HTML in their field label (whether using the rich text editor or manually-entered HTML). The HTML now no longer displays in the drop-down. (Ticket #66607)
      • Bug fix: If an alert is set to be triggered "Using conditional logic during a data import or data entry" and also has the "ensure logic is still true" option enabled and is set to "Send immediately", then if the conditional logic has become true and has already sent the initial notification, it would mistakenly keep sending a new notification every time the record is saved while the conditional logic is still true. Instead it should only send it once (per repeating instance).
      • Bug fix: If a project that is using randomization has branching logic defined for the randomization field and/or strata fields, in which a record is randomized on the data entry form and then (without reloading the page) a field is modified on the form which then causes the randomization/strata fields to be hidden, those fields would mistakenly be hidden and their values would be erased. This could cause major issues in the project for future randomizations. This behavior not occur if the page is reloaded after randomization has occurred. The randomization/strata fields should never be hidden by branching logic after randomization has occurred. (Ticket #66652)
      • Bug fix: When viewing the Record Home Page in a longitudinal project that has both repeating instruments and repeating events, if the record being viewed contains multiple instances of a repeating event, then the "+" button in the main table for any repeating instrument might mistakenly navigate to an incorrect repeating instance of that instrument, such as skipping some instance numbers. This does not affect the quality of data in any way, but it can cause repeating instances to sometimes be incorrectly numbered for repeating instruments. (Ticket #62960)
      • Bug fix: If an alert is set to "Send at exact date/time", it might mistakenly not send the very first notification if it is set to send multiple times as a recurring notification. However, it would still correctly send all recurring notifications after the first one (whether or not the first one sent).
    • Version 9.1.2 - (released 6/27/2019)

      NEW FEATURES, BUG FIXES, & OTHER CHANGES:

      • New feature: Rich text editor for field labels and section headers
        • For any field on an instrument in the Online Designer, users may optionally utilize the rich text editor for styling field labels or section headers with many text-formatting options. The rich text editor allows users to change the color of text (including background color), create tables, add text of varying sizes, bullet lists, and more. For any field labels that were originally created without the rich text editor, users may optionally enable the rich text editor for any field by clicking the 'Use the Rich Text Editor' checkbox. It may also be disabled afterward at any time just the same. Rich text is enabled by default for any new fields being created via the Online Designer.
        • Note: The PDF export of surveys/instruments will *not* reflect all the styling of the rich text editor, so keep in mind that line breaks and paragraphs should be represented well in PDFs, but other text-formatting options, such as large text, bullet points, and colors are not able to be translated into the PDF export of the instrument. This is a current limitation in REDCap.
      • Improvement: For "Clinical Data Mart" projects, a new option was added on the Project Setup page to enable a process that will auto-fetch all clinical data twice a day (based on Data Mart configuration) using a cron job. Similar to the other project-level Data Mart options on Project Setup, this option can only be enabled or disabled by a REDCap administrator. This feature will be useful in cases where new data is being entered into the EHR, after which that data needs to be imported into the project without having a person manually fetch the data for each record one at a time.
      • Medium security fixes: Cross-Site Scripting (XSS) vulnerabilities were discovered on several pages, in which a malicious user could potentially exploit them by manipulating user inputs in various locations throughout the application.
      • Minor security fix: A Cross-Site Scripting (XSS) vulnerability was discovered on the Data Import Tool page, in which a malicious user could potentially exploit it by manipulating the CSV data import file in a very specific way and then uploading it on the page.
      • Minor security fix: A Cross-Site Scripting (XSS) vulnerability was discovered on the page that displays the error message whenever any REDCap page fails the Cross-Site Request Forgery (CSRF) check, in which a malicious user could potentially exploit it by manipulating the HTTP referrer being sent to the webpage.
      • Change/improvement: Added the security headers "X-XSS-Protection" and "X-Content-Type-Options" to provide more protection for each web request made to REDCap.
      • Change: A new setting has been added called “Can REDCap server access the web (make outbound HTTP calls)?” on the General Configuration page in the Control Center. This setting can be set to "No" if the REDCap server has no connectivity to the World Wide Web. This helps prevent some REDCap pages from becoming very slow to load because they are making background requests to external websites.
      • Bug fix: When using the Survey Queue in a project that has multiple arms, the queue might mistakenly display the surveys for a survey participant in an incorrect order. (Ticket #64506)
      • Bug fix: For certain projects, enabling an instrument as a survey in the Online Designer might display the error message "An error occurred. Please try again.", but if the page is reloaded, it will show that the survey was actually created successfully.
      • Bug fix: When a survey participant is completing a survey with the e-Consent Framework enabled, in which the participant is using a mobile device (iOS or specific Android software/hardware), the last survey page would mistakenly only display the first page of the inline PDF (if more than one page) when it should instead display all pages of the PDF. (Ticket #46978)
      • Bug fix: When logic with fields from repeating instruments is used for a custom Record Status Dashboard filter, in specific complex cases the dashboard might mistakenly not display all the records that match that filter logic. (Ticket #65198)
      • Bug fix: Some field labels, section headers, or custom event labels that contain certain number patterns, such as a number followed by a colon, might not get displayed correctly, in which odd characters and semi-colons might get mistakenly inserted before or after them in the block of text. (Ticket #64880)
      • Bug fix: If a user uploads a file for a File Upload field or a Signature field on a data entry form, and the user then leaves the page without clicking the Save button, it would correctly upload the file but would mistakenly not trigger any Automated Survey Invitations or Alerts that have logic that references that field.
      • Bug fix: When choosing to "Copy" an instrument via the "Choose action" drop-down on the Online Designer, if the instrument was enabled as a survey and contained any stop actions, those stop actions would mistakenly not get copied to the new instrument. (Ticket #62275)
      • Bug fix: When using the @DEFAULT action tag on a multi-page survey, in which a survey field's value is being set using a field value from a previous page in the survey, then the action tag would mistakenly not function at all if the "Require a Reason" feature had been enabled for the project. (Ticket #54083)
      • Bug fix: In the Online Designer, when creating a new matrix of fields immediately above a section header, it would mistakenly delete that section header below when saving the new matrix. (Ticket #62559)
      • Change: On the Clinical Data Pull’s project list page (seen after launching REDCap inside an EHR), it now displays a link “View EHR patient identifier keys” that (when clicked) displays all possible EHR patient identifier strings for the institution’s EHR. This is to aid in setup of CDP and/or Clinical Data Mart since this value must be entered on the configuration page for Clinical Data Interoperability Services to be able to work properly for most EHR vendors.
      • Bug fix: When viewing the Stats & Charts page for a project with repeating instruments or repeating events, in which the report being viewed has filter logic containing fields from a repeating instrument/event, it might mistakenly include non-relevant data in some bar charts or scatter plots on the page. (Ticket #60147)
      • Bug fix: When clicking the "Survey Queue" option at the top right of a survey page, the survey queue would be displayed as too wide and would be off the page and not viewable if the respondent was viewing the survey on a mobile device. (Ticket #62318)
    • Version 9.1.1 - (released 6/21/2019)

      BUG FIXES & OTHER CHANGES:

      • Medium security fix: A Cross-Site Scripting (XSS) vulnerability was discovered on many pages, in which a malicious user could potentially exploit it by manipulating the query string of an HTTP request.
      • Minor security fix: Updated the Bootstrap and jQuery libraries, which were outdated and contained minor security vulnerabilities.
      • Improvement: The file attachment option for data queries in the Data Resolution Workflow popup can now be disabled at the system level for all projects. This option is located on the "File Upload Settings" page in the Control Center as "Allow file attachments to be uploaded for data queries in the Data Resolution Workflow?". If set to "Disabled", it will merely not display the "Upload document" option for an open data query in the Data Resolution Workflow popup on a data entry form.
      • Improvement: For "Clinical Data Mart" projects, users may now download and upload the Data Mart configuration as a CSV file on the "Clinical Data Mart" page. This CSV file may be used to create a new revision of the Data Mart configuration.
      • Bug fix: If an alert is set to be triggered when completing an instrument with any form status, it would mistakenly not get triggered if any Required Fields on the instrument were left blank. (Ticket #64639)
      • Change: Removed unnecessary "error_log" statements throughout the code. (Ticket #64858)
      • Bug fix: If an Automated Survey Invitation has a large lapse of time set for the units of days, hours, or minutes in Step 3 of the ASI setup, it could mistakenly cause survey invitations not to be scheduled appropriately (Ticket #65074)
      • Bug fix: In the API Playground, the dynamically-generated code at the bottom of the page might mistakenly not escape apostrophes that are used in an API parameter value, thus outputting code that would cause an error rather than running successfully for the given programming language.
      • Bug fix: If a report has a report filter than references a field in a repeating event or repeating instrument, on certain occasions it might mistakenly not filter correctly and thus not return the correct results in the report. (Ticket #65481)
      • Bug fix: When testing the validity of an external URL for REDCap to make requests to (e.g., when adding a Data Entry Trigger), the test might mistakenly not be accurate with regard to whether the URL is valid. (Ticket #65521)
      • Bug fix: The table of logged events on the project Logging page might mistakenly cause the username to overflow in the table row if the username is long.
      • Bug fix: If a survey or data entry form contains a matrix with many fields, in which the height of the matrix is bigger than the height of the user's web browser window, the matrix headers might mistakenly not float at the top of the page (thus staying always visible as the page is scrolled) if some of the fields in the matrix are being hidden by branching logic.
      • Bug fix: When attempting to upload a CSV import file for Automated Survey Invitations on the Online Designer, it would fail with no error message and would instead display an empty pop-up box to the user. (Ticket #65037)
      • Bug fix: When a user is typing text into a biomedical ontology auto-search field on a survey or data entry form, it would mistakenly log each keystroke for the field in REDCap's redcap_log_view database table, which could cause the user's IP address to get banned in REDCap, thus locking them out temporarily. (Ticket #42552)
      • Bug fix: When an alert is set to be sent when logic becomes true during data import or data entry, even though the alert is set to send just once, it might mistakenly keep sending every time a record is uploaded during a data import.
      • Bug fix: When modifying an existing alert to send "just once" when it previously was set to send "multiple times", it would mistakenly not save that setting correctly if the number of minutes/hours/days for "multiple times" is not set to "0". (Ticket #64668)
      • Bug fix: In certain cases, calc fields on multi-page surveys might inadvertently get skipped and thus not calculated if all questions on that page are being hidden by either branching logic or by the @HIDDEN or @HIDDEN-SURVEY action tag. This might cause data entry workflow issues (e.g., fields being skipped mistakenly) if some fields on that page have branching logic that is triggered by a hidden calc field on that page.
      • Bug fix: When clicking the Records or Fields table header on the My Projects page's list of projects, it would mistakenly not sort the column correctly if any numbers contained a non-numeric character, such as a comma or decimal. (Ticket #64861)
      • Bug fix: When attempting to upload a CSV import file for Automated Survey Invitations on the Online Designer, it would fail with an error message if the email subject and email body were not provided in the import file. This would cause issues in certain use cases, such as when using Twilio telephony services, that do not require and email subject or body. So the subject and body are now no long required as part of the import file. (Ticket #65037)
      • Bug fix: If a user does not have Edit Access privileges for a specific report, then it would mistakenly display the Edit Report button at the top of the report and also the report's "Stats & Charts" page. However, if they clicked the button, it would not let them edit the report but would merely take them back to the "My Reports & Exports" page. (Ticket #65724)
      • Bug fix: When clicking an option in the "Copy existing choices" popup in the Online Designer, it might mistakenly replace the ">" and "<" signs with their HTML character code when copying the choices into the Choices textbox inside the Edit Field popup. (Ticket #64268)
    • Version 9.1.0 - (released 5/30/2019)

      BUG FIXES & OTHER CHANGES:

      • New feature: Clinical Data Mart
        • The Data Mart module can pull clinical data from the EHR in bulk (i.e., dozens or hundreds of patients at once), as compared with the Clinical Data Pull (CDP) that pulls patient data from the EHR just one patient at a time. Both Data Mart and CDP utilize REDCap’s “Clinical Data Interoperability Services” infrastructure, which can interface with any EHR system that has FHIR web services enabled. If CDP has already been set up and enabled in REDCap, then enabling Data Mart is very simple and requires no further setup other than enabling it on the CDIS page in the Control Center.
        • Overview
          • To use the Data Mart feature and create a Data Mart project, a user must be given explicit permissions for this by a REDCap administrator on the Browse Users page in the Control Center. Once they have been given permissions, they can navigate to the Create New Project page in REDCap to see a new option to create a Clinical Data Mart project. Note: If they have not yet launched the REDCap window from inside their EHR, it will inform them that they must first do so before proceeding. This must be done because launching the REDCap window inside the EHR, which is always the first step before a user can use either CDP or Data Mart. When creating the Data Mart project, the user defines the data pull configuration when creating the project - e.g., chooses specific MRNs, date range, and data fields from the EHR.
          • Once the project has been created, the whole structure of the project (i.e., the fields and forms) will be pre-defined. To begin pulling clinical data from the EHR, the user must navigate to the Clinical Data Mart page using the link on the left-hand project menu. On that page, they may request changes to their existing Data Mart configuration (if they wish to add new MRNs, new fields, or modify the date range) and/or pull data from the EHR using the “Fetch clinical data” button near the top of the page. By default, users will only be able to pull data just one time and will not be able to modify the Data Mart configuration after initially being set when the project is created. However, an administrator can change these settings (see below) on the Project Setup page so that they may pull data as often as they wish or to allow them to make configuration changes when needed.
          • Field mapping is not required for Data Mart projects since the project structure/instruments are pre-defined when the project is created. Demographics is created as a single data collection form, and the following forms are created as repeating instruments: Vital Signs, Labs, Allergies, Medications, and Problem List. Each data value on the repeating instruments are represented as a separate repeating instance of the form.
        • User permissions
          • A user's REDCap account must be given Data Mart privileges by a REDCap administrator on the Browse Users page in the Control Center, after which the user will be able to create a Data Mart project and pull EHR data. (Note: This is not a project-level user right but a REDCap user account privilege.) Also, there is no optional User Access Web Service as there is with CDP to further control user access for pulling data.
          • In order to pull data from the EHR, users must have access to the EHR and must have launched at least one patient in the REDCap window inside the EHR user interface.
          • Users with Project Setup/Design rights in a Data Mart project will be able to request changes to the data pull configuration (if needed and if the project-level setting has been enabled).
        • For more details about Data Mart and CDP, see the information on the CDIS page in the Control Center in v9.1.0 (including the downloadable Overview PDF), which is also available here: https://redcap.vanderbilt.edu/redcap_v9.1.0/Resources/misc/redcap_fhir_overview.pdf
      • Improvement: When using the Clinical Data Pull module, it now displays the patient's MRN inside the adjudication popup dialog. This makes it easier to confirm that a user is looking at the correct patient's data.
      • Improvement: When using the Clinical Data Pull module, the process of determining which FHIR access token is the best to use and still viable for a given user/patient has been much improved to reduce common token errors that have occurred in previous versions.
      • Bug fix: When creating a Custom Record Status Dashboard that has filter logic, in which the logic contains Smart Variables and also the logic references fields in repeating instruments or repeating events, the dashboard might mistakenly not display the correct records. (Ticket #64045)
      • Bug fix: If an Alert is set to be triggered when an instrument is saved and also has conditional logic, in which the instrument is a repeating instrument or is on a repeating event and also the logic references a field within that repeating instance, then the Alert would mistakenly not get triggered (unless using a [X-instance] Smart Variable for all repeating fields in the logic).
      • Bug fix: If data values are being piped onto a form/survey (into field labels, etc.) in a longitudinal project, in which the values are being piped from another event (e.g., [other_event][field:checked]) and also the piping fields have colons in them (e.g., [field:value], [field:checked]), it might mistakenly cause the data not to get piped but would stay blank on the page.
      • Fixes and updates for the External Module framework, including a fix for module icons not displaying correctly on the left-hand project menu.
      • Bug fix: When using the PDF Auto-Archive for a survey in a project that has the project-level setting "Character encoding for exported files" set to "Chinese (UTF-8)" on the "Edit a Project's Settings" page in the Control Center, the Auto-Archive version of the PDF will mistakenly have unusually wide spacing for some text in the PDF, whereas PDFs of the survey downloaded from the data entry form will have typical spacing.
    • Version 9.0.3 - (released 5/24/2019)

      BUG FIXES & OTHER CHANGES:

      • Major bug fix: Users are not able to create new projects (or request new projects be created) if they are using any version of Internet Explorer. Bug emerged in REDCap 9.0.2. (Ticket #64135)
      • Medium security fix: A Cross-Site Scripting (XSS) vulnerability was discovered on many pages, in which a malicious user could potentially exploit it by adding specific user-defined HTML that gets displayed on certain webpages throughout the application (e.g., in field labels on instruments; in survey instructions).
      • Improvement: Added support for Traditional Chinese in exported PDFs. Previous versions only supported Simplified Chinese in exported PDFs of instruments/surveys if the project encoding was set to “Chinese (UTF-8)”. Now on the “Edit a Project’s Settings” page and “Default Project Settings” page in the Control Center, it lists both “Simplified Chinese (UTF-8)” and “Traditional Chinese (UTF-8)” in the “Character encoding for exported files” option. Note: The only difference between the two Chinese encoding options are the fonts embedded inside exported PDFs; it does not affect other exported file types, such as CSV files.
      • Improvement: On the Alerts & Notifications page, the email "From" address is now displayed in the right-hand Email box for each alert.
      • Bug fix: The field mapping page for Clinical Data Pull (CDP) and Dynamical Data Pull (DDP) Custom would mistakenly not load the field table correctly if attempting to map new source fields for the project.
      • Bug fix: When moving a project to production while deleting all records or when erasing all records in a project, any records that have received an Alert or have an Alert scheduled will mistakenly still be shown on the Alerts & Notifications page afterward. (Ticket #63257)
      • Change: For Alerts & Notifications, in Step 2B ("send it how many times?"), the "Just once" option now has more clarifying text for longitudinal projects or projects with repeating instruments/events to explain that that the alert will be triggered at a per-event and per-repeating-instance level.
      • Bug fix: When suspending or unsuspending a user on the Browse Users page in the Control Center, the user search feature above will mistakenly no longer perform auto-complete functionality when typing in that text box (unless the page is refreshed). (Ticket #64071)
      • Change: Improved accessibility on survey pages for users with visual impairments using screen readers
      • Bug fix: When running a Data Quality rule or performing a data import of fields used in a calculation, the resulting calculations that get saved might be incorrect if the project is longitudinal and if Smart Variables are used in the rule's logic. (Ticket #63606)
      • Bug fix: When running Data Quality rule H or performing a data import of fields used in a calculation, the resulting calculations that get saved might be incorrect if the project is longitudinal and if Smart Variables are used in the calculation. (Ticket #63156)
      • Bug fix: When an Automated Survey Invitation has conditional logic that references fields on multiple events, including an event that does not yet have any data saved for it, then the ASI might mistakenly not get triggered appropriately if the project is both longitudinal and also has either repeating events or repeating instruments. (Ticket #59942)
      • Bug fix: If an MDY- or DMY-formatted date/datetime field is piped into the choice label of a drop-down field, then the date value might get scrambled and not formatted correctly when displaying the date inside the drop-down label on a form or survey. (Ticket #64223)
      • Bug fix: If users are not allowed to create/copy projects but must request them be created/copied, then when an administrator is approving a "Copy Project" request in which some users are in user roles in the project but the requester has chosen not to copy the user roles into the new project, then it could cause the newly created project to have a "ghost" role (with no apparent name) that is still attached (in certain regards) to the old project. For example, if a user in the "ghost" role had an API token in both the new and original project, then when using the token to make API requests in the new project, it might mistakenly think that the token belongs to the old project instead. (Ticket #63667)
      • Bug fix: An example link on the "Help & FAQ" page was mistakenly linking to the wrong example website.
    • Version 9.0.2 - (released 5/17/2019)

      BUG FIXES & OTHER CHANGES:

      • Improvement: Force e-Consent signature fields to be erased when modifying responses - The e-Consent Framework setup on the Survey Settings page has a new option to allow users to specify up to five signature fields in the current survey, in which it will force all signature field values to be erased in the survey if the participant clicks Previous Page button while on the certification page (i.e., the last page of the survey). In many situations when using e-Consent, it is required that if the participant completes all the survey responses and gets to the certification page but then decides to go back to modify some responses, the field (or multiple fields) where they supplied their signature must first be erased, thus forcing them to re-sign the survey before they complete it. This new e-Consent Framework option helps to comply with this particular situation. Note: Only freeform text fields, signature fields, and number fields may be used as e-consent signature fields here, and those fields must be Required fields.
      • Improvement: Custom message for e-Consent Framework settings - In the e-Consent Framework section on the Modules/Services Configuration page in the Control Center, an administrator may define custom text (including HTML styling), in which that custom text will be displayed at the bottom of the e-Consent Framework section on the Survey Settings page in every project. This may be utilized for informing users of some information surrounding the use of the e-Consent Framework at the local institution, for example.
      • Bug fix: Some Email Alerts might mistakenly not migrate into Alerts & Notifications in certain situations due to a query failing during the conversion process.
      • Bug fix: In the Alerts & Notifications module, if an alert is set to be triggered by conditional logic only, it might mistakenly keep sending notifications whenever a form/survey is submitted so long as the condition is true, even when it is set to only send just one time.
      • Bug fix: In the Alerts & Notifications module, if an alert was migrated from the Email Alerts module, in which the alert's "Email From" address did not correspond to any email address belonging to a user in the project, then it would mistakenly set it to a blank value when re-saving the alert, thus causing the email not to send or to send with an incorrect From address.
      • Bug fix: In the Alerts & Notifications module, if an alert's email text is modified as HTML, in which an IMG tag is manually added that references an image URL on the current REDCap server, it would mistakenly get converted to a relative URL (i.e., the beginning of the URL would be removed). (Ticket #63664)
      • Bug fix: In the Alerts & Notifications module, if an alert has one or more static attachment files, and the REDCap installation is not using "Local" file storage for uploaded files (as seen at the top of the File Upload Settings page in the Control Center), then while it would successfully send the notification, it would mistakenly not attach the attachments to the email notification that is sent. (Ticket #63664)
      • Bug fix: The Clinical Data Pull (CDP) would not function successfully on Cerner systems because part of REDCap’s OAuth2 authorization process for FHIR only worked for Epic.
      • Bug fix: Icon not positioned correctly on the General Configuration page in the Control Center. (Ticket #63566)
      • Bug fix: If a user navigates to the Codebook page in a project and does not have "Project Setup & Design" user privileges in the project, it would mistakenly display the tabs for the "Online Designer" and "Data Dictionary" pages near the top of the Codebook page. Bug emerged in 9.0.0. (Ticket #63573)
      • Bug fix: If using MySQL 8 for the REDCap database, the Calendar page in a project might mistakenly not display any calendar events on the page. (Ticket #63434)
      • Bug fix: In certain situations, the External Module framework might mistakenly call a function twice on the Data Comparison Tool page, thus causing the page to crash fatally and preventing it from loading in certain projects.
      • Bug fix: The Clinical Data Pull (CDP) would not function successfully on Cerner systems because FHIR requests for pulling labs and vitals were mistakenly not utilizing the correct format for LOINC codes passed in the request's query string.
      • Bug fix: If a survey has the PDF Auto-Archiver enabled (with or without the e-Consent Framework enabled), when the survey is completed, it would mistakenly log the action as a Data Export action as if a user has manually downloaded the PDF. It should not log this event and is confusing to users.
      • Bug fix: When using the Twilio telephony services for surveys, in which a telephone/number field has been designated as the "phone number field for survey invitations", it would mistakenly not display the record name on the Survey Invitation Log to prevent users from viewing it *unless* the Designated Email Field was enabled for the project or if a Participant Identifier had been entered in the Participant List. (Ticket #49955)
      • Bug fix: When viewing a non-saved instance of a repeating event on a data entry form, the form status icons on the left-hand menu might mistakenly show the cumulative status of all the existing saved instances of the repeating event when instead it should display a gray stack icon since the current form-event-instance has not yet been saved. (Ticket #63956)
      • Bug fix: When using the "Quick Add" dialog while editing a new or existing report on the "Data Exports, Reports, and Stats" page, unchecking the checkbox next to a field or clicking the "Deselect All" link for an instrument would mistakenly not remove the field from the underlying report on the page. (Bug emerged in REDCap 9.0.1.)
      • Bug fix: When opening the "Set up Survey Queue" popup in the Online Designer, if the project contained many records (e.g., 1000+) and also many surveys, then the popup might not be able to open at all.
      • Bug fix: When a survey participant partially completes a public survey and then returns to the survey to complete it later, it would mistakenly say "Response is only partial and is not complete" in the PDF if a user downloads the response as a PDF from the data entry form. (Ticket #62831)
    • Version 9.0.1 - (released 5/10/2019)

      BUG FIXES & OTHER CHANGES:

      • Change: Replaced many of the older icons in the user interface with Font Awesome icons, especially on the left-hand project menu and left-hand Control Center menu.
      • Change: Consolidated the two project pages “Record Locking Customization” and “E-signature and Locking Mgmt” into a single two-tabbed page named”Customize & Manage Locking/E-signatures”. Note: If user only has access to one of these pages, they will simply not see the other page/tab.
      • Bug fix: When enabling the Clinical Data Pull (CDP) module in a project, it would mistakenly say "Enable DDP on FHIR" in the Logging. It should instead say "Enable the Clinical Data Pull (CDP) module" in the Logging since that module was renamed and is no longer called "DDP on FHIR".
      • Bug fix: The FHIR web service requests made by the Clinical Data Pull module would mistakenly make calls to the FHIR "Observation" endpoint using a format that was not compatible with some Epic installations. This was modified to a slightly more compatible format. (Ticket #63080)
      • Bug fix: In the Alerts & Notifications module, it was mistakenly not allowing users to use Signature fields in the Message Attachment section of an alert.
      • Bug fix: In the Alerts & Notifications module, for alerts set to trigger when saving a specific form or survey with conditional logic set, in which the alert is set to repeat after initially being sent, then if the "ensure logic is still true" option has been checked and a recurring notification has already been scheduled for a record, it would mistakenly not remove the recurring notification when the logic becomes false. And this only occurs if an initial notification has already been sent for that record for that alert.
      • Bug fix: In the Alerts & Notifications module, whenever an alert is created or modified, the Logging page might get too wide when displaying the details of this event.
      • Bug fix: In the Alerts & Notifications module, the Logging page might mistakenly display logged events when Alerts are created or modified when selecting a record from the "filter by record" drop-down.
      • Bug fix: After being triggered, if an Alert is set to be scheduled after a delay (rather than sending immediately) and is set to only send one time, the Notification Log page would mistakenly display the record multiple times, all with the same time. Also, the Notification Log's "end time" might mistakenly get forcibly set to the current time and prevent users from viewing notifications that are scheduled to be sent in the future. (Ticket #63087)
      • Bug fix: When clicking the form status stack icon on the Record Home Page or Record Status Dashboard for a repeating instrument/event, the popup displaying all the repeating instances would sometimes not be positioned correctly on the page and might be too narrow.
      • Bug fix: When using the @DEFAULT action tag in a repeating survey, it might mistakenly think that the current survey has data and thus would prevent the action tag from operating, even when no data exists for that survey on that repeating instance.
      • Bug fix: When importing data (via the Data Import Tool or API import) for a repeating event, if the field "redcap_repeat_instance" is not included as a field in the imported data set, instead of returning an error message, it would mistakenly allow the data to get imported. While this causes no problems for the first imported batch of data, any subsequent imports would mistakenly get piled on top of the existing data in the database (rather than updating the existing values), thus causing duplicate/multiple rows of data to pile up in the database for a given record/event/field, which could have various negative consequences, such as making some project pages very slow. Now it will instead return an error message if data for a repeating event is being imported in which the field "redcap_repeat_instance" is not included as a field in the imported data set. (Ticket #63128)
    • Version 9.0.0 - (released 5/3/2019)

      NEW FEATURES, BUG FIXES, & OTHER CHANGES:

      • New feature: Alerts & Notifications
        • The Alerts & Notifications feature allows you to construct alerts and send customized email notifications. These notifications may be sent to one or more recipients and can be triggered or scheduled when a form/survey is saved and/or based on conditional logic whenever data is saved or imported. When adding/editing an alert, you will need to 1) set how the alert gets triggered, 2) define when the notification should be sent (including how many times), and 3) specify the recipient, sender, message text, and other settings for the notification. For the message, you may utilize customized options such as rich text, the piping of field variables (including Smart Variables), and uploading multiple file attachments. While similar in many respects to Automated Survey Invitations, Alerts & Notifications allow for greater complexity and have more capabilities. For example, alerts apply to both data entry forms and surveys, and they also allow for more options regarding who can be the recipient of a notification (project users, survey participants, etc.).
        • System-level permission settings – On the “Modules/Services Configuration” page in the Control Center (at bottom of page), administrators may adjust the settings that determine if normal users are able to use email field variables in an alert’s To/CC/BCC field and/or use email addresses entered manually as freeform text into an alert’s To/CC/BCC field. These settings will be determined based on the comfort level and/or policy of the local REDCap institution. By default, REDCap will allow normal users to use email fields and freeform text emails (i.e., both are enabled by default), but this can be easily changed immediately after installation or upgrading. Additionally, if Yes is chosen for allowing freeform emails to be entered, the admin may limit those emails to a specific whitelist of email domain names (e.g., vumc.org, mmc.edu) to provide some additional restriction there.
        • Converting existing Email Alerts into Alerts & Notifications – If your REDCap installation currently has the Email Alerts external module installed and is being used in projects, there will be an option (a green button) at the top left of the Email Alerts configuration page to convert all the Email Alerts in a given project into Alerts & Notifications. This is an opt-in setting, and must be done for each project one at a time. It will present a dialog popup with information so that the user understands that there are some differences between EA and A&N, but overall, everything will be able to be converted, although the alerts might look slightly different afterward as A&N’s. Once the Email Alerts are converted, the Email Alerts module will be automatically disabled for the project, and the user will be redirected to the A&N page. Note: The conversion instructions notes that if (for whatever reason) the A&N’s are not behaving like the user anticipated, they can easily revert back to using Email Alerts again by 1) deactivating all the A&N’s that were created from the conversion, and 2) have an administrator re-enable the Email Alerts module.
      • Improvement: The rich text editors on the Survey Settings page have now been updated to a newer version of the TinyMCE package. (Note: IE9 and IE10 will still use the older version of the rich text editor because they are not compatible with the newer one.)
      • Improvement: New records can now be created directly from the Record Status Dashboard. If record auto-numbering is enabled, it will display an “Add new record” button, otherwise it will display a text field for users to enter a new record name to create.
      • Improvement: Links to the Online Designer, Data Dictionary Upload page, and Codebook were added to the left-hand project menu for easier navigation. Also, a new section “Project Home and Design” was added on the left-hand menu to contain all these links, as well as the Project Home and Project Setup page links.
      • Change: The Quick Tasks box on the Project Home page was removed since all the pages listed inside it are now located on the left-hand project menu, thus making the Quick Tasks box redundant.
      • Bug fix: Certain types of HTML tags in a field label might cause parsing issues when exporting to stats packages, especially SAS. To prevent this, all HTML tags will now be removed from field labels as they are included in the stats package syntax files. (Ticket #57751)
      • Bug fix: When calling the "Export Records" API method, if any invalid values were passed in the API request parameters "events", "fields", or "forms", it would often ignore the incorrect value and would mistakenly not return an error. Additionally, in this scenario it might mistakenly return all events, all fields, or all forms, respectively, rather than limiting the data returned to only the valid values in those filter parameters. (Ticket #54273)
      • Bug fix: If a production project is in Draft Mode, and a matrix field's label has been modified *and* the field has data saved for one or more records, this is now considered a critical issue during the production change approval process because of specific cases where changing a matrix field's label can change its meaning and thus negate the existing data - much more so than with regular non-matrix fields. (Ticket #60834)
      • Bug fix: If a repeating instrument is enabled as a repeating survey, and then later the instrument is set to no longer be repeating via the "repeatable instruments" dialog on the Project Setup page, it would mistakenly still display the repeating survey icon (i.e., green circle arrow) next to the instrument in the Online Designer. (Ticket #60869)
      • Bug fix: If running a REDCap server with PHP 7.3, then the PDF Auto-Archiver would fail, as well as attempts to add PDF attachments to confirmation emails when surveys are completed. In all cases, it would crash with an HTTP 500 sever error. (Ticket #55868)
      • Bug fix: Some Smart Variables, especially those related to repeating instance, would mistakenly not pipe correctly inside survey instruction text and survey completion text.
    • Version 8.11.11 - (released 4/26/2019)

      BUG FIXES & OTHER CHANGES:

      • Bug fixes and updates for External Module framework
      • Bug fix: If hyperlinks exist inside multiple choice labels on a survey that has Enhanced Choices enabled, the hyperlinks might mistakenly not be displayed in the correct color (depending on the survey design settings) and thus might not be readable.
      • Bug fix: For multi-page surveys having fields with branching logic, in very specific situations some pages of the survey might mistakenly get skipped over. (Ticket #62299)
      • Bug fix: When a hook or External Module is using REDCap::saveData() on a project page and importing data into another project, it may mistakenly change the global variable $Proj to point to the other project, thus causing possible issues on the page after the REDCap::saveData() method has been called.
      • Bug fix: When importing data for a repeating instrument or event (via API or Data Imort Tool), it would mistakenly be possible to import a non-integer number value (e.g., 2.1, 5.44) for the redcap_repeat_instance field.
      • Bug fix: The Action Tag @NONEOFTHEABOVE fails to work if it references a choice not wrapped in quotes and is also followed by other text in the Field Annotation - e.g., ""@NONEOFTHEABOVE=0 @INSTANCETABLE_HIDE". (Ticket #61939)
      • Bug fix: When using the Twilio telephony services for surveys, in which a telephone/number field has been designated as the "phone number field for survey invitations", it would mistakenly not display the record name on the Survey Invitation Log to prevent users from viewing it. Since a field's value is being used, the response is already de-anonymized (i.e., a user can connect the participant in the Participant List to a specific record), thus it should not hide the record name in the Survey Invitation Log. (Ticket #49955)
    • Version 8.11.10 - (released 4/19/2019)

      BUG FIXES & OTHER CHANGES:

      • Minor security fix: A Cross-Site Scripting (XSS) vulnerability was discovered on the Data Import Tool page, in which a malicious user could potentially exploit it by manipulating data values for a specific field being imported in the CSV data file.
      • Change: The Data History Widget on data entry pages now displays the "seconds" component of the "Date/Time of Change" timestamp for when the data value was added/modified. This allows users to view the logging items with greater granularity for when data changes are made in narrow windows of time.
      • Bug fixes and updates for the External Module framework
      • Bug fix: On the Online Designer, when using the "Test logic with a record" feature for the Advanced Branching Logic Syntax in the "Add/Edit Branching Logic" popup or the "Test calculation with a record" for a Calculation in the "Add/Edit New Field" popup, it would mistakenly say that there was an error in the syntax every time if the project is longitudinal. (Ticket #54822)
      • Bug fix: On the Survey Settings page, if a survey has the e-Consent Framework enabled, and then an administrator disables the e-Consent Framework for all projects in the system (via the Modules/Services Configuration page in the Control Center), then the Survey Settings page would mistakenly still display the e-Consent Framework options. (Ticket #62075)
      • Bug fix: When the Double Data Entry module is enabled in a project, and the current user is DDE person #1 or #2, it would not display the form status icons with the correct color on the Record Status Dashboard but would instead mistakenly always display them as gray status icons. This bug emerged in the previous version. (Ticket #62212)
      • Bug fix: The Clinical Data Pull (CDP) would not function successfully on Cerner systems because part of REDCap’s OAuth2 authorization process for FHIR only worked for Epic.
      • Bug fix: When using Google reCAPTCHA for surveys, if the REDCap server was not able to communicate with the Google server (even temporarily), it would effectively prevent participants from ever reaching the survey. It now goes ahead and allows the participant to take the survey without succesfully passing the reCAPTCHA if the Google server does not respond back within 5 seconds. (Ticket #61969)
      • Bug fix: When using Google reCAPTCHA for surveys, the REDCap footer text was mistakenly not being displayed on the reCAPTCHA page, and the style/locations of the survey title and logo were slightly incorrect on the reCAPTCHA page. (Ticket #61969)
    • Version 8.11.9 - (released 4/12/2019)

      BUG FIXES & OTHER CHANGES:

      • Major bug fix: The DateDiff+Today/Now cron job would sometimes crash due to a fatal PHP error caused when processing the [survey-link] Smart Variable in the message of an Automated Survey Invitation. This would occur only under very specific conditions, and it would result in many projects/records not having their ASI datediff logic being processed, thus the ASI's survey invitations would not get successfully scheduled in these cases and might cause invitations from other unrelated projects not to get scheduled either. (Ticket #61346, #61213)
      • Major bug fix: When a project is using a public survey that has "Save & Return Later" enabled with "Allow respondents to return without needing a return code" enabled, then if a participant clicks the "Save & Return Later" button on the public survey and leaves the survey open on the "Your survey responses were saved!" page while another participant partially or fully completes the survey, and then if the original participant clicks the "Continue Survey Now" button on the "Your survey responses were saved!" page, then the original participant will mistakenly create a brand new record/response whenever they submit survey page again after returning. (Ticket #61764)
      • Improvement: Added links to "select all" or "deselect all" for the checkbox options on the "Copy Project" page.
      • Bug fix: When viewing the Field Comment Log popup on a data entry form, if the username in the User column is very long, it would mistakenly not wrap in the table but instead would overflow into the next column. Note: This was only partially fixed in a previous version. (Ticket #60923)
      • Bug fix: The page footer on project pages would sometimes not be displayed at the very bottom of the page if the left-hand menu was taller than the right side of the page.
      • Bug fix: In a project that has sent many survey invitations (e.g., >50,000), it could cause both the Public Survey Link page and the Participant List page to load very slowly and in some cases never fully load at all.
      • Bug fix: When using the Clinical Data Pull, it would mistakenly make a POST request (instead of a GET request) to the Conformance Statement (metadata) endpoint. This would only cause issues with certain EHRs/configurations. (Ticket #61549)
      • Bug fix: For some pages in REDCap, the PHP constant "PAGE" might mistakenly get set as "/index.php" rather than "index.php", which could cause problems for existing External Modules or hooks that must utilize the value of PAGE to determine the current location. This has now been changed so that any slashes at the beginning of PAGE will be trimmed off before it gets defined. (Ticket #61776)
      • Bug fix: When exporting data in CSV Labels format for projects whose language is set to a language other than the default English, it would mistakenly always display *all* the choice labels for checkbox fields in the export file, rather than outputting the choice labels for only the checkbox options that had been selected for that field. (Ticket #60620)
      • Change: Added note about e-Consent feature on the REDCap Home Page.
      • Bug fix: When the Double Data Entry module is enabled in a project, and the current user is DDE person #1 or #2, it would not display the form status icons with the correct color on the left-hand menu when viewing a record but would instead mistakenly always display them as gray status icons. (Ticket #57484)
      • Change: More explanatory info was added on the Survey Settings page for Question Numbering, Question Display Format, and Response Limit.
      • Bug fix: The DateDiff+Today/Now cron job would mistakenly get run for projects that had been deleted in the past 30 days. It now ignores any projects that have been deleted by a user.
      • Bug fix: When using the e-Consent Framework for a survey, the resulting PDF of the consent survey would mistakenly not obey the project-level PDF Customization setting to show or hide the REDCap logo/URL under specific conditions. This would vary depending on if certain settings were set for the e-Consent Framework, such as having first/last name fields defined or consent version. (Ticket #58221)
      • Bug fix: When using the e-Consent Framework for a survey, if custom PDF header text is set under the project-level PDF Customization settings, it would mistakenly not get displayed on the resulting PDF of the consent survey.
    • Version 8.11.8 - (released 4/4/2019)

      BUG FIXES & OTHER CHANGES:

      • Minor security fix: If a malicious user is able to find the URL endpoint at which REDCap Messenger's message history can be downloaded as a CSV file for a given conservation, they could potentially exploit it by manipulating the query string of the HTTP request, which might allow them to download other users' conversations to which they do not have access.
      • Minor security fix: If the hook functions file (as defined on the General Configuration page in the Control Center) begins with "http" or "ftp", then REDCap will not attempt to call/include that path.
      • Major bug fix: When using Smart Variables in the conditional logic of an Automated Survey Invitation, in which the logic also contains a datediff function using "today" or "now" as a parameter in the function, it would often cause the ASI cron job to not correctly parse the logic and thus not schedule the invitations at the correct time, or it might mistakenly cause the cron job to crash unexpectedly without finishing scheduling all other ASIs for other surveys.
      • Bug fix: When using branching logic or a calculation that contains a X-event-name or X-instance Smart Variable connected, in which it references an event or instance that does not exist (e.g., [previous-event-name] while on the first event), it would not fail gracefully but would mistakenly display an error message saying that the logic/calculation is incorrect.
      • Bug fix: When completing an Adaptive survey or Auto Scoring survey from the REDCap Shared Library, the "redcap_survey_complete" hook would mistakenly not pass a value for the "record" and "response_id" parameters in the hook. (Ticket #60668)
      • Bug fix: If the Clinical Data Pull feature is enabled for a project, it would still mistakenly display "DDP" (instead of "CDP") in a couple places in the project (Record Status Dashboard, Logging page).
      • Bug fixes and updates for External Modules framework
      • Bug fix: If a multi-page survey contains a matrix of fields, in which those fields are used in branching logic or in a calculation on another page on that survey, it would mistakenly display the matrix fields on the survey page containing the fields that reference them in their logic/calc. (Ticket #61134)
      • Bug fix: A single LOINC lab was mistakenly missing from the field mapping page for Clinical Data Pull.
      • Bug fix: If a multi-page survey contains a page in which every field on the page is a Descriptive field and also has branching logic, it would mistakenly always skip the page regardless of whether all the fields were hidden by branching logic.
      • Bug fix: When the redcap_survey_identifier field is displayed in a report or data export, it would mistakenly only display the participant identifier value on the first event of a given record and would not display it if the first instrument was a repeating instrument. It now always displays the participant identifier value in the redcap_survey_identifier column of a report/export for every row/item for a given record. (Ticket #59811)
      • Bug fix: The FHIR web service requests made by the Clinical Data Pull module would mistakenly make calls to the FHIR "Observation" endpoint using a slightly incorrect format according to HL7's FHIR standards. This does not appear to affect CDP when interfacing with Epic but when interfacing with other EHR vendors (notably Cerner). (Ticket #61150)
      • Bug fix: The code for generating the Survey Queue setup table was mistakenly referencing variables that had not been defined. However, this did not affect anything. (Ticket #61030)
      • Bug fix: If the setting "Auto-suspend users after period of inactivity" is enabled, and some users who are suspended have not had any activity within the designated period of inactivity, then if the user has a sponsor and the user's sponsor puts in a request to have them unsuspended, the user would mistakenly get re-suspended within a day. (Ticket #58909)
      • Bug fix: If a normal user is copying a project and is also in a User Role, it would mistakenly not give them their current role's privileges in the new project but instead would give them the privileges that they had before being put into a role in the copied project. (Note: The user will always be removed from the user role in the new project and will always be given User Rights and Project Setup/Design Privileges.) (Ticket #55767)
      • Bug fix: If an administrator is viewing the table of users on the Browse Users page, if they check the checkbox next to a user and then click the "Fetch for selected" link (under "Time of latest password reset"), it would display an erroneous error message about no users being selected if all the selected users are suspended. It should instead work for all table-based users regardless of whether the users are suspended or not. (Ticket #60625)
      • Change: The form status field on a data entry form has a blank drop-down option which serves no purpose. The blank option has been removed. (Ticket #60849)
      • Bug fix: When exporting an Project XML file containing data from a project, if any multiple choice option labels contain ASCII control codes, it would mistakenly prevent the data from being restored completely in the new REDCap project being created. (Ticket #34968)
      • Change: The Configuration Check page in the Control Center now ensures that the REDCap server can communicate with the Google reCAPTCHA API service, if enabled. (Ticket #60764)
      • Bug fix: The plugin/module method named "REDCap::evaluateLogic" might mistakenly not interpret logic correctly it it contains checkbox fields and if the project is classic/non-longitudinal. (Ticket #60998)
      • Bug fix: The upgrade page would attempt to display a non-existent icon in a button on the page. (Ticket #60560)
      • Bug fix: Fixed a page layout issue that occurred at specific page widths. (Ticket #60317)
    • Version 8.11.7 - (released 3/24/2019)

      BUG FIXES & OTHER CHANGES:

      • Medium security fix: A Cross-Site Scripting (XSS) vulnerability was discovered on many pages, in which a malicious user could potentially exploit it by manipulating the query string of an HTTP request.
      • Major bug fix: When the Clinical Data Pull (CDP) is enabled on a project, if extra data is imported from the EHR for several patients at one time via the cron job (after a user has already pulled some patient data from the EHR for those patients), in certain cases it might mistakenly not clear out data from another patient whose data is being fetched and thus inadvertently add one patient’s data to another patient.
      • Bug fix: Some data exports were not getting correctly logged as "Data Export" on the project logging page, specifically when downloading PDFs with data and downloading an "exported data file" or an "exported syntax file". It now lists "Data Export" as the proper Action for these events and also displays them when filtering the logging page by event="Data Export". (Ticket #59278)
      • Bug fix: When updating the value of the Secondary Unique Field or the designated survey email field for a project that is either longitudinal or has repeating events/forms, it would mistakenly not log the value change across all events/instances as it should since a new value for those fields gets propagated to every event/instance in the project to keep them all in sync. They now all get logged as separate logged events, which allows the value to always appear in the Data History widget on the data entry page. (Ticket #59586)
      • Bug fix: When performing piping of a field with the Smart Variable [X-instance] appended to the field variable, it would sometimes mistakenly not perform the piping at all. (Ticket #59671)
      • Bug fix: When performing piping of the Smart Variable survey-time-completed or survey-date-completed with the parameter ":value" appended to the end of it, it would mistakenly throw an error on a survey or data entry form if it was being used in branching logic or in a calculated field. (Ticket #59885)
    • Version 8.11.6 - (released 3/15/2019)

      BUG FIXES & OTHER CHANGES:

      • Minor security fix: A Cross-Site Scripting (XSS) vulnerability was discovered on certain pages, in which a malicious user could potentially exploit it by manipulating the query string of an HTTP request.
      • Bug fix: Incorrect text was displayed in the Edit User popup on the User Rights page that mistakenly referenced "Clinical Data Pull" instead of "DDP" in projects with DDP Custom enabled.
      • Change: Support was added to External Module framework to support return values for hooks. Specifically, the hook redcap_custom_verify_username was modified so that if it returns result “status” of “1” or TRUE, it will display a green message box containing the return “message”, whereas if return “status” is “0” or FALSE, it will display a red message box containing the return “message”.
      • Bug fix: If a survey that has Survey Auto-Continue enabled is a repeating instrument and is then followed by another survey that is a repeating instrument, then if respondent completes the first survey, it will mistakenly take them to repeating instance #2 of the following survey, thus skipping over instance #1.
      • Bug fix: Fixed typo in Clinical Data Pull error message. (Ticket #59005)
      • Bug fix: When launching patients in the EHR embedded window for the Clinical Data Pull, in certain situations, especially if the user does not have access to all the FHIR end-points (often due to a limitation in their EHR privileges), it might mistakenly cause the FHIR access token in the database to get removed for that user for that patient, thus resulting in an error message to the user stating that there are no available access tokens that can be used.
      • Bug fix: When using the Data Resolution Workflow, the Resolve Issues page might mistakenly display negative counts for certain data query statuses.
      • Bug fix: When importing data where the field "redcap_repeat_instance" has a numerical value but the current event/form in the data (i.e., CSV row) does not exist on a repeating instrument or repeating event, it would mistakenly allow the data to be imported, but the imported data would immediately be orphaned since that data would not be accessible in the user interface. It now gives an error for this situation. This issue was supposedly fixed in the previous version (and the version before that), but mistakenly it would sometimes display a false positive for this issue and return the error under legitimate circumstances, specifically when only checkbox fields were being imported (not including the record ID field, event name, or repeat fields). (Ticket #57699)
      • Fixes and updates for the External Module Framework
      • Bug fix: When viewing the REDCap login page on a mobile device (device width <575 pixels), it would mistakenly display a "Go to My Projects" button on the page. (Ticket #59494)
      • Bug fix: When using the Data Resolution Workflow in a project and opening a data query on a field on a data entry form, the floating Save button that appears next to the field when the field is selected was mistakenly not being displayed in the correct location on the page if the field, specifically when navigating from a link on the Resolve Issues page for a radio button field. (Ticket #59373)
      • Bug fix: When using the "Test logic with a record" feature when setting up an Automated Survey Invitation, on certain occasions it might return an incorrect response. (Ticket #59030).
      • Bug fix: The HTML character code " " might mistakenly get displayed in the text of PDFs downloaded for an instrument but only if downloading the blank PDF (without data). (Ticket #58790)
      • Bug fix: When using the Randomization module with strata fields, in which one or more strata fields exist as part of a matrix of fields, it would mistakenly cause a JavaScript error to occur on the data entry form where the strata fields are located, thus preventing the form from being saved successfully. (Ticket #59639)
      • Bug fix: The field count for projects on the My Projects page was mistakenly not including Descriptive fields. This could be confusing for users. It now includes all fields in the field count now. (Ticket #60004)
      • Bug fix: When performing piping of a field with the Smart Variable [next-event-name], [previous-event-name], or [event-name] prepended to the field variable, it would sometimes mistakenly not perform the piping at all. (Ticket #44559)
    • Version 8.11.5 - (released 2/21/2019)

      BUG FIXES & OTHER CHANGES:

      • Bug fix: When there exist a lot of branching logic and several matrices of fields together on a survey page or data entry form, the page will scroll very slowly for the user. Bug emerged in REDCap 8.11.0. This issue was improved upon in the previous version but still existed for instruments with many hundred fields or more. (Ticket #58443)
      • Bug fix: When downloading the CSV file of Automated Survey Invitations on the Online Designer, the file's filename might mistakenly begin and end with an apostrophe, thus preventing it from being opened correctly on the user's computer. (Ticket #58445)
      • Bug fix: If a matrix of fields exists on a data entry form, then the matrix's floating headers might mistakenly get partially obscured by the floating box of Save buttons that appear at the top right of the page. (Ticket #58484)
      • Bug fix: When importing data where the field "redcap_repeat_instance" has a numerical value but the current event/form in the data (i.e., CSV row) does not exist on a repeating instrument or repeating event, it would mistakenly allow the data to be imported, but the imported data would immediately be orphaned since that data would not be accessible in the user interface. It now gives an error for this situation. This issue was supposedly fixed in the previous version, but mistakenly in the previous version it would sometimes display a false positive for this issue and return the error under legitimate circumstances. (Ticket #57699)
      • Bug fix: The example Java code generated by the API Playground for the "Export Records" API method contained an error. (Ticket #58488)
      • Bug fix: Some specific PROMIS assessments that are downloading from the REDCap Shared Library as part of a battery might be mistakenly labeled as "Auto-scoring" or "Adaptive" in the Online Designer after being downloaded when such instruments are actually neither "Auto-scoring" nor "Adaptive". (Ticket #58488)
      • Bug fix: If using the Survey Auto-Continue feature to continue to a survey that is a repeating survey instrument, if any repeating instances have already been created for that repeating survey, then after completing the first survey, it would mistakenly say that the repeating survey has already been completed. It should instead advance the respondent to the next available repeating instance of the repeating survey so that a new repeating instance can be added via survey. (Ticket #58624)
      • Bug fix: When exporting an Project XML file containing data from a project, if any text field values contain ASCII control codes, it would mistakenly prevent the data from being restored completely in the new REDCap project being created. (Ticket #34968)
      • Bug fix: Fixed a typo in the Twilio configuration instructions. (Ticket #58731)
      • Bug fix: When downloading the Project XML file (metadata only) for a project, it might mistakenly begin and end the XML filename with an apostrophe.
    • Version 8.11.4 - (released 2/15/2019)

      BUG FIXES & OTHER CHANGES:

      • Text changes: The “DDP on FHIR” feature was renamed “Clinical Data Interoperability Services”. The main (and currently only) feature under the “Clinical Data Interoperability Services” umbrella of services is the “Clinical Data Pull” (CDP). Other services will be added in future versions of REDCap, such as “Clinical Data Mart”.
      • Bug fix: After the initial schedule is generated for a record on the Scheduling page, if the user modifies one of the dates in the schedule so that it is the same as the maximum date or minimum date (if a min/max is set for an event), then on certain occasions it would mistakenly display a popup saying that the new date is out of range when in fact it is not.
      • Bug fix: When there exist a lot of branching logic and several matrices of fields together on a survey page or data entry form, the page will inevitably get slower and slower as more and more branching logic gets triggered on the page during data entry. This could eventually cause the page to ultimately become unresponsive in certain situations. Bug emerged in REDCap 8.11.0. (Ticket #58019)
      • Bug fix: Several project pages might appear too narrow for specific screen sizes. Bug emerged in REDCap 8.11.2.
      • Bug fix: Updated an outdated item on the Help & FAQ page regarding how often the ASI cron job runs (Ticket #58205).
      • Bug fix: When using the @DEFAULT action tag to have a date/datetime field reference itself from a previous repeating instance on a repeating instrument, it would mistakenly not pipe in the value correctly on the first instance of that instrument, thus mangling it with a value of "[]" or "00-00-0000" or other non-sensical value. (Ticket #17157)
      • Bug fix: When using the Data Resolution Workflow in a project and opening a data query on a field on a data entry form, the floating Save button that appears next to the field when the field is selected was mistakenly not being displayed in the correct location on the page. (Ticket #57905)
      • Bug fix: For specific server configurations and project sizes, the project Logging page might take an exorbitant amount of time to load when initially loading the page. (Ticket #58251)
      • Bug fix: When importing data where the field "redcap_repeat_instance" has a numerical value but the current event/form in the data (i.e., CSV row) does not exist on a repeating instrument or repeating event, it would mistakenly allow the data to be imported, but the imported data would immediately be orphaned since that data would not be accessible in the user interface. It now gives an error for this situation. (Ticket #57699)
      • Bug fix: When calling the API method "Export Survey Participants" while utilizing the designated survey email field in the project, it would mistakenly omit the values for the participant's email address or record name in the API response. (Ticket #58349)
      • Bug fix: When calling the API Method "Export Records" with the "format" parameter set to "odm", it would mistakenly not include all files from File Upload and Signature fields, which are expected to be base64-encoded inside the ItemDataBase64Binary tags in the resulting XML. (Ticket #54301)
      • Bug fix: On the To-Do List page in the Control Center, if an administrator clicks the icon to add a comment to a To-Do List item, the "Submit" button in the resulting popup displayed would not be sized or positioned correctly. (Ticket #54301)
    • Version 8.11.3 - (released 1/31/2019)

      BUG FIXES & OTHER CHANGES:

      • Improvement: When copying a project, there are now separate options for copying users and/or user roles. In previous versions, these were combined as a single choice "Copy users and roles", but now users may decide to copy one or the other. (Ticket #36687)
      • Bug fix: If an individual project was set to "Offline" status by an administrator, any survey invitations in that project that had been scheduled to send would mistakenly still send. Invitations should not be sent out unless the project is in "Online" status. (Ticket #57045)
      • Change: If the current date or current timestamp is used in the REDCap upgrade script with regard to storing the date of the upgrade and when setting the send-time of system notifications via Messenger, it will now use the database's date and time at the time of the SQL script execution instead of the hard-coded values generated by the web server on the Upgrade page. (Ticket #57079)
      • Bug fix: If upgrading from 8.11.0 or 8.11.1 to 8.11.2, it would mistakenly provide some SQL to fix database errors after completing the upgrade. (Ticket #57103)
      • Bug fix: Many API requests would mistakenly return a "503" HTTP status code error on certain errors when it should instead return a "400" error.
      • Bug fix: When downloading a PROMIS Battery from the REDCap Shared Library, it would mistakenly not display the battery survey pages according to the PROMIS guidelines, in which the battery title should be displayed on every page (not the title of each individual assessment) and that the survey instructions are only seen on the first assessment of the battery. This will only affect batteries that will be downloaded in the future from the Shared Library. Also, although these particular title and instructions settings will be set when a battery is downloaded, it will always be possible for a user to modify the title and/or instructions afterward, if they wish (though it is not preferred).
      • Bug fix: When a participant completes a PROMIS adaptive survey or PROMIS auto-scoring survey that finishes after only one question, it might mistakenly not save the survey completion time of the survey response.
      • Change: Added a link to the Codebook page on the Data Import Tool instructions to allow users to more easily find the raw coded values for multiple choices fields that they wish to import.
      • Change: The output of the REDCap Cron Job now displays the current server time on which each job completed. The timestamp is listed in parentheses after the word "done!" for each job.
      • Bug fix: The last column in the Participant List table might not be displayed fully. (Ticket #57184)
      • Bug fix: Under certain conditions, REDCap Messenger's "System Notifications" section would mistakenly not display the messages for that section in the Messenger panel. (Ticket #57247)
      • Bug fix: When selecting to view Report B on the "Data Exports, Reports, and Stats" page for a longitudinal project, if the report is displayed as a multi-page report and specific events have been selected as a filter by the user, then if the user selects another report page to view using the page drop-down selector, it would mistakenly lose the event filter for the report (because the "events" parameter would not get included in the URL) and thus would display rows from every event on the page. (Ticket #57254)
      • Bug fix: For certain server configurations, when REDCap is creating a cache of a project's record list in a database table (as an invisible, back-end process to the user), it might mistakenly doubly UTF8-encode some record names, resulting in a database query error, thus causing the record list caching process to constantly fail and possibly display an outdated list of records in the user interface (e.g., Record Status Dashboard). (Ticket #56523)
      • Change: The "Survey Settings" page in the Online Designer now gives slightly more emphasis to the "e-Consent Framework" feature to make it easier for users to find it on the page.
      • Bug fix: If a Custom Record Status Dashboard has filter logic that references fields from a repeating instrument, it might mistakenly return an empty set, thus resulting in a dashboard with no records displayed, when it is known that some records should be displayed. Bug emerged in REDCap 8.11.2 (Standard). (Ticket #57234)
      • Bug fix: The lab field "Ketones Ur-mCnc" (LOINC 49779-2) was mistakenly missing from the DDP on FHIR list of mappable fields.
      • Bug fix: The cron job "AutomatedSurveyInvitationsDatediffChecker2" might mistakenly crash if SQL fields are piped into the email subject or email message of Automated Survey Invitations that contain datediff + today or now in the ASI conditional logic. (Ticket #57356)
      • Change: When a user clicks the "Help & FAQ" link on a project's left-hand menu, it will now load the "Help & FAQ" page in a new window to prevent the user from losing their current page context in the project as they view the "Help & FAQ" page.
      • Bug fix: When editing the project title, purpose, etc. in the Modify Project Settings popup on a project's Project Setup page, if Research is selected for Purpose, then the fields for entering the Name of the P.I. would mistakenly not wrap together, thus leaving the last name field on a row by itself. (Ticket #57417)
      • Bug fix: When exporting Report B (i.e., without creating a new report from the selections of Report B) on the "Data Exports, Reports, and Stats" page, if a specific instrument is not selected but "All instruments" are left selected, it might mistakenly not list any fields in the resulting stats package syntax file (for R, SAS, Stata, SPSS), thus preventing the exported data from loading properly in the stats package.
      • Bug fix: On the Cron Jobs page in the Control Center, the suggested command to set up the REDCap cron job on a Windows server was mistakenly not escaping paths that contained a space in them. This has been fixed to present the correct command. (Ticket #57426)
    • Version 8.11.2 - (released 1/24/2019)

      BUG FIXES & OTHER CHANGES:

      • Major bug fix: When a project is using a public survey that has "Save & Return Later" enabled with "Allow respondents to return without needing a return code" enabled, then if a participant clicks the "Save & Return Later" button on the public survey and leaves the survey open on the "Your survey responses were saved!" page while another participant partially or fully completes the survey, and then if the original participant clicks the "Continue Survey Now" button on the "Your survey responses were saved!" page, then the original participant will mistakenly have the other participant's response loaded for them on the survey page.
      • Change/improvement: When using the e-Consent Framework, a new option was added to the Survey Settings page: "Allow e-Consent responses to be edited by users?". If left unchecked (default), then users will not be able to edit a completed e-Consent response (although it can be locked or e-signed by a user with locking/e-signature privileges). If the setting is checked, then users will be able to modify the survey response so long as they have "Edit survey responses" privileges for that survey instrument. Note: If the e-Consent survey response is modified after being completed, this will not affect the e-Consent PDF file that was stored in the File Repository.
      • Change/improvement: In the popup dialog for moving a project to production, it now displays the number of records in the project to help the user decide if they wish to keep all data or have all records deleted when moving to production.
      • Bug fix: When using REDCap::getData() in a module, plugin, or hook, in which some filter logic is passed as a parameter and is expected to return an empty result set (because there are no matches for the filter logic), it might instead mistakenly return results with blank values for all fields being returned (with the exception of the record ID field and pseudo-fields, such as redcap_event_name), even though those fields might actually have non-blank values. (Ticket #56806)
      • Bug fix: When a user selects to display "ALL" records on the Record Status Dashboard in a project containing a large amount of records, if the page ends up crashing due to too many records being displayed, then the user would mistakenly never be able to view the Record Status Dashboard again without it crashing (because it remembers to show all records the next time the page is visited). (Ticket #56662)
      • Bug fix: If a calc field utilizes Smart Variables in its calculation, and a user performs a data import or executes Data Quality rule H, then other calculated fields in the project might have their value mistakenly set as the calculated result of the other calc field, thus overwriting the correct value of that other calc field. This is rare but can occur in specific situations depending on the structure of the project and the order of the calc fields involved. (Ticket #56731)
      • Bug fix: The Google reCAPTCHA box on the Public Survey Link page might cause the "Link Actions" and "Link Customizations" sections to be misaligned on the page for some non-English languages. (Ticket #56868)
      • Bug fix: If the Data Resolution Workflow is enabled in a project, then incorrect language is displayed inside the "Data Quality rules were violated!" popup on a data entry form whenever a Data Quality rule has "real time execution" enabled.
      • Bug fix: When viewing the Field Comment Log popup on a data entry form, if the username in the User column is very long, it would mistakenly not wrap in the table but instead would overflow into the next column.
      • Bug fix: When a user attempts to access a REDCap project that has been set to "Offline" on the "Edit a Project's Settings" page by an administrator, it would mistakenly display the default system-offline message rather than the project-offline message. (Ticket #56938)
      • Bug fix: Certain project pages might not display correctly on tablets (causing the main right-hand window to display below the left-hand menu), especially if the project's language is set to a non-English language. (Ticket #56872)
    • Version 8.11.1 - (released 1/23/2019)

      BUG FIXES, & OTHER CHANGES:

      • Bug fix: If running REDCap on PHP 5.5, the Online Designer page would mistakenly not load. Bug emerged in REDCap 8.11.0. (Ticket #56859)
    • Version 8.11.0 - (released 1/22/2019)

      NEW FEATURES, BUG FIXES, & OTHER CHANGES:

      • New feature: Microsoft Azure Quick Start – Method for quickly deploying a full, production-ready REDCap server environment on Microsoft Azure Cloud Platform. This includes a completely automated way for deploying the server infrastructure as well as a fully automated installation of REDCap. For details, see the top of the pagehttps://projectredcap.org/software/requirements/ (Note: The REDCap “Easy Upgrade” feature does not yet work with Azure but is expected to in a later REDCap version).
      • New feature: The "Survey Link Lookup" external module was integrated into REDCap
        • This feature allows administrators to take a survey URL and find and navigate to the corresponding project, survey, record and data entry form. The Survey Link Lookup page is located under the “Projects” section on the left-hand menu in the Control Center.
        • If this external module was already enabled on the REDCap installation, it will automatically be disabled during the upgrade process to prevent any possible conflicts.
      • New feature: The "REDCaptcha" external module was integrated into REDCap
        • This feature allows users to utilize the Google reCAPTCHA functionality to help protect public surveys from abuse from “bots”, which are automated software programs that might enter trash data into surveys. The feature must first be enabled at the system level on the Modules/Services Configuration page in the Control Center since it requires an administrator generate a new Google API pair of keys that will be used for this functionality. Once the site key and secret key are set, users will then be able to choose to enable the Google reCAPTCHA functionality on the Public Survey page in their project, after which the public survey will display the reCAPTCHA checkbox and “I’m not a robot” text on a survey page prior to allowing the participant to view the public survey. This feature is not employed on any private survey links because those are unique to a record and thus would never be made publicly available like a public survey link would.
        • Note: A survey participant will never have to pass the reCAPTCHA test more than once per day on a given device/computer.
        • Additional note: If this external module was already enabled on the REDCap installation, it will NOT automatically be disabled during the upgrade process. Thus you may consider disabling the module after the upgrade if you wish the utilize this new integrated feature.
    • New feature: The "Sticky Matrix Header" external module was integrated into REDCap. This feature will cause matrix headers to float and stick to the top of a page on either a survey or data entry form so that the matrix headers are always visible, which is helpful for matrices with many rows. If this external module was already enabled on the REDCap installation, it will automatically be disabled during the upgrade process to prevent any possible conflicts.
    • New feature: The "Codebook Concertina" external module was integrated into REDCap. This feature will display Expand and Collapse buttons for each instrument listed on the Codebook page in a project. If this external module was already enabled on the REDCap installation, it will automatically be disabled during the upgrade process to prevent any possible conflicts.
    • Minor security fix: A Cross-Site Scripting (XSS) vulnerability was discovered on certain pages, in which a malicious user could potentially exploit it by manipulating the query string of an HTTP request.
    • Improvement: When enabling an instrument as a survey or editing an existing survey's survey settings, it now displays a "Save Changes" button at the top of the page (next to the Cancel button) so that the user does not necessarily have to scroll all the way to the bottom to submit the page.
    • Change: PHP 5.5 is now the minimum required PHP version. In previous versions, the minimum required PHP version was PHP 5.3.
    • Change/improvement: When viewing a survey response on a data entry form that had been completed using the E-consent Framework, users with Record Locking privileges will now be able to Lock and E-sign the instrument. Previously in all versions of REDCap version 8.10.X, the entire instrument was read-only, including the Locking and E-signature options. (Ticket #54874)
    • Improvement: If a URL is included in a message posted on REDCap Messenger (including those sent via General Notifications from an administrator), the URL will be displayed as a clickable link to the user in the Messenger panel.
    • Change/improvement: The Custom Record Label and Secondary Unique Field values are now displayed with the record name in the table on the "PDF Survey Archive" tab in the File Repository if the "PDF Auto-Archiver" is enabled for one or more surveys in a project. In previous versions, it did not display them next to the record name.
    • Change: For projects in production, the settings on the Record Locking Customization page can now be edited by any user that has "Record Locking Customization" privileges in the project. In previous versions, only REDCap administrators could modify this page's settings while in production. This change will alleviate the burden of administrators for many production projects needing to make changes on this page.
    • Bug fix: In server environments with PHP error reporting enabled, it would display a deprecation notice regarding the constructor of several PHP classes. (Ticket #55557)
    • Bug fix: When viewing an individual user on the Browse Users page in the Control Center, if the user is a Table-based authentication user and their secondary or tertiary email address has not yet been verified, then it would mistakenly not display the buttons to auto-verify the address or re-send the verification email to the user. This only occurs if the user is a Table-based user.
    • Bug fix: When a form or survey is submitted, in which there do not exist any fields on the instrument that are used in a calculated field anywhere in the project, then it would mistakenly trigger the calculation of all calc fields in the project. It should instead only trigger calculations if a field being submitted is used in a calculation. (Ticket #55192)
    • Bug fix: The "Export Survey Participants" API method would mistakenly not include some participants in the resulting API response if those participants had not first been viewed by a user either on the Participant List page or on the data entry form for the survey instrument that was passed as a parameter in the API request. Once a user had viewed the data entry form or Participant List for that instrument, the participants would then appear in the API export. (Ticket #55517)
    • Bug fix: When creating a project and selecting the option to upload a REDCap Project XML file, if the user fails to upload an XML file and then clicks the "Create Project" button, it would mistakenly create an empty project. It should instead give a warning to the user to upload an XML file and prevent the user from submitting the page. (Ticket #55731)
    • Bug fix: When a user makes a request to an administrator that a project be copied, it would mistakenly not check off some of the checkboxes on the Copy Project page when the administrator loads the page via the link in the email or via the To-Do List. This includes the following options: All report folders, All data quality rules, All project bookmarks, and All custom record status dashboards. (Ticket #55751)
    • Bug fix: When attempting to rename a record to "0" on the Record Home Page, it would fail and return an error message to a user. (Ticket #55723)
    • Bug fix: When using the Smart Variables form-link, form-url, survey-link, or survey-url to create links/URLs either to or from a repeating instrument or repeating event, it might mistakenly add the instance number of the current context to the URL when instead it should evaluate whether or not the instance number makes sense to be added to the target URL. (Ticket #54776)
    • Bug fix: When using Twilio telephony services for surveys, U.S. phone numbers having the area code "463" would mistakenly not work for SMS or voice calls unless the number has a "1" prepended to it. (Ticket #55668)
    • Change: The System Statistics page in the Control Center would load very slowly for large installations, especially if they had DDP Custom or DDP on FHIR enabled. The page has been reconfigured to fetch all DDP-related stats asynchronously.
    • Bug fix: When adding/editing/deleting a Report Folder or assigning/unassigning a report to a Report Folder and then closing and re-opening the Report Folder popup, the user would mistakenly no longer be able to perform any actions inside that popup (as if its elements were locked). (Ticket #55878)
    • Bug fix: When a user enters an incorrect password on the login page, it might mistakenly cause some of the custom login text (if any) to become disproportionally enlarged. (Ticket #55945)
    • Bug fix: When creating/editing a record on a data entry form, in which the record name contains a forward slash or back slash, it may cause a Data Quality rule with Real Time Execution not to get triggered correctly or cause the Required Field popup alert not to display correctly. (Ticket #56093)
    • Bug fix: If a participant partially completes a survey using the "Save & Return Later" feature, in which there is no email address associated with that participant (either via the participant list or via the designated survey email invitation field), then the page that gets displayed immediately after clicking the "Save & Return Later" button might mistakenly display the text "You have just been sent an email containing a link for continuing the survey" for a moment and then suddenly disappear, which could be confusing.
    • Bug fix: When inline images are used for Descriptive fields on a survey or form, then if the user is viewing the page on a mobile device and the image's native width is smaller than the width of the page, it would mistakenly not resize it correctly and would make it too small on the page. It now makes the image wider on the page for better viewing of it.
    • Bug fix: When printing a page in the Control Center, the left-hand menu would mistakenly not be removed from the print-out when using Firefox. (Ticket #56340)
    • Bug fix: The "Announcement text to display at top of Home page and My Projects page" would mistakenly not get displayed at the top on the REDCap Home Page if the "Additionally display text on login page?" option is set to "No". (Ticket #56618)
    • Bug fix: If the biomedical ontology auto-suggest functionality is disabled as the system level, it would mistakenly prevent users on the Online Designer from setting a min or max limit for a Text field in the "Add Field"/"Edit Field" popup. (Ticket #56499)
    • Bug fix: When entering a number- or integer-validated text field on a form or survey on an Android device, it would mistakenly open the full keyboard when typing in the field rather than displaying a more appropriate number-centric keyboard. (Ticket #56447)
    • Bug fix: When entering a number-validated text field on a form or survey on an iOS device, it would mistakenly open the full keyboard when typing in the field rather than displaying a more appropriate number-centric keyboard.
    • Bug fix: "event_id" was mistakenly not listed as a reserved field name to prevent users from using it as a field's variable name. (Ticket #56627)
    • Bug fix: When an administrator is approving a "Move project to production" request on the To-Do List page, the To-Do List popup would mistakenly not automatically close after the request was approved or if the admin clicked Cancel to close the request. (Ticket #56457)
    • Bug fix: When using the @MAXCHECKED action tag for a checkbox field, if a user clicked on the checkbox’s label (rather than on the checkbox itself), it would appear to keep the checkbox unchecked if the @MAXCHECKED limit has been reached, but it would mistakenly save the checkbox as checked. (Ticket #56658)
    • Bug fix: For specific screen widths, the nav items at the top of the page on the Home page, My Projects page, etc. would mistakenly not be visible.
    • Bug fix: When performing a data import in projects with repeating instruments or repeating events, the "redcap_repeat_instance" field could mistakenly be imported with a value of "0", which should never be allowed because it must always be an integer larger than "0". (Ticket #28842)
    • Bug fix: If a required field is changed to be a Descriptive field, it would still mistakenly display the "must provide value" text below the Descriptive field's label on a survey page or data entry form. (Ticket #56719)
    • Bug fix: After selecting the "Export Reports" API method in the API Playground, the "Report ID" drop-down list would mistakenly not get rendered correctly, thus preventing users from utilizing it on that page. (Ticket #56707)
    • Bug fix: When using the survey-link or survey-url Smart Variable in the email message for an Automated Survey Invitation, in which the instrument name is appended to the Smart Variable (e.g. [survey-link:survey_2]), then if the appended instrument name is different from the survey instrument for the current ASI, it would mistakenly replace the Smart Variable with the link to the current ASI survey rather than with the explictly specified one. (Ticket #55400)
    • Bug fix: When using the first-event-name or last-event-name Smart Variable in branching logic or in a calculated field, in certain cases it might not get interpreted correctly, thus mistakenly resulting in a branching logic error message on a survey page or data entry form. (Ticket #56583)
    • Bug fix: When setting the conditional logic for an Automated Survey Invitation in a longitudinal project, if any fields are prepended with the Smart Variable [event-name], it would cause the ASI not to send the invitation if step 2 had the "Ensure logic is still true before sending invitation?" option selected while Step 3 was set to "Send immediately". (Ticket #55919)
    • Bug fix: When setting the conditional logic for an Automated Survey Invitation in a longitudinal project, if any fields are prepended with the Smart Variable [event-name] and the user selected a record from the "Test logic with a record" drop-down, it would mistakenly return "False" even when the condition is actually True.
    • Bug fix: When setting the branching logic for a field in the "Add/Edit Branching Logic" popup on the Online Designer, if a user selected a record from the "Test logic with a record" drop-down, it would mistakenly return "False" even when the condition is actually True. (Ticket #56623)
    • Bug fix: When a repeating instrument is being used as a survey and is being displayed in the Survey Queue, then it may mistakenly display the text "All surveys in your queue have been completed" on the Survey Queue if only 6 surveys have been completed in the queue (including all instances of the repeating survey), which could be confusing to respondents who might want to keep taking the repeating survey. Since a repeating survey is by definition open-ended and can be taken over and over again without end, the Survey Queue should never state "All surveys in your queue have been completed" if the queue contains at least one repeating survey. (Ticket #56540)


  • No labels