OpenEMR 6.0.0 Patch

brady.miller · March 14, 2021, 7:08am

The 1st patch for OpenEMR 6.0.0 has been released:
https://www.open-emr.org/wiki/index.php/OpenEMR_Patches

The patch includes:

Security fixes (reported by Hagai Wechsler at whitesourcesoftware.com, fixes by Brady Miller)
Eye form fixes (fixes by Ray Magauran)
Patient portal registration fix (fix by Jerry Padgett)
WENO Exchange ePrescribing (by Sherwin Gaddis)
UUID creation optimizations (by Brady Miller)
Billing fixes (fixes by Stephen Waite)
sql upgrade optimizations (by Stephen Waite)
Addition of Johnson & Johnson COVID-19 vaccine (by Stephen Waite)

PeteBoyd · March 15, 2021, 4:38pm

https://www.open-emr.org/wiki/index.php/OpenEMR_Patches says “List of files (6.0.0)” where it should instead say “List of files (6.0.1)”.
I would change it but I don’t appear to have permission to change that page in particular.

stephenwaite · March 15, 2021, 5:11pm

all set @PeteBoyd, thank you

edit: actually looks like 6.0.0.1 would be correct

PeteBoyd · March 16, 2021, 10:13am

Oops yes of-course @stephenwaite you call it “6.0.0 (Patch 1)” in prose and “6.0.0 (1)” in the About page.

brady.miller · June 16, 2021, 7:42am

The 2nd patch for OpenEMR 6.0.0 has been released:
https://www.open-emr.org/wiki/index.php/OpenEMR_Patches

The patch includes:

Security fix (reported by Hagai Wechsler at whitesourcesoftware.com, fix by Brady Miller)
WENO Exchange ePrescribing fixes (fixes by Sherwin Gaddis)
Session and timeout fixes (fixes by Rod Roark, Stephen Waite, Jerry Padgett and Brady Miller)
Patient portal improvements (by Jerry Padgett)
Eye form fixes (fixes by Ray Magauran)
Billing fixes (fixes by Stephen Waite)
New GAD-7 form (by Ruth Moulton)
Layout Based Form fix (fix by Rod Roark)
Backup fixes (fixes by Rod Roark)
Demographics fix (fix by Ken Chapple)
Messaging improvement (by Stephen Waite)
PHP 8 fixes (fixes by Stephen Waite)
MySQL 8 fix (fix by Rod Roark)

brady.miller · October 20, 2021, 12:21am

Released patch 3; see here for details:

daurrutia · December 14, 2021, 8:01am

Are these (or will these be) ported as docker images on dockerhub?

stephenwaite · December 14, 2021, 4:09pm

Hi @daurrutia , they’re there.

daurrutia · December 16, 2021, 3:18am

Thanks Stephen.

On dockerhub I see:

6.0.0, latest (Dockerfile) (further instructions and example docker.yml file)
5.0.2 (Dockerfile) (further instructions and example docker.yml file)
5.0.1 (Dockerfile) (further instructions and example docker.yml file)
5.0.0 (Dockerfile) (further instructions and example docker.yml file)
6.1.0, next, dev
flex
flex
flex

I guess I’m assuming if they are there I’d see them tagged like the 5.0.x patches were tagged (e.g., 6.0.1, 6.0.2, 6.0.3). Am I going about this round the wrong way?

stephenwaite · December 16, 2021, 1:16pm

hi @daurrutia , it’s 6.0.0, latest which will grab patch 3.

daurrutia · January 20, 2022, 2:32am

Thanks.
Anyone know if there’s a way to tell what patch level the container is running in v6?
I’ve looked within the app’s About page, that seems not to display patch level in v6.
Also version.php doesn’t seem to have it.
Or maybe I’m pulling the wrong image.

Some screenshots attached from image: openemr/openemr:latest

stephenwaite · January 20, 2022, 1:21pm

Hi @daurrutia , if there was a patch it would appear there like this in the demo with the latest patch:

Screenshot from 2022-01-20 08-20-20

daurrutia · January 22, 2022, 4:18am

Based on the 6.0.0 Dockerfile a build of the file will pull in the branch rel-600 which indeed includes the patch commits.
However, it looks like the tagged 6.0.0/latest images in the DockerHub repo were pushed up on Jan 16, 2021.
The 6.0.0 patches 1,2, and 3 were released Mar, Jun, and Oct 2021, respectively.
When anyone pulls openemr/openemr:6.0.0 or openemr:latest from DockerHub, based on what’s in the repo now, they are pulling an image pushed up in Jan of 2021, 6.0.0 patch 0 essentially.
We need to re-build the image at the time of each patch release and push up that fresh image to DockerHub in order to ensure folks pulling 6.0.0/6.0.0-3/latest are getting the latest patches.
For now, a build and push with the 6.0.0 tag ASAP would be recommended for the community’s security posture.

This is what I’m seeing from my end. Please review, and apologies if I am mistaken.

brady.miller · January 22, 2022, 7:46am

Hi @daurrutia
I should of chimed in here sooner. As you’ve noted, haven’t updated docker (or the main packages) with each patch. Would recommend getting in habit of installing most recent patch after any install (we make this clear on than standard packages, for example OpenEMR 6.0.0 Linux Installation - OpenEMR Project Wiki, but we should also make this clear somewhere in documentation for the dockers). Would be good to update official docker after each patch to make things easier, but the problem is docker builds can break over time (especially since we do multiarch builds) or bring in untested stuff, so it requires resources/time to do that.

brady.miller · February 21, 2022, 4:40am

Released patch 4; see here for details: