tmccormi wrote on Wednesday, August 24, 2011:
Not up for much air yet. By Friday Ken and I should be able to look at it, frankly I haven’t had time to even read what the request actually is, much less analyze whether we have time to do it. I have it tagged to follow up on soon.
-Tony
arnabnaha wrote on Wednesday, August 24, 2011:
Thanks for the windows path fix of rxnorm and snomed codes. it now installs fine…
bradymiller wrote on Monday, August 29, 2011:
Hi,
Just posting a quick status and also a request for developers help in squashing bugs and testing bug fixes. Here’s the 4.1 release page documenting pending features and bug fixes needed before the release:
http://www.oemr.org/wiki/QA/Release_Process
Key things are that the ZH Healthcare portal is getting close (they have put a tremendous amount of work into this thing) and there are about 10 or so bugs that need fixing. I just committed a bug fix by whimmel that fixes the auto calculation of the absolute path and webroot path (hopefully, this will avoid some users needing to manually set these); would be very helpful for windows users to ensure OpenEMR still installs and works with these changes.
If you are a developer and interested in getting a official release out, please look through the ‘Bugs Pending’ section of the above link. There are about 10 bugs which have not been fixed and are not assigned to anybody (ie. no name in red at the end). Please help fix some of these bugs (to avoid overlap in resources, simply place your name in red at the end of a bug or ask me to place your name there to let us know you are working on it). Goal is to get these bugs fixed and then get at least a full week of testing after all bugs are dealt with before the release.
Also, keep testing the 4.1 demo and packages which are listed at the top of the page in the link above.
thanks,
-brady
jojohit wrote on Tuesday, August 30, 2011:
>would be lack of a User Manual…
I would like to assist with this task. Please let me know what I should do.
Also, as I was typing in this reply I notice that this new “editing tools” in the Sourceforge forum is cool. It is like MediaWiki. Probably if we have a manual in a MiediaWiki-type setting and have experts add their images and tutorials on it. Then we can just point EMR installations to this online mediawiki. And or OpenEMR has a config setting where they have their own copy of the MediaWiki/manual running locally to prevent updates and for non-online hosting.
I already see some high-end software like VMWare’s help go online when you click help so that it can access the latest and greatest information. The idea is the same.
It may require “help” tags everywhere in OpenEMR that could be made to appear by pressing a hotkey.
JP
============
tmccormi wrote on Tuesday, August 30, 2011:
There is a 4.0 wiki based manual that is underdevelopment at: http://www.oemr.org/wiki/OpenEMR_4.0_Users_Guide, this is the basis to start the 4.1.0 Users Guide. Sara is the author and typically coordinates any offered assistance. She doesn’t watch the SF forum closely as most of what is here is not her game. Feel free to contact her directly at sara at infinitecreature dot net
It would be nice to have some of the more advanced things covered, like Procedure Orders/Results and the Clinical Decision Rules and CQM reporting.
-Tony
bradymiller wrote on Wednesday, September 07, 2011:
Hi,
Please keep testing the 4.1 demo and packages:
Online demo:
http://www.openmedsoftware.org/wiki/Development_4.1.x_Demo
Daily built packages:
http://www.openmedsoftware.org/wiki/OpenEMR_Downloads#Daily_snapshots
There are still quite a few bugs that need to be fixed (some are pretty nasty; for example entire Adminsitration->Practice module seems broken):
http://www.oemr.org/wiki/QA/Release_Process#Bugs_Pending
(If you want to help fix bugs, simply place your name in red to the right of the bug and then crush it)
thanks,
-brady
bradymiller wrote on Tuesday, September 13, 2011:
Tony,
Is there an ETA on the OpenEMR 4.1 User Manual?
thanks,
-brady
bradymiller wrote on Tuesday, September 13, 2011:
Hi,
Squashed quite a few bugs today. Please keep testing (wait until late tomorrow morning to ensure testing code with the new bug fixes):
Online demo:
http://www.openmedsoftware.org/wiki/Development_4.1.x_Demo
Daily built packages:
http://www.openmedsoftware.org/wiki/OpenEMR_Downloads#Daily_snapshots
There are only 3 bug fixes pending at this time:
1. Security exploit report bugs: http://packetstormsecurity.org/files/103810
- Any takers?
2. xmlformgen bug in the trackers. http://sourceforge.net/tracker/?func=detail&aid=3391969&group_id=60081&atid=493001 http://sourceforge.net/tracker/?func=detail&atid=493001&aid=3405323&group_id=60081
- Julia, are you able to look into these xmlformgen bugs?
3. billing bug http://sourceforge.net/tracker/?func=detail&aid=3392207&group_id=60081&atid=493001
- Any takers?
If these bugs get addressed in the next several days (and no new bugs crop up), then release will likely happen sometime next week.
-brady
tmccormi wrote on Tuesday, September 13, 2011:
Sara says she can have the 4.1 Users Guide updated by that time.
-Tony
rpl121 wrote on Wednesday, September 14, 2011:
There are only 3 bug fixes pending at this time:
1. Security exploit report bugs: http://packetstormsecurity.org/files/103810
- Any takers?
Brady - I downloaded the free version of Acunetix Web Vulnerability Scanner and ran it on my installation of OEMR 4.0.0. It confirmed the XSS vulnerabilities listed in this link.
When I ran it on the 4.2.0 online demo as of 1 AM EDT 09/14/11, it showed these XSS vulnerabilities plus one at /openemr/interface/login/login_frame.php and /openemr/interface/login/validateUser.php.
The Acunetix program gives a lot of information about what is going on, though I’m definitely a novice.
Ronald Leemhuis MD
bradymiller wrote on Wednesday, September 14, 2011:
Tony,
Great news. Would like to have flexibility to put out the release anytime from 9/19-9/23.
-brady
bradymiller wrote on Wednesday, September 14, 2011:
Hi Ronald,
The XSS vulnerabilities is actually a pretty general problems with the current codebase. There is a strategy and ongoing walk through of code to fix the entire codebase here: http://www.oemr.org/wiki/Active_Projects#PLAN
Also been trying to fix any vulnerabilties that get published on the web (and could also fix those you get from your vulnerability scanner software).
Will obviously be important to fix these issues to support large enterprise instances of OpenEMR (exploits like these, such as XSS ans sql-injection are generally dependent on having users that are logged into OpenEMR and screwing things up (so, if smaller practices where you trust all your employees, then these are not too much of an issue). I truly think this security hardening of OpenEMR is the next “big” project that should be undertaken since as OpenEMR gets more popular these published exploits will become much more frequent and pervasive.
-brady
rpl121 wrote on Wednesday, September 14, 2011:
Is the solution to the XSS vulnerability issue to put htmlspecialchars function into strategic places in the messages and calendar scripts affected by the bug? If so, I’d be willing to struggle with that if necessary. I’m no expert, but I can edit files, follow general instructions and test function. I’m figuring I could use the older, apparently secure, scripts as a model for how to use the htmlspecialchars function.
However, if there is a generic way to solve the problem in a more global fashion, that may be preferrable. Does anybody know the best way to fix the XSS vulnerability for some of the new scripts?
Ronald Leemhuis
bradymiller wrote on Wednesday, September 14, 2011:
Hi Ronald,
Yep, for fixing the published security exploits, basically putting htmlspecialchars in the right places will suffice. Interestingly, the messages code module has been upraded to the new security model, but the sortby variables were not wrapped in htmlspecialchars; so this will be an easy place for you to start. The calendar may be a bit harder because of the smarty issues, but feel free to take a stab at it (again, for now just doing focused fixes; in future will likely need to incorporate some smarty functions when go through code systematically). Also, most new code being submitted is using htmlspecialchars, and new scripts are using the new security model. The hard work will be converting all the old code; note that several modules have been done already:
Messages and Pnotes (patient notes) module: http://github.com/openemr/openemr/commit/21e15cce4507d36c7ffd234f2c4f034b38d1087e
Patient searching modules: http://github.com/openemr/openemr/commit/a9aa64513e4556aeb2f36b049e86aac47b3fef42
Transactions module: http://github.com/openemr/openemr/commit/f56f469c9d2481f3d440c79db1917e0a38f076a9
Patient history module: http://github.com/openemr/openemr/commit/a4817af442d569525b24129ed75afa915030a4dd
Immunization module: http://github.com/openemr/openemr/commit/5d06c6f08d04405a80b036810a8523a7cb680a31
Authorization module: http://github.com/openemr/openemr/commit/e08e3327b83f36164db0177c9acb8b7a1c3f9ddb
demographics.php script: http://github.com/openemr/openemr/commit/c0bfa8a51106cd97842374d5ae719bb5b469b763
Language admin gui module: http://github.com/openemr/openemr/commit/28f02594d450ce1e1546557b4cee040b8bedc194
-brady
OpenEMR
bradymiller wrote on Wednesday, September 14, 2011:
Hi,
If you want to get yourself on the OpenEMR copyright page (anybody whom has contributed code can do this), then please place yourself on it at this wiki page:
http://www.oemr.org/wiki/OpenEMR_Copyright_Notice
Plan to finalize this page over next 1-2 days.
thanks,
-brady
OpenEMR
bradymiller wrote on Saturday, September 17, 2011:
Hi,
Just reminding everybody to continue testing and reporting bugs:
Online demo:
http://www.openmedsoftware.org/wiki/Development_4.1.x_Demo
Daily built packages:
http://www.openmedsoftware.org/wiki/OpenEMR_Downloads#Daily_snapshots
Just finalized the translations yesterday for the international users, which will now show up in the demos and above package. We still have 3 outstanding bugs and the user manual before going ahead with the release, but we are really close. Hopefully the release will go out sometime this week (likely mid-week).
thanks and keep on testing,
-brady
OpenEMR
bradymiller wrote on Tuesday, September 20, 2011:
Hi,
Reminding everybody again to continue testing and reporting bugs for the soon to be 4.1 release:
Online demo:
http://www.openmedsoftware.org/wiki/Development_4.1.x_Demo
Daily built packages:
http://www.openmedsoftware.org/wiki/OpenEMR_Downloads#Daily_snapshots
We are still incorporating some new features(and database changes, which have potential to cause the worst bugs), so to be safe, the release will not go out until this weekend. Also, still a couple more bugs to fix.
thanks,
-brady
bradymiller wrote on Tuesday, September 20, 2011:
Tony,
Can I get an ETA on the User Manual. Just need to know so I can start to plan time for myself to do the release (I’d like the manual in the codebase for at least two days of testing before issuing release).
Thanks,
-brady
bradymiller wrote on Tuesday, September 20, 2011:
Hi everybody,
There is a good possibility that the User Manual may not be done in time, and I’d rather give the contributors enough time to produce a high quality User Manual. One option we have is proceeding with the release without the embedded User Manual and instead having the ‘Manual’ link open a window on this wiki page:
http://www.oemr.org/wiki/OpenEMR_4.1_Users_Guide
Note I wasn’t initially excited about this, but after doing it, I realized how much more flexible having this page is. For example, it already has a lot of useful documentation on it, which can now continually be updated as the User Manual is improved. For now, I’ve set the ‘Manual’ links in OpenEMR (just committed this) to go to this wiki page.
Any thoughts?
-brady
OpenEMR
juggernautsei wrote on Wednesday, September 21, 2011:
Brady,
the moment I read through this proposed link to the wiki for the user guide, I thought it was great. The idea of having a dynamic user manual that can grow and change is very appealing. Great idea. Thanks for the commit!!
(My two cent worth)
Sherwin
opehmedpractice.com