In this Section

REDCap Change Log

REDCap Change Log

Version 8.9.0 - (released 11/2/2018)

NEW FEATURES, BUG FIXES, & OTHER CHANGES:

  • New feature: Report Folders - Reports can now be organized into folders in any given project. If a user has "Add/Edit Reports" privileges, they will see an "Organize" link on the left-hand project menu above the project’s reports. They will be able to create folders and then assign their reports to a folder, after which the project's reports will be displayed in collapsible groups on the left-hand menu.
  • New feature: “Edit Access” for reports - In addition to setting "View Access" when creating or editing a report, users can now set the report's "Edit Access" (under Step 1) to control who in the project can edit, copy, or delete the report. This setting will be very useful if one wishes to prevent certain users from modifying or deleting particular reports.
  • New feature: Report search - A new search feature exists on the left-hand menu to allow users to search within the title of that project’s reports to help them navigate to a report very quickly.
  • Improvement: The Browse Users page in the Control Center now displays a "Can create projects?" column in the user table to indicate if the user has privileges to create or copy a project on their own. This is only available if users in the system are allowed to create/copy projects (as opposed to requesting them be created by an admin).
  • Minor security fix: A Cross-Site Scripting (XSS) vulnerability was discovered on certain pages, in which a malicious user could potentially exploit it by manipulating the query string of an HTTP request.
  • Minor security fix: An SQL Injection vulnerability was found on surveys pages and data entry pages in which a malicious user could potentially exploit it by manipulating the query string of an HTTP request.
  • Major bug fix: If a user has "De-identified" or "Remove all tagged Identifier fields" data export user privileges in a project, and then the user downloads a PDF of a data entry form with saved data, in which the form is a repeating instrument or repeating event, it would mistakenly not remove the appropriate data from the PDF as required according to their user privileges. (Ticket #52190)
  • Change: Changed the text "Manage Survey Participants" to "Survey Distribution Tools", which more clearly describes the pages in that section.
  • Bug fix: Users using certain browsers (e.g., Firefox) on the "Create New Report" or "Edit Existing Report" page would mistakenly be unable to place their mouse cursor into the input fields in Step 2 on that page, thus preventing them from adding new fields to the report using the auto-complete functionality. (Ticket #52055)
  • Bug fix: When performing a data import (either via API or via Data Import Tool) in which the first instrument of a record is locked, it would mistakenly prevent the data import from completing, thus resulting in an error, even if the user is not attempting to update values on the first instrument.
  • Bug fix: Uploading, editing, or deleting a file in the File Repository of a project would fail if the project's language was set to anything other than the default "English" language. Bug emerged in REDCap 8.7.0. (Ticket #51457)
  • Bug fix: The data dictionary import process would fail if any calculated fields in the data dictionary contained Smart Variables in their calculation. (Ticket #51346)
  • Bug fix: If using a custom record label in a longitudinal project, in which the custom record label references a field that exists on an event that is not the first event of the current arm, then it might not display the custom record label at all. (Ticket #50733)
  • Bug fix: Some cron jobs were mistakenly shifting by a minute or two each day with regard to the time they should be run by the system. They will now be run at the exact minute they are expected to based on their previous run time + their defined frequency to run.
  • Bug fix: When using DDP on FHIR to add a patient to a project from inside the EHR interface, in certain cases the add-patient process would fail and simply return a dialog saying "ERROR".
  • Bug fix: If a report in a project is created, copied, reordered, or deleted, then on occasion it may mistakenly cause many (or all) of the existing reports to be reordered in a seemingly random fashion. (Ticket #42809)
  • Bug fix: When using the Publication Matching module, if REDCap is upgraded to a newer version after an email has been sent to a PI regarding a possible publication match, then the link in the email would not redirect to the correct webpage properly. (Ticket #52023)
  • Bug fix: If custom Homepage Announcement text is set for the system and the current user is sponsor of a user, then the custom text would mistakenly not stretch as wide as the My Projects table. (Ticket #51782)
  • Bug fix: If a field on a repeating event/form has a specific repeating instance number that is referenced in a calc field or branching logic (e.g., [weight][2] > 150), then even if the specific repeating instance of the event/form exists, it will throw an error on the data entry form or survey page if the field itself does not have a value saved for the repeating instance that is explicitly referenced.
  • Bug fix: When using certain non-English languages for the translated text in a project, the title/hover-over text for the repeating survey icon in the Online Designer would mistakenly get truncated. (Ticket #52126)
  • Bug fix: When piping data from a repeating event/instrument onto another instrument or event, especially a non-repeating instrument/event, then the PDF download of that instrument with saved data might mistakenly not pipe the data into the labels in the PDF.
  • Bug fix: In a multi-arm project using the Scheduling module, opening a record from the Calendar page and then clicking "view schedule" from the calendar popup would load the "View or Edit Schedule" page but might mistakenly not pre-select the record in the record drop-down list on that page.
  • Bug fix: When viewing the Browse Projects page in the Control Center, any projects that have been deleted in the past 30 days but have not yet been removed from the system would have a missing status icon on the far right of the projects table. It should instead be displaying a red cross icon for the status.
  • Bug fix: The plugin/hook/module method REDCap::getReport now more strictly checks the value of the third parameter ($exportAsLabels) to ensure it is a boolean. (Ticket #52382)
  • Bug fix: When using a bookmarked link of a page in the Plugins, Hooks, and External Modules documentation after REDCap is upgraded to a newer version, then the bookmark would not redirect to the correct webpage properly. (Ticket #51824)
  • Change: Added extra admin-specific error message in DDP on FHIR when a FHIR access token fails. This is to help troubleshoot access token issues.
  • Bug fix: If a conversation in Messenger is attached to a project, it would mistakenly display the HTML <br> tag when hovering over the conversation title. (Ticket #52308)
  • Bug fix: If certain Smart Variables (e.g., [survey-queue-link]) are used in the email text of an Automated Survey Invitation, which also uses datediff with "today" or "now" as a datediff parameter, then it would prevent the ASI+datediff cron job from fully running. Note: This would only affect a small percentage of the total invitations being sent out. (Ticket #51081)

Version 8.8.2 - (released 10/17/2018)

BUG FIXES & OTHER CHANGES:

  • Change: If a user loads a data entry form without a record in context, in which it displays the Incomplete/Complete Records drop-downs for choosing a record (this page can only be navigated to by clicking the "Show data collection instruments" link on the left-hand project menu and then selecting a form), if the project exceeds 25,000 records, it will truncate the drop-downs so that they only display the last 25,000 records ("last"=those at the end when viewing an ordered list of all records). This is to improve performance by preventing the page from having to output so much HTML to the client.
  • Change: Added suggested change to the REDCap install page regarding the sample MySQL script for creating a new MySQL user. (Ticket #51144)
  • Bug fix: If text has been set for the Home Page setting "Announcement text to display at top of Home page and My Projects page" and the setting "Additionally display text on login page?" is set to "No" (which is a new feature in v8.8.1), then it would mistakenly display the custom Home Page text below the login form when a user is logging in, even though it is not supposed to. Bug emerged in REDCap 8.8.1. (Ticket #50889)
  • Bug fix: The table listing all the user rights/roles on the User Rights page in a project would mistakenly not display the last column or two of the table. (Ticket #50876)
  • Bug fix: When using the Twilio Telephony Services for surveys and setting up an Automated Survey Invitation in which the Invitation Type is "SMS Invitation (contains survey link)", it would mistakenly add the survey link twice to the SMS message. And in the version of REDCap just prior to this one, it was mistakenly adding the survey link if it was not included in the SMS message for the ASI, which should not occur because the instructions state that the survey link will not be automatically added to the SMS when using the "SMS Invitation (contains survey link)" invitation type. So if using "SMS Invitation (contains survey link)" invitation type, it will not add the survey link unless the [survey-url] Smart Variable is used in the SMS message for the ASI. (Ticket #50596)
  • Bug fix: If a field exists on a repeating instrument, and a value is being imported for that field (via Data Import Tool or API) in which no value is provided for the redcap_repeat_instrument field for that row of data, it would mistakenly allow the data to be imported without errors, and that data might become orphaned and be inaccessible on certain pages (e.g., Record Home Page, Record Status Dashboard) after the import has completed.
  • Bug fix: In certain cases, the left-hand project menu might display the link "View/Edit Records" when instead it should always display the "Add/Edit Records" unless the user does not have "Create Record" privileges.
  • Bug fix: When clicking the pencil icon on the Online Designer, it would mistakenly not open the "Add Field"/"Edit Field" dialog if the user was using Internet Explorer. Bug emerged in REDCap 8.8.1 (Standard). (Ticket #51359)
  • Bug fix: For certain SFTP server configurations, the system-level feature "e-Consent Framework: PDF External Storage Settings" might mistakenly not save files successfully to the SFTP server.

Version 8.8.1 - (released 10/5/2018)

IMPROVEMENTS, BUG FIXES & OTHER CHANGES:

  • Improvement: REDCap admins may now, if they wish, prevent normal users from contacting admins in REDCap Messenger. This option can be enabled under the "REDCap Messenger" section on the "Modules/Services Configuration" page in the Control Center. If set to "prevent users from messaging admins", then users will not be able to add any REDCap admins to any new or existing conversation in Messenger. However, admins will still be able to add normal users and other admins to a new or existing conversation.
  • Improvement: The "Sponsor Dashboard" and the Control Center's "Browse Users" page now have a new action button: "Re-send account creation email". This new action is only available for REDCap installations with either "Table-based" or "LDAP & Table-based" authentication. Clicking the button will send the user the same email (which includes the link to set their password) that was sent to them when their Table-based account was created. This will often be used in case the user did not receive the original email (for whatever reason).
  • Improvement: Under the "PDF Customization Options" section in the Additional Customizations popup on the Project Setup page, a new option has been added: "Display or hide the Secondary Unique Field value (if enabled) at the top right corner of the PDF". This option will be useful, for example, when sending the PDF to a survey participant, in which the Secondary Unique Field value should not be known or viewable to the participant.
  • Improvement: When selecting a color for an item under "Custom survey theme options" on the Survey Settings page, the color-picker now allows users to provide the Hex color code (e.g., #0b5394) to choose the color of the item. (Ticket #8321)
  • Change/improvement: The option "Announcement text to display at top of Home page and My Projects page" on the "Home Page Configuration" page in the Control Center now has an extra option that says "Additionally display text on login page?", which will give admins the ability to opt out of displaying that text on the login page, which it currently does by default. (Ticket #21796)
  • Major bug fix: If importing new records into a project via Data Import Tool or API Import Records, it would mistakenly not update the record count in the project to reflect the new records that were added.
  • Major bug fix: If a user in a Data Access Group is creating a new record and uploading a file for a File Upload field on a form or survey prior to clicking the Save button, which would create the record, it will correctly assign that record to the user's DAG, but that record might mistakenly not show up for the users in that DAG when viewing a report, Record Status Dashboard, Add/Edit Records page, or other pages that display a list of records. This issue would usually correct itself after 3 days.
  • Bug fix: If a user attempts to create a new record on the Add/Edit Records page, in which the record contains a tab character (via copy-and-pasting the record name from elsewhere), it would mistakenly not inform the user that tab characters are not permitted in record names and would simply remove them when loading the Record Home Page for that new record. (Ticket #50347)
  • Bug fix: If a user adds Custom Event Labels for a longitudinal project, and then converts the project to classic/non-longitudinal format, the Custom Event Label for the first event would mistakenly still appear on the Record Home Page. Custom Event Labels should only appear when a project is longitudinal. (Ticket #49885)
  • Change: The language has been abstracted to allow for translation for the popup that appears on data entry forms and survey pages when a user leaves spaces at the beginning or end of a text box's value. (Ticket #37401)
  • Bug fix: The notification in the Control Center that informs REDCap admins that a new External Module update is available would mistakenly display versions of modules that were not compatible with the current REDCap version. However, if the admin clicked the blue button to visit the REDCap Repo and then returned back to REDCap afterward, it would temporarily resolve this issue. (Ticket #49957)
  • Bug fix: If a user creates a thread in REDCap Messenger that is connected to a project, and then navigates into a different project, in which the Messenger panel is initially closed while in that project, then when the background AJAX call for Messenger runs after being on a page for 60 seconds, it would mistakenly cause a JavaScript error and might cause some functionality of Messenger not to work correctly. (Ticket #24930)
  • Bug fix: The plugin/hook/module method named REDCap::evaluateLogic might not interpret the event context correctly depending on the value passed as the $event parameter. (Ticket #49420)
  • Bug fix: Fixed issue related to performance boost from REDCap 8.7.2 that caused some very large projects to be extremely slow on certain pages temporarily if multiple users were using the project simultaneously.
  • Bug fix: In a longitudinal project that is in production, if a user attempts to un-designate an instrument for an event on the "Designate Instruments for My Events" page, specifically using the CSV file upload option, it would mistakenly allow the user to do so, even though only REDCap admins should be able to un-designate instruments for events while in production. (Ticket #48290)
  • Bug fix: When using a date or datetime field with DMY or MDY format as the record ID field, it would mistakenly not save the record name correctly when trying to create the record, but instead it would mangle the date format. (Ticket #49373)
  • Bug fix: If branching logic or a calculation on a repeating instrument or repeating event utilizes the Smart Variable "current-instance" (e.g., [yesno_var][current-instance]*1), then when viewing the first repeating instance of that instrument/event, it would mistakenly not perform the branching logic or calculation correctly if the value for that field in the logic/calc changes while on that page. (Ticket #50094)
  • Change: When viewing the “Add New Field”/”Edit Field” popup in the Online Designer, it will now ask the user to choose the ontology service that they wish to use (it did not do this in previous versions), even though there is just one to choose. After choosing “BioPortal Ontology Service”, it will then display all the ontologies available for BioPortal, as it has done in the past. This extra step was added to allow for more custom ontology services to be added in the future. But for now, BioPortal is the only service currently available by default in REDCap.
  • Bug fix: When using the Twilio Telephony Services for surveys and setting up an Automated Survey Invitation in which the Invitation Type is "SMS Invitation (contains survey link)", it would mistakenly add the survey link twice to the SMS message. (Ticket #50596)
  • Bug fix: When downloading a PROMIS Battery from the REDCap Shared Library, it would mistakenly enable the Survey Auto-Continue option for all instruments in the battery when instead it should enable it for all except for the last one.
  • Bug fix: When running Data Quality rule F, in which some fields being evaluated exist on a repeating instrument, it might mistakenly display them in the list of discrepancies when in fact it is a false positive. (Ticket #49640)
  • Bug fix: Calculated fields would sometimes hit a precision limit in JavaScript and mistakenly return a blank value for the calc field rather than the correct numerical result, which might need to be displayed in scientific (exponential) notation. (Ticket #50578)
  • Bug fix: When using LDAP or LDAP & Table-based authentication, it was mistakenly not allowing users to be assigned to a user role in a project if the username contained a space. (Ticket #50791

Version 8.8.0 - (released 9/30/2018)

IMPROVEMENTS, BUG FIXES, & OTHER CHANGES:

  • New feature: PROMIS Batteries – 15 batteries of instruments are now available in the REDCap Shared Library. A battery is a set of instruments that can be downloaded from the Shared Library as a bundle, in which they are meant to all be taken together one after another within a single battery. When downloading from the Shared Library, the survey auto-continue feature will be enabled for these instruments to allow a participant to automatically continue from one to another to simulate the battery functionality.
  • Improvement: A project's Record ID field can now be used as a Live Filter in any given report, thus allowing users to easily view the report for a single record.
  • Bug fix: When hitting the Enter button while inside a date or datetime field that triggers calculations or branching logic on the same page of a form or survey, it might mistakenly display erroneous error prompts stating that something is syntactically incorrect with the calculation or branching logic, which is not the case.
  • Bug fix: When piping a value from a date or datetime field into the @DEFAULT action tag of another date/datetime field that has either MDY or DMY date format, the value would mistakenly get mangled and thus be incorrect when the page initially loads. (Ticket #17157)
  • Bug fix: When uploading a file for a File Upload field, under certain conditions it might mistakenly cause multiple rows to be added to the redcap_data database table for that record. (Ticket #50178)
  • Bug fix: Fixed issue related to performance boost from REDCap 8.7.2 that caused some very large projects to be extremely slow on certain pages temporarily if multiple users were using the project simultaneously.
  • Bug fix: If records exist in an arm in a multi-arm project, and then that arm is deleted, those records in that now-deleted arm might mistakenly appear on certain pages, such as the Record Status Dashboard or Add/Edit Records page. (Ticket #50353)
  • Bug fix: When using DDP on FHIR and opening a record on the Record Home Page while viewing it inside the EHR, a JavaScript error might mistakenly occur, thus sometimes preventing the DDP adjudication dialog from opening.
  • Bug fix: When creating a new Table-based user in the Control Center, in which the user's attributes contain special/non-Latin characters, then depending on the server's MySQL collation_connection, it might not save the user's attributes correctly in the database but may instead mistakenly garble them. This bug was supposedly fixed in REDCap 8.7.3 but was mistakenly not. (Ticket #48983)
  • Bug fix: When mapping an EHR field on the DDP mapping page in a longitudinal project using DDP on FHIR, and clicking the "Copy mapping to other event" for a given field, it might mistakenly also copy the category header that immediately follows that field, which makes the page look confusing to the user.

Version 8.7.4 - (released 9/20/2018)

BUG FIXES & OTHER CHANGES:

  • Major bug fix: If a user has data export privileges of "De-identified" or "Remove all tagged Identifier fields", and then the user exports a report in which every field in the report gets removed due to their export privileges, then it would mistakenly export data for *all* the fields in the entire project. (Ticket #48976)
  • Major bug fix: If a user attempted to put a production project into Draft Mode on the Online Designer page, it would fail and merely reload the page. (Ticket #49866)
  • Bug fix: The projects table on the Browse Project page in the Control Center was cut off on the right side. (Ticket #49773)
  • Change: Added the HTML tags <map> and <area> to the list of allowed tags that can be used in user-defined text (e.g., field labels, survey instructions). (Ticket #49526)
  • Bug fix: If a field was using @DEFAULT, @NOW, or @TODAY action tags, and that field was also being piped into text somewhere on that same page, then the field values would mistakenly not get piped when the page initially loads. (Ticket #49839)

Version 8.7.3 - (released 9/19/2018)

IMPROVEMENTS, BUG FIXES, & OTHER CHANGES:

  • New options for Data Exports
    • Improvement: When exporting a report, a new “Data formatting options” section appears in the export dialog to allow users to choose the CSV delimiter character to be used in CSV Raw Data and CSV Labels exports. Options include comma (default), tab, semi-colon, pipe, and caret. This is useful in certain cases when the resulting data file needs to have another delimiter, such as a tab, for example. In addition, the two API methods “Export Records” and “Export Reports” have a new analogous parameter “csvDelimiter” that will set the CSV delimiter character if using “csv” as the format in the API request. See the API documentation for full details. (Ticket #30939)
    • Improvement: When exporting a report, a new “Data formatting options” section appears in the export dialog to allow users to optionally force all numbers into a specified decimal format. It will default to “Use fields’ native decimal format”, but provides the choices “Use period/full stop” and “Use comma” as the decimal character for all numbers. This will allow projects that have fields with period/full stop decimals (calc fields, number validated fields) and those with comma decimals (comma-as-decimal validated fields) to all be exported in the same uniform number format, thus providing greater consistency in the data being exported. In addition, the two API methods “Export Records” and “Export Reports” have a new analogous parameter “decimalCharacter” that will set specified decimal format for all numbers in the API request. See the API documentation for full details. (Ticket #30939, #34597)
  • Improvement: New optional parameters added to the API Export Records method to filter data returned based on when a record was created or modified
    • dateRangeBegin – To return only records that have been created or modified *after* a given date/time, provide a timestamp in the format YYYY-MM-DD HH:MM:SS (e.g., '2017-01-01 00:00:00' for January 1, 2017 at midnight server time). If not specified, it will assume no begin time.
    • dateRangeEnd – To return only records that have been created or modified *before* a given date/time, provide a timestamp in the format YYYY-MM-DD HH:MM:SS (e.g., '2017-01-01 00:00:00' for January 1, 2017 at midnight server time). If not specified, it will use the current server time.
  • Improvement: The Record Status Dashboard will now remember the user's last selection for the "page number" drop-down and the "records per page" drop-down, so that when they return to the dashboard in that project in the future, it will already have their last selections pre-selected for those two drop-downs. Note: It already remembers the user's last selection for "dashboard displayed" and "data access group". (Ticket #48913)
  • Improvement/change: When a user copies a project via the "Copy the project" button on the Other Functionality page, it now logs the PID (project_id) and project title of the new project in the copied project, and it now also logs the PID and project title of the originating project in the newly created project. So now it should be much easier for users to see if someone copied a project, and if so, determine which project is the one that had been created from the original. (Ticket #47208, #42783)
  • Improvement: Two new parameters "exportAsLabels" and "exportCsvHeadersAsLabels" were added to the plugin/module method named REDCap::getReport. These allow developers to designate whether to output data as raw values vs labels, as well as choose to export CSV headers as labels rather than as variable names (for CSV outputFormat only). (Ticket #49173)
  • Improvement: If one or more External Modules are enabled in a project, it now allows the user to choose if they want to copy over the module configuration settings when copying the project. In previous versions, it would always copy the settings without asking, even though the modules were disabled by default. So now users have a choice.
  • Bug fix: After completing a data import in a project with thousands or tens of thousands of records, many project pages would sometimes become unresponsive for quite a while.
  • Bug fix: When viewing the To-Do List in the Control Center, some requests might mistakenly still show up in the request counts even though the requester's account has been deleted from the REDCap system. (Ticket #48846)
  • Bug fix: Certain database queries that check to make sure that a project's reports are in the correct order were getting run more than necessary, which would sometimes cause certain pages in a project to run slowly.
  • Bug fix: For large screens, project pages might mistakenly have an empty column of whitespace on the far right. (Ticket #49155)
  • Bug fix: The External Module framework methods setDAG() and addAutoNumberedRecord() were not updating the record list cache table, thus causing some record lists (e.g., Record Status Dashboard) to become out of sync with the data in the redcap_data database table. Bug emerged in REDCap 8.7.2 Standard. (Ticket #49215)
  • Bug fix: After editing the branching logic of a field in the Online Designer, it would mistakenly chop off the first character in the branching logic when displaying it in red text on the page for the field. (Ticket #49098)
  • Bug fix: When using DDP on FHIR to add a patient to a project, in some cases it would navigate to an incorrect non-existing record named "Undefined" in the REDCap project after clicking "View patient in project" button after creating the record via DDP on FHIR.
  • Bug fix: When using DDP on FHIR, some LOINC codes related to Multiple Sclerosis were mistakenly missing from the DDP field mapping page.
  • Bug fix: When creating a new Table-based user in the Control Center, in which the user's attributes contain special/non-Latin characters, then depending on the server's MySQL collation_connection, it might not save the user's attributes correctly in the database but may instead mistakenly garble them. (Ticket #48983)
  • Bug fix: The To-Do List page in the Control Center would mistakenly display with the action buttons overlapping the previous column in the table. (Ticket #49096)
  • Change: When a REDCap administrator enables or disables either the DDP on FHIR module or the DDP Custom module, it now explicitly states this on the Logging page, whereas previous versions merely logged the action generically as "Modify project settings".
  • Bug fix: When using DDP on FHIR, the information page/popup that describes how to use DDP to users was mistakenly missing the specific codings required for the three demography fields "sex", "race", and "ethnicity". The required multiple choice codings for those fields are now listed in the DDP on FHIR informational page that is accessible on the DDP on FHIR Control Center page and via the popup on a project's Project Setup page.
  • Bug fix: When launching multiple patients using DDP on FHIR inside the EHR interface (i.e., multiple tabs during same session), if the user returned to an older tab/patient during the same session, it might mistakenly confuse it with the latest patient that was loaded, thus losing that tab's proper context for the patient and causing confusion for the user.
  • Bug fix: If using MySQL 8.0 as the database, in certain cases the Control Control might erroneously display the "Database structure is incorrect" warning even though nothing is wrong with the database tables. (Ticket #49580)
  • Bug fix: If using certain non-English languages as the system language, the login page might mistakenly truncate the "Username:" or "Password:" labels. (Ticket #48547)
  • Bug fix: When exporting a project's Project XML file, for certain server configurations, it would cause the XML file to have all linefeeds removed from Section Headers and Field Labels. Note: This fix will not fix any Project XML files that have already been generated but will fix this issue for any XML files generated in the future. (Ticket #48719)
  • Bug fix: If there exists piping, calculations, or conditional logic using the Smart Variables first-event-name or last-event-name that happens to be prepended to a checkbox field, in which a checkbox choice is explicitly specified inside parentheses, it would mistakenly return a list of all the checked-off checkbox labels instead of the checked-off status for the specified choice. (Ticket #49378)
  • Bug fix: When a user attempts to place a production project into draft mode, it might mistakenly just reload the same page with no changes, thus preventing the project from being put in draft mode. (Ticket #6346)
  • Fixes and updates for External Modules Framework
  • Bug fix: If an External Module was using the API endpoint for assets (non-PHP pages), it would mistakenly enforce authentication on those assets, which would cause issues for certain authentication types, such as Shibboleth.

Version 8.7.2 - (released 9/7/2018)

IMPROVEMENTS, BUG FIXES, & OTHER CHANGES:

  • Improvement: Performance boost – Certain pages in projects with thousands or more records should now load much faster in most cases. This includes the Record Status Dashboard, various pages utilizing Data Access Groups, and certain reports. Reports A and B should especially see significantly faster loading (excluding when viewing “all” pages in report A or B).
  • Improvements related to viewing or creating reports
    • New report option that will combine checkbox options into a single column of only the checked-off options. Previously, any checkbox fields in a report would have their choices represented as separate columns in the report, but with this new setting, they can now all be represented as a single column with comma-delimited values and comma-delimited labels. Note: If data is exported to a stats package on a report using this option, checkbox fields will be represented as text fields in the stats package’s syntax file that gets generated by REDCap.
    • Report description – Users may now optionally set a description for a report, in which the description gets displayed as text below the report title on the report page. This allows users to provide instructions or explanatory text for the report. Note: HTML may be used in the description to add links or to style the text.
    • Change: When exporting a report, it now includes the report’s title as part of the resulting export files’ file name. This should make it easier to distinguish different exported data sets if a user is exporting several reports for a given project.
    • Improvement/bug fix: In previous versions it was very difficult (and sometimes impossible) to create reports with lots of fields in projects that contained >1000 total fields. In some cases, it would cause the Create Report page to be very sluggish or even to crash in some cases. This should no longer happen, and users should be able to easily create reports with thousands of fields, if they wish, with no problem.
  • Improvement: If using "Local" file storage for uploaded files, inline image attachments for Descriptive fields and also survey logos will load on the page with their proper width and height already set, which should cause shifting/disturbance on the page due to the images loading slightly later than the page itself.
  • Bug fix: When setting the value of the Rate Limiter on the General Configuration page in the Control Center, it would display a soft validation error if a value was entered that was less than 60. It should instead allow all integers to be entered with a minimum possible value of "0".
  • Bug fix: If a POST request to REDCap exceeds the maximum number of POST parameters according to the max_input_vars setting in the PHP.INI configuration file, it might truncate the parameters sent and mistakenly not display an error message, thus only saving part of the data submitted without informing the user of such. It now properly returns an error message to let the user knows if this ever occurs. This includes API requests. (Ticket #47117)
  • Bug fix: Updated some outdated text on the "Administrators & Acct Managers" page in the Control Center. (Ticket #47531)
  • Change: When exporting a data dictionary, it will now automatically prepend the Field Annotation column with a single space character if the value begins with an "@" sign. This is to prevent issues when loading the data dictionary into Microsoft Excel, which uses "@" to denote the beginning of an equation. When the data dictionary is re-uploaded back into REDCap, the extra space will be subsequently removed to maintain the integrity of the initial value in the data dictionary as it was exported.
  • Bug fix: If a record in a project has some survey invitations scheduled, and then the record is renamed, its associated invitations would mistakenly get disassociated from the record, thus causing the invitations not to get delivered. (Ticket #47887)
  • Bug fix: When using the "DDP on FHIR" module and launching a REDCap window inside an EHR interface, if the user navigates inside a REDCap project in that window, it would mistakenly display the left-hand project menu when it should instead keep the menu invisible in that window. Bug emerged in REDCap 8.7.0.
  • Bug fix: If a user placed their cursor into any text input field and clicked their Backspace button on their keyboard, it would cause a JavaScript error. In most cases, this would go unnoticed; however, some browsers might display a popup alerting the user of this error, which could confuse the user.
  • Bug fix: Drop-down fields using the auto-complete option would react very slowly when typing text into them if the number of drop-down options was very large (>1000). For larger drop-down fields, it now requires more characters (based on the drop-down size) to be initially typed before it begins performing the auto-complete functionality. For example, if the drop-down contains more than 200 options, it requires at least 1 character to be entered before auto-complete is activated, and if it contains more than 500 options, then requires 2 characters (and so on, up to 4 characters max). Bug emerged in REDCap 8.7.0 (related to jQuery 3).
  • Bug fix: The Repeating Instruments tables displayed at the bottom of the Record Home page would mistakenly be displayed vertically rather than horizontally. Bug emerged in REDCap 8.7.0.
  • Bug fix: Minor aesthetic styling fixes due to Bootstrap 4 issues. This additionally includes reports not printing correctly in Firefox. (Ticket #47920)
  • Bug fix: When viewing the "Copy existing choices" popup when adding/editing a field in the Online Designer, many of the choices might mistakenly overlap each other, thus making some impossible to read.
  • Bug fix: The REDCap cron job was mistakenly being counted toward "Page Hits" as displayed on the Control Center's Activity Graphs page. (Ticket #46074)
  • Bug fix: When using the e-Consent Framework in a project, in which a record has an e-Consent PDF file associated with it and a user deletes the record, it would mistakenly not delete the record's e-Consent entry. This would cause problems if another record was created later using the same record name, in which it would prevent the saving of that new record's e-Consent file. (Ticket #38660)
  • Change: Minor changes made to login process for AAF authentication.
  • Change: When exporting data to SPSS, date and datetime fields are now represented as A500 and text fields as A1000 in the SPSS syntax file, whereas previously they were all represented as A30000, which could cause very slow processing when loading the data into SPSS. (Ticket #37115)
  • Bug fix: When using "Japanese (Shift JIS)" for a project's "character encoding for exported files" setting, and the project's PDF Customization setting has the PDF header text (e.g., Confidential) in Kanji/Japanese, then the PDF header text would mistakenly not display correctly in the PDF. (Ticket #48035)
  • Bug fix: LDAP allows for spaces to be used in usernames, and even though REDCap users could successfully log into REDCap while having a space in their username, REDCap would not allow such users to be added to projects, in which it would display an error message stating "User names can only contain letters, numbers, underscores hyphens and periods". If using "LDAP or "LDAP & Table" authentication, it will now allow users to be added to a project via the User Rights page even if their username contains a space. (Ticket #48169)
  • Bug fix: When using literal date or datetime values inside a datediff() function in the "Add/Edit Branching Logic" popup in the Online Designer and testing the logic against a record, it might mistakenly state the field should be hidden when instead it should be shown (or vice versa). Related, if using literal dates inside a datediff() function in the branching logic of a field, and a user goes to export a PDF with saved data of that field's instrument for an existing record, the field might mistakenly be hidden in the PDF when instead it should be shown (or vice versa). (Ticket #47717)
  • Bug fix: When using "Japanese (Shift JIS)" for a project's "character encoding for exported files" setting, the Kanji text might not display correctly if the PDF is opened on certain devices. The remedy this, the internal font in the PDF has been changed from Gothic to Kozmin. (Ticket #48035)
  • Bug fix: When using a Stop Action on a checkbox on a survey, in which the "Enhanced checkbox and radio button" option is enabled for the survey, then if a participant triggers the Stop Action but chooses to "Continue survey" (rather than ending the survey), it would mistakenly not uncheck the checkbox choice they had selected. (Ticket #48273)
  • Bug fix: Using an X-instance Smart Variable that is appended to a variable or Smart Variable containing a parameter with a colon (e.g., [mycheckbox:checked][last-instance]) might mistakenly not be parsed correctly, thus possibly returning an incorrect value. (Ticket #48251)
  • Bug fix: When the record ID field in a project has field validation, and the Scheduling page is being used in a longitudinal project to create a new record (assuming record auto-numbering is not enabled), the Scheduling page would mistakenly not employ the field validation if a record name was entered in an incorrect format. This only occurs for certain field validation types. (Ticket #46643)
  • Bug fix: When using the Smart Variables "previous-event-name" or "next-event-name" in a calculated field while viewing the first or last event, respectively, it would mistakenly display the error prompt stating that there was an error in the calculation. Instead, it now silently replaces those with a blank value (wrapped in quotes) in the equation to prevent an error from occurring in order to force a blank value to be returned. (Ticket #48631, 48669)
  • Bug fix: When using the X-event-name Smart Variables as prepended to a field variable, in which the variable name contains a number, it might not parse the Smart Variable correctly, thus causing it to replace it with a blank value or the value from the wrong event. (Ticket #48576)
  • Bug fix: If PHP's Multi-Byte String extension is not enabled on the web server, then REDCap might throw a fatal PHP error when attempting to send an email. (Ticket #48757)
  • Bug fix: Some data entry forms, especially for records that have repeating instruments with many repeating instances saved (i.e., hundreds or more), would load very slowly, sometimes causing the page to time out and never fully load. They should now load much faster. (Ticket #40634)
  • Bug fix: When calling the method REDCap::getPDF inside a hook in a project, in which the current user does not have full data export privileges, the method would mistakenly fail to output the PDF. The method should work regardless of the user's project-level rights. (Ticket #48756)

Version 8.7.1 - (released 8/15/2018)

BUG FIXES & OTHER CHANGES:

  • Major bug fix: Calculations that exist on a repeating instrument or repeating event might mistakenly not get calculated when importing data via API or Data Import Tool or when executing Data Quality rule H.
  • Bug fix: When cross-event branching logic is used on a field in a longitudinal project, in which some events being referenced in the logic do not contain any data for a given record, in some cases the PDF export of an instrument would mistakenly not correctly determine if the field should be hidden or not in the PDF, and thus it might hide the field when it should display it (or vice versa). This bug only affects the PDF. (Ticket #42206)
  • Bug fix: The action of creating or modifying a Custom Record Status Dashboard was mistakenly not getting logged on the project Logging page.
  • Bug fix: The default browser behavior of navigating back to the previous page after a user clicks their keyboard's Backspace button was mistakenly occurring in "search" input type fields, which are predominate in External Modules and their configuration pages.
  • Bug fix: An error message on the Data Import Tool had incorrect text. (Ticket #47040)
  • Bug fix: In longitudinal projects in production, the "select all" and "deselect all" links on the "Designate Instruments for My Events" page would mistakenly allow the user to select/deselect already-designated instruments. Instead it should only allow the user to select/deselect instruments that are not yet designated. (Ticket #47020)
  • Bug fix: Small SQL issue caused if upgrading to 8.7.0 from an earlier version. (Ticket #47020)
  • Bug fix: In a longitudinal project that has multiple arms and is also using the Double Data Entry module, the Record Status Dashboard would mistakenly not display any form status icons on the page for a user that is Double Data Entry person 1 or 2.
  • Bug fix: Minor alignment or placement issues for elements on certain pages (due to introduction of Bootstrap 4), such as the position of the main project window on iPads and also the placement of "Upcoming Calendar Events" table at the bottom of the Project Home page. (Ticket #47074, #47230)
  • Various fixes and updates for the External Modules framework

Version 8.7.0 - (released 8/9/2018)

NEW FEATURES, BUG FIXES, & OTHER CHANGES:

  • New feature: Integration with Microsoft Azure Blob Storage for file storage - see the File Upload Settings page in the Control Center to set up file storage on Azure Blob Storage.
  • Improvement: A "Copy existing choices" link was added to the "Add Matrix of Fields" popup on the Online Designer page (just like the same link in the "Add New Field" popup on that same page) to copy the choices from an existing multiple choices field to that matrix of fields. (Ticket #46680)
  • Change/improvement: The JS/CSS front-end libraries jQuery and Bootstrap have been upgraded to jQuery 3 and Bootstrap 4.
  • Change: Added a new check on the Configuration Check page that detects if the current MySQL user (or the MySQL user used for Easy Upgrade) has CREATE table privileges but does not have either ALTER or DROP table privileges. If the user has CREATE but not ALTER and DROP privileges, then it would cause REDCap to mistakenly create many database tables with names beginning with "redcap_ztemp", which are created as temporary tables when testing the MySQL user's privileges.
  • Change: When exporting data in CSV format (raw data or labels) on the "My Reports & Exports" page, it now maintains all double quotes in free-form text, whereas previous versions would replace all double quotes with single quotes in a CSV export. Note: When exporting to stats packages, it will still replace double quotes with single quotes for compatibility purposes.
  • Bug fix: When using the E-signature feature at the bottom of a data entry form, if the username is in an incorrect case or has trailing spaces, it would mistakenly fail during the initial E-signature login. It should instead be trimming the username of any whitespace at the beginning or end, and should be evaluating the username as case insensitive since this is how the regular login behaves.
  • Bug fix: If an external module has its configuration permissions set to "Require module-specific user privilege" on the External Modules page in the Control Center, and a user has been given the rights to configure the module in a project, then if a REDCap administrator opened the User Rights page in the project to edit that user's module rights and unchecked every module and saved it, the user would mistakenly still have access to the modules to which they previously had access. This only occurs when all modules are unchecked on the User Rights page. (Ticket #44112)
  • Bug fix: When using a logo on a survey and also using the "Save & Return Later" feature, if a respondent chose to return to a survey, then upon loading the survey page to enter their return code, a JavaScript error would occur on the page. (Ticket #46143)
  • Change/improvement: Elements on survey pages have been modified to work better for accessibility purposes, such as with screen readers.
  • Change: Some language was hard-coded in previous versions. The following things have now had their text abstracted so that they is now translatable: the buttons for uploading/deleting files in the File Repository, the "Generate Schedule" button on the Schedule page, and the "Auto Logout Warning" popup. (Ticket #26708)
  • Various fixes and updates for the External Modules framework
  • Bug fix: If any projects used Twilio telephony services for surveys and had an Automated Survey Invitation set to use the "Participant's Preference" as the delivery method, then new invitations scheduled by the ASI might mistakenly not include a survey link if an individual participant's preference is "Email Invitation". (Ticket #42868)
  • Change: The footer of survey pages now says "Powered by REDCap", whereas previous versions have "REDCap X.X.X - © 20XX Vanderbilt University". For non-survey pages, the footer will remain the same.
  • Bug fix: When executing a custom Data Quality rule that contains a single variable in the logic, extra discrepancies might mistakenly be returned in some cases, especially if the project is longitudinal and/or contains repeating instruments/events. (Ticket #45695)
  • Bug fix: When piping the Smart Variable [previous-event-name] or [next-event-name] when it is prepended to a variable name, it might mistakenly replace it incorrectly by replacing just the Smart Variable (but not the field variable) with six underscore characters or with nothing (depending on the context). (Ticket #46001)
  • Bug fix: The PHP LogicTester class mistakenly contained some debugging code that prints SQL out on the page. (Ticket #46864)

Version 8.6.5 - (released 8/3/2018)

BUG FIXES & OTHER CHANGES:

  • Major bug fix: When upgrading from a REDCap version lower than 8.4.0 to version 8.4.0 or higher, if any projects used Twilio telephony services for surveys and had an Automated Survey Invitation set to use the "Participant's Preference" for the delivery method, then new invitations scheduled by the ASI might not include a survey link (when needed) upon being scheduled. (Ticket #42868)
  • Bug fix: When using Twilio telephony services for surveys and having it make voice calls to participants, each voice call would mistakenly have an unnecessarily long pause at the beginning of the call.
  • Bug fix: When importing data values for a repeating event via Data Import Tool or via API but not including the form status field in the imported data set for any of the instruments on which the imported fields are located, those repeating instances on the repeating event might get orphaned in some user interfaces, such as in the Record Status Dashboard, and thus do not become visible until the user attempts to create a new instance through the user interface and then saves the form. (Ticket #46285)
  • Bug fix: AAF Authentication was mistakenly being excluded during CSRF token check.
  • Bug fix: When piping the Smart Variable [event-name] when it is prepended to a variable name, it might mistakenly replace it incorrectly by replacing it with the current event name without square brackets around it. (Ticket #46001)
  • Bug fix: In certain cases Smart Variables were not getting evaluated correctly when used inside the conditional logic of Automated Survey Invitations, thus causing invitations not to get scheduled appropriately. (Ticket #44104)
  • Bug fix: On the Project Modifications page, when clicking the Compare button to view the differences between old and new choices of a multiple choice field, it would mistakenly always display "0" for the record count for every choice, even if some records do have that choice saved. This issue appears to only occur in specific versions of PHP. (Ticket #25851)
  • Bug fix: In a report or via the API, if the user is requesting specific records and also specific events to be returned, if there is no data for those events for those records, then it would mistakenly return empty "ghost" rows as if data does exist on those events, which is confusing. (Ticket #46342)

Version 8.6.4 - (released 7/30/2018)

BUG FIXES & OTHER CHANGES:

  • Bug fix: The upgrade or install pages would fail to load if running PHP 5.3 or 5.4, thus preventing the administrator from upgrading or installing REDCap. This bug emerged in REDCap 8.6.2, and it exists in both 8.6.2 and 8.6.3.

Version 8.6.3 - (released 7/30/2018)

BUG FIXES & OTHER CHANGES:

  • Critical security fix: An SQL Injection vulnerability was found on several pages that could be potentially exploited by manipulating the URL query string of an HTTP request by a malicious user, including non-REDCap users through publicly available URL end-points that do not enforce authentication. It appears very unlikely that this vulnerability could be used to extract information from a REDCap database. But if enough knowledge is known about REDCap internally, it might be possible for an outsider to upload files into random projects in REDCap; however, there is no evidence that those same files could be executed or downloaded, and thus the files would essentially be orphaned (would not be accessible through the user interface in any way) and would simply take up unnecessary space on the file server. This bug appears to exist in every version of REDCap since version 4.0.0.
  • Major bug fix: On survey pages, data entry forms, and other pages where conditional logic and calcs are evaluated, those pages may take an exorbitant amount of time to load (and in some cases may never successfully load at all). This appears to only affect certain Windows server environments.

Version 8.6.2 - (released 7/18/2018)

BUG FIXES & OTHER CHANGES:

  • Change/improvement: Better regional support for AWS S3 file storage
    • If using Amazon Web Services (AWS) S3 for file storage in REDCap, you may now use many of the newer regions/endpoints around the world. The previous S3 library in REDCap would only work for certain regions of the world, whereas now it works for all available AWS regions.
    • The S3 configuration options on the File Upload Settings page in the Control Center now require a “region” to be provided (or else “us-east-1” is used by default). This refers to the region name (e.g., ap-northeast-2) and NOT the endpoint URL. Previous versions of REDCap required providing the endpoint URL. If you had already set an endpoint URL for this in REDCap, then during the upgrade, REDCap will automatically translate the endpoint URL into a region name for you so that everything will continue to work normally.
    • Note: Because of this change, PHP 5.5.0 or higher is now required for using AWS S3 file storage in REDCap.
  • Change/improvement: When displaying the filename of an uploaded file on a File Upload field on a form or survey, if the filename is very long (>34 characters in length), it now truncates the filename with an ellipsis closer to the middle of the filename rather than at the end. This allows the file extension to be visible, whereas in previous versions it was impossible to tell what type of file it is without downloading it if the filename was long.
  • Change: When viewing a partially completed or fully completed survey response on a data entry form, the text color and background color of the red box near the top of the page have been changed to reflect the state of the response more accurately (i.e., it is no longer displayed as a red box, which often evokes a sense of there being an error). If the response is partially completed, it is displayed as an orange box, whereas if it is fully completed, it is displayed as a green box. The box color is thus consistent with the color instrument status icons used.
  • Major bug fix: On some occasions, DDP on FHIR was mistakenly not parsing all the data being received from the EHR, thus some clinical data values from the EHR were not being stored in REDCap.
  • Bug fix: When using the biomedical ontology search for a text field on a form or survey, it was mistakenly including Semantic Types Ontology (STY). It now excludes Semantic Types Ontology from biomedical ontology search unless field validation is STY. (Ticket #44910)
  • Bug fix: In REDCap Messenger, it might display that there are unread messages for the user to read even though there are none.
  • Bug fix: When a survey has "Save & Return Later" enabled, and a respondent clicks the "Start Over" button upon returning to the survey, the survey page mistakenly does not display the survey instructions at the beginning of the survey. (Ticket #44838)
  • Bug fix: The record drop-down list displayed in the Online Designer both in the "Add/Edit Branching Logic" popup and also in the "Add/Edit Field" popup for calc fields would mistakenly not display the Custom Record Label and Secondary Unique Field labels.
  • Bug fix: The record drop-down list displayed in the Online Designer both in the "Add/Edit Branching Logic" popup and also in the "Add/Edit Field" popup for calc fields would be too long for projects with large amounts of records, which could cause the page to load very slowly or not load at all. To remedy this, the record drop-down list now only displays the first 200 records.
  • Bug fix: If using AWS S3 for file storage and a user attempts to copy a project that contains files for File Upload fields, files for Signature fields, or attachments for Descriptive fields, then none of those files would get copied to the new project from the original project. (Bug emerged in REDCap 8.6.1.)
  • Change: Small change to "Easy Upgrade" instructions for easier setup
  • Change: The database tables "redcap_surveys_response_users" and "redcap_surveys_response_values" were removed because they were never really used for anything, so they were taking up lots of database space unnecessarily.
  • Change: When viewing a partially completed or fully completed survey response on a data entry form, the process of displaying the number of contributors to the response in the red box near the top of the page was resulting in very slow page loads in many circumstances. To provide a better user experience for this, it now displays a "View all contributors" link instead, which can be clicked to reveal the users who have contributed to that response.
  • Bug fix: The rendering of the Participant List was unnecessarily slow due to some incorrect queries that were pulling information not needed. This fix should make the Participant List load much faster, especially for larger projects with thousands of records.
  • Bug fix: In the "Compose Survey Invitations" popup on the Participant List page, the "Previously Sent Email" drop-down list displayed under "Load message box with text from a previous email?" would mistakenly load email text containing static, unique survey links from previously sent invitations (which could cause major issues if used verbatim for new invitations) when instead it should have been loading the invitation text containing the Smart Variable [survey-url] in place of the static survey link.
  • Change: Very small wording change to the certification text on the certify page when using the e-Consent Framework on a survey.
  • Change: On the "Edit a Project's Settings" page in the Control Center, it now does not display the drop-down list of projects if viewing the settings of a specific project, but instead provides a link to "Select another project", which will then display the drop-down list. This helps the page load faster if there are many (>10,000) projects that exist in the REDCap system.
  • Change/improvement: The REDCap Shared Library can now be disabled (if desired) at the project level by an administrator on the "Edit a Project's Settings" page in the Control Center. If disabled for a given project, all Shared Library buttons and all references to the Shared Library will no longer appear in the project.

Version 8.6.1 - (released 7/11/2018)

IMPROVEMENTS, BUG FIXES, & OTHER CHANGES:

  • Improvement: Smart Variables are now able to be utilized in Data Quality rule logic. Note: In many cases, Smart Variables in the logic may cause Data Quality rules to take much longer to complete, which is due to the fact that the logic has to be re-evaluated for *every* item being processed by the DQ rule, whereas normally the logic only needs to be evaluated just once at the beginning of when the DQ rule is executed.
  • Improvement: Data Quality rule H (i.e., "Incorrect values for calculated fields") and auto-calcs (i.e., the process of calc fields being triggered by data imports or cross-form/cross-event calculations) can now handle Smart Variables that are used inside calculated field equations. In previous versions, such calc fields could only successfully run while on a data entry form or survey page.
  • Bug fix: When creating/editing an Automated Survey Invitation and in Step 3 setting the option "Send after lapse of time" that would result in a send time occurring in the year 2038 or afterward, it would mistakenly set the send time to be 1/1/1970 or 12/31/1969 instead. (Ticket #44459)
  • Change: The file install.php is no longer included in the list of replacement non-versioned files, which are provided in case the non-versioned files in REDCap ever change in the future. Since install.php is only used during the install process, there is no need for it to stay updated afterward.
  • Change/improvement: When using the Easy Upgrade module, links to the LTS changelog and Standard Release changelog pages on the REDCap Community site are now included inside the box that lists new versions that are available.
  • Change/improvement: The MySQL setting "SQL_SAFE_UPDATES" is now automatically set to be disabled for the database connection used by REDCap and also has been set as disabled in the REDCap upgrade SQL script that is output by the Upgrade Module. This is done in order to prevent some MySQL clients from mistakenly enabling safe updates, which might cause some queries not to get executed successfully during an upgrade, and to prevent issues with REDCap running on database servers that might have safe updates enabled by default in the MySQL configuration file.
  • Improvement: A Data Access Group can no longer be deleted if one or more records are still assigned to it. If a user attempts to delete a DAG that contains records, it will prevent such and display an error message.
  • Bug fix: When using the Smart Variables [form-link] and [record-name] inside the email subject or email message of an Automated Survey Invitation, it would mistakenly not pipe the record name into the form link URL for [form-link] and would mistakenly replace [record-name] with "______" instead of the real record name. (Ticket #44549, #44550)
  • Bug fix: The "DDP on FHIR" page that gets displayed inside the EHR user interface was mistakenly missing a link to the "DDP on FHIR" information page that provides all the information about that module.
  • Bug fix: If a slider field exists on an instrument that is currently locked, the user would mistakenly still be able to modify the slider position and value. Note: This would not affect the slider's value at all since the instrument could not be saved until it was unlocked. So at most, this could cause confusion. (Ticket #44608)
  • Updates and fixes for the External Module Framework
  • Bug fix: In a calculated field or in branching logic that has cross-event logic while referencing a field that exists on a repeating instrument from another event, it would mistakenly assume instance #1's value to always be blank/null for that field and thus cause the logic or calculation to come to an incorrect result. (Ticket #44474)
  • Bug fix: If a suspended user gets unsuspended by an administrator either via the Browser Users page in the Control Center or via a Sponsor Dashboard request, the user would mistakenly get suspended again within the next day if they did not log into REDCap soon after being unsuspended.
  • Bug fix: If a sponsor had made a request to an administrator via an action in the Sponsor Dashboard, if the administrator was using a link in the email to process requests (as opposed to using the To-Do List), the administrator might mistakenly try to process the same request twice, which could cause issues. Now if an administrator attempts to process an already-processed request, it will display an error message letting them know that it has already been processed and therefore cannot be processed again.
  • Bug fix: Users might mistakenly receive a notification email stating that they have an unread message in a conversation in REDCap Messenger, even though the conversation has been deleted.

Version 8.6.0 - (released 7/2/2018)

BUG FIXES & OTHER CHANGES:

  • New feature: Easy Upgrade
    • Administrators may now upgrade to a more recent version of REDCap in an easier and more automated fashion with just a couple clicks. The Easy Upgrade process (if fully enabled) allows REDCap administrators to upgrade REDCap using only the REDCap user interface in the Control Center (i.e., direct access to the web server or database server is not required).
    • Setup instructions will be displayed in the Control Center at the top of the page in blue regarding the steps that need to be performed to enable the Easy Upgrade feature, which requires the three following things in order to function:
      • When using this feature, REDCap will auto-download the upgrade zip file of a REDCap version and will extract it on the REDCap web server, which requires that the REDCap application (e.g., Apache, IIS) must have “write” permissions to the main “redcap” webroot directory on the server. The setup instructions in the Control Center will notify you regarding the permission status of REDCap to be able to write to the “redcap” webroot.
      • REDCap needs to be able to make outbound HTTP requests to https://redcap.vanderbilt.edu, which hosts the web service that serves the REDCap upgrade files that are downloaded by the application during the Easy Upgrade process.
      • A MySQL user with elevated privileges (e.g., CREATE, ALTER, DROP tables) is required for this feature since it will need to sometimes create, modify, and even delete database tables during the upgrade process. The setup instructions for this feature in the Control Center provides two different methods for accomplishing this. 1) The current MySQL user that REDCap utilizes can be given elevated privileges. This is often not recommended because some security experts view this as a potentially exploitable weakness, such as if a malicious user somehow manages to discover an SQL injection vulnerability in the application to take advantage of those elevated privileges, or 2) A new MySQL user can be created with elevated privileges for the explicit purpose of using the Easy Upgrade process (and also the Auto-Fix method seen below for fixing the database structure). This new MySQL would never be used for normal REDCap database connection calls. For both of these two options, REDCap will provide the SQL required to increase the user privileges or to create the new MySQL user, respectively.
    • If a particular upgrade is not able to complete the Easy Upgrade process because it recommends that REDCap first be taken offline before executing the upgrade SQL script, the Easy Upgrade feature will still be able to auto-download the REDCap upgrade file, but it will redirect the administrator to the Upgrade Module to complete the upgrade manually. This will occur only a small minority of the time for an upgrade.
    • Once the Easy Upgrade feature has been successfully enabled, a cron job will check several times a day for any new REDCap versions that might have been released. If there are any new versions available, it will display a list of the versions at the top of the Control Center page to allow an administrator to choose the version to which to upgrade. The latest (most recent) version will be highlighted as the recommended upgrade path. If the REDCap installation is on the LTS branch, it will recommend the latest LTS version, whereas it will recommend the latest Standard Release version if the REDCap installation is on Standard Release. But regardless, the administrator will have control over which version to which they wish to upgrade.
    • Note: This feature will not be able to be used until another version of REDCap is released after this one (since this feature can only be used when there is an upgrade available).
    • Note: The Easy Upgrade feature cannot be used if the REDCap web server is using load balancing (multiple application servers). This is because the source code would only get downloaded to a single server (rather than to all of them) during the upgrade process.
  • Improvement: For the error message that says "Your REDCap database structure is incorrect!", which is found on the Configuration Check page and also on the main Control Center "Notifications" page, if the "Easy Upgrade" feature has been activated in REDCap or if REDCap’s MySQL user has elevated privileges (e.g., CREATE, ALTER, DROP tables), it will display an "Auto-Fix" button in the red box that will allow administrators to automatically fix the database structure issues by simply clicking the button. This action is often much easier for users than executing the SQL in the database directly to fix this issue.
  • Improvement: Regarding the green box that appears in the Control Center after a REDCap version directory has been loaded on the server, if it detects any other REDCap versions on the server that might be possible upgrade paths, it will list each one, and it will note if upgrading to that particular version would require taking REDCap offline temporarily for the upgrade or if the upgrade can be completed without taking REDCap offline.
  • Improvement: Improved data export for biomedical ontology fields - If fields using the biomedical ontology auto-suggest feature are being exported to a stats package, it will now render those fields as multiple choice fields (rather than as free-form text fields) in the resulting stats package syntax file, in which all the cached choices for those ontologies will be output as separate choices (values and labels) for those fields in the syntax file. Note: Since some ontologies contain thousands of choices, all possible choices will not be output in the syntax file, but instead only the cached choices that have been saved in that REDCap project for those ontologies will be output as choices in the syntax file.
  • Change/improvement: A new "Administrator Resources" section was added near the top of the Control Center's left-hand menu. It contains links to the REDCap Community site, the public Project REDCap site, and the REDCap Training Materials site.
  • Major bug fix: If an Automated Survey Invitation has conditional logic containing a datediff() function that is explicitly using "now" as a parameter, the cron job that runs several times a day to trigger any datediff+now ASIs would mistakenly fail to schedule invitations for this ASI. Note: The issue does not exist for datediff+today ASIs but only for datediff+now ASIs. (Ticket #43783)
  • Bug fix: When clicking the +- options at the top of a survey page to increase or decrease the font size of the survey text, in some cases with particular nested HTML tags, it would mistakenly compound the size changes unnecessarily, thus causing the font size to be too large or too small for some blocks of text.
  • Bug fix: When downloading a "compact" PDF containing data, if a multiple choice field contains many choices (e.g., >20) it might mistakenly display only that field on a page by itself.
  • Bug fix: When downloading the CSV file of users on the Browse Users page in the Control Center, it would mistakenly have the resulting filename ending with ".csv.csv" instead of just ".csv". (Ticket #43774)
  • Bug fix: When referencing a repeating instance number in the conditional logic of an Automated Survey Invitation and then selecting a record using the "Test logic with a record" option, it would mistakenly cause a PHP fatal error. (Ticket #44104)
  • Bug fix: When a user has De-identified data export privileges in a project and attempts to export a PDF containing data, in which MDY- or DMY-formatted date/datetime fields are being piped into labels in that PDF, then instead of the piped values being replaced with "[*DATA REMOVED*]" as expected, they would mistakenly be replaced with "00.00.0000 REMOVED*]". (Ticket #44123)
  • Bug fix: If an external module has its configuration permissions set to "Require module-specific user privilege" on the External Modules page in the Control Center, then if a user in a project gives another user the rights to configure that module, it would save that setting correctly. However, if the user reloaded the User Rights page to edit that same user's rights again, it would mistakenly appear that the user no longer has config permissions for that module (i.e., the module's checkbox would be unchecked), even though they were just given such rights. (Ticket #44112)
  • Bug fix: When using the [survey-queue-link] Smart Variable with custom text to display, in certain situations it may mistakenly cut off the first word of the custom text or not display the custom text at all. (Ticket #44224)
  • Bug fix: When setting an account expiration time for a user on the Browse Users page (via "View User List By Criteria"), if the administrator's date format preference is set to Y-M-D on their My Profile page, then the pre-filled expiration time in the Set Account Expiration popup might mistakenly be in Y-M-D H:M:S format when instead it should only be in Y-M-D H:M format, thus throwing a date-formatting error when submitting the action. (Ticket #44228)
  • Bug fix: If using MySQL 8.0 or later for REDCap's database, it would erroneously display the "database structure is incorrect" error in the Control Center when nothing is really incorrect about the database tables. (Ticket #42594)
  • Bug fix: Minor changes to some database tables, which were mistakenly created with BTREE indexes, which is a type of index that is not compatible with some versions of MySQL or MariaDB.

Version 8.5.2 - (released 6/22/2018)

BUG FIXES & OTHER CHANGES:

  • Improvement: The REDCap Mobile App v3.0 and later supports the Repeating Instruments and Events feature in REDCap projects. This version of the mobile app will be released on 6/22/2018 in the Google Play Store, and will also be released in the Apple App Store shortly thereafter (pending approval).
  • Improvement: A new setting has been added to both "DDP Custom" and "DDP on FHIR" that, if enabled, will convert source system timestamps (i.e., dates of service associated with temporal fields such as labs) from GMT time into local/server time. If the source system (e.g., EHR) has temporal data with dates/times of service that are being output in Greenwich Mean Time (GMT), setting this option to 'Yes' will automatically correct all associated timestamps so that they appear in local time in the DDP adjudication popup. This option was added because some EHRs/external systems might output associated timestamps in GMT/UTC time rather than in local time. Note: This uses the server's timezone setting in PHP.INI to determine what the "local time" is. This option can be enabled at the bottom of the "DDP Custom" page or "DDP on FHIR with EHR Launch" page in the Control Center.
  • Change: Added "Postal Code (France)" as a new field validation type.
  • Bug fix: When clicking the "Download upgrade script" button in the REDCap Upgrade Module (as opposed to copy-and-pasting the contents of the textarea box on that page), the upgrade script would mistakenly be missing the SQL query "REPLACE INTO redcap_history_version...". This would not have any adverse effects on the systems though. (Ticket #43372)
  • Bug fix: When viewing reports, the same SQL query would mistakenly get run many times unnecessarily, thus reducing performance on the report page. (Ticket #42764)
  • Change: Extra protection has been added to the username/password form when using the E-signature feature on a data entry form in order to prevent browsers from auto-filling the username/password.
  • Bug fix: When clicking the "Fix calcs now" button when viewing the results of Data Quality rule H, if the first instrument of an event is locked for a given record, then any calc fields existing on that same event (even on other instruments) would mistakenly not have their values fixed by DQ rule H. (Ticket #23433)
  • Bug fix: Fixed incorrect instructions in an error on the Configuration Check page in the Control Center. (Ticket #43672)
  • Bug fix: When exporting a Project XML file that contains multiple choice fields that have choice labels containing a "less than" sign followed immediately by a number or letter, it would mistakenly truncate that choice label in the XML file. (Ticket #43675)

Version 8.5.1 - (released 6/14/2018)

BUG FIXES & OTHER CHANGES:

  • Medium security fix: A user access vulnerability was found in External Modules that have plugin pages that require authentication, in which a malicious user could potentially gain access to a module's plugin pages without having first logged in to REDCap (assuming the module installed in REDCap has plugin pages associated with it - many modules do not). This means that information displayed on that module page might be publicly accessible (able to be viewed without logging in) if a malicious user knows how to navigate to a particular External Module's plugin page and manipulate the query string URL in a very specific way. Note: This would not grant anyone access to other pages in the REDCap project but only to that particular module's plugin page to which they are manipulating the URL (i.e., standard REDCap pages are not affected by this; only module pages are vulnerable).
  • Minor security fix: When using the Double Data Entry module and merging two records into a new third record, if a File Upload field has a file that has been uploaded for either record, then the merge process would mistakenly display a text box to allow the user to enter a value (such as a different Doc ID) for the File Upload field, which does not make sense to allow during the merge process. However, this could allow the user to inadvertently enter the Doc ID of a file to which they do not have access (in the current project or in another project to which they have access), thus allowing them to have unauthorized access to a file if they have some special knowledge regarding how REDCap stores documents. From now on, users are no longer given the option to enter a value for a File Upload field on the merge page, and thus they can only choose one of the two existing options. (Ticket #42221)
  • Bug fix: Many project pages would not function at all if using MySQL version 8.0 or higher. (Ticket #42264)
  • The outdated training video on Instrument Development was updated.
  • Bug fix: When a calc field's value is being piped somewhere on the same form or survey page where the calc field is located, and if a Smart Variable is utilized in the calculation, then the calculated value might not get piped and propagated correctly when the page immediately loads. (Ticket #42687)
  • Bug fix: When using WebDAV for file storage and uploading files larger than 2 GB in size, they would mistakenly fail to upload successfully. (Ticket #42416)
  • Bug fix: When performing the EHR Launch for "DDP on FHIR", it might mistakenly display the erroneous error message "The 'state' parameter is incorrect!" for specific FHIR configurations. (Ticket #42583)
  • Bug fix: When enabling the aggregate survey results display on a survey, if respondents are allowed to return to the survey without needing a return code, it would mistakenly still ask the respondent for a return code if returning directly to the aggregate survey results page. (Ticket #42568)
  • Bug fix: The variable names of fields were mistakenly being displayed next to the field labels of fields on the survey's aggregate survey results page. It should not display the variable names on surveys but only on the "Stats & Charts" page within the project.
  • Bug fix: When using the Dynamic Data Pull module (either DDP on FHIR or DDP Custom), the date comparison function for evaluating timestamps for temporal mapped fields might exclude some values if their timestamps fall right on the edge of the date range. This means that some values might mistakenly not appear in the list of DDP values to adjudicate from the EHR/source system. For this to occur would likely be rare. (Ticket #42444)
  • Bug fix: Cross-event branching logic or calculations would mistakenly not evaluate correctly for unchecked checkboxes referenced on other events. (Ticket #42585)
  • Change: For DDP on FHIR, 25 more LOINC lab codes were added to the DDP field mapping process.
  • Bug fix: When using certain Smart Variables inside the query of an SQL field, if that SQL field's value is being piped somewhere on the same form or survey page where the field is located, then if the value of the SQL field has already been saved, the SQL field's value would mistakenly not get piped when the page loads but only when the field's value was modified again while on that page. (Ticket #41868)
  • Bug fix: When a field's value is being piped into the field label of a required field, in which that required field is submitted on a survey or form without a value, the resulting popup error "Some fields are required!" would mistakenly display the pre-piped version of the field labels in the popup rather than performing the piping before displaying the labels. (Ticket #42577)
  • Bug fix: When using the Data Search feature on the "Add/Edit Records" page in a longitudinal project, if a value is entered that has a match inside a record name (record ID field), then some of the options returned in the search would often not navigate the user to a data entry page when clicked but would instead mistakenly just reload the "Add/Edit Records" page. (Ticket #42965)
  • Bug fix: When using the To-Do List to process a "move to production" request, in which the request has been moved to "low priority" status, it would display the erroneous error message "Error: Request not valid", thus preventing the administrator from processing the request. (Ticket #43036)
  • Bug fix: Record names displayed in the Participant List would not wrap to the next line but would mistakenly get truncated, thus preventing users from viewing the full record name in some cases. (Ticket #43059)
  • Bug fix: REDCap Messenger would mistakenly run in the background when using the EHR Launch functionality in the "DDP on FHIR" module. This could mistakenly lead to some JavaScript errors, which might get displayed in the EHR interface.
  • Bug fix: When using AWS S3 or WebDAV for file storage, some uploaded files (even those imported via the API or Mobile App) might have a copy mistakenly left in the /redcap/temp/ directory on the web server under a random name, in which the temp files never get deleted. (Ticket #43127)
  • Bug fix: For certain server configurations or directory structures, the Cron Jobs page in the Control Center might go into an infinite loop and never fully load the page. (Ticket #43144)
  • Bug fix: If branching logic or calculations are used for a field on a survey page, in which the logic/calc references the current survey's Form Status field, it would mistakenly assume the Form Status value to always be "" (blank) rather than the true status value of 0, 1, or 2. This does not affect data entry forms but only survey pages.
  • Change: When composing a survey invitation and clicking the "Preview" tab, instead of displaying the survey link as "Sample Survey Link" or "SURVEY TITLE", it now displays the actual survey title as the link text. Additionally, when clicking the "Send text email", this same thing now occurs in the email that is received. (Ticket #38955)
  • Bug fix: The database variable "collation_connection" was not getting set correctly when initializing the database connection. In most cases, this would not affect anything at all since it would only affect institutions who had recently performed a fresh installation (not an upgrade) of REDCap 8.5.0 and then afterward migrated to a new server or upgraded MySQL in which the collation_connection setting in MY.CNF (or MY.INI) was different from the original server.
  • Bug fix: If using custom link text for the Smart Variable [survey-link] when used inside a survey invitation's text, it would mistakenly fail to use the defined custom link text for the Smart Variable and instead would revert to using the survey title as the link text.
  • Change: Added "Postal Code (Germany)" as a new field validation type.

Version 8.5.0 - (released 5/29/2018)

NEW FEATURES, BUG FIXES, & OTHER CHANGES:

  • New feature: DDP on FHIR with EHR Launch
    • REDCap’s “DDP on FHIR with EHR Launch” feature provides the ability to launch a REDCap window while inside an EHR and to quickly and seamlessly import clinical data from the EHR into a REDCap project. As a built-in module in REDCap that can be enabled by an administrator, this feature can interface with any EHR system that has “SMART on FHIR” web services enabled.
    • What is DDP on FHIR? DDP on FHIR (Dynamic Data Pull from EHR) is a special feature for importing data into REDCap from an EHR (electronic health record system), such as Epic, Cerner, etc. It provides an adjudication process whereby REDCap users can approve all incoming data from the EHR before it is officially saved in their REDCap project. DDP on FHIR can only be enabled by a REDCap Administrator, so you should contact them if you wish to utilize DDP on FHIR for this project.
    • How the DDP on FHIR works: DDP on FHIR has the ability to fetch data from the EHR system both manually in real time and automatically at a regular interval. From the EHR interface, DDP on FHIR can create new records in a DDP-enabled REDCap project. Additionally, if a user knows the patient identifier (e.g. medical record number), then they could optionally enter the MRN for a record in a DDP-enabled REDCap project, after which it will then go and immediately retrieve the patient data from the EHR in real time.
    • For more documentation on “DDP on FHIR”, please see https://redcap.vanderbilt.edu/redcap_v8.5.0/Resources/misc/redcap_ddp_fhir_setup.zip To view a 5-min overview video of DDP, please see https://tinyurl.com/redcapddp (note: this video is not specific to DDP on FHIR since the video was originally created for DDP Custom years ago, but it contains most of the functionality in DDP on FHIR (i.e., it does not showcase the EHR Launch feature of DDP on FHIR).
  • Improvement: PDF Customization Options – Users may change or remove the “Confidential” text displayed in the header of all PDFs in a project. Also, instead of displaying the REDCap logo and REDCap website URL at the bottom right of all PDF pages, they can instead choose to display the text “Powered by REDCap” in small font. These two settings are project-level, so they will be applied to every page of a PDF for all instruments in a project (for both forms and surveys). These settings can be found in the Additional Customizations popup on the Project Setup page. (Ticket #25326)
  • Change/improvement: Protection has been added to help prevent the REDCap database connection's client character set (e.g., latin1, utf8, utf8mb4) from being affected 1) due to changes to the MY.CNF (or MY.INI for Windows) configuration file in MySQL, 2) due to a server upgrade, or 3) due to migrating to a new servers. The current database connection's client character set will be stored in the redcap_config database table, and if the client character set ever changes on its own due to one of the reasons above, REDCap will automatically keep using the existing character set from the redcap_config table in order to maintain the correct encoding to prevent data corruption.
  • Change/improvement: New installations of REDCap will utilize utf8mb4 as the default character set for both the database columns (previously set to utf8[mb3]) and client connections (previously set to that of the database server), which is defined in the MY.CNF (or MY.INI for Windows) configuration file in MySQL, or set to latin1 if non-existent. This default has been changed because utf8mb4 encoding can allow for a greater variety of non-Latin characters to be stored in the database. Existing installations will not be able to utilize utf8mb4 encoding but instead will keep using their existing encoding (if other than utf8mb4).
  • Bug fix: When installing REDCap, it would mistakenly not auto-set the value of the REDCap Base URL on the install page.
  • Bug fix: If using MariaDB 10.2 (or higher) for the REDCap database, the REDCap Control Center would display the erroneous error message "Your REDCap database structure is incorrect!". (Ticket #28083, #32131, #41911)
  • Bug fix: When using the "Add/Edit Branching Logic" popup in the Online Designer, if certain Smart Variables are used in the branching logic, and then the user selects a record from the "Test logic with a record" drop-down, it might display an erroneous message saying the the logic is not syntactically correct.
  • Bug fix: When performing a data import of radio buttons in a matrix that has ranking enabled, it would sometimes display an erroneous error message if two or more matrixes of questions are being imported at one time, thus preventing the import from completing. (Ticket #39804)
  • Bug fix: When using Dynamic Data Pull (either DDP Custom or DDP on FHIR) and the MRN field is being used as the Secondary Unique Field in the project, then if an MRN is entered on a form and the "Duplicate value!" error message popup is displayed, it would mistakenly not be possible to close the popup, thus causing the user to have to reload the page. (Ticket #41879)

Version 8.4.5 - (released 5/22/2018)

  • Change/improvement: For DDP on FHIR (for early adopters), the number of labs that are listed in the field mapping process has been greatly reduced to a more curated list that now excludes irrelevant LOINC fields that might not ever be used in an EHR. This should make it easier to find relevant labs from the EHR during the mapping process.
  • Change/improvement: When using DDP Custom or DDP on FHIR, Step 1 of the field mapping process in a project now displays the "select all/deselect all" links for categories even when sub-categories exist for that category. In previous versions, it would not display the "select all/deselect all" links for categories when sub-categories existed, which made it difficult to select lots of fields in a category that were themselves not in a sub-category. So this reduces the number of clicks required in some cases.

Version 8.4.4 - (released 5/17/2018)

  • Change: If one or more external modules have been made "discoverable" in the system or if one or more modules have been enabled in a project, the "External Modules" link that is displayed on a project's left-hand menu will no longer appear for users unless they 1) have Design/Setup privileges or 2) have been given explicit user permissions for configuring at least one module enabled in the project. In previous versions, if at least one module had been made "discoverable", then the "External Modules" link would always appear in every project for every user, which proved to be undesirable for many users at many institutions. So this change has been made so that the link appears less to users who do not need to see it. Note: The link will still always appear to REDCap administrators, and also will still appear to users that have module configuration rights or Design/Setup privileges when modules have been either enabled in the project or made "discoverable" in the system.
  • Change: For installations where only administrators can move projects to production, more protection has been added with regard to admins approving requests to move projects to production so that if a user makes a request, then cancels it, and then makes another slightly different request for the same project, it will no longer allow the canceled request to be approved, even if an administrator clicks the link to the request in an email. This provides better protection against a project's data from accidentally getting erased when moving to production. (Ticket #39772)
  • Bug fix: When calling the API method "Export Project XML" and setting the parameter "returnMetadataOnly" as FALSE, it would mistakenly not return data but would only ever return just the metadata.
  • Bug fix: The Smart Variables [survey-queue-link] and [survey-queue-url] were mistakenly not working when used inside the email subject or email message for an Automated Survey Invitation.
  • Bug fix: When piping a project variable inside the email subject for an Automated Survey Invitation, it would mistakenly not successfully pipe the field's data unless that same variable was piped into the email message also.
  • Bug fix: When downloading a PDF of an instrument that contains a matrix of fields, the matrix headers might mistakenly overlap the radio buttons or checkboxes of the first field in the matrix under specific circumstances. (Ticket #40969)
  • Bug fix: When using record auto-numbering for a data import (via Data Import Tool, API, or Mobile App) that contains data for a repeating instrument or repeating event, then all the data for a given record in the import might be reduced from multiple instances/events of data to a single event/instance of data, thus causing much of the data to mistakenly not get imported. (Ticket #41283)
  • 8.4.4: Bug fix: Due to changes to non-versioned files in previous versions of REDCap 8.4.X, plugin files not located in the /redcap/plugins/ directory would mistakenly fail to load. (Ticket #40608, #41404)
  • Bug fix: When viewing the "Stats & Charts" page, if a field has some missing values, and the user clicks the link to view the record names that have missing values, it might mistakenly return incorrect records-instances. This only occurs in projects having repeating instruments or repeating events. (Ticket #37674)
  • Bug fix: When importing data (via Data Import Tool or API) into a longitudinal project and setting true/"yes" for the import option "Allow blank values to overwrite existing saved values?" when importing blank values for checkbox fields into a longitudinal event for which the checkbox's instrument is not designated, it would display the erroneous error that the checkbox field "exists on an instrument that is not designated for the event". (Ticket #37627)
  • Bug fix: When adding a new field to an instrument on the Online Designer while in Draft Mode, if the field is being added between a section header and another field, in which the instrument begins with that section header, then the new field would get successfully created but would mistakenly not be visible in the Online Designer on that instrument, thus leaving it in a quasi-orphaned state. (Ticket #41359)

Version 8.4.3 - (released 5/11/2018)

BUG FIXES & OTHER CHANGES:

  • Major bug fix: When using the designated email invitation field (project-level or survey-level versions of the email field) and saving a value for the email field on a survey or data entry form, when REDCap attempts to synchronize the value across all events/instances where the field is located, it would mistakenly not add the value to events or instances where the email field has never had a value saved. This could result in the email field's value appearing to be lost/deleted in some contexts. (Ticket #40615)
  • Bug fix: When uploading a data dictionary containing Smart Variables in either branching logic or calculations, it would mistakenly display an error and prevent the user from completing the upload.
  • Bug fix: When piping text that contains a dollar sign followed by a number, it would often mistakenly remove the dollar sign and the number that immediately follows it when displaying that piped text.
  • Bug fix: When a record is selected on a project's Logging page, under certain specific conditions it might mistakenly display "Perform instrument-event mappings" logged events.
  • Updates and fixes for External Modules framework
  • Bug fix: When viewing the Participant List for a project using the Twilio telephony module for surveys, if a user attempts to change the invitation preference for a participant in the participant list, then the popup window might mistakenly get obscured by the page footer. (Ticket #40150)
  • Change/improvement: When a table-based user account is created or has their password reset link emailed to them, the email now includes extra text to remind them to set up their password recovery security question after logging in. (Ticket #40324)
  • Bug fix: When opening the Data History popup for a given field on a data entry form, in certain cases it might mistakenly display the logged events for another field (for the same record) if the other field's variable name exists as the last portion of the current field's variable name (e.g., the field "his_field" would return logged events for the field "this_field" for the same record-event).
  • Bug fix: If running REDCap on certain versions/configurations of PHP 5.3, it would not be possible to upgrade or install REDCap. (Ticket #40852)
  • Bug fix: There was mistakenly no way to force REDCap to verify the SSL certificate if using SSL/TLS for the database connection, thus it assumed that it should never need to verify it. Since some institutions require SSL certificate verification when using an encrypted database connection, the line "$db_ssl_verify_server_cert = true;" should be added to the database.php file in order to force SSL certificate verification for the database connection. Note: The line of code below was added to the database.php file in the REDCap downloadable install zip file. $db_ssl_verify_server_cert = false; // Set to TRUE to force the database connection to verify the SSL certificate
  • Change/improvement: On the "Stats & Charts" page, the variable name is now displayed next to the field label for each field displayed on the page.
  • Bug fix: When viewing a record on the Record Home Page, on certain occasions if a user clicks on a repeating instrument that has a gray status icon, it might mistakenly create instance 2 as the first instance of that repeating instrument, rather than creating instance 1. This appears to affect only repeating instruments, not repeating events.
  • Bug fix: In a longitudinal project that is using the Smart Variables [first-instance] or [last-instance] that are appended to a project variable name in logic, calcs, or piping, it would mistakenly return a blank value if the unique event name is prepended to the variable name.
  • Bug fix: When using the randomization module in a project, in which one of the randomization strata fields has a choice that is hidden using the action tag @HIDECHOICE, then when randomizing a record on a data entry form, it would mistakenly display the choices in the randomization popup that should be hidden for the strata field. (Ticket #38987)
  • Bug fix: When using a [X-event-name] Smart Variable inside branching logic to reference a field on another event, it would mistakenly display the branching logic error popup.
  • Bug fix: When piping data from a matrix checkbox field to a place on the same page, it would mistakenly not pipe it correctly until the page was reloaded. (Ticket #41037)
  • Bug fix: When a calc field exists on a repeating instrument or repeating event, and a field on another form/event triggers that calc field, then if no data had ever been entered into the calc field's form, it would mistakenly change the form status icon to red when instead it should stay gray (since only the calc field has data on that form). (Ticket #40940)

Version 8.4.2 - (released 5/1/2018)

BUG FIXES & OTHER CHANGES:

  • Major bug fix: If a slider field with a saved value on a form or survey gets focus (via tabbing into the field or if the field is the first field on a form), then if the user does not change the value of the slider after putting focus on it, then it would mistakenly remove the slider's existing value, thus erasing its value if the user saves the form/survey. (Ticket #40445)
  • Change/improvement: Slight performance improvement on "Add/Edit Records" page for longitudinal projects using the Custom Record Label.
  • Bug fix: When adding a project as a project template in the Control Center, the popup dialog might fail to display if some projects contain certain special characters in their project title. (Ticket #40283)
  • Bug fix: When the Response Limit option has been set for a survey, instead of displaying the custom text on the survey page whenever the limit has been reached, for specific versions of PHP it would mistakenly just display a blank page. (Ticket #39659)

Version 8.4.1 - (released 4/29/2018)

BUG FIXES & OTHER CHANGES:

  • New REDCap class method for developers: REDCap::getReport – Plugin, hook, and module developers may utilize this method to return a report, which has been created in a project, in one of the following formats: Array, JSON, CSV, or XML. This is the REDCap class equivalent of the “Export Reports” API method.
  • Bug fix: In some very rare cases, branching logic, calculations, and various conditional logic would not get parse correctly and would cause errors. (Ticket #39856)
  • Bug fix: On some specific server configurations, the REDCap Upgrade module would not set certain server path constants correctly. (Ticket #40203)
  • Bug fix: In certain cases, the @NONEOFTHEABOVE might not work on surveys or forms and might cause the user to get stuck and have to reload the page. (Ticket #40182)
  • Bug fix: After running Data Quality rule H, the "Fix calcs now" button would mistakenly not work. (Ticket #40285)
  • Bug fix: For longitudinal projects using a public survey on multiple arms, regarding all arms except the first arm, the public survey link would mistakenly be blank on the Public Survey Link page. (Ticket #40311)
  • Bug fix: When survey invitations are being scheduled for many participants at once on the Participant List, in which some piping is being performed in the invitation's subject or body, then it might take an abnormally long time to complete the scheduling of all those invitations and might even time out and fail on certain occasions.
  • Changed: When viewing the Smart Variables documentation from a project-level context, it will now use the project-level language for the documentation, whereas if viewed outside a project-level context, it will use the system language. It was previously only displaying the documentation in the system language. (Ticket #39949)
  • Change/improvement: The main Control Center page now displays a warning message if any non-versioned files are outdated and need to be replaced. In previous versions, this warning would only appear on the Configuration Check page.
  • Bug fix: When using the Twilio telophony module for sending survey invitations while also using Automated Survey Invitations that contain conditional logic containing datediff+today or datediff+now, if the ASI has "Participant Preference" as the invitation type, then in certain cases (but not all the time) it would mistakenly send the invitation via email rather than via the participant's preferred delivery method. And if those participants do not have an associated email address, then the invitation would simply fail to send, as noted in the Survey Invitation Log. (Ticket #29316)
  • Bug fix: When piping checkbox fields with the "checked" or "unchecked" attribute, in certain cases it might mistakenly not display the correct checked/unchecked choices, respectively. (Ticket #39950)

Version 8.4.0 - (released 4/18/2018)

NEW FEATURES, BUG FIXES, & OTHER CHANGES:

  • New feature: Smart Variables
    • Smart Variables are dynamic variables that can be used in calculated fields, conditional/branching logic, and piping. Similar to using project variable names inside square brackets - e.g., [heart_rate], Smart Variables are also represented inside brackets - e.g., [user-name], [survey-link], [previous-event-name][weight], or [heart_rate][previous-instance]. But instead of pointing to data fields, Smart Variables are context-aware and thus adapt to the current situation. Some can be used with field variables or other Smart Variables, and some are meant to be used as stand-alone. There are many possibilities.
    • 35 Smart Variables are available. They can reference things with regard to users, records, forms, surveys, events/arms, or repeating instances. Documentation and examples for using Smart Variables are included on the Project Setup page, Online Designer, and other places throughout REDCap in a popup and alternatively as a standalone page.
    • Note: While Smart Variables can be used for filters in reports and for filters for Custom Record Status Dashboards, they are not yet able to be utilized in Data Quality rule logic.
  • Improvement: SQL fields can utilize Smart Variables
    • Utilizing Smart Variables in SQL fields can be very powerful because they allow the query to be truly dynamic and change from context to context or record to record, rather than it always being a static query that gets executed against the database.
    • Note: When using Smart Variables inside the query of an SQL field, you do NOT need to wrap the Smart Variable in quotes or apostrophes because the Smart Variable itself will be replaced with a value already wrapped in single quotes. Also, the value of the Smart Variable will be SQL-escaped when placed inside the query so that no user can inject values to manipulate the query. This has no effect on how one constructs the query, but for security purposes it is good to know that this is being done.
  • Improvement: Custom Record Labels now use proper piping syntax and can also utilize Smart Variables.
    • Because Custom Record Labels existed long before the concept of piping was created in REDCap, they did not adhere to typical piping concepts – e.g., they could not use prepended event names; they would display the raw value of a multiple choice field whereas piping would instead display the label of a multiple choice field. There also used to be certain limitations Custom Record Labels, in which they could only use data from fields on the very first event (of the current arm). Now that Custom Record Labels can be used like regular piping, they can target fields on any event in a project, and they can also utilize Smart Variables.
    • Note: Any longitudinal projects existing before the upgrade that currently use Custom Record Labels will automatically have all fields in the Custom Record Label prepended with the [first-event-name] Smart Variable in order to maintain the existing behavior from previous versions that could only pull data from the first event of the current arm. So prepending [first-event-name] allows existing longitudinal projects to maintain the way they worked prior to the upgrade to this REDCap version.
  • Improvement/change: New method for composing survey invitation text using Smart Variables for survey link
    • When composing a survey invitation, the standard text and survey link are no longer automatically appended to the survey invitation text at the time the email is sent. Instead, users must now specify all the entirety of the text of the email (including the stock text and survey link that used to be appended automatically, if they wish) and therefore must supply [survey-url] and/or [survey-link] in the text if they wish to provide the participant with a link to the survey.
    • If the user forgets to enter the survey URL Smart Variable in the text, REDCap will automatically suggest to them that they should.
    • If using the Twilio telephony module for sending invitations, the standard instructional text will still be appended in the SMS message as in previous versions EXCEPT for the “Email invitation” and “SMS invitation (contains survey link)” invitation types, which require [survey-url] and/or [survey-link] in the SMS text in order for the participant to receive a survey link.
    • Note: All survey invitations that were scheduled prior to this upgrade will still have the standard text and survey link appended to their survey text. Additionally, during the upgrade to this version, all saved configurations for Automated Survey Invitations (ASIs) will have the standard text and survey link automatically appended to the saved ASI email text, thus allowing the ASI behavior to remain exactly the same after the upgrade and allowing it to be backward compatible.
  • New feature: New syntax for referencing fields on repeating instances in piping, logic, and calculations
    • Fields that exist on a repeating instrument or on a repeating event can be referenced using a new syntax (note: repeating events and instruments are used the exact same way). This is done by appending the “repeat instance” number to the field inside square brackets – e.g., [weight][2], which points to repeating instance #2 for the field “weight”.
    • Please note the distinction that unique event names should be *prepended* to variables whereas repeating instance numbers must be *appended* to them. For example, if the field “weight” exists on a form in the event “Visit Data” in a longitudinal project, you might reference instance #2 for that field on that specific event with the following: [visit_data_arm_1][weight][2].
    • Smart Variables can be used in place of the repeating instance number, in which there are 5 instance-related Smart Variables: [previous-instance], [next-instance], [current-instance], [first-instance], and [last-instance]. For example, if you wish to use @DEFAULT action tage to carry over data from the previous instance of a repeating instrument, it might be set up as follows: @DEFAULT=”[weight][previous-instance]”.
  • Improvement: Piping can now be used for checkbox fields
    • Piping from Checkbox fields is slightly different than with other field types because checkboxes allow for multiple saved values. There are options to display a list of checked choices, unchecked choices, or a specific choice.
      • [my_checkbox:checked] - Appending ':checked' will display a comma-delimited list of choice labels that have been checked - e.g., 'Sunday, Tuesday, Thursday'. Note: If neither ':checked' nor ':unchecked' is appended to the variable, then it will default to ':checked'.
      • [my_checkbox:unchecked] - Appending ':unchecked' will display a comma-delimited list of choice labels that have NOT been checked - e.g., 'Monday, Wednesday, Friday, Saturday'.
      • [my_checkbox(code)] - If a coded value of the checkbox is included inside parentheses after the variable name - e.g., [my_checkbox:(2)] - then it will output the word 'Checked' or 'Unchecked' regarding whether or not that specific choice has been checked off.
    • Please note that while the checkbox piping options listed above will return the text labels, you may also append ':value' to the variable to return the raw value instead of the label. For example, [my_checkbox:checked:value] and [my_checkbox:unchecked:value] might return '1, 3, 5' and '2, 4, 6, 7', respectively, and [my_checkbox(2):value] will return 1 or 0 if checked or not checked, respectively.
  • Improvement: Multiple choice fields can now have their raw value (as opposed to their choice label) piped by appending “:value” to the variable name – e.g., [my_radio_field:value]. Note: This can also be used for SQL Fields to display the raw value of the SQL Field drop-down.
  • Improvement: Multiple choice fields can now have their raw value (as opposed to their choice label) piped inside an @DEFAULT action tag by appending “:value” to the variable name – e.g., @DEFAULT=”[my_radio_field:value]”.
  • Minor security fixes: Some Cross-Site Scripting (XSS) vulnerabilities were found on various pages in which a malicious user could potentially exploit them by manipulating the query string or POST parameters of particular HTTP requests. Part of this batch of fixes includes a change in the REDCap API's "content-type" HTTP header for CSV exports from "text/html" to "text/csv" as an extra preventative measure to protect against XSS.
  • Major bug fix: On some extremely rare occasions when loading a public survey, it might mistakenly display the data from a previous response rather than displaying the page with all fields blank.
  • Change/improvement: If a REDCap installation is using two-factor authentication and has the Google Authenticator option enabled, then when new users initially verify their email address when first logging in to REDCap, it will now display the instructions for setting up the Google Authenticator app on that page after the email verification is successful. This will be necessary for installations that are utilizing Google Authenticator as the only two-factor option and also are not using Table-based authentication. (Note: This functionality does not apply to installations using Table-based authentication since that does not require email verification.)
  • Bug fix: The "expand" link would mistakenly not work for the "Custom text to display at the top of the Help & FAQ page" textbox field on the General Configuration page in the Control Center.
  • Bug fix: When deleting a repeating event instance on the Record Home page, it might mistakenly delete all files uploaded to any File Upload fields on other repeating instances of that event. (Ticket #37988)
  • Various fixes and updates for External Modules framework
  • Bug fix: When viewing the Survey Invitation Log in a project using the Twilio telephony services for surveys, it would mistakenly display the "Record" and "Participant Phone" headers for the wrong columns in the table.
  • Bug fix: When using the REDCap Mobile App for a project that contains Descriptive fields that have inline images, if the file storage setting has been set to "WebDAV" on the File Upload Settings page in the Control Center, the images would mistakenly not get synced to the mobile app correctly.
  • Bug fix: The action tags @NONEOFTHEABOVE and @MAXCHECKED would not work well together and would cause @NONEOFTHEABOVE to malfunction when using both tags on a single checkbox field. (Ticket #38119)
  • Bug fix: When using a custom Data Quality rule to find a field with a blank value, in which the field exists on a repeating instrument, it would not always return the correct results. (Ticket #37067)
  • Bug fix: When using the Google Authenticator app for two-factor authentication and an administrator clicks the "Send instructions via email" for 2-step login on the Browse Users page, it would mistakenly try to embed the QR code image in the email sent. But if the user was not currently logged into REDCap, then it would mistakenly display a broken image in the email contents instead.
  • Various fixes and updates for External Modules framework
  • Bug fix: The documentation for action tags @TODAY and @NOW mistakenly state that a field using either action tag would be disabled and not editable, which is no longer true but used to be true in older versions. (Ticket #32537)
  • Bug fix: When uploading an instrument zip file in the Online Designer, it would mistakenly truncate the form name to 50 characters in length when instead it should be truncating it to 64 characters if the form name was longer than that.
  • Bug fix: When using the PDF Auto-Archiver for a survey, if the project has all its data erased via the "Erase all data" button on the Other Functionality page or if the project is moved to production while opting to delete all records, then it mistakenly would not delete all the archived PDF files in the File Repository. (Ticket #38660)
  • Bug fix: When clicking the "exclude" or "remove exclusion" link in the discrepancy results in the Data Quality module when using a non-English language for the text of that project, it would mistakenly only show the text in English right after clicking those links. It should instead display them in the project language. (Ticket #38408)
  • Bug fix: If using an SSL database connection for MySQL, plugins and some external modules pages would mistakenly return an error and not load. After upgrading to this version, an administrator will need to download the zip file containing outdated non-versioned files on the Configuration Check page, and then follow the instructions there. (Ticket #37763)
  • Change/improvement: Non-versioned files (e.g., redcap/index.php, redcap/surveys/index.php) now make a database connection via redcap_connect.php to determine the current REDCap version (when appropriate). In previous versions, those files would naively assume the highest numbered version that was inferred from the REDCap version directory name, which would sometimes lead to erroneous conclusions about the correct version number.
  • Bug fix: On very rare occasions, creating a new user role in a project might mistakenly result in displaying an error to the user that states that an email could not be sent to the user, which does not make sense because there is no user in this context. This was supposedly fixed in the previous version but was not. (Ticket #37465)
  • Bug fix: When deleting a form's data using the "Delete data for THIS FORM only" button at the bottom of a data entry page, if it is a repeating instrument, it would mistakenly fail to mention that this action would only delete the current repeating instance of the form, not all repeating instances of that form.
  • Bug fix: The SQL mapping file for installing the DDP Custom demo web service might cause an SQL error and not execute successfully if DDP mapping has already been performed for any DDP Custom project in the system.
  • Bug fix: The Dynamic Data Pull (DDP Custom or DDP on FHIR) module was mistakenly unable to utilize repeating instruments or repeating events for capturing temporal data.
  • Change/improvement: Added stats for e-Consent Framework usage on the Control Center's System Statistics page.
  • Change: Added extra note at the bottom of the REDCap Messenger informational page that states that entering PHI or PII into a Messenger's conversation title is highly discouraged because conversation titles are much more visible than conversation text.
  • Change/improvement: When using the Copy Project button on the Other Functionality page, it now copies the Record Locking Customization settings for the project.
  • Change/improvement: When using the Copy Project button on the Other Functionality page, it now displays an option to the user to copy all custom record status dashboards in the project.
  • Bug fix: When using AAF authentication, the cross-site request forgery (CSRF) protection would not work properly.
  • Bug fix: When an unsuccessful login attempt occurs in REDCap, it now only logs the username value entered if the value is a valid REDCap user's username. If not, it instead logs it as "[not_valid_username]" in the redcap_log_view database table. This fixes a potential security hole in which some users might mistakenly enter their password in the username login field, in which it would log their password in plain text in the redcap_log_view database table and thus could be viewable to anyone with direct access to the backend database.
  • Bug fix: When adding a new user in REDCap (in several places throughout the application), if user attempts to create a username containing an ampersand, it would not allow it even though the error message says that ampersands are allowed. This error message text is incorrect because ampersands are not allowed in REDCap usernames. (Ticket #39267)
  • Bug fix: When running Data Quality rule H, it might mistakenly not return some discrepancies in very specific cases. This would most often occur when the calculated value has a decimal while the saved value does not contain a decimal (and vice versa). (Ticket #38488)
  • Bug fix: When using a Live Filter on the "Stats & Charts" page of a report, in which no results should be displayed for the selected Live Filter, it would mistakenly display all records in the charts and stats tables on the page. (Ticket #39349)
  • Bug fix: When using conditional logic, report filters, etc., in which certain text is used inside double quotes or single quotes (i.e., text that is used internally by REDCap as special processing tokens), it would sometimes mistakenly return no results instead of the desired results. (Ticket #32295, #39418)
  • Change: New DDP on FHIR setup instructions for Cerner were added to the DDP on FHIR zip file.
  • Change: The BioPortal biomedical ontology web service is now called through a secure method (SSL/HTTPS) by REDCap. This will not affect how the ontology field search works, but provides more security by encrypting all the requests being sent from REDCap to the data.bioontology.org website. (Ticket #39613)
  • Bug fix: Inside the red box that appears at the top of the data entry form when viewing a survey response, it would mistakenly report that other users contributed to the survey response, even though those users may have entered data on another instrument for that record. This issue cannot be fixed for existing responses, but the issue will no longer occur for any new responses created. Additionally, the text that denotes the users that have contributed after the survey was completed would be incorrect if users may have entered data on another instrument for that record, but this issue (unlike the other one described above) will be fixed retroactively for existing responses and for new responses. Also, both of these issues would mistakenly include calc fields when determining contributors; however, calc fields will no longer be considered because they can be triggered from data being entered elsewhere for a record. (Ticket #38545)
  • Bug fix: When exporting data to a stats package for a project that contains repeating instruments, the choices listed for the field "redcap_repeat_instrument" in the stats package's syntax file would mistakenly have the instrument label repeated multiple times for that field if that instrument were set to be repeating on multiple events in the project. (Ticket #38529)
  • Bug fix: When viewing the Public Survey Link page of a project containing multiple arms, if the first data collection instrument is not designated for the first event of the current arm, it would mistakenly display the public survey link of another arm (typically the first arm). It now displays a warning on the page to inform the user to fix this issue by designating the first instrument for the first event of that arm. (Ticket #39647)

Version 8.3.2 - (released 3/15/2018)

NEW FEATURES, BUG FIXES, & OTHER CHANGES:

  • New feature: Survey-specific email invitation fields
    • This is a new option on the Survey Settings page that can be enabled for any given survey, in which a user may designate an email field for sending survey invitations for that survey only.
    • The email field being utilized for the survey can exist on any instrument in the project, and you may use a different email field on each survey. You may also use the same email field for multiple surveys.
    • This feature is similar to the project-level email invitation field except that it is employed only for the survey where it has been enabled. This allows users to have data entry workflows that require multiple surveys where the participant is different for each survey. Using this feature, multiple people can be emailed a survey invitation, after which all the survey data they enter goes into the same record in the project.
  • Improvement: The REDCap::getParticipantEmail method has a new optional parameter ($instrument) that can be utilized, in which $instrument is the unique/back-end name of the data collection instrument. This parameter only needs to be passed when utilizing the survey-specific email invitation field for a given survey, in which there might exist a different email address for that specific survey than for other surveys in the project.
  • Improvement: The datepicker widgets and timepicker widgets that are displayed on data entry forms and survey pages now have their language abstracted so that it will display the months, days of the week, and buttons in the language set for the project.
  • Bug fix: When using the Data Search feature on the "Add/Edit Records" page, clicking the keyboard's down arrow button mistakenly no longer selects an option returned from the search. (Ticket #37144)
  • Bug fix: In a longitudinal project, when a user clicks the "Delete data for THIS FORM only" button on a data entry form, if data exists on other events for the current record AND the form being deleted is the only form containing data on the current event, then that event would mistakenly still show up in reports and data exports even though it no longer contains any data and shows gray status icons for all the instruments in the event. In the previous version, this bug was fixed for most scenarios (traditional longitudinal and repeating instruments) except not for repeating events. This now fixes the issue for repeating events. (Ticket #35814, #37290)
  • Bug fix: If a user requests that their project be moved to production by an administrator, in which the administrator does not use the To-Do List nor the link in the request email but instead just goes to the project directly to move it to production, then the original request would mistakenly not get removed from the To-Do List. (Ticket #37159)
  • Bug fix: When searching by project title on the Browse Projects page when a username has not been entered in the user search box, it would mistakenly assume that a username named "Search" was entered. This only occurs when using Internet Explorer. This would also cause the user button at the top right of the page to mistakenly say "User does not exist". (Ticket #37497)
  • Bug fix: On very rare occasions, creating a new user role in a project might mistakenly result in displaying an error to the user that states that an email could not be sent to the user, which does not make sense because there is no user in this context. (Ticket #37465)
  • Change: On the Browse Users page, it will no longer display the "Verified" or "Not yet verified" flag next to a user's email address if the user is a Table-based user. This is because the email verification is only ever utilized for non-Table-based authentication. (Ticket #37474)

Version 8.3.1 - (released 3/9/2018)

BUG FIXES & OTHER CHANGES:

  • Improvement: REDCap will routinely check to see if any External Modules have updates available for download in the REDCap Repo. If some do, it will display a message in the Control Center to allow an administrator to easily update the modules.
  • Improvement: If the REDCap installation has been set to report its REDCap stats "manually" (rather than "automatically") on the General Configuration page, it will provide a new button on the Control Center "Notifications" page that says "Try auto-sending stats", which will double check if the server is able to send its REDCap stats automatically. And if the button is clicked and is successful, it will automatically set the installation's reporting method to automatic.
  • Improvement: Sponsor Dashboard requests that are listed on the To-Do List page will now have the selected users' usernames in the To-Do List item's comment so that the administrator may reference this (if needed) while processing the request.
  • Improvement: When the Google Authenticator option has been enabled while using two-factor authentication, it now displays a button on the Browse Users page in the Control Center that, when clicked, will email the user the instructions for setting up Google Authenticator for their REDCap account. This feature will be useful when all other two-step login options have not been enabled and the user cannot successfully log in to REDCap.
  • Various fixes and updates for External Modules framework.
  • Change: When using the designated email invitation field (enabled on the Project Setup page), if the field is located on an instrument that gets used on multiple longitudinal events or if it is located on a repeating instrument/event, all occurrences of the field will now be forced to have the same value. This means that if one value is entered for the field, that value will always be the value seen in other events or other repeating instances of the instrument. And if the value is changed on any event or repeated instance, then that value will be updated on all events or repeating instruments/events where the field has a value. This will keep the field's value in sync in all locations since the underlying assumption of the designated email invitation field is that there is really only one single value, which is the email address of the survey participant.
  • Bug fix: On the Project Templates page in the Control Center, it would mistakenly display deleted projects in the project drop-down list when choosing a project to enable as a project template. (Ticket #36672)
  • Bug fix: When the "Save & Return Later" setting is enabled on a survey and the "Allow respondents to return without needing a return code" option is checked, if a participant's email address is known when they click the "Save & Return Later" button on the survey page, it would mistakenly display some text on the page that implied that they would need a Return Code to return to the survey, which is incorrect. (Ticket #36729)
  • Bug fix: In a longitudinal project, when a user clicks the "Delete data for THIS FORM only" button on a data entry form, if data exists on other events for the current record AND the form being deleted is the only form containing data on the current event, then that event would mistakenly still show up in reports and data exports even though it no longer contains any data and shows gray status icons for all the instruments in the event. (Ticket #35814)
  • Bug fix: In a longitudinal project, the Scheduling module might mistakenly crash due to a fatal PHP error when attempting to generate a schedule for a record. This was often due to using either a negative Day Offset value or negative Offset Range value for certain Start Date values. Bug emerged in REDCap 8.2.2. (Ticket #36592)
  • Bug fix: REDCap Messenger might throw a JavaScript error after being opened because certain web browsers are beginning to deprecate synchronous AJAX requests in JavaScript. (Ticket #36970)
  • Change: When exporting data to SPSS, the resulting SPSS syntax file now defines Text fields as A30000 rather than A500 to allow for Text fields with text longer than 500 characters.
  • Bug fix: When using the @NOW action tag for a date field (rather than a datetime field), it mistakenly inserts the full timestamp into the date field, which results in a field validation error. It now instead inserts only today's date as a value into the field, as if @TODAY were used. (Ticket #36969)
  • Bug fix: If a slider field on a survey or data entry form is set to display its numerical value, if "100" is selected for the slider, the text field would partially cut off the value being displayed. (Ticket #37048)
  • Bug fix: When using "<>", "<", or "<=" in the choice labels for drop-down, radio, or checkbox fields on an instrument, they would not display correctly on the page but instead might omit those operators or instead display nothing as the choice label. (Ticket #37007)

Version 8.3.0 - (released 3/1/2018)

NEW FEATURES, BUG FIXES & OTHER CHANGES:

  • New features: PDF Auto-Archiver & e-Consent Framework
    • PDF Auto-Archiver
      • Upon survey completion, a compact PDF copy of the survey response can be automatically stored in the project's File Repository, from which the archived PDFs can be downloaded at any time.
      • This setting is located on the Survey Settings page in the Online Designer, thus it can be enabled for any given survey in a project.
    • e-Consent Framework
      • This feature, which works together with the PDF Auto-Archiver, provides functionality for user’s to implement electronic consent (e-Consent) using a survey as the consent form, such as for capturing the consent of a research study participant.
      • The e-Consent Framework option adds two things to the typical survey-taking process. 1) Before a participant completes the survey, an extra certification page is added to end of the survey that displays an in-line PDF copy of their survey responses in which they will be asked to confirm that all information in the document is correct. Once they confirm all is correct, the survey will then be marked as complete. The survey will not be considered complete until they fulfill the certification step. 2) Upon completion of the survey, a static copy of their responses in the form of a consent-specific PDF will be stored in the project's File Repository. The consent-specific PDF will have the values of the e-Consent Framework Options inserted at the bottom of each page in the PDF. These values (i.e., name, date of birth, etc.) are added to the PDF as extra documentation of the identity of the person who is consenting.
      • A participant’s IP Address is also recorded and displayed in the File Repository after the e-Consent process, but this option to collect the IP address can also be optionally disabled at the system level (if desired) on the Modules/Services Configuration page in the Control Center.
      • The e-Consent Framework feature can be disabled at the system level (if desired) on the Modules/Services Configuration page in the Control Center.
      • In addition to storing the e-Consent PDFs in a project’s File Repository, you may also optionally enable the External Storage option (requires PHP 5.6.0+), which will automatically store the PDFs on a separate file server (using WebDAV or SFTP). This external file server may serve as a giant “vault” for your entire REDCap installation’s consent forms. This is a system-level setting that can be enabled on the File Upload Settings page in the Control Center.
  • New feature: New method REDCap::getValidFieldsByEvents for plugins, hooks, and modules. This method returns an array of field names belonging to instruments that are designated for specified events in a longitudinal project. The method also contains the option to include or exclude the project's Record ID field.
  • Improvement: The Survey Invitation Log now contains an extra column on the right-hand side to allow users to delete many scheduled invitations at once (rather than having to delete them one at a time).
  • Improvement: Checkbox fields may now be utilized in the DDP Custom or DDP on FHIR modules when importing data from external sources/EHRs. This will be useful because certain systems might record some non-temporal fields (e.g., race) as multi-value fields. Note: If multiple values are detected from the DDP source system/EHR for a field that is neither a temporal field nor a checkbox field, it will display a red warning message in the DDP adjudication popup informing the user that multiple values have been detected and that only one value can be imported unless they convert the field into a checkbox field.
  • Improvement: The Configuration Check page in the Control Center now checks to see if the REDCap server can communicate with all the various third party websites/services that are used within REDCap. These include Twilio, PROMIS, BioPoral, Bit.ly, and IS.GD.
  • Bug fix: When deleting an individual survey invitation or modifying an invitation's send time on the Survey Invitation Log, the logging would mistakenly state that "SYSTEM" performed the action rather than the user's username.
  • Various fixes and updates for External Modules framework
  • Bug fix: On the Field Comment Log page in a project, if a user is using the Internet Explorer web browser, clicking the "Apply filters" button would mistakenly cause it mistakenly to search for the keywords "Keyword" and "search" even when the "Keyword search" text box has been left blank. This would often cause it to return no results, which is confusing. (Ticket #36266)
  • Bug fix: Projects that use repeating events or repeating instruments will now *always* output the "redcap_repeat_instrument" and "redcap_repeat_instance" fields in a report or data export, as well as the output of REDCap::getData, regardless of whether the report/export contains any repeating data or not. In previous versions, it would mistakenly only output those fields if any data in the report/export was repeating. This means that the number of columns would vary unpredictably based on the filters applied to the report/export (or based on the parameters passed to REDCap::getData), which is confusing and inconsistent with how reports/exports typically behave. (Ticket #36263)
  • Bug fix: When a record is deleted in a project (either via the user interface or via API), the logging page would mistakenly display the event name for the logged event, which is confusing because the record as a whole was deleted, not just for a specific event. It now no longer displays the event name for the logged event, and if the project contains multiple arms, it will instead display the number and name of the arm from which the record was deleted. (Ticket #36358)
  • Bug fix: When viewing the data entry form of a repeating instrument, in which the "Current instance" drop-down list is displayed at the top of the page, if a user clicks the "+" button inside the drop-down rather than clicking the "Add new" text, it would mistakenly take the user to an incorrect page.
  • Bug fix: When viewing/exporting a report or using the REDCap::getData() method in a longitudinal project with multiple arms, in which the user is exporting data from an arm that currently has no records in it (i.e., the data set being returned should be empty because there is no data from that arm to return), then it would mistakenly output a list of all records from other arms but with blank/default values. (Ticket #36470)
  • Bug fix: In a longitudinal project with multiple arms, in which a record exists on more than one arm, if a user clicks the "Lock all instruments across all events" on the Record Home page on a certain arm, it would mistakenly lock all the instruments/events on other arms in addition to the current arm. It should only lock the instruments on the current arm. Note: The unlocking process does not appear to be affected by this issue.
  • Bug fix: When using DDP Custom or DDP on FHIR and adjudicating temporal data for several different events, if a field value is adjudicated in one event, it might mistakenly get marked as adjudicated for that same field in other events. This causes the field to be hidden in the DDP adjudication popup when viewing the other events, so it makes it appear as if it has already been adjudicated when it has not.
  • Bug fix: On certain occasions, the Scheduling module might mistakenly crash due to a fatal PHP error when attempting to generate a schedule for a record. This appears to only occur for PHP 5.3. (Ticket #36592)

Version 8.2.3 - (released 2/23/2018)

BUG FIXES & OTHER CHANGES:

  • Improvement/change: To help with troubleshooting PHP errors occurring on the REDCap server, the line "global $log_all_errors; $log_all_errors= true;" can be added to the database.php file, which will log all PHP errors, warnings, and notices to the designated PHP log file. (Ticket #35868)
  • Improvement: On the "Browse Users" page, the "View User List By Criteria" tab has a new display option "Has never logged in" to help administrators quickly find users (typically when using Table-based authentication) that have a REDCap account but have never actually logged in to REDCap.
  • Improvement: The REDCap::getData method for plugins/modules now has an alternative way of passing parameters to the method. Rather than providing the method's parameters individually, they instead may be passed to the method in an associative array, in which each key in the array exactly matches the parameter names listed above (must match case). Note: Not all the parameters have to be included in the array, but only the ones one wishes to set explicitly. Example: $params = array('return_format'=>'json', 'filterLogic'=>'[age] >= 18', 'fields'=>array('dob','record_id')); $data = REDCap::getData($params);
  • Major bug fix: If a longitudinal project has more than one arm and also has the Secondary Unique Field enabled, if a record exists in multiple arms, then whenever a user saves a value on a form or survey for the Secondary Unique Field, it would mistakenly set that value for all events in all arms for that record when instead it should only set that value for all events in the current arm.
  • Minor security fix: Some Cross-Site Scripting (XSS) vulnerabilities were found on various pages in which a malicious user could potentially exploit them by manipulating the HTTP Referrer header of an HTTP request.
  • Bug fix: When viewing a record on a data entry form that exists on a repeating event and then clicking a PDF download option to download that instrument with saved data, the resulting PDF would mistakenly contain all the repeated instances of the instrument for that record instead of just the current instance being viewed. This issue does not occur for repeating instruments but only for instruments on a repeating event.
  • Bug fix: For a matrix of fields displayed in the Online Designer, the matrix headers were not aligning correctly with the radio button/checkbox for the fields. This only occurred when viewing a matrix in the Online Designer.
  • Bug fix: When using the date-picker or datetime-picker widget to select a date/time on a form, survey, or other page in REDCap, the field validation alert might get called prematurely, which can cause it to be displayed to the user unnecessarily or may even cause the user to get stuck (because the widget keeps displaying whenever it is closed) and have to reload the whole page. (Ticket #35735)
  • Various fixes and updates for External Modules framework
  • Bug fix: When uploading a file using Send-It, if the recipients text box is left blank when the submit button is clicked, it would forever say "Working...", in which the user would have to manually reload the page in order to start over. (Ticket #35986)
  • Bug fix: When using the Record Status Dashboard in a project with Data Access Groups, if the paging drop-down has a specific page selected and then the user selects a Data Access Group from the DAG drop-down, it could mistakenly try to display a "page" of records that does not exist for the new resulting data set and thus would display "no records", which could be confusing. In this case, it will now revert back to page 1 if the selected page no longer exists for the new DAG selection. (Ticket #36053)
  • Bug fix: When using the Randomization module in a project and attempting to randomize a record on a data entry form in which the @NOW or @TODAY action tag is used *and* piping is also being performed on the same form, then the "Randomize" button would fail to appear if the user was specifically using iOS (Mobile Safari web browser). (Ticket #35998)
  • Bug fix: On the Sponsor Dashboard and Browser Users pages, it would mistakenly allow a user to utilize the actions "Reset password", "Set account expiration", and "Extend account expiration" on users that have been suspended. It should not allow those actions on suspended users.

Version 8.2.2 - (released 2/15/2018)

BUG FIXES & OTHER CHANGES:

  • Improvement: The "Browse Projects" page has a new option to perform a keyword search on the project title to find projects more quickly. This option can be used with or without the username search at the same time on that page. When searching by project title, it will order the project list based on best match with the keywords entered.
  • Improvement: Added new "Record ID" column in the Survey Invitation Log table to allow users to find specific invitations more efficiently. Note: If the record name should not be displayed in order to preserve the anonymity of a response (e.g., participant identifier is not used, designated email field is not used), it will instead display an icon indicating that the record name cannot be displayed.
  • Improvement: Added new filter on the Survey Invitation Log table to allow users to filter the invitations by record ID.
  • Improvement/change: Added new "Record ID" column in the Participant List table. In previous versions, the record ID was appended to the email address in the "Email" column. Having its own column will allow users to find specific participants more efficiently.
  • Improvement: When opening the "Add/Edit Branching Logic" popup in the Online Designer, it could sometimes be very slow to open if the project contains many fields, especially many multiple choice fields. The popup could even be slow when the selected field does not even have branching logic yet. To improve this, it now defaults to selecting the "Advanced" option first when the popup opens and only attempts to load the "Drag-N-Drop" draggable field choices when that option has been selected by a user. While this won't completely alleviate the issue of the "Drag-N-Drop" option being slow when there are many fields, this will make it much more palatable in a majority of situations when branching logic is being added/edited in the Online Designer. (Ticket #1905)
  • Improvement: If a field has branching logic, the Online Designer now displays the logic (up to the first 65 characters) on the field so that the user can view it easily without having to open the Add/Edit Branching Logic popup.
  • Change/improvement: The Control Center login option "Disable autocomplete feature in user's browser for username/password fields on REDCap login page?" has been improved to work more dependably in more browsers. Also, other pages with "password" type fields, such as the File Upload Settings page in the Control Center, have also been improved to prevent accidentally injecting a user's username and password in places where not appropriate or not correct. (Ticket #35339)
  • Change/improvement: If an administrator is moving a project in production back to development status and the project is in Draft Mode, it will now automatically create a Data Dictionary Snapshot of the drafted changes and store the snapshot on the Project Revision History page.
  • Major bug fix: When using the "Save & Return Later" survey feature, and a participant has partially or fully completed a survey, in certain cases if they use the return code and enter it while using the public survey link (as opposed to a private/unique survey link), it might mistakenly create a new record instead of modifying the existing record.
  • Bug fix: When viewing the Participant List of a survey that is a repeating instrument or is on a repeating event, REDCap would mistakenly add extra placeholder rows in the Participant List if the instrument is utilized on multiple events. These extra ghost/placeholder rows would point to non-existing instances of an instrument. Note: If these placeholder rows have already been created in the Participant List, then unfortunately they will not be able to be removed. (Ticket #34741)
  • Bug fix: When a non-CSV file is being uploaded into a place where only CSV files are permitted (e.g. Data Import Tool, Data Dictionary), it would mistakenly provide a link to a Microsoft webpage that no longer exists. The link URL has now been replaced with a working link.
  • Bug fix: When performing a data import in a project with repeating instruments or repeating events, in which the redcap_repeat_instance field is included in the import file but is mistakenly given a non-numerical value, then the data values on that row might mistakenly be saved in the database incorrectly. (Ticket #35143)
  • Bug fix: In the Scheduling module when using a Start Date with the year 2038 or higher, it would mistakenly return dates in the year 1969 for the projected schedule that is generated. (Ticket #35178)
  • Bug fix: When a sponsor sends a request via the Sponsor Dashboard, after a REDCap administrator approves the request, the confirmation email being sent back to the sponsor would mistakenly mention the approver's username in the email body rather than the requester's username.
  • Change/improvement: When a sponsor sends a request via the Sponsor Dashboard, after a REDCap administrator approves the request, the confirmation email being sent back to the sponsor now lists the usernames of all the users to which the sponsor request was applied.
  • Bug fix: Fixed compatibility issues when using REDCap with PHP 7.2. This includes a fatal PHP error on the REDCap install page, and a fatal PHP error when downloading a PDF of an instrument. (Ticket #35240)
  • Bug fix: On the Data Dictionary upload page, it might mistakenly display some uninterpreted HTML tags and some misformatted text for warnings and errors on the page after uploading a Data Dictionary. (Ticket #35499)
  • Bug fix: If running PHP 5.3 on the REDCap server, in certain situations the Configuration Check page might mistakenly fail to mention that PHP 5.4 or higher is required in order to use External Modules.
  • Bug fix: When using the "Save & Return Later" survey feature with the option enabled to "Allow respondents to return and modify completed responses", if a respondent begins a public survey and clicks "Save & Return Later", and then returns to the partially completed survey using a private survey link (not using the public survey link as before) and completes the survey, and then returns to the completed survey again using the public survey link (not the private survey link), using the return code they obtained the first time they visited the survey (not the return code they obtained later that is tied to the private link), and then they click "Save & Return Later", it will mistakenly set the survey status back to incomplete even though the survey has been completed. (Ticket #35210)
  • Bug fix: When downloading a "compact" PDF of a survey response for a survey that has question auto-numbering enabled, the question numbers displayed in the compact PDF will not be correct when compared to the real order in which the questions appeared on the survey page.
  • Bug fix: When downloading a PDF of an instrument while on a data entry form, in which data has been modified on the form, after clicking a "download PDF" option it would mistakenly display a confirmation prompt letting the user know that they will be abandoning the page, which is not true. So the prompt is unnecessary and confusing.
  • Bug fix: When downloading a file attachment for a Descriptive field on a survey, in which data has been modified on the survey page, it would mistakenly display a confirmation prompt letting the participant know that they will be abandoning the page, which is not true. So the prompt is unnecessary and confusing. (Ticket #35436)
  • Change: If the secondary unique field is enabled and contains HTML tags in its field label, those tags will now be stripped out when displaying the label and value of the secondary unique field throughout a project, such as on a report, top of data entry page, and the left-hand project menu when a record is selected. This hash been changed because HTML tags in the field label could distort the user interface in unpleasant ways.
  • Bug fix: If a report is being sorted by the record ID field in descending order or the record ID field is sorted as asc/desc with one or two other sort fields, and the project has record auto-numbering enabled but the record ID field does not have integer/number validation, then the report would fail to order the results correctly.
  • Bug fix: When viewing the "Stats & Charts" page for a report, slider fields and calc fields would mistakenly not have a scatter plot displayed for them.
  • Bug fix: The field label of the Secondary Unique Field would mistakenly get displayed even if the field has no value. It should not display the label unless there is a value. (Ticket #35637)
  • Bug fix: When importing data into a project in XML format via the API or via the plugin method REDCap::saveData(), in certain cases it would not gracefully handle an error in the XML but would instead mistakenly cause a PHP fatal error. (Ticket #35368)
  • Bug fix: If a survey is using "Save & Return Later" with the option "Allow respondents to return without needing a return code" enabled, then if a participant clicks the "Save & Return Later" button at the bottom of the survey, in the email that REDCap sends to the participant with the survey link needed to continue the survey, the email text would mistakenly mention that a return code would be needed, which is not correct. (Ticket #33365)
  • Change/improvement: When performing an API export in JSON format for the API methods Export Users, Export Project Info, Export Survey Participants, and Export Events, while the values in the API response were all correct, some API scripts were having trouble with the fact that some integers were returned in string format (surrounded in quotes) rather than as literal integers in the JSON response. Now they should all be returned as literal integers.

Version 8.2.1 - (released 2/1/2018)

BUG FIXES & OTHER CHANGES:

  • Improvement: A new system-level setting was added on the Control Center's "User Settings" page: "Allow normal users to modify the 'Repeatable Instruments & Events' settings for projects while in production status". This setting is enabled by default, but if disabled by an administrator, normal users will not be able to open or save the 'Repeatable Instruments & Events' popup dialog on the Project Setup page while the project is in production, in which only administrators will be able to do so.
  • Improvement/change: The Font Awesome 5 iconic font and CSS toolkit is now included as part of REDCap.
  • Improvement/change: The project Logging page now provides useful contextual information for the ASI logged event "Automatically schedule survey invitation", in which it will display the record name, survey title, and event name (if longitudinal).
  • Improvement/change: The project Logging page now logs when a survey invitation that was scheduled via ASI gets deleted due to the ASI option "Ensure logic is still true before sending invitation?", in which the logged event will display useful contextual information, such as the record name, survey title, and event name (if longitudinal).
  • Improvement/change: The project Logging page now logs when a survey invitation is deleted or when its send-time is modified on the Survey Invitation Log, in which the logged event will display useful contextual information, such as the record name, survey title, and event name (if longitudinal).
  • Performance improvement: For projects containing a large amount of records (i.e., thousands or tens of thousands), some pages in the project might become very slow, and if a user repeatedly attempts to open a page that is initially slow to open, often due to slow database queries being executed, then those queries can get backlogged on the database server and reduce performance over time. A new mechanism has been implemented that will improve server performance in these cases by actively killing off any abandoned MySQL processes that are still running on the server.
  • Major bug fix: When downloading the CSV export of a survey's Participant List, a race condition might occur if multiple users are downloading the list (or if multiple requests are coming from the same user) near-simultaneously, in which it could possibly return a Participant List export file that contains Survey Access Codes that do not really exist and are therefore not valid access codes. (Ticket #34862)
  • Bug fix: The setting for "External Modules: Alternate module directories" on the Modules/Services Configuration page in the Control Center did not have clear examples and had confusing instructions.
  • Bug fix: The dashboard page in the Randomization module might mistakenly not get rendered correctly and thus may not be viewable if malformed HTML exists in the field label or choice label of the randomization field or a criteria field.
  • Bug fix: The "Set up Survey Queue" popup in the Online Designer would mistakenly note that the first survey instrument is not displayed in the popup and therefore cannot be used in the Survey Queue. However, this is no longer true (but was true in earlier versions), so that incorrect text has now been removed.
  • Change: The icons used to represent projects with "archived" status now use the Font Awesome "archive" icon instead.
  • Bug fix/change: When an administrator is processing a request submitted via the Sponsor Dashboard in which the things being requested are no longer applicable (e.g., if a user was requested to be suspended, but the user has been suspended through other means before the request was processed), it would display a confusing message to the administrator. Now in these situations it lets the administrator know that there is nothing to do and that they should contact to the requester to let them know that the request does not need to be completed.
  • Improvement: A new "hide suspended users" option was added to the Sponsor Dashboard to allow sponsors to hide suspended users when viewing that page.
  • Bug fix: For a survey that does not have "Save and Return Later" enabled, if a respondent returns to an incomplete survey response using a unique survey link, it would mistakenly display the "Start Over" button to allow them to erase their answers even if the response had been locked by a user on the data entry form. Respondents should not be able to modify data or erase data if the form has been locked. This has been changed so that if the response is locked, it will not display the "Start Over" button and will inform the respondent that they cannot do anything until a survey administrator has unlocked their response. (Ticket #34676)
  • Bug fix: Fields having any of the "Number (comma as decimal)" validations would mistakenly not have their scatter chart or descriptive stats displayed on the "Stats & Charts" page for a report.
  • Bug fix: When copying an instrument via the "Copy" action in the Online Designer, if the instrument contains a "calc" field in which its equation has been left blank, it would display an error stating that the instrument could not be copied.

Version 8.2.0 - (released 1/25/2018)

NEW FEATURES, BUG FIXES, & OTHER CHANGES:

  • Medium security fixes: Many Cross-Site Scripting (XSS) vulnerabilities were found in various pages in which a malicious user could potentially exploit them by manipulating the query string or POST parameters of an HTTP request.
  • Minor security fixes: Some Cross-Site Scripting (XSS) vulnerabilities were found on the "Create users (bulk upload)" section of the "Add Users" page in the Control Center, in which a malicious user could potentially exploit them by manipulating the contents of the CSV file that an administrator uploads on that page to create new Table-based users.
  • New feature: Sponsor Dashboard
    • The Sponsor Dashboard can be utilized by users who have been designated as a sponsor for another REDCap user. In many cases a sponsor is a secondary contact person for the user or someone that helps manage the account (or perhaps they requested that the account be created). The Sponsor Dashboard allows sponsors to manage their sponsored users by viewing various information about them, such as username, name, expiration, suspended status, and some general activity. The dashboard contains various functions to allow sponsors to make requests to REDCap administrators to help manage their sponsored users by performing the following actions: 1) resetting passwords (Table-based authentication only), 2) Setting/expiring a user’s account expiration, 3) suspending users, and 4) unsuspending users.
    • A link to the dashboard will be displayed at the top of the My Projects page for any users that are a sponsor.
    • If an institution decides not to allow sponsors to use the Sponsor Dashboard, it can be disabled on the User Settings page in the Control Center.
    • Note: The User Settings page in the Control Center also contains a setting “Default amount to set/extend user expiration times”, which sets the default time (in days) for setting or extending a user’s account expiration time when requested by a sponsor. In the specific case where the expiration time is being set (not extended), the administrator has the ability to modify the exact expiration time during the request approval process.
  • Improvement: Major improvements to the “Browse Users” page in the Control Center – Borrowing from the functionality of the new Sponsor Dashboard, administrators may now perform the following actions on many users at once: 1) resetting passwords (Table-based authentication only), 2) Setting/expiring a user’s account expiration, 3) suspending users, and 4) unsuspending users.
  • New API method: Export Repeating Instruments and Events - This method allows you to export a list of the repeated instruments and repeating events for a project. This includes their unique instrument name as seen in the second column of the Data Dictionary, as well as each repeating instrument's corresponding custom repeating instrument label. For longitudinal projects, the unique event name is also returned for each repeating instrument. Additionally, repeating events are returned as separate items, in which the instrument name will be blank/null to indicate that it is a repeating event (rather than a repeating instrument).
  • Improvement: New "compact" option for PDFs of forms/surveys in which a compact-formatted PDF is produced that excludes fields that have no data saved and excludes unselected multiple choice options, thus producing a smaller PDF file. (Note: Section headers and descriptive fields will still be included.) On all pages that offer a PDF download option, there is now an extra "compact" option. The REDCap::getPDF() developer method and the "Export PDF file" API method both have the compact option added as a new parameter that can be passed to the method.
  • Improvement: Minor aesthetic improvements in the display of PDFs of forms/surveys, such as divider lines between questions and gray background color for section headers.
  • Change/improvement: When adding/editing Automated Survey Invitations, the "Send after lapse of time" value for "days" may now be 4 digits in length (specifically up to 7300 days = 20 years), whereas previous versions limited the days unit to 3 digits. This change allows for a much longer wait time before sending the scheduled invitations. (Ticket #3082)
  • Bug fix: If attempting to enable the Twilio SMS and Voice Call services on a REDCap server that is not publicly available to the web (i.e., on a private network or behind a firewall), it would mistakenly allow the Twilio module to be enabled in a project even if the Twilio Request Inspector had not been disabled for the Twilio account being used.
  • Bug fix: If a survey is using "Save & Return Later" with the option "Allow respondents to return without needing a return code" enabled, then if a participant takes a survey using a public survey link and clicks the "Save & Return Later" button at the bottom of the survey, REDCap would mistakenly email them the public survey link rather than their private survey link which would normally allow them to return to their survey response to begin where they left off. The public survey link that gets emailed to them would mistakenly not allow them to continue their survey response.
  • Bug fix: If text data that contains line breaks/carriage returns is piped into another field value via piping inside an @DEFAULT action tag, the piped text would mistakenly contain HTML break tags (e.g., <br>) rather than proper line breaks/carriage returns.
  • Bug fix: If a project's "Character encoding for exported files" option (on the Edit A Project' Settings page) is set to "Chinese (UTF-8)", then the webpage would crash with a fatal PHP error whenever a user attempted to download a PDF of one or more data entry forms. (Ticket #32892)
  • Bug fix: When piping a radio button field into another field's label on the same instrument, if the piped field is modified on that page, thus instantly piping the new selected value's choice label, the choice label being piped would mistakenly be non-bolded text, even though the rest of the field label remains as bolded text.
  • Bug fix: For a project that utilizes the randomization module, if any of the strata fields being used in the randomization have field labels or field notes into which data is being piped, then the randomization dialog popup that displays these strata fields would mistakenly not have the data piped into their labels/notes. (Ticket #33282)
  • Bug fix: When a project contains repeating instruments, and a report is created that contains fields from a repeating instrument, the "Stats & Charts" view of that report might mistakenly display an incorrect number of missing values for fields on a repeating instrument. (Ticket #32078)
  • Bug fix: On a data entry form or survey that utilizes a calc field or certain action tags anywhere on the page, a random blank text field might mistakenly have a red sidebar appear on the input field for no reason.
  • Bug fix: If an External Module is utilizing the API endpoint URL, and a new REDCap version has been placed on the web server but the upgrade has not been completed yet, then the API endpoint would mistakenly redirect to the wrong place. (Ticket #33520)
  • Bug fix: For surveys that have no questions and have been set to "One section per page (multiple pages)" in their survey settings, it would mistakenly display the Form Status field on the survey page. (Ticket #33467)
  • Bug fix: In a production project in draft mode when adding a matrix of fields in the Online Designer and assigning it a matrix group name that already exists, it mistakenly allows the user to add that matrix group name, but then subsequently displays an error message when the whole matrix setup is saved. (Ticket #33661)
  • Bug fix: When using the Data Search feature on the "Add/Edit Records" page, the "Searching..." text/spinner would not accurately reflect the search request time but would mistakenly disappear on some long searches, thus making it appear that the search has completed when it actually has not. (Ticket #7805)
  • Various fixes for External Modules framework
  • The Help & FAQ page content was updated
  • Bug fix: When using the @TODAY or @NOW action tag for a field on a survey instrument, although the action tags will correctly insert the date/timestamp when the instrument is opened as a survey page, it would mistakenly not do this on the data entry form. Note: This only occurs on an instrument that has been enabled as a survey and is being opened as a data entry form when the field has no value. (Ticket #33609)
  • Bug fix: The "simultaneous users" check that prevents two different users from viewing the same record/instrument/event in the same project would not successfully stop a user from viewing the data entry form if the user already on the form performs one of the following actions: 1) upload a file onto a File Upload field, 2) download a file, 3) delete a file, or enter a value into the Secondary Unique Field (if enabled).
  • Bug fix: In certain rare cases, if a respondent clicks the download link for a File Upload field on a survey page, it might mistakenly display an error page rather than downloading the file.
  • Bug fix: When deleting a message in REDCap Messenger, in which a non-English language is being used for the system, it mistakenly would tell the user to type the translated version of the word "delete" for the local language; however it was instead expecting the user to literally type the English word "delete", not the translation of the word. For technical reasons, the English word must be typed, so the instructions have been changed to clarify this. (Ticket #34174)

Version 8.1.1 - (released 12/21/2017)

BUG FIXES & OTHER CHANGES:

  • Medium security fixes: Many Cross-Site Scripting (XSS) vulnerabilities were found in various pages in which a malicious user could potentially exploit them by manipulating the query string or POST parameters of an HTTP request.
  • General updates and improvements for External Modules framework, including the following bug fix: The "discoverable" setting for modules (set in the Control Center for a given module) was not quite working correctly, in which a regular user could navigate to the Project Module Manager page in their project and view all modules that have been enabled in the system, when instead they should only be able to view the modules that have been made discoverable.
  • Change: When field values get modified via the action tags @TODAY, @NOW, @LATITUDE, @LONGITUDE, and @USERNAME, it now displays the red side bar on the right side of the text field (just like calculated fields do when changed) to denote there was a value that changed. (Ticket #32537)
  • Change: The action tags @TODAY and @NOW will no longer hide the Today/Now button, will no longer hide the date-picker icon, and will no longer make the field read-only by default. From this version onward, users will need to additionally use @READONLY in order to accomplish those things. For backward compatibility, the REDCap upgrade process will automatically replace all instances of the @TODAY and @NOW action tags with "@TODAY @READONLY" and "@NOW @READONLY", respectively, to maintain the existing behavior for fields already using @TODAY and @NOW. (Ticket #32537)
  • Change: Updated a few PHP files that have old-style PHP class constructors that will not be compatible with upcoming versions of PHP 7
  • Bug fix: If a survey instrument contains a date or datetime field, in which a respondent completed the survey and left the date/datetime field blank, and then afterward a user added the @TODAY or @NOW action tag to the field, then if a user opened the response on the data entry form, it would mistakenly insert the current date value or current timestamp into the blank field even though the form was still in read-only mode (i.e., the user had not yet clicked the "Edit Response" button near the top of the form). (Ticket #32537)
  • Bug fix: If using the @MAXCHECKED action tag on a checkbox on a survey that has the "enhanced radio buttons and checkboxes" option enabled, it would mistakenly not work correctly, in which it would invisibly prevent the respondent from selecting more checkboxes than the action tag allows, but it would *appear* to allow more selections to be checked than allowed. So it sort of works but does not note to the respondent that it is working as advertised.
  • Bug fix: When using repeating instruments in a multi-arm longitudinal project, in which a record exists in multiple arms at the same time, it would mistakenly display the tables of repeating instrument data from other arms at the bottom of the Record Home Page for a given record. It should only be displaying tables for repeating instances from the current arm, not from other arms. (Ticket #32284)
  • Bug fix: If the path to the hook functions file contains a dash/hyphen, it would mistakenly cause REDCap Hooks not to be called. (Ticket #32336)
  • Bug fix: If viewing the drafted changes page for a production project, in which a multiple choice field's choices do not have a space immediately after the comma that follows the coded value for a given choice (e.g., "1,one", as opposed to "1, one"), then if a user clicks the Compare button in the drafted changes table on that page, it would mistakenly not display any of the choices for the field in the resulting dialog popup that is opened.
  • Bug fix: If using the Data Search feature on the "Add/Edit Records" page in a project, in which there exists a lot of matches for the search term entered by the user (e.g., if the project has lots of records) *and* the project has either Custom Record Labels or Secondary Unique Field enabled, then REDCap would mistakenly cause way too many queries to be made to the database, which could cause a major load on the database server. (Ticket #31544)
  • Bug fix: If exporting a Project XML file for a project that contains repeating instruments, in which a repeating instrument existed beforehand but has since been deleted, that instrument would mistakenly still persist in the <redcap:RepeatingInstrumentsAndEvents> section of the Project XML file. However, this would not affect anything if using the Project XML file to create a new REDCap project (i.e., the instrument would still remain deleted).
  • Bug fix: If an administrator is on the "Security & Authentication" page in the Control Center, and the cursor is placed in either of the two text boxes for entering IP address ranges for Two Factor Authentication, if the text box is left blank for those, it would mistakenly display a prompt saying that the IP ranges entered are not correct, which would keep popping up and could only be resolved by refreshing the page.
  • Bug fix: Text displayed on a few certain buttons and icons would mistakenly get truncated for non-English languages, especially French. (Ticket #32668)
  • Bug fix: When using the @NONEOFTHEABOVE action tag on a checkbox that is inside a matrix, when it displays the confirmation dialog asking the user to clear out the other checkbox selections, it would mistakenly not display that choice's label correctly in the dialog. (Ticket #32748)
  • Bug fix: For certain server configurations or certain versions of PHP, any branching logic or calculations that are not syntactically correct might mistakenly produce fatal PHP errors. (Ticket #32486)
  • Change: For projects utilizing the Twilio telephony services for surveys, extra informational text has been added to inform the user that Action Tags do not operate on SMS surveys or Voice surveys, which may have been unclear in previous versions due to lack of documentation. This extra text has been added to the Action Tag popup that lists all the Action Tags, and it has also been added to the "Analyze surveys for SMS & Voice Calls" popup, in which it will display a notice for any field that has Action Tags.

Version 8.1.0 - (released 12/11/2017)

NEW FEATURES, BUG FIXES, & OTHER CHANGES:

  • New action tag: @MAXCHOICE
    • Causes one or more specified choices to be disabled (i.e., displayed but not usable) for a checkbox, radio button, or drop-down field after a specified amount of records have been saved with that choice. For example, @MAXCHOICE(0=50,1=75,2=50) would imply that once 50 records have selected the '0' coded choice, that choice will become disabled for any record viewed afterward that does not have that choice saved, such as when the form/survey is opened for a new record, and thus 75 records for choice '1', 50 for choice '2', etc.
    • The format must be the action tag name followed by the choice designations inside parentheses, in which each will follow the format of ChoiceCode=MaxCount with each choice separated by commas. Note: For longitudinal projects, when counting the number of choices saved for records, it will treat all events as separate, meaning that in the example above, choice '0' can have a max number of 50 selections in EACH event in the project.
    • Note: This action tag not only gets employed when a form or survey is loaded but also when a form or survey is submitted in order to prevent users/respondents from going over the max amount specified. If a user submits a form/survey, at which point the maximum has been reached due to simultaneous users entering data just before them, it will not save that field’s value (but will save all the other fields on the form/survey), and it will reload the form/survey and tell the user to make another selection for the field.
  • New action tag: @MAXCHECKED - Allows a checkbox field to have a maximum number of checkboxes that can be checked. If other checkbox options are clicked after the maximum has been reached, those choices will not be able to be checked. The format must be @MAXCHECKED=#, in which # is a positive integer. For example, @MAXCHECKED=3 will allow a maximum of 3 checkbox choices to be checked. NOTE: This action tag can only be utilized by Checkbox fields, and it does not get enforced during data imports.
  • New feature: New option to allow respondents to return to a partially completed or fully completed survey response without needing a return code. When enabling "Save & Return Later" for a survey on the Survey Settings page, it will still default to requiring a return code in order for a respondent to continue the survey where they left off. But a user may opt to allow respondents to return to and continue their survey with only the survey link (i.e., without needing a return code in addition to the link) to view and modify their previous responses on that survey. Note: A warning exists in bold text in the informational popup for this feature that states the following: "If you are collecting identifying information (e.g., PII, PHI), for privacy reasons it is HIGHLY recommended that you leave the option unchecked so as to enforce a return code."
  • Change: For PDF exports of data entry forms with data, if a field that is normally removed from exports due to users having export rights of "De-Identified" or "Remove all tagged Identifier fields" is being used in the Custom Record Label or Secondary Unique Field value in the PDF file, that field value will no longer be piped in the PDF file but will instead be redacted (i.e., replaced with the text "[*DATA REMOVED*]"). This change is made to increase security/privacy regarding de-identification of data in data exports.
  • Bug fix: When clicking the "Erase all data" button on the Other Functionality page when utilizing surveys in a project, on some occasions it may mistakenly return an error message saying that it could not delete all data, even though it did successfully delete all project data.
  • Bug fix: REDCap Messenger would sometimes mistakenly open when navigating to a new page even though it was just closed, and sometimes it would close on a new page when it was just opened on the previous page.
  • Bug fix: If a user is on a data collection instrument that has been enabled as a survey, in which the record has not yet been created, if the "Save & Mark Survey as Complete" button is clicked on the data entry form, it would save the form but would mistakenly not set the survey as complete. (Ticket #31784)
  • Bug fix: If a user is on a data collection instrument that is a repeating instrument and has also been enabled as a survey, if the "Save & Mark Survey as Complete" button is clicked on the data entry form, it would save the form but would mistakenly not set the survey as complete for the correct repeat instance of the instrument.
  • Bug fix: When viewing the drafted changes in the Project Modification Module of a production project, if a field has branching logic that is being modified, in which neither the old nor the new branching logic has spaces and both are longer than 90 characters, then the logic text might not display correctly in the table on that page. (Ticket #31765)
  • Bug fix: If a project previously had repeating instruments or repeating events enabled, in which some repeating data was collected, after which repeating instruments/events was disabled, both the Record Status Dashboard and the left-hand project menu might mistakenly display an incorrect status icon (the "stack" status icon) for a non-repeating instrument/event.
  • Bug fix: When creating a project by importing the REDCap project XML file that was exported from another project, it would mistakenly remove all carriage returns/line breaks in field labels. (Ticket #31908)
  • Change: Changed the word "approve" in the production changes email sent to REDCap administrators so that it is now replaced with "review & approve" for clarity.

Version 8.0.3 - (released 12/1/2017)

IMPROVEMENTS, BUG FIXES, & OTHER CHANGES:

  • Improvement: The datediff() function can now utilize the “now” variable as one of the two date/time parameters (in a similar way as the “today” variable). This is not only true for calc fields, but also for ASI logic, DQ rules, report filters, etc. You may use a time, date, datetime, or datetime_seconds field with the “now” parameter in datediff. Note: If using a date field with “now”, it will assume midnight (00:00) for the time component for the date field.
  • Improvement: Fields whose values have numbers with a comma as the decimal mark (e.g., "3,14" - European number format) now work in calculated fields. In previous versions, using a number with a comma would result in a blank returned value for the calc field. Note: The calculated value that is returned from a calculation will still have a dot/period as the decimal mark (if it contains a decimal), so in this way, it will convert into all calc field input values into dot/period format when performing the calculation, thus still returning numbers in dot/period format as all previous versions have.
  • Minor security fixes: Some Cross-Site Scripting (XSS) vulnerabilities were found in various pages in which a malicious user could potentially exploit them by manipulating the query string of an HTTP request.
  • Change: When piping field values into an @DEFAULT action tag when the piped value is blank/non-existent, it now no longer replaces the [variable] with "______" but instead replaces it with "" (i.e., nothing), which is viewed as more preferable since the value is being input as a field value. This is only true for piping specifically within the @DEFAULT tag and not for piping in general. (Ticket #23454)
  • Change/improvement: External Modules now supports modules with the module version in X.Y.Z format. In previous versions, only X.Y versioning was allowed.
  • Bug fix: The @HIDECHOICE action tag was mistakenly not hiding the choices of checkboxes or radio buttons on survey pages where the "enhanced radio buttons and checkboxes" option was enabled. It was only hiding them when the enhanced option was disabled. (Ticket #31001)
  • Bug fix: If a project in production status is in draft mode, and the Move Field icon is clicked for a field in the Online Designer in order to move a field, in which the field is the first field on a data collection instrument, then after being moved, the project's instruments might not display correctly in the Online Designer, such as making some fields not even viewable on any instrument in the Online Designer view. This issue would persist while still in draft mode, but would eventually resolve once the drafted changes were approved. Note: This issue would not affect how fields or instruments are displayed on data entry forms or survey pages when entering data.
  • Change: Account Managers no longer have the ability to delete administrator accounts (via the Browse Users page). Also, the following text has been added for clarification in the instructions on the "Designating REDCap Administrators and Account Managers" page: "Account managers have powers such as deleting users, which could thus impact projects, so this role in not intended to be delegated to those operating as project managers or ordinary users". (Ticket #26191, #31020)
  • Bug fix: If two users are simultaneously on the Online Designer or Data Dictionary page in a project in production status that is in draft mode, in which one user clicks the "Submit changes for review" button immediately after the other user clicks the "Remove all drafted changes" link, it would mistakenly delete all the fields in the project if the submitted changes were approved by an Administrator.
  • Bug fix: If a user enters data on a repeating instrument but fails to enter a value for a required field, and then the user clicks the "Ignore and go to next form" button in the "Some fields are required" prompt, in which the next form is *not* a repeating instrument, then it would mistakenly take the user to the next form but on an incorrect instance, which may cause some data to not get stored properly on that second form. When clicking the "Ignore and go to next form" button, it should always take the user to instance #1 of the next form unless the user is currently on a repeating event. (Ticket #29801)
  • Bug fix: When uploading a data dictionary containing calc fields, it might mistakenly display an error stating that some equations are not syntactically correct, which is ultimately caused due to line break characters from Mac Excel (as opposed to Windows Excel line breaks).
  • Bug fix: When clicking the H icon next to a field to open the Data History Widget on a data entry form, it would mistakenly omit any logged events for "Update record (API) (Auto calculation)". (Ticket #31362)
  • Bug fix: When downloading a PDF of a data entry form, on specific occasions it may mistakenly crash and return an error message saying "FPDF error: Interlacing not supported...". (Ticket #31101)
  • Bug fix: When downloading the Project XML file (metadata or metadata+data file), it might mistakenly duplicate a checkbox field's choices numerous times in the metadata section of the ODM XML file. (Ticket #29287)
  • Bug fix: When assigning a user to a user role on the User Rights page in a project, if the user is using certain versions of Internet Explorer, the "Notify user via email?" checkbox would sometimes mistakenly not get displayed after clicking the "Assign to role" button. (Ticket #30764)
  • Change: The field validation for North American phone numbers is now more permissible and allows a greater variety of numbers to be used, such as 8XX and 900 numbers.
  • Bug fix: When the survey login is used in a longitudinal project, if three fields are set to be the login field, in which the same field is used but on different events or arms, although it would save the settings correctly, if the survey login popup was later reopened after being saved, the event/arm drop-down for the login field #3 would mistakenly have the event/arm value of login field #1. (Ticket #18430)
  • Change: When clicking the "No Access" option for an instrument in Data Entry Rights when adding/editing a user's privileges on the User Rights page, it now automatically deselects the "Edit survey responses" checkbox if the instrument has been enabled as a survey.
  • Bug fix: When using other languages as the stock text for a project, a JavaScript error may occur on the Survey Settings page for an instrument when a user attempts to set "Send confirmation email" as "No" after first setting it as "Yes", which may prevent the section from closing or re-opening. (Ticket #30713)

Version 8.0.2 - (released 11/17/2017)

BUG FIXES & OTHER CHANGES:

  • Minor security fix: A Cross-Site Scripting (XSS) vulnerability was found in a page used by various functionality dealing with user accounts, in which a malicious user could potentially exploit it by manipulating the query string of an HTTP request. (Ticket #30806)
  • Change: The REDCap::evaluateLogic() method was changed slightly with regard to what it returns. This has been changed so that if the logic parameter string is not syntactically correct or if any of the parameters are invalid (e.g., record or event does not exist), it will now return NULL. In previous versions, it would return FALSE in this case, which made it difficult to troubleshoot issues with incorrect parameters being used.
  • Change: For added flexibility, the Survey Queue setup dialog in the Online Designer will now display the project's first data collection instrument (assuming the instrument has been enabled as a survey), whereas previous versions did not allow the first instrument to be enabled in the Survey Queue.
  • Change: When viewing a repeating instrument's data entry form for a record in a project, the "current instance" drop-down displayed near the top of the page no longer displays the instance number in a fraction format where it shows the total instances following by a slash (e.g., 2/5). It now only displays the instance number (and the custom label, if defined). This was changed because it led to confusion in cases where some instances were deleted, thus leaving gaps in the middle but still showing the max instance as the total instances, which is not the same thing and is confusing.
  • Bug fix: For some server configurations, if the Configuration Check page recommends that the administrator replace some outdated non-versioned files, the resulting zip file that they download might be corrupted due to gzip compression issues. (Ticket #30569)
  • Bug fix: When a user is viewing the Data Export Files tab on the File Repository page in a project, and they set the "filter by" drop-down to Stata, R, SPSS, or SAS, then in the results displayed in the table below, the Data CSV file would mistakenly not be downloadable. (Ticket #30578)
  • Bug fix: When creating a new Data Quality rule that is attempting to find blank values (via [field]=""), if all the fields being referenced in the rule logic are blank/null for a given record, the rule would mistakenly not return any discrepancies for that record. (Ticket #30655)
  • Bug fix: When viewing the Configuration Check page in the Control Center, if the "mbstring" PHP extension is not installed on the web server, it would mistakenly throw a fatal PHP error on that page during the "able to send emails" check. (Ticket #30657)
  • Bug fix: In longitudinal projects that utilize the survey queue to display surveys across multiple events, the survey queue would mistakenly order the surveys by instrument order rather than by event order. This has been fixed so that it now orders surveys in the queue by event order so that all the surveys in a given event are grouped together. (Ticket #30704)
  • Bug fix: When a survey is enabled in the survey queue in a longitudinal project, and then that survey instrument is removed from a given event (via the Designate Instruments page), thus orphaning the survey-event in the survey queue, if no other survey-events are enabled in the survey queue, then the Survey Queue button in the Online Designer might mistakenly still have a green checkmark icon next to it, even though no survey-events are enabled in the queue anymore. Also, in this case the survey-event may mistakenly get displayed in a record’s survey queue when the survey is no longer designated for that event.
  • Bug fix: When the survey login is used in a longitudinal project, if multiple fields are set to be the login field, in which the same field is used but on different events or arms, then it would mistakenly not save both instances of the field but would only save one. (Ticket #18430)

Version 8.0.1 - (released 11/9/2017)

BUG FIXES & OTHER CHANGES:

  • Improvement: Added new plugin/hook/module method named REDCap::evaluateLogic(), which returns whether a string of logic (e.g., branching logic) evaluates as true or false based on the data of a given record in a given project.
  • Improvement: New "clickjacking prevention" option at the bottom of the "Security & Authentication" page in the Control Center allows administrators to enable this option if they want to prevent REDCap pages from being embedded in external websites (e.g., embedding a survey page inside an iframe on another website). Preventing clickjacking is often regarded as an improvement to security. Note: If you wish to allow REDCap users to embed REDCap pages in external websites, do not enable this option but leave it as "Allow...".
  • Minor security fixes: Some Cross-Site Scripting (XSS) vulnerabilities were found in various pages in which a malicious user could potentially exploit them by manipulating the query string of an HTTP request.
  • Bug fix: When copying a project with surveys, the value of the "Allow participants to download a PDF of their responses at end of survey?" survey setting would mistakenly not get copied to the new project. (Ticket #28639)
  • Bug fix: When downloading a PDF of a data entry form with data, in which the user is downloading all forms for all records or all forms for a single record, it would mistakenly not display the locking/e-signature timestamps in the PDF. (Ticket #29915)
  • Bug fix: When downloading a PDF of a survey response with data, on certain occasions it might mistakenly display incorrect survey completion timestamps in the PDF. (Ticket #29930)
  • Bug fix: On the Record Status Dashboard when clicking on the form status stack icon (representing multiple repeating instances of a form or event) in a longitudinal project that has multiple arms, it might mistakenly not display the floating table of instances but instead would display a horizontal black line after clicking the icon. (Ticket #29927)
  • Bug fix: In longitudinal projects using repeating events, the Record Home Page might mistakenly display some form status icons in the wrong column in the table for records that have more than one instance saved of a repeating event. (Ticket #30077)
  • Bug fix: When one or more fields in a matrix contain certain special characters in their field label, it might prevent the "Edit Matrix of Fields" popup from being displayed after clicking the pencil icon on the Online Designer. (Ticket #30250)
  • Bug fix: On certain occasions, rule E in the Data Quality module will mistakenly return discrepancies that have blank/null values, which should never be returned when running rule E. (Ticket #14976, #28576)
  • Bug fix: If a Notes field is using the @READONLY action tag, the "expand" link displayed on the survey or form below the text box would mistakenly not work. (Ticket #30433)
  • Bug fix: If a project is utilizing the randomization module, and the randomization field somehow already has a value saved for it prior to a given record being randomized, then it will now disable that field on the data entry form and prevent the record from being randomized. (Ticket #30427)
  • Bug fix: If a project that has repeating instruments or repeating events is using the Data Resolution Workflow module, and a value is marked as Verified on the first instance of a repeating instrument/event, then if a value is changed on another instance of that instrument or event, respectively, then it would mistakenly De-verify the field on the first instance rather than on the current instance. (Ticket #30457)
  • Bug fix: If a project that has repeating instruments or repeating events is using a Data Quality rule with Real-time Execution enabled, if the DQ rule finds discrepancies when saving a repeating instrument/event, in which the user is not on the first instance, then in the DQ discrepancy popup, it might mistakenly display some data values from the first instance of the instrument/event rather than from the current instance. (Ticket #30477)
  • Bug fixes were addressed in the External Modules framework, such as some modules throwing a PHP error when being enabled, and its TinyMCE rich text editor was upgraded.
  • Bug fix: Fixed typo in "Branching Logic Errors Exist!" popup

Version 8.0.0 - (released 11/3/2017)

NEW FEATURES, BUG FIXES, & OTHER CHANGES:

  • New feature: External Modules
    • External Modules are individual packages of software that can be downloaded and installed by a REDCap administrator. Modules can extend REDCap's current functionality, and can also provide customizations and enhancements for REDCap's existing behavior and appearance at the system level or project level. Modules can utilize REDCap hooks and also can have REDCap plugin pages as part of them.
    • A new page in the Control Center allows administrators to navigate to the REDCap Repo (Repository of External Modules) and download any module listed in the REDCap Repo. Only administrators may enable modules, either at the system level or project level, although the permissions regarding who can configure a module (after it has been enabled for a project) is something that can be set at the module level by an administrator on the Control Center’s Module Manager page. Each module has its own set of configuration options, which are all defined by the creator of the module.
    • If you or your users experience any issues with a given module, you are encouraged to notify the author of the module rather than posting a Bug Report on the REDCap Community site.
  • Improvement: On the Public Survey Link page in a project, a new button "Open Public Survey + Logout" has been added to increase security in case users want to open the public survey while ensuring that the participant cannot access their REDCap account in the other browser tab. (Ticket #29686)
  • Bug fix: The font size of any links that were placed in a survey's instructions, field labels, or acknowledgment text would appear too small if the survey was set with "Large" or "Very Large" text size.
  • Bug fix: Fixed typo in Data Import Tool
  • Bug fix: If a user is uploading a Data Dictionary containing a PROMIS CAT (computer adaptive test) survey, in which the CAT contains some multiple choice fields that have duplicate codings, it would mistakenly prevent the user from uploading the Data Dictionary. It should be ignoring duplicate codings in CATs.
  • Bug fix: If a user is uploading a Data Dictionary containing a PROMIS CAT (computer adaptive test) survey and the user modified the Choices column for a CAT field in the Data Dictionary, it would mistakenly accept those changes and allow the Data Dictionary upload to proceed, thus corrupting the CAT's field metadata. This would not affect participants taking the CAT in any way (i.e., the survey would still appear correctly when taking it), but it might cause the CAT not to display correctly when a user views a participant's CAT response on a data entry form afterward.
  • Bug fix: If a user enters data on a repeating instrument but fails to enter a value for a required field, and then the user clicks the "Ignore and go to next form" button in the "Some fields are required" prompt, in which the next form is also a repeating instrument, then it would mistakenly take the user to the next form but on the same instance number that the previous form was on, which may cause some instance numbers to get skipped on the second form. When clicking the "Ignore and go to next form" button, it should always take the user to instance #1 of the next form if the next form is a repeating instrument.
  • Bug fix: Improving compliance with SMTP email servers by added a space after the "Cc:" and "Bcc:" email headers since some SMTP servers might reject emails sent from previous REDCap versions, which had no space in those headers. (Ticket #3943)
  • Bug fix: When editing or adding a calc field in the Online Designer, it would mistakenly still show the results in the section "test calculation with a record" if that option had just been used for another calculated field that was being edited or added previously while on that page, thus mistakenly showing results that do not correspond to the current field being edited/added (Ticket #29682)
  • Bug fix: When opening the Automated Survey Invitation setup popup in the Online Designer, if a particular ASI has been set as "inactive" beforehand, then when the popup opens, it would mistakenly display all the ASI setup options as blank as if it had never been set up before. (Ticket #29765)
  • Bug fix: When the Project Modification Module displays a list of "fields to be deleted", it would mistakenly truncate the count of records/events that would be affected by the field being deleted. (Ticket #29770)
  • Bug fix: If a user opens a data entry form on a repeating event, it would mistakenly never enable the Survey Options at the top right of the page, even if the form has been saved already. (Ticket #29857)
  • Bug fix: When using Twilio telephony services for surveys and then opening the "Analyze surveys for SMS & Voice Calls" popup on the Project Setup page, it would incorrectly say that no surveys have been enabled (even though they have) if the user had failed to check at least one of the checkbox options under the "Choose survey invitations types to use" section in the Twilio configuration. (Ticket #18658)
  • Bug fix: When adding/editing the logic for a Data Quality rule, in which the logic contains a "less than" (<) character followed immediately by a function name (e.g., round) - i.e., without a space between the "<" and the function name, then the rest of the logic would get truncated when displaying the logic in the table of Data Quality rules. (Ticket #30088)