r7

r7 - 2020-07-24

• DPC-551: Restore /Patient/$everything (#925)
• Bump @cmsgov/design-system-core from 3.7.0 to 3.7.2 in /dpc-web (#909)
• Bump newrelic_rpm from 6.11.0.365 to 6.12.0.367 in /dpc-web (#917)
• Bump @cmsgov/design-system-layout from 3.7.0 to 3.7.2 in /dpc-web (#908)
• Bump rubocop from 0.87.1 to 0.88.0 in /dpc-web (#916)
• dpc-502 Feature: Investigate prod gems (#912)
• Reformated the activity log message into a key/value pair (#910)
• DPC-545 configure container to run integration tests in it (#913)
• Bump factory_bot_rails from 6.0.0 to 6.1.0 in /dpc-web (#903)
• DPC-318 & 520: disable an API env for an organization but not delete all their data from the API. (#914)
• Bump rubocop-performance from 1.6.1 to 1.7.1 in /dpc-web (#915)
• allow negative -1 to be the way to indicate no limit (#902)
• DPC-505: Remove sandbox_id in rails app (#900)
• Bump rubocop from 0.86.0 to 0.87.1 in /dpc-web (#904)

r6

r6 - 2020-07-16

• dpc-512 Feature: rename golden macaroon env var (#898)
• Revert Patient/$everything (#901)
• log lookback stats, add jobid, batchid and patient mbi hash to mdc (#897)
• DPC-519 Log Authenticated Requests With Org Id (#899)
• Deduplicate Postman tests (#896)
• Added myself (Sal) to pom.xml developers (#875)
• DPC-56: Patient/$everything (#894)
• Add separate data files and make entry for prod smoke tests (#893)
• Bump truemail from 1.7.1 to 1.8.0 in /dpc-web (#869)
• DPC-511: Change all mention of dashboard to portal (#892)
• DPC-143: Set up dotenv or similar for easy env var setup for local development (#890)
• DPC-359: Newly created organization not automatically assigned to user account that requested the organization (#889)
• Remove redis exists warning (#891)

r5

r5 - 2020-07-02

• Update TokenResource.java (#878)
• DPC-469 Look back corrections (#880)
• DPC-148 & 362: Simplify web app for one environment (#881)
• Bump rails-controller-testing from 1.0.4 to 1.0.5 in /dpc-web (#887)
• Bump faker from 2.12.0 to 2.13.0 in /dpc-web (#886)
• Bump rubocop from 0.85.1 to 0.86.0 in /dpc-web (#866)
• Bump kramdown from 2.2.1 to 2.3.0 in /dpc-web (#885)
• DPC-504 use mockbluebuttonclient for postman tests (#884)
• Revert "Revert "Dpc 361 move sidekiq to container service (#846)" (#882)" (#888)
• Removed @Api annotiation from AbstractEndpointResource (#877)
• Revert "Dpc 361 move sidekiq to container service (#846)" (#882)
• DPC-85 add location and lastupdated (if set) to headers (#848)

r4

r4 - 2020-06-25

• Dpc 361 move sidekiq to container service (#846)
• DPC-442 Feature: null check in hapi exception handler (#879)
• Update pull request template (#876)
• DPC-154: As an internal user I want buttons to easily add/remove users from an organization (#865)
• DPC-37 include mbi for patient resource coming back from blue button (#861)
• Bump factory_bot_rails from 5.2.0 to 6.0.0 in /dpc-web (#870)
• Dpc 354 swagger (#857)
• Bump capybara from 3.32.2 to 3.33.0 in /dpc-web (#872)

r3

r3 - 2020-06-18

• DPC-326: As an internal user, I want to filter organizations (#860)
• Change mailer language (#864)
• Dpc 150 validate and properly escape all web model inputs (#859)
• DPC-96: Update language on DPC website (#856)
• Bump redis from 4.1.4 to 4.2.1 in /dpc-web (#853)
• DPC-383: Finish Public Key Page - UX Upgrade (#850)
• Get smoke test working in prod env (#849)
• Bump bundler-audit from 0.6.1 to 0.7.0.1 in /dpc-web (#851)
• Bump devise from 4.7.1 to 4.7.2 in /dpc-web (#852)

r2

r2 - 2020-06-11

• DPC-368 fix example data (#836)
• Update PatientEntityConverter.java (#845)
• DPC-136: Add support for creating and updating Consent resources (#833)
• Dpc 149 strong parameters (#843)
• DPC-333: Update the website to request snippets of encrypted data from users to validate public keys (#819)
• Smoke elb url set via env (#835)
• Bump rubocop from 0.84.0 to 0.85.1 in /dpc-web (#841)
• DPC-18: Website sessions are not persisted across deploys (#832)
• DPC-162 add auth related logging filter (#822)
• DPC-335: Verify public key with snippet signature (#814)
• Bump vcr from 5.1.0 to 6.0.0 in /dpc-web (#829)
• DPC-134: Upgrade to Rails 6 (#830)
• DPC-91 refactor configs (#789)
• Dpc 366 allow sidekiq to log to stdout (#820)
• Bump faker from 2.11.0 to 2.12.0 in /dpc-web (#827)
• DPC-89: Disable metrics logging (#821)
• [Security] Bump kaminari from 1.2.0 to 1.2.1 in /dpc-web (#823)
• DPC-443 limit the number of members in roster (#786)
• Bump rubocop-performance from 1.5.2 to 1.6.0 in /dpc-web (#815)
• Dpc 133 use redis with async job (#808)
• [Security] Bump puma from 4.3.3 to 4.3.5 in /dpc-web (#813)
• Bump rubocop from 0.82.0 to 0.84.0 in /dpc-web (#812)
• fix smoke tests (#809)
• Bump brakeman from 4.8.1 to 4.8.2 in /dpc-web (#804)
• Bump rspec-rails from 4.0.0 to 4.0.1 in /dpc-web (#801)
• Bump capybara from 3.32.1 to 3.32.2 in /dpc-web (#802)
• Bump truemail from 1.6.1 to 1.7.1 in /dpc-web (#795)
• Bump jquery-rails from 4.3.5 to 4.4.0 in /dpc-web (#793)
• Bump rails version to 5.2.4.3 (#810)
• DPC-1282 organization id validation (#763)
• add prod smoke test config (#796)
• DPC-92: Responses for create operations (#797)
• Bump database_cleaner from 1.8.4 to 1.8.5 in /dpc-web (#794)
• Dpc 1238 disallow query params (#785)
• DPC-1168: As an internal user I want a pop up when I'm trying to disable/delete org/user (#778)
• DPC-1347: Change auto-generated vendor and provider ids to pass for NPI (#788)
• DPC-1199: Cancel button on Enable/Edit API page not working (#783)
• DPC-1063: Add public key information to admin dashboard (#784)
• Revert "Bump jackson-datatype-jsr310 from 2.10.3 to 2.11.0 (#770)" (#787)
• Bump jackson-datatype-jsr310 from 2.10.3 to 2.11.0 (#770)
• DPC-1371 Email domain validation (#782)
• Revert "DPC-1347: Change auto-generated vendor and provider ids to pass for NPI (#772)" (#781)
• Sign out after password change/reset (#777)
• DPC-1338: Allow the admin to delete user accounts from the web app (#775)
• DPC-25 Lookback in Aggregation Engine (#753)
• Dpc 1369 fix rspec error (#776)
• DPC-1280: Endpoint resource validation
• DPC-1295: In prod_sbx automatically approve organization for API use (#773)
• update url for ig publisher jar (#774)
• DPC-1274-create nohtml validator (#739)
• DPC-1347: Change auto-generated vendor and provider ids to pass for NPI (#772)
• Add myself to the developers section of the pom.xml file (#765)
• DPC-1277: Change external user email to account verification. (#745)
• Fix 204 vs 202 confusion in postman descriptions
• Revert "Revert DPC-34 since"
• Fix API config for dev, test, and prod-sbx
• DPC-1197: As an external user, I want an alert telling me if I'm trying to reuse a Public Key. (#736)
• DPC-1283: Patient resource input validation (#761)
• Web app logging: JSON and log level (#760)
• Bump byebug from 11.1.1 to 11.1.2 in /dpc-web (#758)
• Bump fakefs from 1.2.0 to 1.2.2 in /dpc-web (#759)
• Bump rubocop from 0.81.0 to 0.82.0 in /dpc-web (#754)
• Bump minimist from 1.2.2 to 1.2.3 (#755)
• [Security] Bump minimist from 0.2.1 to 1.2.2 (#744)
• Bump dropwizard.version from 1.3.22 to 1.3.23 (#749)
• Bump pry from 0.13.0 to 0.13.1 in /dpc-web (#742)
• Quotes around passwords (#741)
• Use quotes around database password (#740)
• update minimist (#737)
• Create prod.application.conf file. (#738)
• Bump newrelic_rpm from 6.9.0.363 to 6.10.0.364 in /dpc-web (#734)
• point local.env to new domain (#733)
• Bump brakeman from 4.8.0 to 4.8.1 in /dpc-web (#731)
• DPC-1210: Generate fake identifier for provider orgs in sandbox (#725)
• Bump hibernate-core from 5.4.12.Final to 5.4.14.Final (#730)
• Bump dropwizard.version from 1.3.21 to 1.3.22 (#728)
• Bump bouncey.version from 1.64 to 1.65 (#726)
• Bump capybara from 3.32.0 to 3.32.1 in /dpc-web (#727)
• Bump database_cleaner from 1.8.3 to 1.8.4 in /dpc-web (#729)
• DPC-25 Common code (#721)
• Bump pitest-maven from 1.5.0 to 1.5.1 (#715)
• DPC-1155: Close RandomAccessFile on exception (#710)
• Bump rubocop from 0.80.1 to 0.81.0 in /dpc-web (#724)
• Bump dropwizard.version from 1.3.20 to 1.3.21 (#713)
• Revert DPC-34 since
• Add Postman tests
• Rebase changes
• Code Review Fixes
• Code Climate Fixes
• Change OpenAPI documents
• Improve tests
• Made make ci-app work
• Added submit and complete extensions to the JobCompleteModel
• Adding BB2 client in DPC-API
• _since Support
• Bump commons-lang3 from 3.9 to 3.10 (#718)
• Bump rspec-rails from 3.9.1 to 4.0.0 in /dpc-web (#708)
• Bump capybara from 3.31.0 to 3.32.0 in /dpc-web (#716)
• Bump faker from 2.10.2 to 2.11.0 in /dpc-web (#707)
• Bump pry from 0.12.2 to 0.13.0 in /dpc-web (#703)
• Bump junit.jupiter.version from 5.6.0 to 5.6.1 (#702)
• Bump javassist from 3.26.0-GA to 3.27.0-GA (#700)
• Bump guice from 4.2.2 to 4.2.3 (#699)
• Bump newrelic.agent.version from 5.10.0 to 5.11.0 (#695)
• Bump @cmsgov/design-system-core from 3.6.1 to 3.7.0 in /dpc-web (#694)
• Update DPC note language (#712)
• Bump fakefs from 1.1.0 to 1.2.0 in /dpc-web (#709)
• Bump @cmsgov/design-system-layout from 3.6.1 to 3.7.0 in /dpc-web (#696)
• Bump octokit from 4.17.0 to 4.18.0 in /dpc-web (#711)
• DPC-860: Navigation bug on top tabs (#701)
• Use SecureRandom() instead of Random() for places that deal with cryptography (#677)
• Bump pg from 1.2.2 to 1.2.3 in /dpc-web (#697)
• DPC-1134 add new bfd CA cert to keystore (#693)
• Bump httpclient from 4.5.11 to 4.5.12 (#673)
• DPC-1158: Cannot delete Thomas Jefferson University or Webster organization records in the admin portal (#680)
• DB Migrations for _since
• Bump jjwt.version from 0.11.0 to 0.11.1 (#688)
• Bump postgresql from 42.2.10 to 42.2.11 (#684)
• Bump maven-site-plugin from 3.8.2 to 3.9.0 (#685)
• Bump maven-dependency-plugin from 3.1.1 to 3.1.2 (#687)
• Bump maven-javadoc-plugin from 3.1.1 to 3.2.0 (#691)
• Bump rxjava from 2.2.18 to 2.2.19 (#690)
• Bump mockito-core from 3.3.0 to 3.3.3 (#692)
• DPC-1074: Password Required to Delete Account (#668)
• add ability to configure practitioner limit per environment (#652)
• DPC-1182: Remove pipes from characteristic-value params when code only (#689)
• DPC-1013: Enable vendors to create API credentials in Sandbox (#675)
• aggregation engine health check (#676)
• Additional error handling around failing batches (#679)
• DPC-1119: Stuck jobs fixes: change exceptions in ResourceFetcher; remove RetryTransformer (#667)
• Bump webmock from 3.8.2 to 3.8.3 in /dpc-web (#683)
• Queue Health Check Fix (#686)
• Fix stuck batch health check not marking the instance as unhealthy (#678)
• Bump rspec-rails from 3.9.0 to 3.9.1 in /dpc-web (#682)
• Bump octokit from 4.16.0 to 4.17.0 in /dpc-web (#681)
• Fix: Stuck jobs are unable to be restarted due to SQL constraint exception (#674)
• DPC-1171: Queue NPE fixes (#664)
• Bump @cmsgov/design-system-core from 3.6.0 to 3.6.1 in /dpc-web (#670)
• Bump @cmsgov/design-system-layout from 3.6.0 to 3.6.1 in /dpc-web (#671)
• changed tos security requirements information (#665)
• Mutation testing for dpc-common module (#615)
• DPC-1106: Replace HAPI fork with mainline (#648)
• switched delegated_macaroon with golden_macaroon to delete_organization function (#663)
• Additional smoke test logging (#626)
• [Security] Bump omniauth from 1.9.0 to 1.9.1 in /dpc-web (#661)
• Bump jackson-datatype-jsr310 from 2.10.2 to 2.10.3 (#660)
• Bump rubocop from 0.80.0 to 0.80.1 in /dpc-web (#658)
• MBIs in smoke test associations CSV (#656)
• [Security] Bump puma from 4.3.2 to 4.3.3 in /dpc-web (#657)
• Bump puma from 4.3.1 to 4.3.2 in /dpc-web (#654)
• DPC-760: Add support for ECC keys (#534)
• Bump jib-maven-plugin from 2.0.0 to 2.1.0 (#651)
• DPC-1091: Disable Remember Me functionality from the website (#641)
• Set bbclient.serverBaseUrl to BFD_URL for aggregation dev, test, prod-sbx (#653)
• Switch to MBIs and use BFD prod sandbox environment (#640)
• Disable New Relic distributed tracing (#631)
• Bump fhir_client from 4.0.3 to 4.0.4 in /dpc-web (#649)
• Bump @cmsgov/design-system-core from 3.5.0 to 3.6.0 in /dpc-web (#621)
• Bump simplecov from 0.18.4 to 0.18.5 in /dpc-web (#650)
• color variable fix for cms design upgrade (#647)
• Bump bootsnap from 1.4.5 to 1.4.6 in /dpc-web (#643)
• Bump simplecov from 0.18.3 to 0.18.4 in /dpc-web (#645)
• Bump dropwizard.version from 1.3.19 to 1.3.20 (#646)
• Bump newman from 4.5.7 to 4.6.0 (#644)
• Bump simplecov from 0.18.2 to 0.18.3 in /dpc-web (#637)
• [Security] Bump nokogiri from 1.10.7 to 1.10.8 in /dpc-web (#642)
• Bump jersey-common from 2.29.1 to 2.30.1 (#639)
• Bump jersey-test-framework-provider-grizzly2 from 2.30 to 2.30.1 (#636)
• Bump mockito-core from 3.2.4 to 3.3.0 (#638)
• Bump rxjava from 2.2.17 to 2.2.18 (#635)
• DPC 1011: Unique auto number generator for vendor id (#611)
• DPC-1060: UI Fixes (#633)
• create custom layout to parse json like strings for logging (#614)
• Bump jooq.version from 3.12.1 to 3.13.1 (#630)
• Bump newrelic_rpm from 6.8.0.360 to 6.9.0.363 in /dpc-web (#629)
• Bump @cmsgov/design-system-layout from 3.5.1 to 3.6.0 in /dpc-web (#624)
• Bump simplecov from 0.18.1 to 0.18.2 in /dpc-web (#606)
• Bump webmock from 3.8.1 to 3.8.2 in /dpc-web (#607)
• Bump faker from 2.10.1 to 2.10.2 in /dpc-web (#612)
• Bump database_cleaner from 1.8.2 to 1.8.3 in /dpc-web (#618)
• Bump jjwt.version from 0.10.7 to 0.11.0 (#594)
• Bump brakeman from 4.7.2 to 4.8.0 in /dpc-web (#617)
• Bump maven-shade-plugin from 3.2.1 to 3.2.2 (#608)
• Bump dropwizard.version from 1.3.18 to 1.3.19 (#622)
• Bu...

r1

No changes

0.4.0: Public Sandbox Launch

Task

• [DPC-512] - Website EMR Video
• [DPC-513] - Conference Marketing Materials
• [DPC-542] - Create monitoring alarms for unhealthy services
• [DPC-548] - Add a stable build version to services
• [DPC-559] - Setup a CD pipeline for a future dev environment
• [DPC-639] - Support deploying multiple databases for Queue V2
• [DPC-661] - Create SSL cert for dev environment
• [DPC-668] - Update our Terraform modules to ensure all environment AWS resources are in the state
• [DPC-672] - Build DEV environment terraform module
• [DPC-675] - Update our Jenkins AMI user to have full permissions for Terraform deployments
• [DPC-676] - Deploy Jenkins AMI Terraform permissions
• [DPC-677] - Update Jenkins pipeline to deploy full Terraform state
• [DPC-685] - Add LGTM integration
• [DPC-687] - Clean up abandoned AWS resources
• [DPC-692] - 1 800 MEDICARE data model
• [DPC-709] - Decision: What metrics are we choosing to alert on
• [DPC-730] - Create a Jenkins pipeline to enable or disable maintenance mode
• [DPC-756] - Connect non-prod environments to BFD DPR
• [DPC-785] - Install dev TLS certificate on ALB
• [DPC-829] - Create Golden Macaroons for Website

Improvement

• [DPC-190] - Remove Redis dependency from Queue
• [DPC-202] - As a vendor, I want the ability to register my organization
• [DPC-212] - Remove queue Pair class
• [DPC-252] - Integrate automated dependency updating
• [DPC-253] - ECS Instances should be based on GDIT Gold image
• [DPC-491] - Add Github Link to website
• [DPC-507] - As a user of the DPC web site, I find it hard to find the FAQ.
• [DPC-560] - Connect DPC environments to BB DPR
• [DPC-593] - Develop user flows for creating and managing tokens
• [DPC-623] - Refactor ECS configuration into its own Terraform module
• [DPC-658] - Improve export job response with data integrity elements
• [DPC-679] - Add package.json to lock newman dependency
• [DPC-725] - Add links to sample data on documentation page
• [DPC-735] - Add additional metadata to Token creation command
• [DPC-737] - Add Token fetch command to endpoint
• [DPC-738] - Add label field to public key entity
• [DPC-745] - Organization submission should throw a 422 error if endpoints are missing
• [DPC-786] - PublicKey and Token endpoints, should return a JSON object, rather than an array
• [DPC-787] - JobCompletionModel extensions should have qualifiers
• [DPC-808] - Add the ability to enable/disable authentication in the Docker images

New Feature

• [DPC-499] - A job queue design that supports production level requirements
• [DPC-511] - Implement SMART Backend Services Auth
• [DPC-653] - Create custom Docker image for services
• [DPC-726] - Add Organization/$submit endpoint to API service

Bug

• [DPC-277] - Hibernate errors are being swallowed by FHIR exception Handler
• [DPC-492] - Missing Open Graph Image Tag
• [DPC-535] - FHIR IG is generating a lot of errors
• [DPC-540] - Application logs are incredibly weak
• [DPC-541] - Application healthchecks are not working
• [DPC-544] - Endpoints should not use PUT operations for updates
• [DPC-626] - Patient profile validation is failing due to incorrect resource type
• [DPC-627] - FHIR parsing errors are really opaque
• [DPC-629] - Access Tokens are being logged in CloudWatch
• [DPC-630] - Shell examples should escape special characters
• [DPC-634] - Attribution logic is not handling missing patients correctly.
• [DPC-643] - Practitioner is missing the NPI identifier type
• [DPC-644] - Unable to delete practitioner
• [DPC-650] - Patient attribution start and end dates are incorrect
• [DPC-652] - FHIR bundle resources are returning the incorrect content-type
• [DPC-656] - Environment variables are not overriding config settings in Docker
• [DPC-682] - PatientEntity is not persisting Gender field
• [DPC-711] - Swagger JSON files are invalid
• [DPC-723] - Documentation is unclear that resource IDs are examples
• [DPC-724] - Attribution documentation should come before Export instructions
• [DPC-727] - Admin tasks are not being injected into the API service
• [DPC-728] - API public urls are having issues being corporate proxies
• [DPC-734] - Swagger documentation lists consumes/produces as json
• [DPC-736] - Swagger documentation is showing incorrect return type for Key list
• [DPC-741] - Group operations are listed as PUTs instead of POSTs in the Reference guide
• [DPC-742] - Attribution expiration details are missing from the docs
• [DPC-743] - Roster search is returning incorrect results
• [DPC-749] - DataFormatExceptions are not being propagated correctly
• [DPC-750] - Golden Macaroons are not Base64 encoded
• [

0.3.5

    Release Notes - Data at the Point of Care - Version R3.5 FHIR Connectathon

New Feature

• [DPC-447] - Ruby static analysis should be run during CI
• [DPC-587] - Create maintenance page for website
• [DPC-615] - Add $validate operation to patient, profile and group endpoints

Improvement

• [DPC-218] - Enable at-rest data encyrption
• [DPC-370] - Move token permissions to third-party caveats
• [DPC-448] - Add created/updated date to Provider entity
• [DPC-527] - Use GitHub for SSO to Jenkins instance
• [DPC-606] - Split Travis test into application and web tests
• [DPC-617] - Token Generation should support custom expiration times

Bug

• [DPC-413] - Organization Registration Tests are failing
• [DPC-532] - Profile Validations are not applying correctly
• [DPC-539] - ECS deployment is failing on the backend cluster
• [DPC-543] - Practitioner Resource is using old authentication strategy
• [DPC-547] - Some clients are unable to fetch attribution rosters
• [DPC-551] - Practitioner and Patient Creation is failing if it already exists
• [DPC-554] - CloudWatch logs are not easily searchable
• [DPC-567] - Token generation script can associate tokens with incorrect organizations
• [DPC-604] - Rush reports that practitioner validation is not working property.
• [DPC-609] - Swagger documentation is not visible in public website
• [DPC-612] - Jenkins builds are failing due to old Terraform version
• [DPC-613] - Authorization engine is returning a 500 status when given a bad Macaroon

Task

• [DPC-314] - Setup VPC peering to with BB preview environment for Test and SBX VPCs
• [DPC-327] - Setup Jenkins build process
• [DPC-500] - Enable Enhanced Metrics on RDS instances
• [DPC-501] - Enable automated backups for RDS
• [DPC-506] - Design Password Reset Email Template
• [DPC-519] - Change passwords in ops repo
• [DPC-529] - Rename Beneficiary ID system
• [DPC-555] - Future AWS environments must use CloudWatch friendly log format
• [DPC-565] - Create Dev VPC in BCDA account
• [DPC-578] - Remove PractitionerRole resources
• [DPC-595] - Setup Authenticated SMTP relay

Sub-task

• [DPC-545] - Refactor token operations to their own endpoint
• [DPC-561] - Create and submit DPC certificates to BlueButton
• [DPC-597] - Add readable label to TokenEntity
• [DPC-602] - Setup SSM variables for SMTP username and password
• [DPC-607] - Rebase HAPI against latest master
• [DPC-608] - Validator should be injected as an eager singleton
• [DPC-610] - Update Path Routing in Terraform
• [DPC-611] - Add Swagger Path to Documentation
• [DPC-624] - Update Devise settings in web config

Story

• [DPC-14] - As CMS, I need the ability to remove vendors from the API so that they are no longer authorized to access patient data.
• [DPC-18] - As CMS, I need the ability to revoke token access so that a vendor does not have access to API data.
• [DPC-19] - AS CMS, we need to create a DUA agreement so that we can establish the rules around accessing and using data.
• [DPC-76] - As a product manager, I need to create a DUA/Contract for vendors/practices to sign so that CMS is legally protected and expectations are clear.
• [DPC-256] - As a project team, we want to run a load test before the private beta
• [DPC-504] - As a user, I want to be able to reset my website password

EPIC

• [DPC-8] - Add Security and Identity to protect data

R3: Initial Sandbox release

    Release Notes - Data at the Point of Care - Version R3 External Sandbox - MVP. 

Task

• [DPC-89] - Decide whether or not FHIR resources should return HTTP errors
• [DPC-102] - Implement tests that ensure dpc-web only responds to FHIR-STU3 (vs R4, etc.) requests
• [DPC-155] - Finalize DUA and pilot process with OGC (final approval on attribution as well)
• [DPC-251] - Update dependencies to latest versions
• [DPC-275] - AWS resources names should match Rick's proposal
• [DPC-280] - Deploy DPC into BCDA environment
• [DPC-326] - Integrate Jenkins with AWS environment
• [DPC-329] - Decision: Determine where to host Docker images
• [DPC-450] - Integrate FHIR IG with DPC Website
• [DPC-520] - Rename FHIR path to API in documentation and profiles

Improvement

• [DPC-125] - Capabilities Statement should be updated to match best practices
• [DPC-145] - AggregationEngine should dispatch BB requests on its own thread pool.
• [DPC-166] - Add organization details to roster requirements
• [DPC-171] - BlueButton client should handle paginated responses
• [DPC-201] - As a project team, we want to be able to manually register partner organizations
• [DPC-227] - Add queue metrics
• [DPC-234] - As an operator, I would like to DPC to page their output files for very large (> 10K patient) providers.
• [DPC-241] - Refactor Aggregation Engines
• [DPC-246] - Refactor BlueButton Client into its own module
• [DPC-293] - Refactor Attribution logic to use Groups instead of Bundles
• [DPC-303] - Providers should be linked to Organiziations
• [DPC-309] - Improve database seed scripts
• [DPC-313] - Secure all resources and application routes
• [DPC-317] - Implement API service metrics
• [DPC-318] - Implement Attribution service metrics
• [DPC-319] - Implement Aggregation Service metrics
• [DPC-320] - Reduce Database threadpool sizes
• [DPC-323] - Migrate Travis scripts to shell scripts
• [DPC-328] - Dockerize website and add to build process
• [DPC-371] - PathAuthorizer logic should be more generic
• [DPC-373] - Bulk client should support authentication
• [DPC-403] - Migrate ConstraintValidationProvider to Guice Multibinder
• [DPC-411] - Add necessary components for search engine crawling
• [DPC-415] - Enable authentication to be disabled during dev and testing
• [DPC-442] - Job Model should be linked to a specific Organization
• [DPC-446] - Integrate FHIR IG Build process with website
• [DPC-454] - Capabilities statement should be a JSON file
• [DPC-470] - Create 404 page
• [DPC-472] - Add block quote styling to website
• [DPC-528] - Update FAQs
• [DPC-534] - Refactor demo command to be fully self-contained

New Feature

• [DPC-173] - Validate that the Practitioner Roster entry is valid
• [DPC-174] - Validate that the Roster Patient resource includes the necessary fields
• [DPC-213] - As a vendor, I want the ability to access my attributed patients Coverage data.
• [DPC-232] - Add jacoco instrumentation to Docker containers
• [DPC-238] - Add support for BlueButton coverage resource
• [DPC-255] - Ensure Organization resource has the appropriate fields
• [DPC-257] - Ensure export requests have async header set
• [DPC-294] - Add Practitioner endpoint
• [DPC-305] - Add Organization Resource
• [DPC-306] - Add Organization and Endpoint resources to Capabilities Statement
• [DPC-308] - Add Endpoint resource
• [DPC-331] - Add Swagger documentation to public endpoints
• [DPC-374] - Add implementation guide to website
• [DPC-405] - Add StructureDefinition endpoint
• [DPC-407] - As a user, I want to be able to sign up for the DPC waitlist
• [DPC-428] - Add Patient resource
• [DPC-495] - Add organization provider size to signup process

Bug

• [DPC-93] - Dropwizard config overrides are not working
• [DPC-222] - Docker images are tagged incorrectly
• [DPC-233] - Providing closable resources is not a good idea.
• [DPC-266] - Unclear documentation regarding JDK support
• [DPC-287] - SeedCommand is failing with closed resource
• [DPC-289] - Default application startup is not working
• [DPC-312] - Token expiration logic is incorrect
• [DPC-315] - Database Migrations are not being applied correctly
• [DPC-404] - AuthHandlerTest is occasionally failing
• [DPC-421] - Validations are re-loading on each request
• [DPC-422] - DPC Tests are failing on CI
• [DPC-424] - Attribution Roster Entries are duplicated
• [DPC-429] - Attribution tests are failing due to duplicated providers
• [DPC-451] - Patient update test is failing on CI
• [DPC-468] - User login page is redirecting
• [DPC-469] - Demo command is failing in AWS
• [