Release Notes for Oracle Health Insurance Enterprise Policy Administration Patch 4.25.1.0.16

This document contains the release notes for Oracle Health Insurance Enterprise Policy Administration Patch 4.25.1.0.16.

Version compatibility: Oracle Health Insurance Enterprise Policy Administration Release 4.25.1.x is only compatible with other Oracle Health Insurance applications release version 4.25.1.x unless explicitly stated otherwise.

As per the Service Description, you are obligated to request a service upgrade within 90 days of this release being generally available (GA). In line with the Oracle Cloud Services Pillar document, Section 4.2.2 End of Life, this release will be EOL in 12 months.

Enhancements

ID	Summary	Patch
CPN-4206	Introduced additional attributes in security logs for enhancing log auditing and parsing capabilities Introduced the following new attributes in security logs: eventCategory: All security events are categorized into distinct categories. This attribute holds the category assigned to the security event being logged. eventType: Brief summary of the security event being logged. eventOutcome: Outcome of the event. Possible values: Success or Failure. eventSeverity: Describes the severity of the event. Possible values: INFO, WARN or ERROR. httpStatusCode: Http response code of the request for which the event is being logged. This will be null whenever the code is not deterministic at the time of event. failureReason: Briefly describes the reason of failure. This attribute will be non-null only where relevant. apiEndpoint: Holds the API endpoint to which the request was sent. session ID: Identifies the session provided by the caller. Applicable to SaaS and UI requests. access token ID: Identifies the access token associated with the request. Applicable to SaaS and non-UI requests Documentation Links: Administration Guide Administration Guide - Fetch Security Logs through API
CPN-4207	Enhanced PHI access logs to include access scope, session ID and access token ID Enhanced PHI access logs to include three new attributes: access scope: Indicates whether a single record or multiple records are accessed within a transaction. session ID: Identifies the session provided by the caller. Applicable to SaaS and UI requests. access token ID: Identifies the access token associated with the request. Applicable to SaaS and non-UI requests. Documentation Links: Security Guide - User Access - Resource Auditing

Summary

Patch

CPN-4206

Introduced additional attributes in security logs for enhancing log auditing and parsing capabilities

Introduced the following new attributes in security logs:

eventCategory: All security events are categorized into distinct categories. This attribute holds the category assigned to the security event being logged.
eventType: Brief summary of the security event being logged.
eventOutcome: Outcome of the event. Possible values: Success or Failure.
eventSeverity: Describes the severity of the event. Possible values: INFO, WARN or ERROR.
httpStatusCode: Http response code of the request for which the event is being logged. This will be null whenever the code is not deterministic at the time of event.
failureReason: Briefly describes the reason of failure. This attribute will be non-null only where relevant.
apiEndpoint: Holds the API endpoint to which the request was sent.
session ID: Identifies the session provided by the caller. Applicable to SaaS and UI requests.
access token ID: Identifies the access token associated with the request. Applicable to SaaS and non-UI requests

Documentation Links:
Administration Guide
Administration Guide - Fetch Security Logs through API

CPN-4207

Enhanced PHI access logs to include access scope, session ID and access token ID

Enhanced PHI access logs to include three new attributes:

access scope: Indicates whether a single record or multiple records are accessed within a transaction.
session ID: Identifies the session provided by the caller. Applicable to SaaS and UI requests.
access token ID: Identifies the access token associated with the request. Applicable to SaaS and non-UI requests.

Documentation Links:
Security Guide - User Access - Resource Auditing

Configuration Properties

This section intentionally left blank.

Web Services

Ref Action Description

Ref	Action	Description
CPN-4206	Modified	logsecurityevents Added eight new attributes: `eventCategory`, `eventType`, `eventOutcome`, `eventSeverity`, `httpStatusCode`, `failureReason`, `apiEndpoint`, `sessionId`, `accessTokenId`.
CPN-4207	Modified	logphievents Added three new attributes: `accessScope`, `sessionId`, and `accessTokenId`.

CPN-4206

Modified

logsecurityevents

Added eight new attributes: eventCategory, eventType, eventOutcome, eventSeverity, httpStatusCode, failureReason, apiEndpoint, sessionId, accessTokenId.

CPN-4207

Modified

logphievents

Added three new attributes: accessScope, sessionId, and accessTokenId.

Data Conversion

This section intentionally left blank.

Dynamic Logic

This section intentionally left blank.

UI Changes

This section intentionally left blank.

Breaking Changes

This section intentionally left blank.

Access Restrictions

This section intentionally left blank.

Bug Fixes

BugDB SR Internal Summary

BugDB	SR	Internal	Summary
38408791	3-42089378931	POL-17744	Connector configuration’s change list cannot be nullified using API
Description:	A change list can be configured on connector configuration in order to control the change events which should be transmitted to external system. Currently, it is not possible to nullify this list using a generic API PUT request.
Resolution:
39218132		POL-18609	Automatic Task Recovery Delayed on Application Restart
Description:	After an application restart, the automatic task recovery process did not start immediately. Instead, it waited for the duration specified by the `ohi.taskprocessing.scheduler.frequency` property before initiating the first recovery attempt.
Resolution:	Automatic task recovery mechanism has been enhanced so that, upon application restart, the recovery process runs immediately regardless of the frequency setting. This ensures that tasks stuck in a given status are addressed promptly without unnecessary delay.
39173999	4-0001607174	POL-18549	Incorrect time range validation for bill allocation filtering when enrollment start date is after span reference date
Description:	When the enrollment start date is later than the span reference date of calculation result, the system continues to use the span reference date for time range validation in choosing appropriate premium bill allocation instead of considering the enrollment start date. As a result, bill allocation may be incorrectly excluded because the reference date falls outside the valid time range, even though the enrollment start date lies within the valid range.
Resolution:	During premium bill allocation filtering if the enrollment start date is after the span reference date, then enrollment start date is used for comparison during time range validation.
39245700	4-0002593673	POL-18629	Dynamic fields configured at attached data level in policies page are not appearing when set as labels in policy details page
Description:	Dynamic fields that are configured at the Attached Data level are expected to be shown when used as labels on Policy detail page
Resolution:	Labels now display correctly for dynamic fields configured on the reference fields. For example, Labels configured on flexcodes of attachedPolicyData in Policy Details page
38644648	3-42578803401	POL-18028	CMT Import fails when a field definition is updated with extended length
Description:	When doing CMT import, if a flex code is imported with similar datatype but field length that is greater than the target system flex code field length then an error is raised.
Resolution:	CMT import is fixed to allow import of fields with similar datatype but increase length without raising an error message.
39163823	4-0002187135	POL-18541	Improve resilience for Object Storage file downloads from ohi when long-running data file processing causes HTTP streams to remain open for extended periods, reducing failures from truncated responses.
Description:	File downloads from OCI Object Storage could intermittently fail during long-running reads with truncated-response errors such as ConnectionClosedException (â€œPremature end of Content-Length delimited message bodyâ€). Because OHI ObjectStorageDataFileReader relied on a single InputStream, any mid-transfer interruption caused the CSV reader to receive only a partial payload, resulting in exchange failure. Need implementation to supports retry and byte-range resume for interrupted downloads.
Resolution:	Enhanced Object Storage download handling for scenarios where data files are processed slowly and the HTTP stream remains open for an extended period. Previously, long-running reads could fail with truncated-response errors such as ConnectionClosedException, causing the CSV reader to receive incomplete content and the exchange to fail. The implementation now improves resilience by retrying interrupted downloads and resuming from the last successfully read byte offset, while failing only after 3 consecutive recovery attempts without progress.
39160114	4-0002113383	POL-18537	Memory exhaustion in Gateway due to dynamic logic creating multiple data files in Object Storage
Description:	A problem was identified where memory was not being properly freed after using writers in dynamic logic to create data files in Object Storage. When many files were created over time, this unused memory built up and could eventually cause the application to run out of memory and fail.
Resolution:	The cleanup process has been improved to ensure that memory and related resources are fully released whenever the writer is closed. By default, the system closes writers at the end of a dynamic logic transaction automatically thereby releasing the memory. However, in case multiple writers are opened within a single dynamic logic, memory exhaustion could still happen at runtime. It is therefore recommended to close readers and writers explicitly in dynamic logic. Please investigate if explicit closure of readers and writers is implemented in the dynamic logics.
38819442	4-0001350333	POL-18214	Reading large files from object storage fails due to non-configurable read timeout.
Description:	OHI does not provide configurable timeout settings (connection and read timeouts) while reading or streaming files from Object Storage (OS). As a result, file read operations rely on default OCI SDK timeout values, which are not suitable for large files or long-running streaming use cases.
Resolution:	Support for configurable Object Storage timeouts has been added to improve reliability when processing large files and long-running streaming workloads. Two new properties are now available: a. ohi.object.storage.read.timeout.millis b. ohi.object.storage.connect.timeout.millis Both default to 60,000 ms (60 seconds) and can be increased as needed to prevent read timeouts errors during extended Object Storage operations

38408791

3-42089378931

POL-17744

Connector configuration’s change list cannot be nullified using API

Description:

A change list can be configured on connector configuration in order to control the change events which should be transmitted to external system. Currently, it is not possible to nullify this list using a generic API PUT request.

Resolution:

39218132

POL-18609

Automatic Task Recovery Delayed on Application Restart

Description:

After an application restart, the automatic task recovery process did not start immediately. Instead, it waited for the duration specified by the ohi.taskprocessing.scheduler.frequency property before initiating the first recovery attempt.

Resolution:

Automatic task recovery mechanism has been enhanced so that, upon application restart, the recovery process runs immediately regardless of the frequency setting. This ensures that tasks stuck in a given status are addressed promptly without unnecessary delay.

39173999

4-0001607174

POL-18549

Incorrect time range validation for bill allocation filtering when enrollment start date is after span reference date

Description:

When the enrollment start date is later than the span reference date of calculation result, the system continues to use the span reference date for time range validation in choosing appropriate premium bill allocation instead of considering the enrollment start date. As a result, bill allocation may be incorrectly excluded because the reference date falls outside the valid time range, even though the enrollment start date lies within the valid range.

Resolution:

During premium bill allocation filtering if the enrollment start date is after the span reference date, then enrollment start date is used for comparison during time range validation.

39245700

4-0002593673

POL-18629

Dynamic fields configured at attached data level in policies page are not appearing when set as labels in policy details page

Description:

Dynamic fields that are configured at the Attached Data level are expected to be shown when used as labels on Policy detail page

Resolution:

Labels now display correctly for dynamic fields configured on the reference fields. For example, Labels configured on flexcodes of attachedPolicyData in Policy Details page

38644648

3-42578803401

POL-18028

CMT Import fails when a field definition is updated with extended length

Description:

When doing CMT import, if a flex code is imported with similar datatype but field length that is greater than the target system flex code field length then an error is raised.

Resolution:

CMT import is fixed to allow import of fields with similar datatype but increase length without raising an error message.

39163823

4-0002187135

POL-18541

Improve resilience for Object Storage file downloads from ohi when long-running data file processing causes HTTP streams to remain open for extended periods, reducing failures from truncated responses.

Description:

File downloads from OCI Object Storage could intermittently fail during long-running reads with truncated-response errors such as ConnectionClosedException (â€œPremature end of Content-Length delimited message bodyâ€). Because OHI ObjectStorageDataFileReader relied on a single InputStream, any mid-transfer interruption caused the CSV reader to receive only a partial payload, resulting in exchange failure. Need implementation to supports retry and byte-range resume for interrupted downloads.

Resolution:

Enhanced Object Storage download handling for scenarios where data files are processed slowly and the HTTP stream remains open for an extended period. Previously, long-running reads could fail with truncated-response errors such as ConnectionClosedException, causing the CSV reader to receive incomplete content and the exchange to fail. The implementation now improves resilience by retrying interrupted downloads and resuming from the last successfully read byte offset, while failing only after 3 consecutive recovery attempts without progress.

39160114

4-0002113383

POL-18537

Memory exhaustion in Gateway due to dynamic logic creating multiple data files in Object Storage

Description:

A problem was identified where memory was not being properly freed after using writers in dynamic logic to create data files in Object Storage. When many files were created over time, this unused memory built up and could eventually cause the application to run out of memory and fail.

Resolution:

The cleanup process has been improved to ensure that memory and related resources are fully released whenever the writer is closed. By default, the system closes writers at the end of a dynamic logic transaction automatically thereby releasing the memory. However, in case multiple writers are opened within a single dynamic logic, memory exhaustion could still happen at runtime.

It is therefore recommended to close readers and writers explicitly in dynamic logic. Please investigate if explicit closure of readers and writers is implemented in the dynamic logics.

38819442

4-0001350333

POL-18214

Reading large files from object storage fails due to non-configurable read timeout.

Description:

OHI does not provide configurable timeout settings (connection and read timeouts) while reading or streaming files from Object Storage (OS). As a result, file read operations rely on default OCI SDK timeout values, which are not suitable for large files or long-running streaming use cases.

Resolution:

Support for configurable Object Storage timeouts has been added to improve reliability when processing large files and long-running streaming workloads. Two new properties are now available: a. ohi.object.storage.read.timeout.millis b. ohi.object.storage.connect.timeout.millis

Both default to 60,000 ms (60 seconds) and can be increased as needed to prevent read timeouts errors during extended Object Storage operations

Issues that were backported in previous Release / Patch

No backports.