Release Notes for Oracle Health Insurance Enterprise Policy Administration Patch 4.25.1.0.16

This document contains the release notes for Oracle Health Insurance Enterprise Policy Administration Patch 4.25.1.0.16.

Version compatibility: Oracle Health Insurance Enterprise Policy Administration Release 4.25.1.x is only compatible with other Oracle Health Insurance applications release version 4.25.1.x unless explicitly stated otherwise.

In accordance with the OHI error correction policy (Document 1494031.1 on My Oracle Support), error correction support will be provided for this release and the previous two releases.

Enhancements

ID	Summary	Patch
CPN-4206	Introduced additional attributes in security logs for enhancing log auditing and parsing capabilities Introduced the following new attributes in security logs: eventCategory: All security events are categorized into distinct categories. This attribute holds the category assigned to the security event being logged. eventType: Brief summary of the security event being logged. eventOutcome: Outcome of the event. Possible values: Success or Failure. eventSeverity: Describes the severity of the event. Possible values: INFO, WARN or ERROR. httpStatusCode: Http response code of the request for which the event is being logged. This will be null whenever the code is not deterministic at the time of event. failureReason: Briefly describes the reason of failure. This attribute will be non-null only where relevant. apiEndpoint: Holds the API endpoint to which the request was sent. session ID: Identifies the session provided by the caller. Applicable to SaaS and UI requests. access token ID: Identifies the access token associated with the request. Applicable to SaaS and non-UI requests Documentation Links: Administration Guide Administration Guide - Fetch Security Logs through API
CPN-4207	Enhanced PHI access logs to include access scope, session ID and access token ID Enhanced PHI access logs to include three new attributes: access scope: Indicates whether a single record or multiple records are accessed within a transaction. session ID: Identifies the session provided by the caller. Applicable to SaaS and UI requests. access token ID: Identifies the access token associated with the request. Applicable to SaaS and non-UI requests. Documentation Links: Security Guide - User Access - Resource Auditing

Summary

Patch

CPN-4206

Introduced additional attributes in security logs for enhancing log auditing and parsing capabilities

Introduced the following new attributes in security logs:

eventCategory: All security events are categorized into distinct categories. This attribute holds the category assigned to the security event being logged.
eventType: Brief summary of the security event being logged.
eventOutcome: Outcome of the event. Possible values: Success or Failure.
eventSeverity: Describes the severity of the event. Possible values: INFO, WARN or ERROR.
httpStatusCode: Http response code of the request for which the event is being logged. This will be null whenever the code is not deterministic at the time of event.
failureReason: Briefly describes the reason of failure. This attribute will be non-null only where relevant.
apiEndpoint: Holds the API endpoint to which the request was sent.
session ID: Identifies the session provided by the caller. Applicable to SaaS and UI requests.
access token ID: Identifies the access token associated with the request. Applicable to SaaS and non-UI requests

Documentation Links:
Administration Guide
Administration Guide - Fetch Security Logs through API

CPN-4207

Enhanced PHI access logs to include access scope, session ID and access token ID

Enhanced PHI access logs to include three new attributes:

access scope: Indicates whether a single record or multiple records are accessed within a transaction.
session ID: Identifies the session provided by the caller. Applicable to SaaS and UI requests.
access token ID: Identifies the access token associated with the request. Applicable to SaaS and non-UI requests.

Documentation Links:
Security Guide - User Access - Resource Auditing

Upgrade Steps for Installation

To perform the upgrade, perform the following steps:

Perform any pre-upgrade steps.
Stop all the managed nodes running the existing version of the application.
Perform any pre-undeploy steps.
Undeploy the existing version of the application.
Back up the database.
Perform any post-undeploy steps.
Unpack the release bundle into a directory that we refer to as OHI_ROOT from now on.
Change Installation Configuration: In <OHI_ROOT>/util/install, make a copy of ohi_install.cfg.template and name it ohi_install.cfg.
Edit ohi_install.cfg to contain your specific database connection data and other configuration settings. The settings are explained in the file itself.
Make sure NO connections are present to the database using the OHI_xxx_USER account (where xxx is the abbreviation of the application)
Run the Upgrade script:
1. Open a command window and browse to <OHI_ROOT>/util/install.
2. Run the upgrade by executing ./ohi-update.sh .
Make the required changes to the ohi properties file
Perform any post-upgrade steps
Start WebLogic application server
Deploy the Application
Perform any post-deploy steps

Configuration Properties

This section intentionally left blank.

Web Services

Ref Action Description

Ref	Action	Description
CPN-4206	Modified	logsecurityevents Added eight new attributes: `eventCategory`, `eventType`, `eventOutcome`, `eventSeverity`, `httpStatusCode`, `failureReason`, `apiEndpoint`, `sessionId`, `accessTokenId`.
CPN-4207	Modified	logphievents Added three new attributes: `accessScope`, `sessionId`, and `accessTokenId`.

CPN-4206

Modified

logsecurityevents

Added eight new attributes: eventCategory, eventType, eventOutcome, eventSeverity, httpStatusCode, failureReason, apiEndpoint, sessionId, accessTokenId.

CPN-4207

Modified

logphievents

Added three new attributes: accessScope, sessionId, and accessTokenId.

Data Conversion

This section intentionally left blank.

Dynamic Logic

This section intentionally left blank.

UI Changes

This section intentionally left blank.

Breaking Changes

This section intentionally left blank.

Access Restrictions

This section intentionally left blank.

Bug Fixes

BugDB SR Internal Summary

BugDB	SR	Internal	Summary
38408791	3-42089378931	POL-17744	Connector configuration’s change list cannot be nullified using API
Description:	A change list can be configured on connector configuration in order to control the change events which should be transmitted to external system. Currently, it is not possible to nullify this list using a generic API PUT request.
Resolution:
39218132		POL-18609	Automatic Task Recovery Delayed on Application Restart
Description:	After an application restart, the automatic task recovery process did not start immediately. Instead, it waited for the duration specified by the `ohi.taskprocessing.scheduler.frequency` property before initiating the first recovery attempt.
Resolution:	Automatic task recovery mechanism has been enhanced so that, upon application restart, the recovery process runs immediately regardless of the frequency setting. This ensures that tasks stuck in a given status are addressed promptly without unnecessary delay.
39173999	4-0001607174	POL-18549	Incorrect time range validation for bill allocation filtering when enrollment start date is after span reference date
Description:	When the enrollment start date is later than the span reference date of calculation result, the system continues to use the span reference date for time range validation in choosing appropriate premium bill allocation instead of considering the enrollment start date. As a result, bill allocation may be incorrectly excluded because the reference date falls outside the valid time range, even though the enrollment start date lies within the valid range.
Resolution:	During premium bill allocation filtering if the enrollment start date is after the span reference date, then enrollment start date is used for comparison during time range validation.
39245700	4-0002593673	POL-18629	Dynamic fields configured at attached data level in policies page are not appearing when set as labels in policy details page
Description:	Dynamic fields that are configured at the Attached Data level are expected to be shown when used as labels on Policy detail page
Resolution:	Labels now display correctly for dynamic fields configured on the reference fields. For example, Labels configured on flexcodes of attachedPolicyData in Policy Details page
38644648	3-42578803401	POL-18028	CMT Import fails when a field definition is updated with extended length
Description:	When doing CMT import, if a flex code is imported with similar datatype but field length that is greater than the target system flex code field length then an error is raised.
Resolution:	CMT import is fixed to allow import of fields with similar datatype but increase length without raising an error message.
38819442	4-0001350333	POL-18214	Reading large files from object storage fails due to non-configurable read timeout.
Description:	OHI does not provide configurable timeout settings (connection and read timeouts) while reading or streaming files from Object Storage (OS). As a result, file read operations rely on default OCI SDK timeout values, which are not suitable for large files or long-running streaming use cases.
Resolution:	Support for configurable Object Storage timeouts has been added to improve reliability when processing large files and long-running streaming workloads. Two new properties are now available: a. ohi.object.storage.read.timeout.millis b. ohi.object.storage.connect.timeout.millis Both default to 60,000 ms (60 seconds) and can be increased as needed to prevent read timeouts errors during extended Object Storage operations

38408791

3-42089378931

POL-17744

Connector configuration’s change list cannot be nullified using API

Description:

A change list can be configured on connector configuration in order to control the change events which should be transmitted to external system. Currently, it is not possible to nullify this list using a generic API PUT request.

Resolution:

39218132

POL-18609

Automatic Task Recovery Delayed on Application Restart

Description:

After an application restart, the automatic task recovery process did not start immediately. Instead, it waited for the duration specified by the ohi.taskprocessing.scheduler.frequency property before initiating the first recovery attempt.

Resolution:

Automatic task recovery mechanism has been enhanced so that, upon application restart, the recovery process runs immediately regardless of the frequency setting. This ensures that tasks stuck in a given status are addressed promptly without unnecessary delay.

39173999

4-0001607174

POL-18549

Incorrect time range validation for bill allocation filtering when enrollment start date is after span reference date

Description:

When the enrollment start date is later than the span reference date of calculation result, the system continues to use the span reference date for time range validation in choosing appropriate premium bill allocation instead of considering the enrollment start date. As a result, bill allocation may be incorrectly excluded because the reference date falls outside the valid time range, even though the enrollment start date lies within the valid range.

Resolution:

During premium bill allocation filtering if the enrollment start date is after the span reference date, then enrollment start date is used for comparison during time range validation.

39245700

4-0002593673

POL-18629

Dynamic fields configured at attached data level in policies page are not appearing when set as labels in policy details page

Description:

Dynamic fields that are configured at the Attached Data level are expected to be shown when used as labels on Policy detail page

Resolution:

Labels now display correctly for dynamic fields configured on the reference fields. For example, Labels configured on flexcodes of attachedPolicyData in Policy Details page

38644648

3-42578803401

POL-18028

CMT Import fails when a field definition is updated with extended length

Description:

When doing CMT import, if a flex code is imported with similar datatype but field length that is greater than the target system flex code field length then an error is raised.

Resolution:

CMT import is fixed to allow import of fields with similar datatype but increase length without raising an error message.

38819442

4-0001350333

POL-18214

Reading large files from object storage fails due to non-configurable read timeout.

Description:

OHI does not provide configurable timeout settings (connection and read timeouts) while reading or streaming files from Object Storage (OS). As a result, file read operations rely on default OCI SDK timeout values, which are not suitable for large files or long-running streaming use cases.

Resolution:

Support for configurable Object Storage timeouts has been added to improve reliability when processing large files and long-running streaming workloads. Two new properties are now available: a. ohi.object.storage.read.timeout.millis b. ohi.object.storage.connect.timeout.millis

Both default to 60,000 ms (60 seconds) and can be increased as needed to prevent read timeouts errors during extended Object Storage operations

Issues that were backported in previous Release / Patch

No backports.