Release Notes for Oracle Health Insurance Product Definition Patch 4.25.1.0.8

This document contains the release notes for Oracle Health Insurance Product Definition Patch 4.25.1.0.8.

Version compatibility: Oracle Health Insurance Product Definition Release 4.25.1.x is only compatible with other Oracle Health Insurance applications release version 4.25.1.x unless explicitly stated otherwise.

In accordance with the OHI error correction policy (Document 1494031.1 on My Oracle Support), error correction support will be provided for this release and the previous two releases.

Enhancements

ID	Summary	Patch
CPN-4206	Introduced additional attributes in security logs for enhancing log auditing and parsing capabilities Introduced the following new attributes in security logs: eventCategory: All security events are categorized into distinct categories. This attribute holds the category assigned to the security event being logged. eventType: Brief summary of the security event being logged. eventOutcome: Outcome of the event. Possible values: Success or Failure. eventSeverity: Describes the severity of the event. Possible values: INFO, WARN or ERROR. httpStatusCode: Http response code of the request for which the event is being logged. This will be null whenever the code is not deterministic at the time of event. failureReason: Briefly describes the reason of failure. This attribute will be non-null only where relevant. apiEndpoint: Holds the API endpoint to which the request was sent. session ID: Identifies the session provided by the caller. Applicable to SaaS and UI requests. access token ID: Identifies the access token associated with the request. Applicable to SaaS and non-UI requests Documentation Links: Administration Guide - Application - Security Logs Generated in Oracle Health Insurance Administration Guide - Fetch Security Logs through API
CPN-4207	Enhanced PHI access logs to include access scope, session ID and access token ID Enhanced PHI access logs to include three new attributes: access scope: Indicates whether a single record or multiple records are accessed within a transaction. session ID: Identifies the session provided by the caller. Applicable to SaaS and UI requests. access token ID: Identifies the access token associated with the request. Applicable to SaaS and non-UI requests. Documentation Links: Security Guide - User Access - Resource Auditing
NXT-26542	Exposed generic API for deployment metadata and extended User Preferences to support switching between customer and browser timezones Exposed generic API for deployment metadata to retrieve the customer timezone information. Introduced a new browserTimeZone flag in the User Preferences API, with a default value of false. When browserTimeZone is set to true, timestamps are displayed in the end user’s browser timezone. When browserTimeZone is set to false, timestamps are displayed in the configured customer timezone.
NXT-32471	Improve handling of HTTP error: 401 UnAuthorized in JET UI With this enhancement, OHI uses system property OHI_DEPLOYMENT_TYPE to handle HTTP 401 error. When this property value is set to "CLOUD", this will force a "401" response to re-direct the OHI JET login page when the IDCS OpenID session cookie is missing/expired.
NXT-33659	Disable user location based time conversion JET UI no longer relies only on the user’s browser timezone for datetime display. This helps prevent incorrect time conversion for customers operating across different geographic locations. The customerTimeZone, configured in the deployment metadata table during application installation, is used by default by JET UI. Users can override this through the "Use Browser Timezone?" option in the Preferences dialog, after which the UI will use the browser timezone. If customerTimeZone is not configured or is invalid/unsupported by JET, the UI falls back to the browser timezone. Documentation Links: Developer Guide - JET UI - References - Properties - Properties Security Guide - User Access - Function Access Restriction (JET)
NXT-33697	UI: European date/number formatting for English Language With this enhancement, support is added to keep the UI in English language while using European date and number formats (e.g., dd/MM/yyyy and 1.234.567,00), when user sets 'en‑EU' in the existing ohi.ui.default.locale system property. If the property is not set, date and number formats continue to follow the user’s selected locale (language + region), with no change in behaviour.
NXT-33718	Extended user preference - Reorder and Auto-commit With this enhancement it is now possible to reorder table columns as per user’s preference. Also, the save button to store preference is replaced by auto commit feature. This feature is available for all pages based based on the following floor plan template : * View and Edit List table * List View - Table This feature is also available for select pages which are not floorplan based: Common Pages like Reference sheets Claims page claim line tab In Policies application, pages like Premium schedule lines, Adjustment lines, Fee schedule lines
PRD-5431	UI improvements on Product and Product Service definition Across Product Page This enhancement enable users to bulk copy of product service defintion from product as well as product service definition across product page. The user interface has also been improved by extending quick and advanced search to three pages: the Product-Service Definition, Product Service Definition, and Service Definition pages.

Summary

Patch

CPN-4206

Introduced additional attributes in security logs for enhancing log auditing and parsing capabilities

Introduced the following new attributes in security logs:

eventCategory: All security events are categorized into distinct categories. This attribute holds the category assigned to the security event being logged.
eventType: Brief summary of the security event being logged.
eventOutcome: Outcome of the event. Possible values: Success or Failure.
eventSeverity: Describes the severity of the event. Possible values: INFO, WARN or ERROR.
httpStatusCode: Http response code of the request for which the event is being logged. This will be null whenever the code is not deterministic at the time of event.
failureReason: Briefly describes the reason of failure. This attribute will be non-null only where relevant.
apiEndpoint: Holds the API endpoint to which the request was sent.
session ID: Identifies the session provided by the caller. Applicable to SaaS and UI requests.
access token ID: Identifies the access token associated with the request. Applicable to SaaS and non-UI requests

Documentation Links:
Administration Guide - Application - Security Logs Generated in Oracle Health Insurance
Administration Guide - Fetch Security Logs through API

CPN-4207

Enhanced PHI access logs to include access scope, session ID and access token ID

Enhanced PHI access logs to include three new attributes:

access scope: Indicates whether a single record or multiple records are accessed within a transaction.
session ID: Identifies the session provided by the caller. Applicable to SaaS and UI requests.
access token ID: Identifies the access token associated with the request. Applicable to SaaS and non-UI requests.

Documentation Links:
Security Guide - User Access - Resource Auditing

NXT-26542

Exposed generic API for deployment metadata and extended User Preferences to support switching between customer and browser timezones

Exposed generic API for deployment metadata to retrieve the customer timezone information. Introduced a new browserTimeZone flag in the User Preferences API, with a default value of false. When browserTimeZone is set to true, timestamps are displayed in the end user’s browser timezone. When browserTimeZone is set to false, timestamps are displayed in the configured customer timezone.

NXT-32471

Improve handling of HTTP error: 401 UnAuthorized in JET UI

With this enhancement, OHI uses system property OHI_DEPLOYMENT_TYPE to handle HTTP 401 error. When this property value is set to "CLOUD", this will force a "401" response to re-direct the OHI JET login page when the IDCS OpenID session cookie is missing/expired.

NXT-33659

Disable user location based time conversion

JET UI no longer relies only on the user’s browser timezone for datetime display. This helps prevent incorrect time conversion for customers operating across different geographic locations. The customerTimeZone, configured in the deployment metadata table during application installation, is used by default by JET UI. Users can override this through the "Use Browser Timezone?" option in the Preferences dialog, after which the UI will use the browser timezone. If customerTimeZone is not configured or is invalid/unsupported by JET, the UI falls back to the browser timezone.

Documentation Links:
Developer Guide - JET UI - References - Properties - Properties
Security Guide - User Access - Function Access Restriction (JET)

NXT-33697

UI: European date/number formatting for English Language

With this enhancement, support is added to keep the UI in English language while using European date and number formats (e.g., dd/MM/yyyy and 1.234.567,00), when user sets 'en‑EU' in the existing ohi.ui.default.locale system property. If the property is not set, date and number formats continue to follow the user’s selected locale (language + region), with no change in behaviour.

NXT-33718

Extended user preference - Reorder and Auto-commit

With this enhancement it is now possible to reorder table columns as per user’s preference. Also, the save button to store preference is replaced by auto commit feature.

This feature is available for all pages based based on the following floor plan template : * View and Edit List table * List View - Table

This feature is also available for select pages which are not floorplan based:

Common Pages like Reference sheets

Claims page claim line tab

In Policies application, pages like Premium schedule lines, Adjustment lines, Fee schedule lines

PRD-5431

UI improvements on Product and Product Service definition Across Product Page

This enhancement enable users to bulk copy of product service defintion from product as well as product service definition across product page. The user interface has also been improved by extending quick and advanced search to three pages: the Product-Service Definition, Product Service Definition, and Service Definition pages.

Upgrade Steps for Installation

To perform the upgrade, perform the following steps:

Perform any pre-upgrade steps.
Stop all the managed nodes running the existing version of the application.
Perform any pre-undeploy steps.
Undeploy the existing version of the application.
Back up the database.
Perform any post-undeploy steps.
Unpack the release bundle into a directory that we refer to as OHI_ROOT from now on.
Change Installation Configuration: In <OHI_ROOT>/util/install, make a copy of ohi_install.cfg.template and name it ohi_install.cfg.
Edit ohi_install.cfg to contain your specific database connection data and other configuration settings. The settings are explained in the file itself.
Make sure NO connections are present to the database using the OHI_xxx_USER account (where xxx is the abbreviation of the application)
Run the Upgrade script:
1. Open a command window and browse to <OHI_ROOT>/util/install.
2. Run the upgrade by executing ./ohi-update.sh .
Make the required changes to the ohi properties file
Perform any post-upgrade steps
Start WebLogic application server
Deploy the Application
Perform any post-deploy steps

Configuration Properties

This section intentionally left blank.

Web Services

Ref Action Description

Ref	Action	Description
CPN-4206	Modified	logsecurityevents Added eight new attributes: `eventCategory`, `eventType`, `eventOutcome`, `eventSeverity`, `httpStatusCode`, `failureReason`, `apiEndpoint`, `sessionId`, `accessTokenId`.
CPN-4207	Modified	logphievents Added three new attributes: `accessScope`, `sessionId`, and `accessTokenId`.
NXT-26542	Added	deploymentmetadata API New read-only generic API is added.
NXT-26542	Modified	userpreferences API Added a new attribute browserTimeZone to the user preferences API.

CPN-4206

Modified

logsecurityevents

Added eight new attributes: eventCategory, eventType, eventOutcome, eventSeverity, httpStatusCode, failureReason, apiEndpoint, sessionId, accessTokenId.

CPN-4207

Modified

logphievents

Added three new attributes: accessScope, sessionId, and accessTokenId.

NXT-26542

Added

deploymentmetadata API

New read-only generic API is added.

NXT-26542

Modified

userpreferences API

Added a new attribute browserTimeZone to the user preferences API.

Data Conversion

This section intentionally left blank.

Dynamic Logic

This section intentionally left blank.

UI Changes

Ref	Action	Description
NXT-33659	Modified	Preferences Dialog A new checkbox - "Use Browser Timezone?" has been introduced in Preferences which can be used to override the customer’s configured timezone.

Ref

Action

Description

NXT-33659

Modified

Preferences Dialog

A new checkbox - "Use Browser Timezone?" has been introduced in Preferences which can be used to override the customer’s configured timezone.

Breaking Changes

This section intentionally left blank.

Access Restrictions

Ref	Action	Description
NXT-33659	Modified	CO0019 The 'deploymentmetadata API' access restriction has been added to function code CO0019.

Ref

Action

Description

NXT-33659

Modified

CO0019

The 'deploymentmetadata API' access restriction has been added to function code CO0019.

Bug Fixes

BugDB	SR	Internal	Summary
39026341	4-0002125064	PRD-5389	Resources cannot be searched when code starts with %255%
Description:	POST search API requests were failing with an IntrusionDetectionException when the query contained specific special patterns. These legitimate input param were incorrectly identified as potential intrusion attempts, resulting in search failures.
Resolution:	Enhanced the intrusion detection mechanism to correctly handle search query parameters, preventing legitimate requests from being incorrectly flagged
38587228		PRD-5178	Updated value is not showing after save when value is copied and updated in product cost sharing
Description:	In Cost sharing page, after copying a row when user selects any other parameter value which has parameter type different than copied row and updates the value, changes are not saved
Resolution:	Updated Parameter value and parameter type is persisted
39378036		PRD-5526	Function API access mapping is missing for User View Preferences API
Description:	A user who has the ALL_FUNCTIONS_ACCESS_ROLE gets an error while using Landing (Products Search) page. User View Preferences API access is missing in JET login access role - CO0019 which leads to Not Authorized error.
Resolution:	User View Preferences API access is added to CO0019 function access so that there is no access error
39137797	4-0002294010	PRD-5481	Products Page: Duplicate cover withhold category values are shown when clicked on lov in Carry over settings tab
Description:	Duplicate cover withhold category values are shown when clicked on lov in Carry over settings tab
Resolution:	Fix added to display only unique values in cover withhold category lov.
39308650		PRD-5519	Index.html is getting appended to url post login
Description:	index.html is getting appended to url after user logs into the application using custom authentication provider
Resolution:	index.html is not visible in url after user logs into the application using custom authentication provider

BugDB

Internal

Summary

39026341

4-0002125064

PRD-5389

Resources cannot be searched when code starts with %255%

Description:

POST search API requests were failing with an IntrusionDetectionException when the query contained specific special patterns. These legitimate input param were incorrectly identified as potential intrusion attempts, resulting in search failures.

Resolution:

Enhanced the intrusion detection mechanism to correctly handle search query parameters, preventing legitimate requests from being incorrectly flagged

38587228

PRD-5178

Updated value is not showing after save when value is copied and updated in product cost sharing

Description:

In Cost sharing page, after copying a row when user selects any other parameter value which has parameter type different than copied row and updates the value, changes are not saved

Resolution:

Updated Parameter value and parameter type is persisted

39378036

PRD-5526

Function API access mapping is missing for User View Preferences API

Description:

A user who has the ALL_FUNCTIONS_ACCESS_ROLE gets an error while using Landing (Products Search) page. User View Preferences API access is missing in JET login access role - CO0019 which leads to Not Authorized error.

Resolution:

User View Preferences API access is added to CO0019 function access so that there is no access error

39137797

4-0002294010

PRD-5481

Products Page: Duplicate cover withhold category values are shown when clicked on lov in Carry over settings tab

Description:

Duplicate cover withhold category values are shown when clicked on lov in Carry over settings tab

Resolution:

Fix added to display only unique values in cover withhold category lov.

39308650

PRD-5519

Index.html is getting appended to url post login

Description:

index.html is getting appended to url after user logs into the application using custom authentication provider

Resolution:

index.html is not visible in url after user logs into the application using custom authentication provider

Issues that were backported in previous Release / Patch

No backports.