Introduction

We are happy to announce that OpenSpecimen v6.2 is released! As always, it has new features, improvements and bug fixes selected based on feedback from many of our current adopters. 

New features highlights:

1. Impersonate users

2. Containers transfer event

3. New role: Clinician

4. Collection Protocol Groups

5. Archive and edit dropdown values

6. Active users' report

7. User-friendly system events UI

8. Multi timezone support

9. REDCap integration enhancements

10. Many other bugs and improvements

Download

Software/Hardware requirements

Review this page before attempting to upgrade for any changes: Software/Hardware Requirements.

Administrative Enhancements

Impersonate Users

Super administrators can now "impersonate" as other users. This will help the support or help desk staff to debug any issue a user is facing. Any action performed during impersonation is audited under the user you are impersonating.

For  more details refer: User Management 

Active Users' Report

Super administrators can view and generate active users' report for a specific time interval. This is useful to understand the usage of OpenSpecimen at a center especially when multiple users from different groups are using the instance.

Activate Expired User Accounts

Admins can activate user accounts which are expired by resetting their password from the user profile page.

New Role: Clinician

A new role has been added to the list of default roles shipped with OpenSpecimen. The new role - 'Clinician' is useful for hospital staff who are involved in collection of specimens. These users will not be involved in processing and storage of child specimens. So the role has access to participant registration and only primary specimens.

Collection Protocol Groups

For protocols belonging to a site or department, most of the workflows and data fields remain the same. In v6.2, admins can create groups of such similar protocols which helps in below use cases:

• Within a group, same workflow(screen configuration) can be applied so that maintenance is easier.
• Custom forms can be assigned at group level if similar set of custom fields are captured across protocols.
• Querying custom forms from multiple protocols becomes possible for protocols within a group.

Dropdown Manager: Archive and Edit values

Archive Values: Super admins can mark dropdown values as archived if a value is deprecated. This will ensure older data using that value remains as is and going forward restrict usage of that value. 

Edit Values: Making changes to dropdown values will be reflected in all the previous data using that value. In previous versions, admins had to take care of updating the data before updating the value.

For more details refer: Dropdown Manager

Containers: Transfer event on moving a container

When boxes are moved from one location to another, a transfer event is logged on the container and all specimens stored in it also get transfer event. Earlier when a box was moved, there was no record of this at the specimen level.

Containers: Display hierarchy

In the "Container hierarchy" column, the position of each parent container is included in the display.

In container overview page, an 'info" icon is provided next to the container name to view the container hierarchy along with the positions.

Custom forms

Ability to search forms by additional filters

Better/cleaner UI to attach forms and ability to edit 'Multi-Record' option

Data Entry

Usability Enhancements in Visit and Participant pages

In some use cases, users would want to enter additional fields at visit level during specimen collection. To enter data in such cases as a workflow, there is option to enter visit first and then proceed to collection.

User-friendly System Events UI

When specimens are collected, processed, transferred etc., system creates events to track these. These system created events are displayed on specimen overview pages as recent events:

When user clicks on these events, it displays the details in a user-friendly manner. 

Transfer event when box is moved:

Distribution event when specimen is dispatched:

Multi-timezone support

In previous version, the date/time fields in the query results, exported CSV files, and the custom DE fields were formatted using the server time zone. This works fine when both the server and the end-users are in the same time zone. But there might be studies which have users operating from different time zones. To support this, OpenSpecimen now formats the date/time field values using the user time zone. This will ensure the date/time is displayed in all places in OpenSpecimen based on what is entered by the user.

Security fixes

The release build v6.2.RC2 has some very important security fixes. The security vulnerabilities that are fixed in this release build are listed below:

1. Cross-site request forgery: The attacker performs unwanted OpenSpecimen activities using the authentication session without the user's knowledge or interaction. The attacker exploits OpenSpecimen's trust in the user's browser.

2. Potential cross-site scripting: The attacker uses OpenSpecimen to send malicious code in the form of JavaScript to unsuspecting users. The end user's browser executes the script, which can result in revealing cookies, tokens and other sensitive information used by the browser for communication with OpenSpecimen. The attacker exploits the browser's trust in OpenSpecimen.

3. Unsafe cross-origin destination: When the end-users add links to external websites (as in CP SOP) that are affected by malicious code, then the affected website can trick the OpenSpecimen users to reveal the sensitive information and further spread the malicious code.

4. CSV injection: In this attack, disgruntled OpenSpecimen users (Biobank staff) upload specially crafted data that allows them to execute malicious code on other users' computers when the victims export and open the CSV data file.

5. Unrestricted file uploads: In this attack, disgruntled OpenSpecimen users (Biobank staff) upload malicious code files (.exe) that are executed on other users' computers when the victims click or download the file links.

REDCap Integration Improvements

In v6.2, admins can now map single REDCap project to multiple collection protocol based on value selected in particular field.

All Improvements and bugs