Updated on May 17, 2017: 

Wordpress 4.7.5. was released.
https://wordpress.org/news/2017/05/wordpress-4-7-5/
 

Applies To: Wordpress <4.7.4

A Wordpress vulnerability in the password reset function might allow attackers to get hold of the password reset link without previous authentication [CVE-2017-8295].
Combined with other vulnerabilities and, depending on the server configuration, a remote attackers may be able to pass extra parameters and consequently execute arbitrary code.
All versions of Wordpress prior to 4.7.4 are vulnerable. Exposure increases if combined with other vulnerabilities (as CVE-2016-10033) so make sure your PHP is running the latest patched version. An exploit is known to this vulnerability.

At the moment this is being written, Wordpress stable version is still 4.7.4. Please stay alert and update it when a patch is available. For now, as a temporary solution, UseCanonicalNames can be enabled to enforce a static SERVER_NAME value. [see link below]

References:
http://httpd.apache.org/docs/2.4/mod/core.html#usecanonicalname
https://httpd.apache.org/docs/2.4/misc/security_tips.html
http://php.net/manual/en/function.mail.php
https://wordpress.org/download/release-archive [for when a new version comes up]
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8295
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10033
--
Note:
As always, other basic server security hardening also applies, as 1) making sure you're logging mail transport (if using local MTA) with proper retention; 2) possibly changing php.ini to log mail functions (improved auditing); 3) log monitoring tools to detect an alert unusual activity (i.e., increased mail traffic); 4) off-box logging, among others.
 

Effective May 16, you will be able to log into HealthStream using your Partners username and password. You will no longer need to remember a separate password to complete your HealthStream learning requirements. 

HealthStream is the online learning system used by MGH and Partners HealthCare to administer required annual and departmental trainings.

If you need assistance with HealthStream, or have questions about single sign on, please contact mghhealthstream@partners.org.

REDCap (https://redcap.partners.org/redcap) upgrades to v7.0.14 scheduled for tonight Wednesday April 26th at 8:30 PM EST are complete. REDCap was offline from 8:30-8:45 PM EST.

This upgrade is to apply a necessary patch to address a number of bugs introduced in the upgrade to version 7.0.10. 

If you have any concerns about REDCap being offline at this time, please email edcsupport@partners.org

Windows 10 Creators Update (build 1703) was released on April 11th and will show up as an update for users on their devices. Read more: https://blogs.windows.com/windowsexperience/2017/04/11/whats-new-in-the-windows-10-creators-update/

REDCap (https://redcap.partners.org/redcap) upgrades to v7.0.10 scheduled for Wednesday April 5th at 8:00 PM EST are complete. REDCap was offline from 8:00PM-8:38PM EST. 

This upgradel included a number of new features and bug fixes. These include:

• Repeating Instruments and Events: REDCap now has the ability to repeat a data collection instrument or an entire event of instruments an unlimited number of times without having to specify the amount needed. This is sometimes called one-to-many data collection, in which a project can have one or more repeating parts. The repeating instruments/events feature can be enabled and set up by clicking the Enable button in the Optional Modules section on the Project Setup page.
  • ​​​Note: A separate Service Alert will be sent next week to fully detail this new feature.
• Improvement: New interface for Home/My Projects/Control Center pages.
• Improvement: A zip file containing all uploaded documents (or signature files) for an individual record can now be downloaded from the "Choose action for record" drop-down on the Record Home Page if the user has Data Export privileges.
• Improvement: File Upload fields that are displayed on reports will no longer display the text "[document]", but will instead provide a "Download" button so that the user can actually download the file from the report.
• Field name (variable) auto-suggest when typing branching logic, calculations, or general conditional logic (Survey Queue, Automated Survey Invitation, Data Quality rule, report filter’s advanced logic). While typing logic/calculations into the text box, it will auto-suggest a REDCap variable name from your project that is clickable to inject into the text box. If the project is longitudinal, it will also suggest event names to inject unique event names.
• Real-time validator for branching logic, calculations, or general conditional logic (Survey Queue, Automated Survey Invitation) that allows you to run your logic/calculation on a specific record in the project, and it returns the result. For example, if typing branching logic in the Add/Edit Branching Logic popup in the Online Designer, you can select a record, and it will tell you if the field will be displayed or hidden for that record based upon the record’s currently saved values. When typing calculations, it will return the actually calculated value of the field for a selected record. This makes it easier to formulate your logic and calculations so that you get them right the first time.
• Preview email - When composing an email on the "Email Users" page in the Control Center and also when composing survey invitations (e.g., the Participant List, Automated Survey Invitations set up), there is now a Preview option for viewing the fully-rendered HTML preview of the email that is being composed. Additionally, there is an option to send a test email to oneself in case they want to actually receive a copy the email being composed before officially sending it to others.

Full release notes available here.

If you have any concerns about REDCap being offline at this time or any questions about these new features, please email edcsupport@partners.org

REDCap v7.0: New Feature Release and User Group Meeting

BWH: April 11th 2017 3:30-4:30PM, Thorn Conference Room

Click to register.

MGH: April 20th 2017 3:00-4:00PM, Simches Building Room 3.120, 185 Cambridge Street

Click to register.

This user group session will review the new feature releases and how best to implement and retro fit to production projects. We will also use the time for users to share their experiences and tips/tricks.

Service Alert: REDCap Infrastructure/Security Update 

We are continually re-evaluating the security of our servers. As a result, we have disabled support for TLS 1.0 and certain encryption ciphers that are considered weak.

If you notice any issues accessing the REDCap application via API or other, please contact edcsupport@partners.org. 

REDCap: API and DET User Group Meeting

BWH: April 24th 2017 10:00-1100AM, Thorn Conference Room

MGH: April 27th 2017 1:30-2:30PM, Simches Building Room 3.120, 185 Cambridge Street

Main Objective: Provide support, best practices, and guidance to REDCap End-Users utilizing the REDCap API and DET

Learning Objectives:

-Learn how to access REDCap's API, DETs
-Learn how to best implement the API, DETs
-Review updates to API features in REDCap v7.0
-Understand the current limitations and when to contact ERIS or Research CORE for additional support

Target audience: Researchers that have evaluated and decided to use REDCap and/or have started a REDCap project. Researchers with basic level programming experience.

Applies To: All Users

Information Systems Maintenance (ISM) took place on Monday, February 13th from 12:00 am to 4:00 am.

During that time, planned system maintenance and testing was be performed by IS teams. This routine maintenance reduces the risk of unscheduled outages on our computer network and to the Internet.

Impact to systems and applications

• VPN was available during the ISM.
• Sunquest was down from 2:00am – 4:00am.  All data will be queued up during the downtime, and transmitted when interfaces are again functioning.  No data will be lost. Please see your site specific communication for your ordering and result verification processes during this time. During the downtime:
  • Sunquest will not be available for any users 
  • Collection Manager will not be available 
  • Labels will not print for any orders released during the downtime 

Impact to sites

• Services or resources hosted in the Partners HealthCare data centers may be unavailable during the ISM.
• Your site's IS Management team will provide more detailed communication about planned outages at your facility and will coordinate with specific groups that may be impacted.

Need help during the downtime? 

View the IS Broadcast Archive for additional details. Please contact your IS Service Desk if you have any questions.

View the 2017 IS System Maintenance (ISM) Schedule in the IS Service Desk Knowledgebase (Partners login required).

The ERIS proxy server is now performing as expected.

With the release of macOS Sierra 10.12.2 on December 13, 2016, you may now upgrade to this latest version. Please note that if you choose to upgrade, you must update the following applications after upgrading to ensure Partners services will continue to function. These apps are available for download in the PEAS Self Service application. Visit our Knowledge Base article on Self Service for Macs for more instructions.

1. VPN - Cisco AnyConnect VPN Client Version 4.3.03086
2. Citrix - Citrix Receiver Version 12.2.0
3. Java - Java Version 8 Update 111 (in Internet Plug-Ins)

The PEAS team also recommends that you verify any software that you have previously purchased is compatible with macOS Sierra prior to upgrading.

Apple, and therefore Partners, only supports the current OS and two versions prior, so with the release of Sierra, the only compatible Mac OSs are Sierra, El Capitan 10.11 or Yosemite 10.10. If you are running a Mac OS older than Yosemite, please view our webpage on how to Update Your Mac or contact the Service Desk if you need assistance with an upgrade. Outdated Mac operating systems introduce risk to your data and to the enterprise as they are not patched for security vulnerabilities and do not comply with Partners policies.

There are two enterprise applications used for connectivity that do not work automatically after upgrade. Until fixed, we do not recommend upgrading. For those already using macOS Sierra, please be advised of these recommendations:

1. VPN. Start your VPN session with Firefox. Firefox is available via Self Service, as well as www.mozilla.org/firefox. Once a VPN session is started with Firefox, you may use the browser of your choice to access websites. We are actively working with Apple to resolve issues that surround starting a VPN session with Safari.
2. CITRIX. Upgrade Citrix to version 12.3. Citrix version 12.3 is required to access workspace.partners.org (formerly myapps.partners.org). Visit the Knowledge Base for more instructions on installing updates through Self Service.

On Tuesday, September 20, 2016, Apple released Operating System (OS) macOS Sierra 10.12 for Mac laptops & desktops. It is always recommended to verify any software that you have previously purchased is compatible with macOS Sierra 10.12 prior to upgrading.

Please keep in mind that Apple, and therefore Partners, only supports the current OS and two versions prior. With the release of Sierra, the only supported Mac OSs will be macOS Sierra, Mac OS X El Capitan 10.11 or Mac OS X Yosemite 10.10.

If you are running a Mac OS older than Yosemite, please view our webpage on how to Update Your Mac, and contact the Service Desk if you need assistance with an upgrade. Older Mac operating systems introduce risk to your data and the enterprise as they are not patched for security vulnerabilities and do not comply with Partners policies.

REDCap (https://redcap.partners.org/redcap) upgrades to v6.15.11 scheduled for Tuesday Nov. 15th at 7:00 PM EDT are complete. REDCap was offline from 7:00-7:50PM EDT.

This upgrade includes a number of new features and bug fixes. These include:

Improvement: Users may now download and upload arms and events as a CSV file on the “Define My Events” page, as well as download and upload the instrument-event designations as a CSV file on the “Designate Instruments for My Events” page.
Improvement: New option to download charts displayed on the "Stats & Charts" tab of the "Data Exports, Reports, and Stats" module. The charts will download as PNG image files.
Live Filters for reports: Any report can now have up to 3 fields that can be designated as a Live Filter. The Live Filters are displayed as drop-downs when viewing a report at the top-right of the page, and selecting a Live Filter will cause the report to be re-run in real time using the Live Filter value as a filter.
Responsive design of REDCap web pages: Now has a more flexible and responsive user interface to conform to and fit screens on devices of all sizes.
New action tags:

• @DEFAULT - Sets a field's initial value: This action tag allows a field to have a specified default value when viewing the field on a survey or data entry form that has not yet had any data saved for it (i.e., when the form status icon is gray or when a survey has not been started).
• @HIDEBUTTON - Hides the 'Now' or 'Today' button that is typically displayed to the right of date, time, and date/time fields.
• @APPUSERNAME-APP - In the REDCap Mobile App, this action tag sets a field's value to the app username of the current mobile app user - i.e., their username in the mobile app, which is not necessarily the same as their REDCap server username that can be captured using @USERNAME. NOTE: For use only in the REDCap Mobile App.

Enhanced radio buttons and checkboxes for surveys: A new survey option "enhanced radio buttons and checkboxes" can be found on the Survey Settings page in the Online Designer in which a user can enable the feature so that radio buttons and checkboxes are displayed differently on the survey page, in which they appear as large animated buttons that look more modern and stylish than traditional radios and checkboxes.
Create custom public survey link: On the "Public Survey Link" page in a project that utilizes surveys, users now have the option to create their own custom public survey link that begins with "http://is.gd" (e.g.,http://is.gd/diabeticsurvey), in which the custom URL will simply redirect to the public survey in their project.

Full release notes available here.

If you have any concerns about REDCap being offline at this time or any questions about these new features, please email edcsupport@partners.org