Service Alerts

yellow - pre-downtime, calls to action

phpMyAdmin Security Advisory

December 12, 2018 12:19 pm

phpMyAdmin is a very popular and widely-used MySQL Database Management system.

A new security advisory was released by the software developers addressing several critical security findings. These are outlined below:

  1. CVE-2018-19968 
    Local file inclusion through transformation feature
    A flaw has been found where an attacker can exploit phpMyAdmin to leak the contents of a local file. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has access. An attacker must have valid credentials to log in to phpMyAdmin; this vulnerability does not allow an attacker to circumvent the login system.
    We consider this vulnerability to be severe.
    https://www.phpmyadmin.net/security/PMASA-2018-6/
     
  2. CVE-2018-19969
    XSRF/CSRF vulnerability in phpMyAdmin
    By deceiving a user to click on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new tables/routines, deleting designer pages, adding/deleting users, updating user passwords, killing SQL processes, etc.
    We consider this vulnerability to be of moderate severity.
    https://www.phpmyadmin.net/security/PMASA-2018-7/
     
  3. CVE-2018-19970
    XSS vulnerability in navigation tree
    A Cross-Site Scripting vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a specially-crafted database/table name.
    We consider this attack to be of moderate severity.
    https://www.phpmyadmin.net/security/PMASA-2018-8/

Please update the software ASAP or take additional appropriate steps to mitigate the possibility of these vulnerabilities being exploited.

 

Posted on December 12, 2018
green - services online

REDCap Service Alert: Scheduled Downtime

December 11, 2018 2:39 pm

REDCap (https://redcap.partners.org/redcap) upgrades to v8.5.24 scheduled for Thursday August 9th at 7:30AM EDT are complete. REDCap was offline from 7:30-8:07AM EST.

 Full release notes can be found here

If you have any concerns about REDCap being offline at this time, please email edcsupport@partners.org

Important: New Method For Composing Survey Invitations!

One of the new features included in the upgrade to v.8.5.19 is the ability to fully customize survey invitations. The standard text and survey link are no longer automatically appended to the text you provide. 

For most users, the transition will be seamless. However, we recommend that users review any projects that utilize Automatic Survey Invitations to ensure their survey text is displaying as expected. 

For groups using the Twilio service, the projects should be reviewed as soon as possible, especially ones using Automated Survey Invitations. You may need to manually add in a reference to [survey-url] or [survey-link] into the text depending on your invitation preference.  

This is how the new feature is detailed in the REDCap release notes:

Improvement/change: New method for composing survey invitation text using Smart Variables for survey link

When composing a survey invitation, the standard text and survey link are no longer automatically appended to the survey invitation text at the time the email is sent. Instead, users must now specify all the entirety of the text of the email (including the stock text and survey link that used to be appended automatically, if they wish) and therefore must supply [survey-url] and/or [survey-link] in the text if they wish to provide the participant with a link to the survey.

If the user forgets to enter the survey URL Smart Variable in the text, REDCap will automatically suggest to them that they should.

If using the Twilio telephony module for sending invitations, the standard instructional text will still be appended in the SMS message as in previous versions EXCEPT for the “Email invitation” and “SMS invitation (contains survey link)” invitation types, which require [survey-url] and/or [survey-link] in the SMS text in order for the participant to receive a survey link.

Note: All survey invitations that were scheduled prior to this upgrade will still have the standard text and survey link appended to their survey text. Additionally, during the upgrade to this version, all saved configurations for Automated Survey Invitations (ASIs) will have the standard text and survey link automatically appended to the saved ASI email text, thus allowing the ASI behavior to remain exactly the same after the upgrade and allowing it to be backward compatible.

Posted on December 11, 2018
green - services online

RISC Website: Unexpected Downtime December 10th, 2018

December 10, 2018 1:10 pm to 2:05 pm

RISC Website (https://rc.partners.org) experienced unexpected downtime today from approximately 1:10 - 2:05 PM EDT. The issues were related to the infrastructure supporting the website. 

If you have any concerns, please email rcwebmaster@partners.org.

Posted on December 10, 2018
green - services online

REDCap Service Alert: Unexpected Downtime December 10th, 2018

December 10, 2018 2:16 pm to 5:16 pm

REDCap (https://redcap.partners.org/redcap) experienced unexpected downtime today from approximately 1:10 - 2:05 PM EDT. The issues were related to the infrastructure supporting REDCap and not related to this morning's upgrade. 

REDCap is back online. 

If you have any concerns, please email edcsupport@partners.org

Posted on December 10, 2018
green - services online

RISC Website Maintenance 13 Dec 2018

December 13, 2018 7:02 am to 7:17 am

Research IS & Computing website maintenance was performed on Thursday, December 13 from 7 - 7:15a.m. During this window, the site may have been offline for a few minutes while bug fixes and feature enhancements are implemented.

Please contact rcwebmaster@partners.org if you have any questions or concerns.

Posted on December 7, 2018
green - services online

Partners Healthcare REDCap: Scheduled Downtime

December 6, 2018 10:56 am

REDCap (https://redcap.partners.org/redcap) upgrades to v8.5.19 scheduled for Monday December 10th, 7:00AM EDT are complete. REDCap was offline from 7:00-8:05AM EDT.

This upgrade includes a number of new features and bug fixes. These include:

New feature: Smart Variables: Smart Variables are dynamic variables that can be used in calculated fields, conditional/branching logic, and piping. Similar to using project variable names inside square brackets - e.g., [heart_rate], Smart Variables are also represented inside brackets - e.g., [user-name], [survey-link], [previous-event-name][weight], or [heart_rate][previous-instance]. But instead of pointing to data fields, Smart Variables are context-aware and thus adapt to the current situation. Some can be used with field variables or other Smart Variables, and some are meant to be used as stand-alone. There are many possibilities.
35 Smart Variables are available. They can reference things with regard to users, records, forms, surveys, events/arms, or repeating instances. Documentation and examples for using Smart Variables are included on the Project Setup page, Online Designer, and other places throughout REDCap in a popup and alternatively as a standalone page.

Improvement: Added new "Record ID" column in the Survey Invitation Log table to allow users to find specific invitations more efficiently. Note: If the record name should not be displayed in order to preserve the anonymity of a response (e.g., participant identifier is not used, designated email field is not used), it will instead display an icon indicating that the record name cannot be displayed.

Improvement: The Survey Invitation Log now contains an extra column on the right-hand side to allow users to delete many scheduled invitations at once (rather than having to delete them one at a time).

New feature: Survey-specific email invitation fields: This is a new option on the Survey Settings page that can be enabled for any given survey, in which a user may designate an email field for sending survey invitations for that survey only.

This feature is similar to the project-level email invitation field except that it is employed only for the survey where it has been enabled. This allows users to have data entry workflows that require multiple surveys where the participant is different for each survey. Using this feature, multiple people can be emailed a survey invitation, after which all the survey data they enter goes into the same record in the project.

Improvement/change: New method for composing survey invitation text using Smart Variables for survey link: When composing a survey invitation, the standard text and survey link are no longer automatically appended to the survey invitation text at the time the email is sent. Instead, users must now specify all the entirety of the text of the email (including the stock text and survey link that used to be appended automatically, if they wish) and therefore must supply [survey-url] and/or [survey-link] in the text if they wish to provide the participant with a link to the survey.

 

Release notes highlighting new features, improvements, and major bug fixes are available here.

 

Full release notes available here.

 

If you have any concerns about REDCap being offline at this time or any questions about these new features, please email edcsupport@partners.org

Posted on December 6, 2018
green - services online

REDCap Service Alert: Unexpected Downtime December 5th, 2018

December 5, 2018 1:51 pm

REDCap (https://redcap.partners.org/redcap) was offline intermittently from approximately 11:50-1:00 PM EDT. REDCap is currently back online. 

Please review your projects if surveys were scheduled to send during this time.  Manage Survey Participants > Survey Invitation Log.  You can filter on "Invitations that failed to send" and resend as needed.

Survey data may not have been collected at this time and participants received a web-browser error message when attempting to click on a survey link.

If you have any concerns, please email edcsupport@partners.org

Posted on December 5, 2018
green - services online

Possible Mysql3.research.partners.org Shutdown and Restart Tonight

November 14, 2018 4:34 pm

Applies to: All databases and systems connecting to the MySQL hosted database system mysql3.research.partners.org

The ERIS Infrastructure team has resolved the operational issue on mysql3.research.partners.org and has canceled the shutdown and restart identified for this evening.

 

This is a precautionary communication. 

There is a possibility that we may need to shut down and restart mysql3.research.partners.org tonight (11/14/2018) between the hours of 7:00 pm and9:00 pm. We have an operational issue that is impacting normal maintenance. If the issue is not resolved by early evening, then we will need to shut down and restart mysql3.research.partners.org.

If the issue is resolved and we do not need to restart, we will share a communication with you. If we need to shut down and restart mysql3.research.partners.org tonight, we will send a communication before the shutdown and again when mysql3.research.partners.org is back online.

Impact

All databases hosted on mysql3.research.partners.org will be offline while we shut down and restart mysql3.research.partners.org. 

Action Required

If you are the owner of a database on mysql3.research.partners.org, we encourage you to take your applications offline before the maintenance window and reconnect once the work is complete.

Please let us know if you have any questions by forwarding your questions to rcc@partners.org.

Posted on November 14, 2018
green - services online

RISC Website Maintenance | rc.partners.org

November 1, 2018 7:09 am to 7:12 am

Research IS & Computing website maintenance was performed on Thursday, November 1 starting at 7a.m. The site was offline for approximately 3 minutes while bug fixes and feature enhancements are implemented.

Please contact rcwebmaster@partners.org if you have any questions or concerns.

Posted on October 31, 2018
green - services online

Scheduled Downtime for mysql3.research.partners.org and https://rc.partners.org

October 31, 2018 9:53 am to November 10, 2018 12:53 pm

On Saturday morning November 3, 2018 from 7:00am - 9:00am the ERIS Infrastructure team will perform maintenance on mysql3.research.partners.org and on https://rc.partners.org. There will be a short interruption of service for both mysql3.research.partners.org and for https://rc.partners.org during the maintenance window. 

Please forward any questions to rcc@partners.org.
Posted on October 31, 2018
green - services online

An Update Regarding Apple's macOS Mojave

October 30, 2018 9:00 am

The PEAS team is pleased to inform you that we now recommend an upgrade to macOS Mojave 10.14 in the Enterprise. All issues with Enterprise Services such as email, VPN or Citrix have been resolved.  If you choose to upgrade, please verify the compatibility of any non-enterprise software you use prior to upgrading.
 
Keep in mind that Apple, and therefore Partners, only supports the current OS and two versions prior. With the release of macOS Mojave 10.14, the only other supported macOSs will be macOS High Sierra 10.13 and macOS Sierra 10.12. If you are running an out of date macOS, please view our webpage on how to Update Your Mac, or contact the Service Desk if you need assistance with an upgrade. Older Mac operating systems introduce risk to your data and the enterprise as they are not patched for security vulnerabilities, nor do they comply with Partners policies.

Posted on October 30, 2018
green - services online

Proxy Server Outage

October 24, 2018 10:48 am to 1:48 pm

The proxy server is back online. The /var directory filled and HTTP went down when it could not write to its log file. We cleaned up var and restarted HTTP which resolved the problem. 

The proxy server went down at 10:25 and was back online at 11:05.

Please reach out to rcc@partners.org with any questions.

Posted on October 24, 2018
green - services online

SAS Server Service Back On-line

October 22, 2018 9:11 am to 12:11 pm

The ERISSAS01 Server is now back online.

Posted on October 22, 2018
yellow - pre-downtime, calls to action

Secure File Transfer Service Update

November 1, 2018 10:00 pm to 10:30 pm

We are making an update to the log in process for Secure File Transfer at https://transfer.partners.org. Starting Thursday, November 1st at 10:30 p.m., employees will need to access this system for your individual accounts using your primary work email address and Partners password. This change is only for individual employee accounts.  External collaborators and group/departmental accounts can continue to login the same way.

With the Secure File Transfer Service, you can exchange large files with collaborators both inside and outside of Partners via a web browser. Visit https://rc.partners.org/SFTP for more information about this service.

Posted on October 17, 2018
green - services online

Freezerworks Expected Downtime

October 11, 2018 8:00 pm

Today, October 11th from 5:00 to 5:30 pm, Freezerworks will temporarily be offline to complete unplanned maintenance work. During this timeframe, we ask users to log out of the system so we can complete this necessary maintenance work. We do apologize for any inconvenience this interruption may cause.  

Please contact rcc.partners.org if you have any questions or concerns.

Posted on October 11, 2018
grey - no status, general alert

LimeSurvey Decommission Process Complete

October 3, 2018 11:20 am

The LimeSurvey (https://limesurvey.partners.org/limesurvey) decommission scheduled for today October 3rd, 2018 11 AM EDT is complete. LimeSurvey has been taken offline and migrated to an internal only accessible server for data archiving.

After today, if you require access to data, please submit a request to edcuspport@partners.org. We will be able to grant short term access (~6 hrs) for you to access and export data.

If you have any questions, please email edcsupport@partners.org

We sincerely thank all of our LimeSurvey users for their use and support of the system over the years. 

Thanks, 

EDC Support

Posted on October 3, 2018
green - services online

REDCap Scheduled Downtime

October 1, 2018 11:43 am

REDCap (https://redcap.partners.org/redcap) required server maintenance which was performed on Saturday, September 29th, 2018 from 9:00AM to 12:00PM EDT. There was a short interruption of service during the maintenance window.

If you have any concerns about this scheduled maintenance, please email edcsupport@partners.org

Posted on October 1, 2018
yellow - pre-downtime, calls to action

RFANFS & PPM-RFANFS Restart

September 28, 2018 12:41 pm to September 30, 2018 3:41 pm
The ERIS Infrastructure team has identified a bug in NFS that is impacting the reading and writing of data on NFS mounts. A fix has been identified however it will require a patch and a reboot on rfanfs.partners.org and ppm-rfanfs.partners.org to resolve this issue. We have scheduled this patch and reboot for Saturday morning September 29, 2018 at 9:00am.
 
The impact of this patch and reboot will result in dismounting all \\rfanfs and \\ppm-rfanfs mount points that will need to be remounted after the reboot.
 
Please contact rcc@partners.org with any questions or concerns.
Posted on September 28, 2018
green - services online

Mysql2 and Mysql3 Downtime on Saturday Morning September 29th

September 27, 2018 4:04 pm to October 27, 2018 7:04 pm

This is a reminder the both mysql2.dipr.partners.org and mysql3.research.partners.org will be restarted on Saturday morning September 29, 2018, between the hours of 7:00 am and 9:00 am.

This maintenance has been completed.

Posted on September 27, 2018
green - services online

REDCap Unexpected Downtime

September 26, 2018 9:04 am to 12:04 pm

REDCap (https://redcap.partners.org/redcap) experienced an unexpected outage on Wednesday September 26th from approximately 2:00-8:30AM EDT.  

Please review your projects if surveys were scheduled to send during this time.  Manage Survey Participants > Survey Invitation Log.  You can filter on "Invitations that failed to send" and resend as needed.

Survey data may not have been collected at this time and participants received a web-browser error message when attempting to click on a survey link.

If you have any concerns, please email edcsupport@partners.org

Posted on September 26, 2018
yellow - pre-downtime, calls to action

An Update Regarding Apple's macOS Mojave

September 25, 2018 9:00 am to October 26, 2018 8:48 pm

Please see the latest update regarding macOS Mojave. The PEAS team is pleased to inform you that we now recommend an upgrade to macOS Mojave 10.14 in the Enterprise. 

Apple has released their next Operating System (OS) for Mac laptops & desktops, macOS Mojave. At this time, we recommend you do not upgrade your Mac as this may impact your ability to use enterprise services.

After Mojave is released, vendors like Cisco and Microsoft will also release software updates for their products to integrate with Mojave. Like prior Apple OS releases, the expectation is the first minor version of Mojave (version 10.14.1) will be stable for the Enterprise.  Further information on compatibility with Partners services will be broadcast in the coming weeks.

Please keep in mind that Apple, and therefore Partners, only supports the current OS and two versions prior. With the release of macOS Mojave 10.14, the only other supported macOSs will be macOS High Sierra 10.13 and macOS Sierra 10.12. If you are running an out of date macOS, please view our webpage on how to Update Your Mac, or contact the Service Desk if you need assistance with an upgrade. Older Mac operating systems introduce risk to your data and the enterprise as they are not patched for security vulnerabilities, nor do they comply with Partners policies.

Posted on September 25, 2018
green - services online

RFANFS Service Outage

September 19, 2018 5:48 pm to September 26, 2018 8:48 pm

The RFANFS service issue has been resolved and all mount points have been restored. Please forward any questions or concerns to rcc@partners.org.

Posted on September 19, 2018
grey - no status, general alert

iOS 12

September 17, 2018 8:00 am to 10:54 am

Apple released iOS 12 on Sept. 17th, 2018.

We have fully tested iOS 12 against the following applications;

  1. Mail - using the iOS native application
  2. Safari 
  3. Tunnel*
  4. Calendar - Using the native Calendar application
  5. Cortext
  6. HipChat
  7. Webex
  8. Dropbox

*Tunnel 3.0 is required. Tunnel 3.0 was released to all users enrolled in MI on Thursday, September 6th. If you do not have Tunnel installed, please contact the IS Service Desk.
Tunnel is a component of MobileIron and enables your iOS mobile device to access Partners network resources.  Apps such as Epic Haiku and Citrix Receiver depend upon its functionality.  
Additional information can be found in KB0027534.  If you have questions, please contact the IS Service Desk

Posted on September 17, 2018
green - services online

RPDR Query Tool- Detailed Data Request Wizards Downtime

September 14, 2018 5:00 pm to September 17, 2018 9:00 am

Due to the Insight 4.0 release scheduled for 9/14-9/16, the RPDR Query Tool- Detailed Data Request Wizards was unavailable from 5pm on Friday, September 14th to 9 am on Monday September 17th.

The RPDR Query Took query functionality was still available during this time. Users will still be able to build and run queries to obtain aggregate numbers of patients.

The RPDR functionality was back up, running and available on Monday, September 17th at 9am.

Please make sure to complete all detailed data requests before 5pm on Friday,September 14th.

If you have any questions, please contact us at RPDRHelp@partners.org.

Posted on September 11, 2018
green - services online

INSIGHT 4.0 Downtime

September 14, 2018 6:00 pm to September 17, 2018 6:00 am

Insight Downtime

The roll out for the Insight 4.0 IRB (Humans) Module was scheduled for Friday, September 14th. System downtime will begin on Friday, September 14, 2018 at 6 pm ET and extend through Monday, September 17, 2018 at 6 am ET.

Insight 4.0 is already being used for Agreements and so may look familiar to you when you log in on Monday, September 17th. We will send a follow-up communication on Friday, September 14thwith information on specific changes to forms and workflow. Below are answers to questions you might have about the transition to Insight 4.0 as well as recommendations that will help with the transition.

What will happen to submissions in my Activity List?

Activities in your Activity List will be migrated to your Insight 4.0 Action Required list. We recommend that you sign off on activities in your Activity List early next week so that we can review and process as many pending submissions as possible.

What will happen to submissions in Work in Progress?

Draft submissions created within the past 90 days will be migrated to Insight 4.0. All draft submissions created over 90 days ago will notbe migrated. The Human Research Office will have access to Insight 3.6 and, upon request, can send you a copy of draft submissions that were not migrated to 4.0.

What will happen to submissions in Pending Applications?

All pending applications will be migrated to Insight 4.0. We will try to review and process as many pending applications as possible before the roll out.

Should I create and submit new protocol submissions or amendments in Insight 3.6 next week?

We recommend that you hold off submitting anything new next week unless the submission is time sensitive.

What training will be available after Insight 4.0 is rolled out?

Insight 4.0 User Guides are being prepared for navigating and preparing, submitting and signing off on IRB submissions. Insight 4.0 User Guides and Frequently Asked Questions (FAQs) will be available in Research Navigator on September 17th. Training sessions will also be offered. You can register for training in Research Navigator - Insight 4.0 Training

Who do I contact for questions or assistance with submissions post Insight 4.0 roll out?

We are committed to making this transition as smooth as possible. Contact us if you have any questions or you experience any problems after the roll out with migrated or new submissions. Key contacts are provided below:

PHS IRB Help Line: 857-282-1900

PHS IRB Mailbox: irb@partners.org

Protocol Administrator

PHS Insight Help Line: 857-282-1959

PHS Insight Help Desk: Insighthelpdesk@partners.org

Rosalyn Gray: 857-282-1903; rgray1@partners.org  

Posted on September 11, 2018

Pages