---
title: "8.5 Release Notes"
slug: "85-release-notes"
updated: 2026-03-19T18:42:49Z
published: 2026-03-19T18:42:49Z
---
> ## Documentation Index
> Fetch the complete documentation index at: https://docs.imat.io/llms.txt
> Use this file to discover all available pages before exploring further.
# 8.5 Release Notes
## New and Updated Features
| Component | Feature |
| --- | --- |
| Forgot Password | If your IMAT appliance is configured for it, users can now reset their own password if they've forgotten it. Email addresses must be included in the user information in order for the workflow to work. They can be added through [Admin: Users](/v1/docs/users) by administrators or by the users through [Account](/v1/docs/user-menu). |
| [ROI](/v1/docs/roi) | - ROI Management application events trigger required SET updates. - ROI *Part2_consent* records designating multiple facilities creates records for each selected facility. - The Active status is displayed in *Part2_consent* records table instead of appearing blank. - The ROI creation form now reads *Retrieve* instead of *Send* in the heading for the retrieval section of the UI. - The label *End date* now reads *Expiration* to better match the beginning date label. The downloaded CSV start/end header labels have also been updated. - The start label was changed to *Entered in* for the ROI records screen. - The revoke action is only available on entries where the end user’s facility matches the record’s created-by facility. - ROI Patient Lookup form has switched order of name fields and changed the given name label to be first name. - Correct Part 2 consent records display based on what records relate to the end user's facility. - The application header now displays the end user's facility in the light gray bar. - ROI usage logs are now indexed into the Audit store. |
| [ROI Setup](/v1/docs/roi-setup) | - A new ROI setup screen is available for all administrators. This allows administrators to quickly see if facilities are missing information for Part 2 consent records to be available. New facilities can also be set up from this screen. - Users who need access to the ROI setup screen must be assigned to the system role from the *searchappliance_system* group. |
| VHR | - PHI Access prompts can be configured to trigger at every patient lookup. - The Recently Viewed Records displayed is improved. It now includes the date and the facility. - Health Exchange records now support PDFs; however, printing PDFs is unavailable. - RTF attachments may be downloaded from the record details screen. |
| [VHR Configuration](/vhr-configuration#vhrappjson) | Adding `"forcePHIAccessPrompts": true,` to the `lookup` block in *vhr-app.json* forces the PHI access prompts to appear every time you select a patient lookup result. This is true even if you have already attested to view PHI data for that patient. |
| **8.5.1** | **November 27, 2024** |
| Clinical Reports | A direct link to the Query Syntax document has been added to the help menu. |
| SearchServer | Medcodes now includes HCPCS code set. |
| Sharing | A warning message has been added to the **Sharing** screen to warn administrators to check for vulnerabilities before sharing with others. |
| VHR | Health Related Social Needs page template is added. |
| **8.5.2** | **June 11, 2025** |
| Account Admin | Several input screens have a character limit added to the fields. Notifications appear if the input exceeds the limit. |
| Admin: Uploader | Admins can upload a QRDA zip file that includes a password input. |
## Bug Fixes
| Component | Feature |
| --- | --- |
| Admin: Access Tokens | White space around authtoken APIs regex fields has been trimmed; this was causing tokens to not use the correct API path. |
| Admin: Set Definitions | - The side menu to the right was missing the information for **Type**. This has been corrected and either Single or Compound should appear now. - The side menu now shows local time rather than UTC. - The discrepancy between time zones when a Set has been updated has been fixed. |
| imat-api | - An authtoken API regex should only match URL paths. - The **Status** column in **Set Definitions** was a bit misleading because of auto update timestamp property on the **Updated** column. The right panel now correctly shows both an updated time and a created time. |
| SearchServer | - Updated the SearchServer to transition a store to a read-only error state in the unlikely event that SearchServer is unable to open a required file. The most likely cause of such a situation is the system running out of file handles. To recover from this condition, SearchServer must be restarted. - Before doing merges on a store, automerge checks to see if the cache for that store is in a 'write' state. If it is not, automerge skips that store and does not do any merges on the indexes for that store. - The recovery code reduces the number of directory scans the code does to reduce the startup time. We also add a new function for cleanup that does a 'move or delete' rather than the current 'move or copy' to a remove directory. - Fixed a bug with the `/admin/cancelrequest` API which might cause SearchServer to restart when attempting to cancel a long running query. You can list long running queries using: `/status/requests?mintime=xxxx` (where the mintime is in seconds - if not present, it defaults to 60 seconds). Another optional parameter is `maxlen=yyyy` which allows you to increase how much of the request parameters of a request to include in the listing. From this call, you can gather the requestid which can be used to issue a command to cancel the request:`/admin/cancelrequest?requestid=xxxx`. NOTE: In most cases (unless the config is changed), admin requests will only be accepted from on box (localhost). |
| **8.5.0.1** | **January 5, 2024** |
| SELinux | Added SELinux policies for email password reset. |
| webapp | Added TLS support for email password reset. There is a new entry in the email-server.json config file to specify which protocol to use, ssl or tsl: `"protocol": "ssl \| tsl".` |
| **8.5.1** | **November 27, 2024** |
| MPI | If a comment was entered during a MPI transaction from the MPI Edit page, it was not being saved to the audit log—this has been fixed. |
| Set Definitions | The timestamp from the **Updated At** column has been removed. It caused an erroneous error icon (!) to appear next to the **Created** column. |
| SearchServer | - In some rare cases when a text segment in fields, `&fields=record.xxxxx`, was greater than 32k there was a possibility that spaces could be removed at the 32k boundary. This is no longer the case. - The Medcodes store hasbe updated to UMLS 2024AA (May) and NDC to 08/05/2024. With this update, it not only updates the source data to 2024ab, but I also removed TUI (topic unique ID) filtering so that it does not filter out codes that we once thought were not desirable. Also, adding deleted codes from the UMLS. |
| Sharing | Searching reports and queries by ID is now possible and is case insensitive. |
| Tools | The bulk uploader tool page *bulk-user-update.html* now supports updating a user's email address. |
| **8.5.2** | **June 11, 2025** |
| ROI | The Release of Information facility is now case sensitive when checking if a user is assigned to a single facility. Facilities must be styled with a capital F on Facility and everything else must be lowercase: *Facility_georgewashingtonmedicalfacility*. |
| **8.5.3** | **October 24, 2025** |
| Admin: Data Management | The misalignment and highlighting in the CSV code view has been fixed. |
| SearchServer | In the *.context.json* file, the bug causing a false `'{'` before the `cq_setup` section to occasionally occur if the context parameter is bigger than 4K has been fixed. |
| VHR | VHR summaries now supports a disabling selection in [vhr-grids.json](/v1/docs/vhr-configuration#vhrgridsjson). If `'isSelectable'` is set to `false`, this means that there are no clickable rows in the summary. |
| **8.5.3.1** | **November 5, 2025** |
| Audit Logs | The password is redacted in audit logs created by users who reset their passwords through the forgot password email workflow. |
| **8.5.4** | **March 19, 2026** |
| Middleware | IMAT updated Python middleware to better work with DUO authentication changes. |
| MPI | SearchServer MPI functionality is updated to better support Kafka. |
## Configuration
| Component | Feature | Configuration File |
| --- | --- | --- |
| VHR | - Adding `"forcePHIAccessPrompts": true,` to the `lookup` block forces the PHI access prompts to appear every time you select a patient lookup result. This is true even if you have already attested to view PHI data for that patient. - You can debug a VHR report with polling config. Make VHR websocket usage configurable by adding this to *vhr-app.json*: `reportDebugMode: true,`. | [vhr-app.json](/v1/docs/vhr-configuration#vhrappjson) |
| **8.5.0.1** | **January 5, 2024** | |
| webapp | There is a new entry to specify which protocol to use, ssl or tsl: `"protocol": "ssl \| tsl".` | email-server.json |
## Deprecated or Removed
| Component | | |
| --- | --- | --- |
| **8.5.1** | **November 27, 2024** | |
| Configuration | Removed | The *.ini* files have been removed and will no longer be available. |