Merge pull request #252 from FirelyTeam/develop

FS: Release 4.10.1

releasenotes/releasenotes_v4.rst

@@ -3,6 +3,24 @@
 Old Firely Server release notes (v4.x)
 ======================================
 
+.. _vonk_releasenotes_4_10_1:
+
+Release 4.10.1, March 13th, 2023
+---------------------------------
+
+.. attention::
+   This is a security related release which addresses a vulnerability in the C# MongoDB driver that Firely Server uses. This update is highly recommended for all customers that use MongoDB as a database or are planning to do so.
+
+Security
+^^^^^^^^
+
+#. We upgraded our MongoDB drivers to fix a recently discovered security vulnerability. According to `CVE-2022-48282 <https://www.cve.org/CVERecord?id=CVE-2022-48282>`_ Firely Server is not vulnerable after the update.
+
+Fix
+^^^
+
+#. We fixed a bug where the self-link in a response Bundle was incorrect when using the SearchAnonymization feature.
+
 .. _vonk_releasenotes_4_10_0:
 
 Release 4.10.0, October 6th, 2022
@@ -839,4 +857,4 @@ Plugin and Facade
    # ``Obsolete`` since this version:
 
       # Vonk.Core.Configuration.CoreConfiguration: allows for integrating Vonk components in your own ASP.NET Web server, discouraged per 3.0 (see these releasenotes).
-      # Vonk.Fhir.R3.FhirR3FacadeConfiguration: see above.
+      # Vonk.Fhir.R3.FhirR3FacadeConfiguration: see above.

releasenotes/security_notes.rst

@@ -3,6 +3,13 @@
 Security notifications for Firely Server
 ========================================
 
+March 2023
+------------
+
+CVE issued a warning (`CVE-2022-48282 <https://www.cve.org/CVERecord?id=CVE-2022-48282>`_) affecting all MongoDB .NET/C# Driver versions prior to and including v2.18.0.
+
+  * Firely Server v4.10 and below as well as v5.0.0-beta1 might be vulnerable which is why we released Firely Server v4.10.1 with updated MongoDB drivers. Firely Server v5.0.0 (final) is not affected.
+
 January 2021
 ------------