New Features REDCap version 13.1.28 (May 12, 2023)

New features:

New feature: Conditional logic for Survey Auto-Continue - When enabling Survey Auto-Continue on the Survey Settings page for a survey, users may now optionally specify conditional logic to determine whether or not the auto-continue should be applied. As such, REDCap will auto-continue to the next survey *only* if the conditional logic is TRUE or if the logic textbox has been left blank. This new option can be used as a simpler alternative to the Survey Queue, which can require more complex instrument-event level configurations for longitudinal projects.

New feature: Dynamic min/max range limits for fields- Instead of using exact values as the minimum or maximum range of Textbox fields (e.g., "2021-12-07"), you may now also use "today" and "now" as the min or max so that the current date or time is always used. These can be used to prevent a date/time field from having a value in the past or in the future. Additionally, you can now pipe a value from another field into the field's min or max range setting - e.g., [visit_date] or [event_1_arm_1][age]. This can help ensure that a Textbox field (whether a date, time, or number) has a larger or smaller value than another field, regardless of whether the field is on the same instrument or not.

New action tag: @FORCE-MINMAX- The action tag @FORCE-MINMAX can be used on Textbox fields that have a min or max validation range defined so that no one will not be able to enter a value into the field unless it is within the field's specified validation range. This is different from the default behavior in which out-of-range values are permissible. Note: @FORCE-MINMAX is also enforced for data imports to ensure the value is always within the specified range.

New field validation: "Time (HH:MM:SS)"- This new time-based field validation (unique name "time_hh_mm_ss") will be added automatically and enabled by default during the upgrade process. This validation forces users/participants to enter a time value that contains the hour, minute, and second components. It also includes the usage of the "Now" button and the timepicker popup widget, both of which are displayed next to the field on the survey page or data entry form. Note: Fields with this field validation can be utilized inside the datediff() function. (Thanks to the Field Validation Committee for this addition.)

New feature: Instrument-level Data Export Rights

Users may specify instrument-level privileges regarding a user's data export capabilities on the User Rights page in a project. A user may be given "No Access", "De-Identified", "Remove All Identifier Fields", or "Full Data Set" data export rights for EACH data collection instrument. This improvement will make it much easier to match a user's Data Exports Rights with their Data Viewing Rights, if you wish, and will give users more granular control regarding what data a user can export from your project.
Note: Whatever a user’s data export right was in the previous version, that export right will be subsequently extrapolated to all instruments after upgrading. Thus, their export privileges will behave exactly the same as before.
Improvement: The table displayed on the User Rights page that lists all users’ privileges now includes an instrument count for each category for both Data Viewing Rights and Data Export Rights - e.g., “3 No access, 2 Full Data Set”. This helps provide summary information regarding the user’s instrument-level rights.
Improvement: When adding/editing a user’s or user role’s privileges in the popup on the User Rights page, as a convenience, users may click the table headers for each Data Export Rights setting or Data Viewing Rights setting to set that setting for all instruments in the project (i.e., as a “check all checkboxes”).
Note: When adding a new data collection instrument to a project, if the project is in development status, all users will automatically receive "Full Data Set" data export rights for that new instrument. Whereas if the project is in production, all users will automatically receive "No Access" data export rights for the new instrument. This behavior matches how instrument-level rights currently work for Data Viewing Rights when adding a new instrument.
Change: When importing or exporting users and/or user roles (whether as a CSV file on the User Rights page or via the API), the new instrument-level data export rights are represented as a new column named “forms_export” and are formatted exactly how instrument-level Data Viewing Rights (“forms”) are currently formatted in comma-delimited fashion - e.g., “demographics:1,baseline_data:2,prescreening:3”. In this format, the following represents each data export rights level: 0=No Access, 2=De-Identified, 3=Remove Identifier Fields, 1=Full Data Set.

New feature: Survey Start Time and related Smart Variables

REDCap now collects when participants begin a survey (i.e., the initial time the survey page is opened). Going forward, any responses collected (partial or completed) will have their start time displayed at the top of the data entry form when viewing the response. NOTE: If the start time is a blank value, it implies that the response began while on an earlier version of REDCap when start times were not yet collected.
New Smart Variables for Survey Start Date/Time: Users can access the start time via piping by using the new Smart Variables [survey-time-started:instrument] and [survey-date-started:instrument], which can be used inside the @DEFAULT or @CALCTEXT action tags, among other places. If users wish to have them return the raw value, which will be in 'YYYY-MM-DD HH:MM:SS' format and would be more appropriate for conditional logic or calculated fields, simply append ':value' after the unique instrument name - e.g., [survey-date-started:instrument:value].
New Smart Variables for Survey Duration: Users can obtain the total amount of time that has elapsed since the survey was started (in seconds, minutes, etc.) by using [survey-duration:instrument:units] and [survey-duration-completed:instrument:units]. The Smart Variable [survey-duration] represents the difference between the survey's start time and either its 1) completion time (if completed) or 2) the current time (if not completed), whereas [survey-duration-completed] represents the difference between the survey's start time and completion time, in which a blank value will be returned if the survey has not been completed. Options for 'units': 'y' (years, 1 year = 365.2425 days), 'M' (months, 1 month = 30.44 days), 'd' (days), 'h' (hours), 'm' (minutes), 's' (seconds).

New feature:When using the survey setting “Save a PDF of completed survey response to a File Upload field”, users can now optionally set this feature to store the translated version of the PDF if the Multi-language Management feature is being utilized for the survey. This can be enabled by checking the “Store the translated version of the PDF” checkbox below the “Save a PDF…” setting on the Survey Settings page for the desired survey. (Ticket #121955)

New feature: Integration of the “MySQL Simple Admin” External Module

The integrated version of this EM works exactly the same way, and additionally, has the bonus feature of being able to export the query results to a CSV file. Also, the page has been renamed to “Database Query Tool”.
Note: The upgrade process contains a migration script that will auto-migrate all existing custom queries saved in the EM, after which it will disable the EM for the system.

New feature: OpenID Connect authentication method - The “Security & Authentication” page contains a section of new custom settings for using this new OpenID Connect authentication method in REDCap.

New feature: Integration of many features from the “Survey UI Tweaks” External Module

Thanks to Andy Martin and his team at Stanford for their creation and support of the EM. Several (but not all) of the features in the Survey UI Tweaks EM have been integrated as-is. Some features from the EM have actually existed in REDCap for a while. As such, the Survey UI Tweaks EM will not be disabled for any projects or even at the system level when upgrading to this version.
Improvement: If custom question numbering is used on a survey page in which no questions have a custom question number defined, the extra space on the left of the questions will be removed to give the questions more room for display on the page.
Improvement: On the Survey Settings page, the setting “For Required fields, display the red 'must provide value' text on the survey page?” now has a new option: "Display only the red asterisk". This provides an additional option rather than having to choose between the binary options to hide or not hide the text.
Improvement: When taking a survey while on a mobile device, the survey page will auto-scroll whenever selecting a value for a drop-down or radio button field to help the participant scroll down the page more easily.
Improvement: New survey setting allows users to set a custom width of the survey displayed on the page between 50% and 100%. The default value for the setting is “Fixed width (default)”.
Improvement: New survey setting allows users to display or hide the font resize icons at the top of the survey page. By default, it is set to display the font resize options.
Improvement: New survey setting allows users to show or hide the Submit buttons displayed at the bottom of every survey page (including the 'Next Page' and 'Previous Page' buttons).
Improvement: New survey setting allows users to provide alternative text for the 'Submit', 'Next Page', and 'Previous Page' buttons displayed at the bottom of every survey page.

New feature: Calendar Sync

Users may sync their REDCap project calendar or perform a one-time import of their project calendar events to external calendar applications such as Google Calendar, Outlook, Office 365, Zoho, Apple Calendar, or any application that supports iCal or ICS files. They may choose one of the two options below to sync or import their project calendar events to an external calendar application.
- Live calendar feed: Add calendar from URL/Internet - A unique web address will be displayed in a dialog on the Calendar page, in which the URL represents a real-time live feed of the REDCap project calendar. Users may copy the URL to paste it as the calendar URL in their calendar application using the option "Add calendar from URL/Internet". This will subscribe their external application to the REDCap project calendar. Privacy Note: This calendar feed URL on the Calendar page is unique to the user in the project. So if the user gets expired, removed from the project, or deleted from the system, their unique calendar feed will go blank and will not output anything anymore (for privacy purposes).
- One-time import: Download ICS file - Download and open the calendar ICS file below to import REDCap calendar events manually into the calendar application on your computer, or upload the file to a web-based calendar service. Notice: This is not a live feed but a one-time import. Thus, any new events added to the REDCap calendar in the future will not be automatically added to the external calendar application.

Disabling: The Calendar Sync feature can be disabled at the system level on the Modules/Services Configuration page in the Control Center.
Feed-syncing Notice: Different calendar applications have different refresh rates. So if new events are added to the calendar in REDCap, they may not immediately appear in the external application that is consuming the feed but will appear after the next refresh interval, which might be some time later that day or the next day (depending on the calendar application). Additionally, the calendar feed represents a one-way feed. This means that while changes made to the calendar in REDCap will automatically show up in the external calendar application, users will not be able to modify them in the external calendar application because they will be read-only.
Privacy Note: When viewing events from the Calendar page’s feed or downloadable ICS file, any data from Identifier fields will be automatically removed from the feed/file (e.g., if identifier fields are included in the Custom Record Label or Secondary Unique Field, or if the record name is an identifier), in which their data will be replaced with the text “**DATA REMOVED**”.
New calendar-specific Smart Variables
- [calendar-url] - The web address (URL) of the calendar feed or downloadable ICS calendar file belonging to the current record.
- [calendar-link:Custom Text] - The HTML web link that, when clicked, will navigate to the calendar feed or downloadable ICS calendar file belonging to the current record. 'Custom Text' is an optional parameter whereby you can specify the visible link text, and if it is not provided, it defaults to simply displaying the URL as the link text.

New feature: SendGrid Dynamic Templates for Alerts & Notifications

SendGrid Dynamic Templates give users significantly more control over the style and design of emails when compared to the standard email alert type. Enabling this feature on the Project Setup page will give users another alert type to choose from on the Alerts & Notifications page called “SendGrid Template”. Thus, similar to Twilio, this feature is a project-level feature that users may enable on individual projects (or users can have administrators enable it for them).
DISABLING: The SendGrid Dynamic Templates feature can be disabled at the system level on the Modules/Services Configuration page in the Control Center. There are also other additional features on that page that determine who can enable the SendGrid services in a given project.
SETUP & CONFIGURATION: This integration requires that you have an account setup on sendgrid.com. After creating a SendGrid account, you'll need to configure senders for the account, create the dynamic templates you wish to use for REDCap alerts, and generate an API Key with appropriate permissions for REDCap to use. When configuring senders on your SendGrid account, you may specify individual senders, authenticate an entire domain so that any email address associated with that domain may be a sender, or both. Please refer to SendGrid's documentation on how to set up Domain Authentication and how to add individual Verified Senders. To create a dynamic template in your SendGrid account, login to your SendGrid account and use the sidebar to navigate to Email API→Dynamic Templates. Here you can create a dynamic template, give it a name, and associate an email design with it. Please reference SendGrid's documentation on Dynamic Templates and Handlebars to learn more about creating templates in your SendGrid account. Lastly, to create an API Key for REDCap, login to your SendGrid account and use the sidebar to navigate to Settings→API Keys. Here you can create a new API Key and specify its permissions. It is recommended that you create a Restricted Access API Key and only give the API Key the permissions REDCap needs to function. REDCap will need Full Access to Mail Send, Read Access to Sender Authentication, and Read Access to Template Engine. Once you have your API Key, you may use it to configure SendGrid Template email services for alerts & notifications through the REDCap Project Setup page.
ALERTS & NOTIFICATIONS: The SendGrid Template alert type will allow you to specify a sender email address that's in your SendGrid account's list of Verified Senders or an email address that matches an Authenticated Domain associated with your SendGrid account. You'll also have an interface to choose which of your SendGrid account's dynamic templates you'd like to use for the alert as well as an interface to specify key/value pairs that will be used to populate your template with REDCap data. Lastly, choosing recipients for SendGrid alerts works the same way as choosing recipients for email alerts.
COST: As REDCap makes API calls to SendGrid's Email API using your account's API Key, your SendGrid account will keep track of REDCap's usage and your SendGrid account will be charged accordingly. This is not done by REDCap but is done internally by SendGrid as you use its services. In this way, no monetary transactions are made by REDCap, and thus it is your responsibility to maintain the funds in your SendGrid account in order to ensure that the service continues to work for your REDCap project. If your SendGrid account runs out of funds, the SendGrid services in REDCap will cease to function. You may reference SendGrid's pricing page to get their latest pricing.
Thanks to Remi Frazier and Kaizen Towfiq at University of California San Francisco for their code contributions, which made this new feature possible.

New feature: “OpenID Connect & Table-based” authentication

- Admins may enable this new authentication method on the Security & Authentication page. It functions exactly like “OpenID Connect” authentication, and has the added bonus of providing some users with the ability to log in via REDCap’s local Table-based authentication (if they will not log in via OIDC).
- Additionally, admins may optionally define the display name of the OpenID Connect system (e.g., Google, NIH), which gets displayed in a button on the login page that says “Log in using [X] or [Local REDCap Login]”. If a value is not provided for this setting, it will simply output "OpenID Connect" as the button text. Clicking that button will take the user to the OIDC login page.

New feature: Repeating Automated Survey Invitations (ASIs)

- - Users can now set ASIs to send multiple times on a recurring basis for any repeating survey in a project. If the survey is a repeating instrument or if it exists on a repeating event, then users will see a new section "How many times to send it" in the ASI setup popup in the Online Designer. There users may set the ASI to send survey invitations repeatedly at a regular interval, in which it can repeat forever or a set number of times. This new repeating ASI feature works similarly to how recurring alerts have always worked for Alerts & Notifications.
  - Note: If an instrument is not a repeating survey, then this new section will not appear for that survey in the ASI setup dialog.
  - When an ASI is set up to recur for a repeating survey, the [survey-link] Smart Variable in the invitation text will always point to a different repeating instance of the survey for each time the invitation is sent. For example, if the ASI is set to recur daily, then the first day’s invitation will have a link pointing to instance #1 of the survey, the next day’s invitation will point to instance #2, then the next to #3, and so on.

New Smart Variable: [new-instance]

This new Smart Variable [new-instance] can be appended to [survey-link], [survey-url], [form-link], and [form-url] to create a URL that points to a new, not-yet-created repeating instance for the current record. In this way, [new-instance] functions essentially as [last-instance] 1. This new Smart Variable works for repeating instruments and also for instruments on repeating events.
[new-instance] can also be used as stand-alone, in which it will return an integer. But it will only work when used within the context of a repeating instrument or repeating event, in which it will essentially return [last-instance] 1 for the current repeating context.
[new-instance] will auto-append “&new” to the end of the form link or survey link (when used with [form-link/url] or [survey-link/url]) and thus will cause the user/participant to be redirected to the next repeating instance if the current repeating instance (i.e., the instance number in the URL) already exists for the record. Thus, using [form-link] or [survey-link] appended with [new-instance] will ensure that you always end up on a new, not-yet-created instance. And if two participants arrive at the same repeating survey instance with both using the exact same link created by [survey-link][new-instance], then the second participant to submit the survey page will not override the first participant’s response. Instead, it will add the second participant’s response as another repeating instance that does not exist yet.
TIP: One of the main intended usages of [new-instance] is to utilize it as [survey-link:instrument][new-instance] inside the text of a recurring alert to allow users/participants to enter data easily into a repeating survey. In this way, it works very similarly to a repeating ASI. However, repeating ASIs do not need their survey link appended with [new-instance] because it is already implied from the ASI setup.

New feature: Embedding images in text & emails

- Users may now embed one or more inline images into the text of a survey invitation, an alert, or a field label on a form/survey, among other things, by clicking the image icon in the rich text editor and then by uploading an image from their local device. Anywhere that the rich text editor is used, users may embed an image into its text (with one exception: the @RICHTEXT action tag on public surveys).
- If you wish to disable the ability to embed images in text via the rich text editor, you may disable this functionality at the system level on the Modules/Services Configuration page in the Control Center.

New method for plugins/hooks/modules: REDCap::storeFile- Stores a file in REDCap when provided with the full path of a file on the local REDCap web server. Returns the doc_id from the redcap_edocs_metadata database table for the stored file. The file will be automatically stored using the defined file storage method in the system (e.g., WebDAV, S3, local). Note: The original file on the server will *not* be deleted by this process.

New method for plugins/hooks/modules: REDCap::copyFile- Creates a new file in REDCap by copying a file already stored in the system when provided with the doc_id of the original file from the redcap_edocs_metadata database table in the REDCap system. Returns the doc_id for the newly created file. The new file will be automatically stored using the defined file storage method in the system (e.g., WebDAV, S3, local). Note: The original file whose doc_id is provided as a parameter will *not* be deleted by this process.

New method for plugins/hooks/modules: REDCap::addFileToRepository- Adds a file to a project's File Repository when provided with the doc_id of an existing file from the REDCap system. Warning: This method should not be used for files already stored for File Upload fields or as various attachments in the system because deleting the file from the File Repository will delete it in all places where the file is utilized. Ideally, this method is meant to be paired with the method REDCap::storeFile(). If you wish to add a file to the File Repository that is already being utilized elsewhere in REDCap (e.g., as an attachment or uploaded to a File Upload field), it is recommended that you first call REDCap::copyFile() to copy the original file, and then call REDCap::addFileToRepository() afterward.

New Feature: SendGrid Template Advanced Settings for Alerts & Notifications

Introduction - A new “advanced settings” section was added to the Alerts & Notifications interface when building an alert using the relatively new SendGrid Template alert type that gives users more control over the underlying SendGrid API call being made when REDCap triggers a SendGrid Template alert. Note that all of the advanced settings are optional, and they are all disabled by default. If “SendGrid Template email services for Alerts & Notifications” are enabled for a project on the Project Setup page, then these advanced settings will appear in the alert creation dialog after selecting “SendGrid Template” as the alert type. The new advanced settings are all listed in detail below.
SendGrid Unsubscribe Groups - SendGrid can allow recipients of its emails to unsubscribe from all emails being sent from a sendgrid account, or from emails associated with specific unsubscribe groups in a sendgrid account. To take advantage of custom unsubscribe groups, you can create unsubscribe groups in your sendgrid account then associate them with alerts in your REDCap project. When a recipient unsubscribes from an email that has been associated with a specific unsubscribe group, they get added to that unsubscribe group's list and any future emails that are associated with that unsubscribe group will not be delivered to them. An alert can be associated with at most one unsubscribe group. Here is SendGrid's documentation on unsubscribe groups: https://docs.sendgrid.com/ui/sending-email/unsubscribe-groups.
SendGrid Categories - SendGrid allows you to associate arbitrary categories to each email you send from your account, effectively giving you the ability to tag each individual email sent with different metadata about the email like the email type. Unlike unsubscribe groups, categories don't have to be made in your sendgrid account before associating them with an alert in REDCap. You can define your categories in REDCap as you create your REDCap alert, and your sendgrid account will automatically detect new categories as emails get sent with them. In your SendGrid account's Category Stats page, you'll be able to see data about your emails by category. You can associate up to 10 unique categories per email, and a category name cannot be longer than 255 characters.
SendGrid Mail Settings - Full documentation for the SendGrid bypass settings can be found at https://docs.sendgrid.com/ui/sending-email/index-suppressions#bypass-suppressions.

Bypass List Management - When enabled, your email will be delivered regardless of any other existing suppression management control in your account. For example, if a recipient is in an unsubscribe group or the global unsubscribe group, they will still receive the email if bypass list management is enabled. Bypass List Management can't be combined with any other bypass option.
Bypass Spam Management - Allows you to bypass the spam report list to ensure that the email is delivered to recipients. Some email services allow recipients to mark emails as spam. In some cases, sendgrid will be notified when a recipient marks an email as spam and will maintain a spam report list.
Bypass Bounce Management - Allows you to bypass the bounce list to ensure that the email is delivered to recipients. A bounce occurs when a receiving mail server rejects an incoming email. This can happen if the recipient address is bad, for example. If sendgrid sees too many bounces happening, it will add that recipient to a bounce list and it will stop trying to send mail to that recipient. Enabling this will bypass that bounce list and force sendgrid to retry delivery.
Bypass Global Unsubscribe Management - When enabled, your email will be delivered even if the recipient is on your account's global unsubscribe list.
Sandbox Mode - Sandbox mode lets you check for errors in the SendGrid API call used to send an email without the potential of delivering the email. If you're unsure about your sendgrid configuration, you can run a test by enabling sandbox mode for an alert and triggering it. If your project's logs state that the alert was sent successfully and you don't see any errors, then your configuration is good to go. However, since sandbox mode was enabled for that alert, an email was not actually sent. After you're satisfied with your tests, you can disable sandbox mode and start sending real emails with your alert.

SendGrid Tracking Settings

Click Tracking - SendGrid has the ability to detect when a recipient clicks on links in an email. The count of clicks for a given email can be seen in the email activity section of your sendgrid account.
Open Tracking - SendGrid has the ability to detect when a recipient opens an email by embedding a single pixel image in an email. Enabling this setting will make sendgrid include this tracking pixel in your emails. You can view the count of opens for a specific email in the email activity section of your sendgrid account.
Subscription Tracking - If subscription tracking is enabled and configured on your sendgrid account, this setting lets you choose whether or not you want to include the global unsubscribe link associated with the subscription tracking feature in your emails. Note that you can utilize unsubscribe groups without using the more general subscription tracking feature. I believe subscription tracking is disabled by default on a sendgrid account. Here is some documentation from sendgrid about unsubscribe methods: https://support.sendgrid.com/hc/en-us/articles/1260806604209-Unsubscribe-Methods

Miscellaneous Additions

Added an External Service Check for https://api.sendgrid.com/v3 in the Control Center's Configuration Check page.
Added a line in the Modules utilized section of the Systems Statistics page to keep track of how many non-practice projects are utilizing sendgrid for Alerts & Notifications.

Additional SendGrid API Token Requirements - To fully support SendGrid Advanced Settings, the SendGrid API token used in the project's setup needs the permission for getting an account's unsubscribe groups through the API. This permission is mapped to the asm.groups.read scope. You can add this permission to your existing API token by editing its permissions in your SendGrid account and giving it Read Access to Unsubscribe Groups in the Suppression section.

New feature:Download all files on a report - When viewing a report (including public reports) that contains one or more File Upload fields or Signature fields, a “Download Files (zip)” button will appear on the page to allow users to easily download all the report’s uploaded files into a single zip file for those fields for the records in the report.

New feature: Redesign of the File Repository

Overview: The File Repository page has been redesigned to make it easier to store, organize, and share the files in your projects.Users now have the ability to create folders and sub-folders to help organize their files more effectively. If using Data Access Groups or user roles, users may optionally limit access to a new folder so that it is DAG-restricted and/or role-restricted. Uploading multiple files is much faster with a new drag-n-drop feature that allows for uploading dozens of files at a time. Sharing files is better too, in which users may obtain a public link to conveniently share a file with someone. New API methods also exist that allow users to upload, download, and delete files programmatically using the API. Additionally, the File Repository has a new built-in Recycle Bin folder that makes it easy to restore files that have been deleted. Users can upload as many files as they wish. There is no limit. Additionally, there is no limit to how many folders and sub-folders that can be created (or how deep that they can be nested within other folders).
Sharing: Files can be shared via Send-It or using a public link. If you do not want users to be able to share files using the public link functionality, this may be disabled on the File Upload Settings page in the Control Center. Once disabled, users will only be able to share files using Send-It.
File storage limit: Admins may optionally set a file storage limit that applies to all projects so that users cannot upload too many files in an abusive fashion. The value can be set in MB on the File Upload Settings page in the Control Center. There is also a project-level override for the file storage limit on the Edit Project Settings page for any given project. Note: Files in the starred folders (e.g. Data Export Files, e-Consent PDFs, Recycle Bin) do not count toward the overall file space usage of the project.
Recycle Bin: Files that are deleted from the File Repository will be put in the Recycle Bin folder where they will be kept for up to 30 days before being permanently deleted. Any file in the Recycle Bin can be restored back to its original location (so long as doing so does not surpass the project’s file storage limit, if enabled). Administrators can “force delete” any file in the Recycle Bin, which deletes it immediately and permanently.
New API methods for the File Repository: 1) Create a New Folder in the File Repository, 2) Export a List of Files/Folders from the File Repository, 3) Export a File from the File Repository, 4) Import a File into the File Repository, and 5) Delete a File from the File Repository.

New method for plugins/hooks/modules: REDCap::getFile- Returns an array containing the file contents, original file name, and mime-type of a file stored in the REDCap system by providing the file's doc_id number (the primary key from the redcap_edocs_metadata database table).

New method for plugins/hooks/modules: REDCap::addFileToField- Attaches a file to a File Upload field for a specified record when provided with the doc_id of an existing file from the REDCap system.

New feature: “Azure AD & Table-based” authentication method- The “Security & Authentication” page contains a section of custom settings for using the Azure AD authentication method in REDCap. All the existing Azure AD settings apply to this new authentication method, with the addition of a new custom button text for the “Azure AD” button on the login page.

New feature: Administrators will now see an “Auto-Fill Form” or “Auto-Fill Survey” button at the top right of forms and surveys, respectively. Clicking the button will auto-fill all visible fields on the entire instrument. This is to help with testing or troubleshooting data collection.

New feature: Embedding file attachments in text & emails

Users may now attach one or more files into the text of a survey invitation, an alert, or a field label on a form/survey, among other things, by clicking the file attachment (paperclip) icon in the rich text editor and then by uploading a file from their local device.
This feature is available for every rich text editor *with the exception* of non-project pages (e.g., the Email Users page) and also any field with the @RICHTEXT action tag.
If administrators wish to disable the ability to embed attachments in text via the rich text editor, they may disable this functionality at the system level on the Modules/Services Configuration page in the Control Center. Note: This setting operates independently from the other setting “File Repository: Users are able to share files via public links” (found on the File Upload Settings page in the Control Center); thus, even if public file sharing has been disabled globally, users can still upload file attachments via the rich text editor so long as its associated setting has been enabled globally.
Note: All files uploaded via the rich text editor will be represented in the text of the editor as a public file-sharing link, which allows the file to be downloaded in any context (e.g., on surveys, on authenticated REDCap pages, and in public areas like emails and public dashboards). This means that if anyone has possession of this link, they will be able to download the file (at least, until the file has been deleted). All files uploaded via the rich text editor will be automatically stored in a special “Miscellaneous File Attachments” folder in the File Repository where they can be accessed and/or deleted, if necessary. If any such file is deleted from the “Miscellaneous File Attachments” folder in the File Repository, the associated download link for the file will cease to be active and thus will become a dead link wherever it has been used.

New feature:New one-way messaging system for Clinical Data Interoperability Services (CDIS) that is designed to provide secure communication to users who are utilizing asynchronous CDIS processes, such as background data pulling via a cron job. This new system has been developed to address the need for a secure means of communication outside of REDCap Messenger, particularly for messages that contain protected health information (PHI). Emails were not a viable option for these types of messages, as they do not provide the necessary level of security to protect PHI from unauthorized access. The system utilizes encryption techniques to ensure the confidentiality and integrity of all messages exchanged.

New feature: Mosio SMS Services

- REDCap has the capability to send SMS text messages for surveys and for Alerts & Notifications by using a third-party web service named Mosio (www.mosio.com). In this way, users can invite a participant to take a survey by sending them an SMS message, in which the data would be collected in REDCap directly from their phone without having to use a webpage. There are two ways REDCap currently works with Mosio: 1) Surveys – Sending survey invitations and also sending questions and getting replies via text message, and 2) Alerts - Sending one-way Alerts & Notifications via text message.
- The Mosio Two-Way Text Messaging (SMS) Services work exactly the same as the current Twilio functionality, with the exception of the Voice Call features. Mosio can only send and receive SMS messages. If a user wishes to switch a project from using Twilio to using Mosio, the only thing that needs to be done is for them to get a Mosio account and API key, then disable Twilio and enable Mosio in their REDCap project using their API key. That’s all that needs to be done to migrate from Twilio.
- If you wish to disable the Mosio functionality at the system-level so that users do not see the feature on the Project Setup page, an administrator may do so on the Modules/Services Configuration page in the Control Center (similar to the Twilio settings there).
- For more information and to get a Mosio account, visit https://www.mosio.com/redcap. Mosio specializes in research communications automation, helping researchers improve engagement, adherence, and data collection in studies. The service is both HIPAA and 21 CFR Part 11 compliant and willing to sign BAAs.

Improvements:

Improvement: For projects using the Clinical Data Interoperability Services (CDIS), a new observation category “social history” was added for both CDM and CDP projects, thus allowing them to import this new type of EHR data into REDCap.
Improvement:New CDIS panel on the left-hand project menu to display information and links that are relevant to projects using either Clinical Data Pull or Clinical Data Mart.
Improvement/change: To improve server performance, Descriptive Text fields that have image attachments will have their images loaded on the page incrementally with a slight delay between each to prevent the web server from getting overloaded with many simultaneous requests when the data entry form or survey page initially loads.
Improvement: When performing a keyword search on the "Help & FAQ" page, it now displays in red a count of keyword matches for each category in the tabs near the top of the page. Previously, the user would have to click on each tab in order to know if there were any keyword matches in that particular category.
Improvement:Each tab on the "Help & FAQ" page now has a drop-down list of subsections that, when selected, will auto-scroll the webpage down to that subsection on the page.
Improvement: The Codebook now contains a “Field Finder” to allow users to quickly search for a field by keyword or phrase in the field label or by variable name. Also, the gray "Instrument Name" rows in the table will float at the top of the page while scrolling so that it is always apparent the instrument to which a field belongs. Additionally, when scrolling down the page, an up-arrow image will appear at the bottom right of the page that (when clicked) will quickly scroll the page back to the top.
Improvement:When using Multi-Language Management, it will now display a list of possible issues to users when entering the page if any elements have been modified since they have been translated. For example, if a field label is translated, and then a user modifies the Default language text via the Online Designer, the MLM page will display a warning in a popup dialog that will ask the user to confirm that the current translation is okay or else to provide a new translation to match the updated Default text. This will help notify users about potential issues with their translations to keep them updated if they are still modifying the Default language text in the project.
Improvement:Piping can now be performed inside the value of the @PLACEHOLDER action tag - e.g., @PLACEHOLDER="[first_name] [last_name]".
Improvement: When using Multi-Language Management, in which some of the Default language text has changed since the text was translated, the new “Review Changed Items” dialog on the MLM page will now display an “Export” option to export as JSON or CSV all the translated items that need to be reviewed and/or retranslated.
Improvement:If the Multi-Language Management feature is disabled for a project, it will now show a red notice at the top of the MLM page.
Improvement: Sub-sections on the “Help & FAQ” page can now be accessed via hyperlinks near the top of each section. Previously there was a drop-down for this, which was slightly slower. Having sub-section links near the top of the page should make it faster for users to jump to a specific section.
Improvement:The Multi-Language Management setup page now displays a download option for each instrument under the Forms/Surveys tab to allow users to export->import the translations for that single instrument to another project that has the same instrument with the same fields and variable names.
Improvement:The Multi-Language Management setup page now displays the Default text above (rather than below) the input text box for each translatable item. This reversal appears to be more intuitive for users as they translate each element.
Improvement:In the "Compose Survey Invitations" dialog on the Participant List page, the Actions drop-down for auto-selecting checkboxes for participants in the participant list now contains a new option: "Check Not Responded and Partial Response".
Improvement:When scrolling down the page in the Online Designer when adding/editing fields, an up-arrow image will appear at the bottom right of the page that (when clicked) will quickly scroll the page back to the top.
Improvement:Concurrent user checks have now been added to the Multi-Language Management setup page to prevent multiple simultaneous users from affecting each others’ work while on the page.
Improvement/change: The Multi-Language Management setup page is slightly less restrictive now while in production status. For example, users may now export language configurations while in production even when not in draft mode.
Improvement/change: If any suspended users have access to a project, the User Rights page will display a button to easily show/hide suspended users on the User Rights page. Initially, all suspended users will be displayed, but if the button is clicked, then all suspended users will remain hidden on the User Rights page of *any* project until the button is clicked again. (Ticket #75652).
Improvement: The “Email Users” page in the Control Center now sends emails using a cron-job based queueing process. This means that emails are no longer sent in real time on the page, and thus there is no longer a need for the admin sending the email to stay on the page while all the emails are sent. This makes the process much faster and easier for admins using this page.
Improvement: When using S3 for file storage, you may now specify a custom S3 endpoint URL on the "File Upload Settings" page in the S3 section. This helps support the use of alternative S3 destinations. (Ticket #62790).
Improvement:New system-level option to disable the E-signature feature so that its checkbox option is not displayed at the bottom of data entry forms (immediately above the Submit buttons). You might wish to disable this feature if you are not using Table-based, LDAP, or LDAP Table-based authentication since the e-signature feature will not function for certain external authentication methods (e.g., Shibboleth, OAuth2) due to its requirement for the user to re-authenticate. This feature is enabled by default but can be disabled on the "Modules/Services Configuration" page in the Control Center.
Improvement:In many places that display a drop-down list of records (e.g., Logging page, Email Logging, Field Comment Log, Data Quality page, ad hoc calendar event popup, Alerts & Notifications Log, Survey Notification Log), it will display a normal drop-down list if the project contains 5000 records or less, and if the project contains more than 5000 records, it will instead automatically revert to displaying an auto-suggest textbox to allow the user to manually enter the record name (rather than attempting to display an extremely long drop-down). This should make these pages load much faster and also make them easier to use in projects containing many records.
Improvement/change:Password recovery questions have been removed as a feature for Table-based authentication. Password recovery questions will no longer be utilized as a part of the process whereby Table-based users reset their password. They are an unnecessary part of that process, they only cause issues and confusion for users, and they do not add much security-wise.
Improvement: New field validation type: "Phone (UK)". This validation type supports phone numbers from the United Kingdom (e.g., 44 7911 123456, 447911123456). Note: This validation type will be disabled by default after installing or upgrading, but it can be easily enabled on the Field Validation Types page in the Control Center. Thanks to the Field Validation Committee for donating this.
Improvement:If using Two-Factor Authentication, users can be allowed to use their 6-digit 2FA one-time PIN for e-signing processes in place of their password (e.g. performing an e-signature on data entry forms or when utilizing the 'File Upload' field enhancement feature when uploading a file on a data entry form - often used for 21 CFR Part 11 compliance for FDA trials). Normally, e-signing requires a username and password, but when this system-level setting is enabled while also having REDCap’s Two-Factor Authentication enabled, users can alternatively provide their username and 2FA one-time PIN to perform the e-signing. A user can obtain their one-time PIN from their Google Authenticator or Microsoft Authenticator app, or else there will be an option available to send the user the PIN via email and/or SMS whenever they need to enter it. Note: This setting is disabled by default but can be enabled in the “Two-Factor Authentication” section on the Security & Authentication page.
Improvement: When the authentication method is set to "OpenID Connect" or "OpenID Connect & Table-based", you may define which OIDC attribute will serve as the REDCap user's username. Simply set the setting "Attribute to use for REDCap username" on the Security & Authentication page. It will default to "username" when installing/upgrading REDCap, but also provides the other options "nickname" and "email". Note: If the selected attribute does not have a value for the current user, it will revert to using the user's associated email address to serve as their username.

Improvement: New v2 endpoint for Azure AD authentication

The “Additional OAuth2 Azure AD Authentication Settings” section on the Security & Authentication page now contains a new “Endpoint Version” setting, which can be set as “V1” (default) or “V2” to allow REDCap to utilize different versions of the Azure AD authentication. Previously, only V1 could be utilized in REDCap. Now V2 can also be used.
Thanks to Paul Ryan (University of Hawaiʻi at Mānoa) and Eric Wagner (The Ohio State University) for their code contributions, which made this new feature possible.

Improvement: REDCap now implements a new version of the two “datediff” cron jobs that run frequently each day and are utilized for Alerts & Notifications and Automated Survey Invitations. Instead of having a single cron job for each that runs a very long time every 4 hours, the two cron jobs will now run more often in a batched mode to spread out the same amount of work in smaller batches over time. This allows the processes to be done more efficiently (and sometimes faster in many cases) without the risk of the cron jobs timing out, which has been a concern with them in the past.

Improvements: The following are enhancements for the Multi-Language Management system setup page in the Control Center:

- Additional column "Initial" - this governs the language that is initially shown on the translatable non-project pages (essentially, this is only the generic Survey Access page) when no browser cookie is set yet.
- Designates the "Default" column to identify the language that matches that from the active Language.ini file
- Adds popups with explanations to the various columns.

Improvement: When viewing a suspended user's account on the Browse Users page in the Control Center, it now displays the text "Suspended" in red next to the user's name and username to help admins more easily identify if the user is suspended or not.

Improvement: New two-factor authentication option - If using an "X & Table-based" authentication method, you can make non-Table-based users be exempt from 2FA. This can be set on the Security & Authentication page, in which a new setting "Enforce two-factor authentication ONLY for Table-based users?", which defaults to "No", can be enabled so that only Table-based users will have to go through the 2-step login process if the system is using an "X & Table-based" authentication method. This will be useful if 2FA is already implemented on the other non-Table authentication process - e.g., OpenID Connect, thus preventing the non-Table users from having to perform 2FA twice (once outside REDCap and then once inside REDCap). (Ticket #128474).

Improvement:New and improved user interface for the Email Users page in the Control Center.

Improvement:A new option ("View & Edit / De-Identified") has been added to the system-level setting "Default instrument-level user access set for all project users' Data Viewing Rights and Data Export Rights whenever a new instrument is created while in production status" on the User Settings page in the Control Center. This new option will allow users to automatically have View & Edit viewing rights to all new instruments created while in production but will provide limits on their data export privileges for those new instruments

Improvements for CDIS:

Added RxNorm code and display fields in Clinical Data Mart (R4 and DSTU2).
Updated the Clinical Data Mart templates to accommodate the new data.

Change/improvement: When using "OpenID Connect & Table-based" authentication, if the OIDC authentication process fails with an error that is returned to REDCap in the URL query string, the error description will now be displayed on the page for the user to see, whereas previously the error message might not be displayed on the page in certain situations. Additionally, if a Table-based user fails to successfully log in, as a convenience the login form will now automatically be displayed again without the user having to click the "Local REDCap Login" button. (Ticket #129023)

Improvement: To improve page-loading performance of the Data Access Groups page, the DAG Switcher table at the bottom of the page will no longer be displayed when the page is initially loaded if the number of project users X the number of DAGs is greater than 5000. If the threshold is reached, then a big button saying "Display the DAG Switcher" will be displayed, and after clicking it, it will then display the DAG Switcher table. This will improve overall load time of the page in extreme cases. (Ticket #128578).

Improvement:The Multi-Language Management setup page now has an option to “Export or import general settings”. This includes which languages are set as active, default, or fallback, which fields and survey settings are excluded, as well as the settings on the Alerts tabs and Settings tab. Note: The export/import option will appear when at least one language has been created in the project. This option is available as a JSON file only for import/export.

Improvement:When setting up an ASI, the sub-section “When to send invitations AFTER conditions are met” now contains the new drop-down choice "the same day (beginning at midnight) that the automated invitation was triggered" in the sub-option “Send the invitation X days Y hours Z minutes before/after [drop-down]”. This new choice in the drop-down allows users to schedule the invitation based on the day the ASI was triggered and provides greater control and precision with regard to when exactly the invitation will be sent. For example, if this new drop-down option is selected along with setting it to “send the invitation 1 day 8 hours after…”, this will cause the invitation to be scheduled to be sent at exactly 8:00am the next morning. In previous versions, it was not possible to get this level of precision for the invitation send-time based upon ASI trigger-time unless you used a date field’s value as a reference.

Improvement: When using the Multi-Language Management in a project where the languages created on the MLM setup page have Language IDs that correspond to language ISO codes, if a user or participant has not yet selected their display language via the MLM language-switching choices, REDCap will use their current browser settings to auto-detect and then auto-select their preferred display language. This is meant to be an added convenience to the user/participant. Note: This only occurs if project users have set up their MLM Language IDs as ISO codes.

Improvement/change:Updated the Font Awesome library from v5.15.4 to v6.1.1.

Improvement:Stop Actions (for multiple choice fields) and Video Display Format settings (for Descriptive Text fields with videos) are now included in Instrument Zip files when downloading or uploading them for an instrument in the Online Designer. In previous versions, stop actions were not included, and while the video URL was included, the setting that defines if the video is displayed inline or not was not included. (Ticket #124377).

Improvement:Added “json-array” as a new option to the data formats for REDCap::getData and REDCap::saveData. It provides a way around the json data format, for the sake of computer cycles as well as for the sake of being able to pass large data structures. The “json-array” option represents the same flat data structure as decoded JSON data when using the “json” data format for these methods, but it avoids the encode/decode steps.

Improvement: Admins can now provide an alternate URL that will be used for the "Contact REDCap Administrator" links on each project's left-hand menu. If admins are using a ticket system, for example, to collect questions/issues from users, they may enter the URL of the ticket system's page where new tickets can be submitted. The alternate URL can be entered on the General Configuration page of the Control Center. If left blank (its default value), the "Contact REDCap Administrator" links will function as they have in previous versions, in which clicking them will open a pre-formatted email in the user's native email client.

Improvement: The Duo two-factor authentication process has been upgraded to use the new Duo Universal Prompt. This will provide a better and more reliable user experience for those institutions using Duo for two-factor authentication in REDCap. (Ticket #130859)

Improvement: Two more fields (general_practitioner and managing_organization) were added to the Patient FHIR resource when using the Clinical Data Mart service for CDIS.

Improvement:When utilizing Multi-Language Management in a project, the Field Finder on the Codebook page now supports searching in translated field labels.

Improvement: The date of the most recent REDCap upgrade for the system is now displayed near the bottom of the main Control Center page. (Ticket #69036)

Improvement:"Project 5 (COVID-19)" was added as a new classification that is selectable under the NIH CDE Repository catalog for the Field Bank feature in the Online Designer. Project 5 (COVID-19) is a classification of NIH-Endorsed CDEs (Common Data Elements).

Improvement:Various changes and improvements for the External Module Framework, including a new module AJAX request feature (thanks to Günther Rezniczek and Mark McEver). While it has always been possible to make AJAX requests via module code, using this new framework method makes it easier and more secure. Note that for framework version 11 , logging in non-authenticated contexts must be explicitly allowed by setting the “enable-no-auth-logging” flag in “config.json”.

Improvement/change: The project API page now displays the user's API token in a text box with a button next to it that, when clicked, copies the API token to the user's clipboard. (Ticket #134577)

Improvement: New Multi-Language Management option to require admin activation of multi-language support in projects

Administrators may now change the behavior of the Multi-Language Management feature so that project users cannot view or use MLM in a project until a REDCap administrator has first enabled it explicitly in that project.
This behavior can be changed on the Settings tab on the Multi-Language Management page in the Control Center where it says “Require admin activation of multi-language support in projects”. Note: Enabling that system-level setting will not affect any projects where multi-language support is already enabled (either because it had previously been enabled explicitly by an admin or there is at least one language already set up).
Additionally, the following new admin-only options have been added to the Settings tab on the MLM setup page in each project, in which these options only appear to admins and only when the system-level setting has been set where only admins may enable MLM:

“Enable multi-language support for this project” - Allows users with Project Setup and Design rights to see the MLM menu link and to use the MLM setup page.
“Disable and hide multi-language support for this project” - Turning on this option will hide the MLM menu link and prevent access to Multi-Language Management for users even when there are languages defined. This overrides the Enable option above.

Improvement for the External Modules Framework: New "Developer Tools" section & "Module Security Scanning" link on the Control Center -> External Modules -> Manage page.

Improvement: When setting up repeating Automated Survey Invitations, users can now set the repeating interval value as a number with a decimal (in previous versions, the value could only be an integer). This will allow users to approximate the interval of a monthly repeating ASI as 30.44 days since it is currently not possible for repeating ASIs to be scheduled on exactly the same day and time each month. To help users, a note has been added in the repeating survey section of the ASI setup dialog to inform them how to approximate a month as 30.44 days. (Ticket #136957)

Improvements for CDIS

Expiration indicator for the “Break the Glass” feature: The new Break the Glass workflow uses tokens that expire in an hour from their creation. The interface will now show if a token is expired.
Delete button for the “Break the Glass” feature: Users can remove entries from the list of Break the Glass protected patients using a button.

Improvement:A link to the Codebook page was added inside the Add/Edit Field dialog on the Online Designer. This will allow the user to open the Codebook in a new tab without having to close the dialog to do so. (Ticket #138300)

Improvement:MLM Usage Page - A new “Usage” tab will be displayed on the Multi-Language Management page in the Control Center that will display a list of all projects using MLM and in what ways they are utilizing MLM, such as the number of languages in the project (and how many are active) and whether the following MLM options apply to the given project: Deactivated by user, Enabled by admin, Deactivated by admin, and Debug mode turned on.

Improvement: The “Alerts & Notifications” page now has its own separate user privilege. Previously, only users with “Project Design and Setup” privileges could access the Alerts & Notifications page. Now, users must explicitly be given “Alerts & Notifications” privileges in order to access the Alerts & Notifications page. Note: During the upgrade to REDCap 13.1.0 or higher, any users with "Project Design and Setup" rights will automatically be given "Alerts & Notifications" rights in order to keep continuity with their current access to the Alerts & Notifications page.

Improvement: For OpenID Connect authentication, the Response Mode (response_mode) authorization parameter can now be explicitly set in the OIDC authentication settings on the "Security & Authentication" page in the Control Center. This will allow admins to choose between "query (default)" and "form_post" for the response_mode OIDC setting.

Improvement: New setting added to the User Settings page in the Control Center: "Notify the REDCap admin via email when a new account is created (excluding Table-based user accounts)?" When enabled, this setting can be used to notify admins whenever new users enter the system. Table-based users are not included because their accounts are created by an administrator. (Ticket #133382)

Improvement: New setting added to the User Settings page in the Control Center: "Send a "welcome" email to new users when they create a REDCap account (excluding Table-based user accounts) - i.e., when they log in the first time using an external authentication method?". The "welcome" email will consist of the following stock text: "You have successfully created an account in REDCap at https://your-redcap-server.edu/. Your REDCap username is "USERNAME". Please note that REDCap does not manage your password. If you have difficulty logging in, you should contact your local IT department. Welcome to REDCap!".

Improvement: When importing User Role assignments via CSV file uploads on the User Rights page or via the API, if the project contains Data Access Groups, users can now be assigned to a DAG during the User Role assignment import process by providing an extra parameter named "data_access_group" with a valid unique DAG name. This will allow users to be added to the project, assigned to a role, and assigned to a DAG all at the same time. Additionally, when exporting User Role assignments via CSV file or via the API, the "data_access_group" attribute will be exported for each user if the project contains DAGs (to be consistent with the Import User-Role Assignment format). (Ticket #119192)

Improvement:Descriptive Text fields can now have inline PDF attachments that display as an embedded PDF on the page (rather than just displaying a download link).

Improvement: Users may now pipe Smart Variables or field variables into the Data Entry Trigger URL.

Improvement: Users may now pipe Smart Variables or field variables into the External Video URL for Descriptive Text fields.

Improvement:When setting up an alert, Step 2's sub-section “When to send the alert?” now contains the new drop-down choice "the day (beginning at midnight) that the alert was triggered" in the sub-option “Send the alert X days Y hours Z minutes before/after [drop-down]”. This new choice in the drop-down allows users to schedule the notification based on the day the alert was triggered and provides greater control and precision with regard to when exactly the notification will be sent. For example, if this new drop-down option is selected along with setting it to “send the alert 1 day 8 hours after…”, this will cause the notification to be scheduled to be sent at exactly 8:00am the next morning. In previous versions, it was not possible to get this level of precision for the notification send-time based upon the alert trigger-time unless you used a date field’s value as a reference. (Note: This new option is very similar to the one added for Automated Survey Invitations in REDCap 12.5.0.)

Improvement:When exporting the project logging via CSV file or via API, the record name is now included as a separate column/attribute "record" in the resulting output if the logged event is record-centric (and if not, the record value will be left blank). (Ticket #132246)

Improvement:The on/off switches on the Multi-Language Management setup page now have green/red coloring to more clearly denote their on/off state. (Ticket #139703)

Various changes and improvements for the External Module Framework:

PHP 8.2 is now supported.
Added the methods $module->disableModule(), $module->isSuperUser(), and $module->escape().
Added the allow-project-overrides and project-name setting options.

New feature to hide external modules from non-admins in the list of enabled modules in a project.

Made the scan script warn when system hooks are used.
Miscellaneous scan script improvements.
Fixed a bug where escaped HTML displays in field list values.

Improvement: The "Help & FAQ" page has been updated with new content (thanks to the FAQ Committee).

Improvement:When using the built-in MyCap feature, users can now explicitly define the title of the project as seen by participants in the MyCap Mobile App. A new button has been added near the top of the “MyCap App Design” to allow users to set the project title that is displayed in the app. If not defined, it will default to using the user-facing title of the REDCap project, which was how it behaved in previous versions of REDCap.

Improvement: Comment lines can be added to calculations and logic to serve as annotations to explain various parts of the logic/calc. Thanks to Günther Rezniczek for helping add this new feature.

Improvement: When setting up the Survey Queue or an individual Automated Survey Invitation, the survey drop-down for the “When the following survey is completed” setting in the dialog now has a built-in search feature to easily find a specific survey in a long list. Additionally, if the survey title does not match the instrument title, the drop-down list will also display the user-facing form name for the survey, which should help users find the right survey quicker in certain cases.

Improvement: A new "preformatted code block" button was added to the toolbar of all rich text editors.

Improvement: New option for Form Display Logic: “Hide forms that are disabled”. When enabled, all forms that are disabled will also be hidden (not visible) on the Data Collection menu and on the Record Home Page.

Improvement:The text for the setting “Require a 'reason' when making changes to existing records” is now available for translation on the Multi-Language Management page.

Improvement: The Database Query Tool page in the Control Center now has a text box to easily filter database tables in the table list.

Improvement: "Postal Code (UK)" was added as a new field validation. After upgrading, an administrator will need to enable it on the Field Validation Types page in the Control Center. (Ticket #201961)

Improvement/change: If a participant returns to the first page of a multi-page survey (e.g., by clicking the Previous Page button or returning via their Return Code), the survey instructions can be viewed again by clicking the "View survey instructions" link at the top of page 1. In previous versions, the survey instructions could never be viewed again after the survey had been started (i.e., the first page had been submitted). (Ticket #201430)

Improvement:When using the Google/Microsoft Authenticator option for two-factor authentication in REDCap, users will be able to enroll using their Google/Microsoft Authenticator app the very first time they log in to REDCap via 2FA, in which the enrollment QR code will be displayed there the first time they log in via 2FA. This allows institutions to utilize the Google/Microsoft Authenticator option for REDCap without necessarily having to offer the less secure Email option, which is often the fallback/default for when users initially log in via 2FA. In previous REDCap versions, users would have to use a 2FA option other than Google/Microsoft Authenticator the first time they logged in via 2FA. So this behavior change provides a more secure way to offer 2FA. (Ticket #141099)

Improvement/change:The main Control Center page now displays a warning if REDCap recognizes that your web server and cron job are using different PHP.INI files, as this can sometimes cause undesired side effects.

Improvement:New “Go to project page” feature for administrators only will appear on the top navbar (when not inside a project) and on the left-hand menu when inside a project. Entering the PID of a project and hitting Enter/Tab will navigate the admin directly to the project. Additionally, if the PID is followed by a specific 1-3 letter abbreviation, they can navigate to a specific page within the project - e.g., “181 an” to go to the Alerts & Notifications page in PID 181. To go to a specific record on the Record Home Page, also enter the record number - e.g., “34 rhp 999” to view record 999 on the Record Home Page of PID 34.

Improvement:When viewing PDF attachments on Descriptive Text fields on a data entry form or survey, in which the PDF is set to be displayed inline, the PDF frame is now adjustable at the bottom so that its vertical size may be modified by the user/participant for better viewing.

Improvement:Searching has now been added in the Action Tags popup and Smart Variables popup to allow users to find content faster in those popups.

Improvement: More options for the new “Navigate to page” feature for administrators: 1) Admins can now navigate to Control Center pages via typing “cc”, 2) Help is context sensitive (project links are disabled and "cc" prefix is removed while in the Control Center), 3) Destinations in the popup are now clickable links (project links are not clickable when viewed on a Control Center page), 4) Holding CTRL while pressing ENTER or clicking a link will open in a new tab, and 5) External Module related pages support the EM framework’s alternate /external_modules/ directory location, if being used.

Changes:

Change: The dialog that is displayed when editing a field's branching logic in the Online Designer, in which one or more fields have the exact same branching logic as the current field, contains different text to better explain what clicking "Yes" will do.
Change: When using the Auto-adjudication feature in a Clinical Data Pull (CDP) project, in which it has been set to notify the user via REDCap Messenger whenever a record has been auto-adjudicated by the system, REDCap now automatically deletes all previous auto-adjudication Messenger threads for this project for the user. In previous versions, the user might receive thousands of Messenger notifications, which could cause REDCap itself to become sluggish for the user. Now it only keeps the latest notification for the user.
Various updates and changes to the External Module Framework, including a slight change to the EM link on the left-hand project menu (i.e., the "External Modules" link was replaced with "Manage" further down the project menu).
Change: In the database backend, the “redcap_log_view” database table will be renamed to “redcap_log_view_old”, and an empty replacement table (named “redcap_log_view”) will be created in its place. The old table and its contents will no longer be used in the application except for very specific, seldom-used functionality (e.g., viewing Page View events on a project’s Logging page). The new table will have a slightly different structure, such as a BIGINT primary key (instead of INT) and better/more indexes to improve query performance for the table. The retiring/renaming of the old table should not have any effect on plugin/hook/module developers unless you are performing direct queries on the “redcap_log_view” table to pull information from months or years in the past, in which case you would want to also query the “redcap_log_view_old” for such information. Note: During the upgrade process, the last 30 minutes worth of activity from redcap_log_view will be automatically transferred to the new table in order to maintain continuity within the application for before and after the upgrade, especially if the system is not taken offline during the upgrade.
Change/improvement: The Configuration Check page will now provide a new recommendation to increase the "max_allowed_packet" setting in MySQL if it has a value below 16 MB. Having a lower value for that setting could cause some large data exports or reports to fail to load.
Change: For automated survey invitations and alerts that are using the date/datetime field option that determines the timing of when the invitation/alert should be sent, some extra clarifying text has been added to the popup/popover instructions that explains that modifying the value of the date/datetime field will have no effect on invitations/alerts that have already been scheduled.
Change/improvement: Two new LOINC codes added to CDIS mapping.
Change: Minor updates to CDIS-related settings: 1) Updated the text of the automatic message sent to the user via REDCap Messenger when a CDIS cron job has no FHIR tokens that it can use for a specific project, and 2) When a CDIS automatic message is sent to the user via REDCap Messenger, in order to prevent possibly hundreds or thousands of messages from clogging up the user’s Messenger inbox, it now deletes all previous messages of the same type except for the last one.
Change: Renamed the “MySQL Dashboard” to "Database Activity Monitor" on the Control Center left-hand menu.
Change: The textbox for date, time, and datetime fields are no longer displayed with full width on data entry forms or survey pages where the whole page is disabled (e.g., when locked, when initially viewing a survey response) but instead are now displayed at their typical width.
Change/improvement: If an [aggregate-X] Smart Function is used inside a calculation or in branching logic, the function is no longer subject to the minimum data point threshold when viewing a survey page. In previous versions, under certain situations this could lead to a calculation/branching logic error on the survey page when too few data points had been entered. Note: If the Smart Function is being utilized for piping on a survey page, it is still subject to the minimum data point threshold though (i.e., different behavior for piping vs branching/calc). (Ticket #113901).
Change/improvement: A value of "0" can now be used for the setting "Minimum number of data points required to display Smart Charts..." on the system-level "User Settings" page and on the project-level "Edit a Project's Settings" page. Previous versions would not allow "0" but would allow "1" as the smallest possible value. (Ticket #113901)
Change: Added a "Contact REDCap administrator" link near the top of the project left-hand menu to provide a secondary place for users to easily contact their local administrator since the blue "Contact REDCap administrator" button at the bottom of the menu is often not visible on many pages if the menu is very long. Both the existing blue button and this new link function exactly the same. Note: The blue button was not removed but has been kept as a secondary way for users to contact their admin.
Change: The context under which the redcap_module_configure_button_display() external module hook has changed from the module list pages to an AJAX request. Any modules implementing this hook should test it to make sure it still behaves as desired.
Change: When deleting unsent/scheduled survey invitations on the Survey Invitation Log, the checkbox "Permanently cancel these invitations?" that appears in the delete invitation dialog now defaults to being unchecked. In previous versions, the checkbox was checked by default, which could sometimes lead to disastrous consequences if the user did not read all the text carefully before deleting the invitation. (Ticket #127156).
Change/improvement: Hyperlinks created in the rich text editor will now default to being opened in a new tab/window rather than defaulting to being opened in the current tab/window. This default value can be changed by the user when saving/inserting the link. (Ticket #124813)
Change/improvement: The rich text editor might be finicky when dealing with non-Latin characters, such as converting them to HTML character codes when enabling and then disabling the rich text editor in the Edit Field popup in the Online Designer.
Change/improvement: When defining the footer links on the Footer Settings page in the Control Center, if the administrator fails to enter the link values correctly by forgetting to add a label for each URL, the resulting link displayed in the project footer would not be clickable. In this case, it now displays the URL as the label and will be clickable.
Change: If a suspended Table-based user attempts to reset their password on the login page, it would send them the email for resetting their password, which is not useful since they can't actually log in to the system. It now tells them that an admin needs to first unsuspend them. (Ticket #128232)
Change/improvement: The "sub" attribute was added to the "Attribute to use for REDCap username" drop-down in the OpenID Connect authentication settings in the Control Center to provide greater compatibility with OIDC providers. (Ticket #128417)
Change/improvement: When a user logs in to REDCap the first time via OpenID Connect authentication, it now automatically adds their first name, last name, and email address to their REDCap user account. (Ticket #128417b).
Change/improvement: The red "Action Tags" button was added inside the Logic Editor dialog to make it easier to reference the Action Tags documentation while the Logic Editor is open. (Ticket #120079).
Change/improvement: Below the instructional paragraph on the Participant List page, new text has been added that lists the "Survey Response Status" as being either "Anonymous*" or "Not Anonymous" along with a clickable help link that opens a dialog that discusses in-depth why/how survey responses in the project are being collected in an anonymous or non-anonymous fashion based on the project's current configuration settings. This text was added to provide more transparency and awareness to users who might not realize that they are collecting survey data in an anonymous or non-anonymous fashion, which could ultimately have implications on processes in their project later on.
Change/improvement: When setting up an Automated Survey Invitation, the setting to make the ASI “Active” or “Not Active” has been moved to the top right of the ASI setup dialog.
Change/improvement: All the language displayed in the CDIS popup dialog “Key differences between Clinical Data Pull (CDP) and Clinical Data Mart (CDM)” has been abstracted and is now translatable.
Change: When deleting a project via the Other Functionality page, it now displays the total number of project records inside the Delete Project dialog to give the user more context prior to deleting the project.
Change: In the Action Tag documentation, a note was added about how to escape text returned from the @CALCTEXT action tag.
Change: When performing a data export, the dialog now mentions more REDCap publications that might need to be cited in published manuscripts relating to the current REDCap project. Such publications would include those for MyCap, the REDCap Mobile App, the e-Consent Framework, and CDIS.
Change: The Configuration Check page now suggests that the MySQL setting "max_allowed_packet" be increased to 128 MB or higher (preferably to 1 GB) if it is currently less than 128 MB. In previous REDCap versions, it only made this recommendation if its value was less than 16 MB, which proved to be too small for certain very large projects to function normally.
Change: The Configuration Check page now provides a suggestion for modifying any REDCap database tables that do not have the InnoDB attribute ROW_FORMAT set to DYNAMIC. For the greatest compatibility with future REDCap upgrades, all database tables are recommended to have Dynamic row format. If any do not, the Configuration Check page will output the necessary SQL queries for fixing these tables. Note: This is not a requirement but a suggestion to prevent possible issues with future upgrades.
Change/improvement: If the URL for a request on the To-Do List page contains an outdated REDCap version number (i.e., the request was made prior to the latest REDCap upgrade), the URL will now be auto-updated in the To-Do List to replace the old REDCap version number in the URL with the current REDCap version number. This will prevent 404 "Not Found" errors when processing To-Do List items in the case where the previous REDCap version directories have been removed from the web server after the latest REDCap upgrade.
Change/improvement: The "Export Events" API method now also returns the "event_id" for each event. (Ticket #135602)
Change: If a user cancels their own request to an admin that requests to move a project to production or to delete a project, the request no longer gets permanently deleted but gets marked as archived instead. This effectively has the same effect but preserves any comments or info associated with the original request, whereas deleting the whole request causes the comments/info to be permanently erased, which might not be ideal. (Ticket #136506)
Change: Improved compatibility of Clinical Data Pull with Epic Hyperspace, which uses Internet Explorer.
Change/improvement: If the monthly User Access Dashboard reminder emails are enabled, which are used to remind project users to keep their role-based access rights up to date, the emails will now be sent only during business hours. This is intended to help increase their visibility and thus improve response rates to these reminders.
Change/improvement: The "My Projects" page (and also the "Browse Projects" page in the Control Center) no longer loads the projects' count of records and fields via AJAX after the page has loaded but instead now loads the counts more efficiently in real time while rendering the page, which requires less HTTP requests.
Change/improvement: New and improved workflow and user interface for the “Break the Glass” feature when using Clinical Data Interoperability Services (CDIS) with Epic.
Change: As a convenience, when deleting a conversation in REDCap Messenger, the user is no longer prompted to enter the word "delete".
Change/improvement: A new check was added to the Configuration Check page to detect if the Zlib PHP extension has been installed on the REDCap web server. (Ticket #137725)
Change/improvement: The path to the web server's PHP.INI configuration file is now listed at the bottom of the main Control Center page (below the date of the last REDCap upgrade). This information will be useful to help admins locate their web server's config file, which can sometimes be difficult to find.
Change/improvement: On the Alerts & Notifications page, users are now able to copy deactivated alerts. In previous versions, alerts could not be copied until they were first reactivated.
Change/improvement: The path to the web server's PHP error log file is now listed at the bottom of the main Control Center page. This information will be useful to help admins locate their web server's error log, which can sometimes be difficult to find.
Change: The “Break the Glass” feature for Epic in CDIS has been updated to automatically refresh any expired BTG token. Previously, BTG tokens were short-lived and did not refresh, thus causing some issues with users.
Change: Added an MLM-related note at the top of the survey page where participants enter their survey access code. The note mentions that the language choices seen on that particular page might not necessarily be available on the survey that they are able to enter after entering their access code.
Change: PHP 8.2 is now supported in REDCap.
Change/improvement: When importing User Role assignments via CSV file uploads on the User Rights page or via the API, users can now be assigned to a role if they do not currently have access to the project. In previous versions, only existing project users could not be assigned to a role via CSV file or via API. (Ticket #119192)
Change/improvement:When setting the designated email field on the Project Setup page or when setting the survey-level designated email field on the Survey Settings page, if the selected field is utilized in more than one event and/or is utilized on a repeating instrument or repeating event, a warning message will be displayed in a yellow box immediately below the email field drop-down to inform the user that any update to the field on any event or repeating instance will change the value of the field in ALL events and repeating instances. This should help provide more transparency to users who might get confused by the fact that the field's value gets updated in all places if the designated email field is located in more than one context in the project. (Ticket #131999)
Change: Added full support for parameterized queries in REDCap’s db_query() function.
Change/improvement: Added a new option $project_id parameter for the developer method REDCap::getSurveyReturnCode().
Change: HTML tags are no longer stripped out of Project Dashboard titles as displayed in the "My Project Dashboards" list on the left-hand menu or on the Project Dashboards page. Additionally, the title of Project Dashboards are no longer limited to 150 characters.
Change: PHP 8.2 is now supported in REDCap. Note: The release notes of REDCap 13.1.0 (Standard) mistakenly noted that PHP 8.2 was supported in REDCap 13.1.0, which was only partially true because PHP 8.2 was not yet supported by the External Module Framework, which is a part of REDCap.
Change: REDCap no longer supports individual projects having their own authentication method that is different from the system-level authentication method. Going forward, every project will automatically assume the same authentication method of the system as defined on the "Security & Authentication" page in the Control Center. (Note: The "auth_meth" column name in the "redcap_projects" database table has not been removed in order to be backward compatible with any custom scripts that might be specifically querying that column in an SQL query.)
Change/improvement: The Database Activity Monitor page now specifies if a specific request is an instance of the REDCap cron job.
Change/improvement: When a user creates, edits, copies, or deletes a report, the logged event of this specific action now contains the list of all fields in the report. This improves the granularity of the audit trail for reports. (Ticket #139193)
Change/improvement: Added a new internal service check to the Configuration Check page that checks REDCap's ability to make server-side HTTP calls to its own survey end-point. For some server/network configurations, this kind of HTTP call was failing silently and causing some survey pages to timeout sporadically. This check will help administrators become aware of this issue if it exists.
Change: HTML "style" tags are now allowed in user-defined text, such as field labels, survey instructions, etc.
Change/improvement: On the Calendar page, the year selection drop-down list now extends to 10 years in the future by default, and if the year is changed via the drop-down, the drop-down's option will extend to 10 years in the future of either the current year or the selected year (whichever is largest). (Ticket #143067)
Change: The Internet Explorer web browser is no longer supported in REDCap.
Change: The third-party package named Bootstrap that is embedded inside REDCap has been upgraded from Bootstrap 4 to Bootstrap 5. Most external modules should be unaffected by this change since most of the deprecated Bootstrap 4 classes and conventions have been backported into this version to make the transition as seamless as possible.
Change: Replaced all hard-coded links to REDCap Community pages to point to the new REDCap Community website hosted on the Vanderbilt REDCap server. Previous links pointed to the old AnswerHub site.
Change: The project PID was added to the email subject of all "Request to Move Project to Production" emails that are sent to REDCap administrators. (Ticket #76956)
Change: Reworded the "Tip for min/max limits" text in the Online Designer for greater clarity.
Change: Hundreds of phrases and words of static text were abstracted in the REDCap code to allow them to be translated via the Language Updater. (Thanks to Hugo Potier for all his help with this task.)
Change/improvement: HTML "s" strikethrough tags are now allowed in user-defined text, such as field labels, survey instructions, etc.
Change: When using the Unicode Transformation page, if a database table's row_format is COMPACT, it will now add ROW_FORMAT=DYNAMIC to the SQL transformation script so that this does not need to be done separately (can be time-consuming on its own).
Change/improvement: Some performance improvements and minor changes for the Unicode Transformation page, such as the exclusion of specific database table columns since they do not need to be transformed.
Change/improvement: When a cron job crashes and sends an email to the REDCap administrator, the email now includes a full stack trace of the error.
Change: Improved memory management for several CDIS-related processes, especially those performed by the cron job.
Change/improvement: HTML "strike" strikethrough tags are now allowed in user-defined text, such as field labels, survey instructions, etc.
Change/Improvement: When a participant attempts to log in to a survey via the Survey Login feature, the attempt is now logged, in which the following things are recorded in the project logging: 1) whether the login attempt was a success or failure, 2) the project fields being utilized in the login attempt, and 3) the context (e.g., the record, survey, and event).

Important Changes

Important change: New option displayed on the Configuration Check page to update the REDCap database tables to support full Unicode. REDCap installations that were initially installed using a version prior to REDCap 8.5.0 will have an older, legacy type of database collation/encoding and charset (character set). If your REDCap installation is affected, it is *highly* recommended that you follow the steps detailed on the page that is linked on the Configuration Check page in order to update your database. Please note that this is NOT an urgent issue, but it is something we recommend you address sooner rather than later since your current database collation and charset (UTF8 or UTFMB3) have been deprecated in the latest versions of MySQL/MariaDB and thus will eventually be removed altogether in future versions of MySQL/MariaDB. The full process of updating your database tables may take many minutes or possibly hours to run all the pertinent SQL to convert both the table structure and table data. Please follow the instructions on that page carefully, and make sure you perform a database backup before starting the process. (Thanks to Tony Jin for his help with this effort.)
Important change: Dropped support for PHP 7.2. Only PHP 7.3.0 and higher are now supported in REDCap.

New Features REDCap version 13.1.28 (May 12, 2023)

New features:

What is Coronavirus [COVID-19]?