Skip to content
Explore more InterSystems sites:
Australia New Zealand
Australia & New Zealand
Benelux
Benelux:
Benelux:
Brazil
Brazil
Chile
Chile
China
China
Czech Republic
Czech Republic
Finland
Finland
France
France
Germany
Germany
Hungary
Hungary
indonesian flag
Indonesia
Italy
Italy
Japan
Japan
Middle East Region
Middle East
South Africa
South Africa
Middle East Region
Southeast Asia
Spain
Spain
Sweden
Sweden
United Kingdom Ireland
United Kingdom & Ireland
United States
United States
Explore more InterSystems sites:
Australia New Zealand
Australia & New Zealand
Benelux
Benelux:
Benelux:
Brazil
Brazil
Chile
Chile
China
China
Czech Republic
Czech Republic
Finland
Finland
France
France
Germany
Germany
Hungary
Hungary
indonesian flag
Indonesia
Italy
Italy
Japan
Japan
Middle East Region
Middle East
South Africa
South Africa
Middle East Region
Southeast Asia
Spain
Spain
Sweden
Sweden
United Kingdom Ireland
United Kingdom & Ireland
United States
United States
Search to learn about InterSystems products and solutions, career opportunities, and more.
Home
Product Alerts & Advisories
Advisory: Web Gateway Apache Web Server Logs Request PHI and Potentially the JWT Token Credential

Advisory: Web Gateway Apache Web Server Logs Request PHI and Potentially the JWT Token Credential

Feb 11, 2026

This problem affects all versions of the following products:

  • InterSystems IRIS® for Health
  • InterSystems Health Connect™
  • HealthShare Unified Care Record®
  • HealthShare® Information Exchange

Requirements:

  • InterSystems FHIR Server with web gateway

Default web gateway containers use a logging format that may expose PHI to administrators reviewing access logs. The FHIR standard allows query parameters (including PHI) to be added directly to query URLs.

Customers are encouraged to assess and modify their web gateway logging configuration to avoid query strings and sensitive fields. Where possible, customers are also encouraged to use FHIR POST queries with sensitive parameters in the request body rather than the URL. See the FHIR search specification for more information.
RELATED TOPICS
HealthShare InterSystems IRIS for Health HealthShare Unified Care Record

Latest Alerts & Advisories

Feb 11, 2026
Product Alerts & Advisories
Advisory: Custom Agreement Function Causes Error During Linkage Rebuild
This problem affects the following products:
More
Feb 11, 2026
Product Alerts & Advisories
Advisory: Deleted HealthShare Namespaces May Only Be Partially Removed from the Federation
This problem affects the following products:
More
Feb 11, 2026
Product Alerts & Advisories
Advisory: Consent Filtering Does Not Block Demographics from Appearing on a Clinician’s Recently Viewed Patient List
This problem affects the following products:
More
Feb 11, 2026
Product Alerts & Advisories
Advisory: ApplyConsent Setting for XCPD Responding Gateway Process is Disabled by Default
This problem affects the following products:
More
Feb 11, 2026
Product Alerts & Advisories
Advisory: Purge Task for Expire and Query Edge Gateways Does Not Delete All Expired MRNs
This problem affects the following products:
More
Feb 11, 2026
Product Alerts & Advisories
Advisory: Purge Task for Expire and Query Edge Gateways Fails to Complete Due to Streamlet Matcher Errors
This problem affects the following products:
More
Feb 11, 2026
Product Alerts & Advisories
Advisory: Database Deletion Fail-Safe Option
This problem affects all versions the following products prior to 2025.2:
More
Feb 11, 2026
Product Alerts & Advisories
Advisory: Orphaned Care Plans After Multiple Patient Merges
This problem affects the following products:
More
Feb 11, 2026
Product Alerts & Advisories
Advisory: HealthShare Does Not Support a Single Edge Gateway That Ingests Both CCDA Documents and HL7v2 Messages
This problem affects all versions of Unified Care Record and Information Exchange.
More
Feb 11, 2026
Product Alerts & Advisories
Advisory: ID Update Notification Requests to IHE PIX Consumer Always Return Success
This problem affects the following products:
More
View All Product Alerts & Advisories