Mirth Connect 4.7.1 and Mirth Command Center for international customers: insights from NextGen’s Office Hours
NextGen held a new session in its “Between Two Channels: Mirth Connect Office Hours” series on June 17. The format was the usual: one hour with the product team, technical updates, and an open Q&A. This edition included two concrete announcements worth noting for those running Mirth Connect environments in production.
It wasn’t a session full of major headlines—and it wasn’t meant to be. Office Hours are more about technical updates and community engagement than product launches. That said, what was announced is far from irrelevant; for teams managing critical healthcare integration platforms, the details matter.
Mirth Connect 4.7.1: maintenance done right
NextGen released Mirth Connect 4.7.1 on June 17. This is not a version packed with major new features. It is, fundamentally, a maintenance, security, and stability update—and in healthcare environments, that often matters more than it seems.
Dependency and library updates
Most changes in this version affect the engine’s internal dependencies. AWS libraries have been updated to version 2.42.34, the PostgreSQL JDBC driver from 42.6.0 to 42.6.2, Mozilla Rhino to 1.7.15.1, Thymeleaf (used for FHIR support) to 3.1.5, and Jetty libraries have received patches. HAPI HL7 v2 has been updated from version 2.3 to 2.4.1, and the JavaScript Handlebars library to 4.7.8.
For long-time Mirth users, these names are familiar. The key question is not whether these changes are spectacular—they aren’t—but what it means not to have them. Outdated dependencies in an integration engine that handles clinical messages, connects to HIS systems, or publishes FHIR resources represent a real risk. Known vulnerabilities in libraries such as Jetty or the JDBC driver are not hypothetical—they are documented and routinely flagged in security audits across healthcare organizations. Running Mirth on a version that includes these patches simply means better control over the exposure surface.
The HAPI HL7 v2 update also has compatibility implications for those processing complex v2 messages or relying on specific parsing behaviors. It is worth reviewing the HAPI changelog between versions 2.3 and 2.4.1 if any transformation logic depends on parser-specific behavior.
Relevant bug fixes
Several fixes deserve attention depending on your setup:
- macOS environments: Fixes an issue that prevented selecting a channel initially on recent OS versions. Relevant for development or admin teams using Mac.
- AWS S3 with IAM roles: Resolves a connection issue in File Readers and Writers when authentication uses IAM roles instead of direct credentials—important for cloud storage integrations.
- XXE vulnerability in XSLT transformer: Probably the most critical fix from a security standpoint. An XSLT transformer vulnerable to XXE (XML External Entity) injection is a known attack vector. In environments processing external XML—HL7 v2 wrapped in XML, CDA, or FHIR XML—this is significant.
- SSL properties import in 4.6+: Fixes problems when importing SSL configurations, which could explain unexpected TLS behavior after migrations.
- Advanced Alerting: “Do Not Disturb” periods were not being saved properly, affecting operational alert management.
On the cosmetic side, font colors have been adjusted for better UI contrast and the login screen logo updated. Automatic creation of the OAuth resource table at startup has also been added, simplifying some initial setups.
Deprecation notice for 4.8
NextGen announced that the following APIs will be deprecated in version 4.8:
/users/_checkPassword/users/{userId}/password
Version 4.8 does not yet have a fixed release date. The product team indicated a tentative target of Q4 2026, but framed it as an estimate rather than a commitment. If any internal processes, automation scripts, or external integrations rely on these APIs, now is the time to identify them and plan migration. Waiting until release often creates unnecessary urgency.
Mirth Command Center 1.14: centralized analytics without regional restrictions
The second announcement was the general availability of Mirth Command Center 1.14 for international customers starting June 17. Until now, access had geographic limitations; as of this version, any customer outside North America can use it.
Entry requirements are clear: it requires Mirth Connect 4.6.1 or higher. The tool is hosted in NextGen’s AWS cloud and is currently focused exclusively on analytics. It is not deployable in on-premises infrastructure.
For integration and support teams, the value proposition is clear: centralized visibility and analytics across Mirth environments without having to build that layer from scratch. In organizations with multiple instances or distributed architectures across hospitals or systems, having an aggregated view provides real operational value.
However, its current limitations must be stated clearly. The scope is limited to analytics. It is not a channel management tool, does not allow remote operations or deployments, and does not replace direct instance administration. It is an observability layer, not a control platform.
The cloud model also raises important questions depending on each organization’s context. In healthcare environments subject to GDPR, national data protection laws, or strict architectural policies limiting external data flows, feasibility analysis goes beyond technical considerations. It depends on the type of data transmitted to AWS, data processing agreements with NextGen, and alignment with security and DPO requirements.
NextGen has announced dedicated webinars for customers—these will be a good opportunity to address such concerns before making adoption decisions.
What your team should do now
If you are running Mirth Connect in production, the practical takeaways are straightforward:
- Regarding 4.7.1: Review your current version and evaluate upgrading. It’s not an urgent hotfix, but it is advisable in the short term due to security patches. Validate in a staging (PRE) environment before production, especially if using S3 File Readers/Writers or XSLT transformers. Also check whether installed extensions (Alerting, clustering) may be affected by dependency updates.
- Regarding deprecated APIs: Identify any processes or integrations using them and prioritize migration.
- Regarding Mirth Command Center: If your organization operates in cloud or hybrid environments with fewer compliance constraints, it’s worth exploring and attending NextGen sessions. If you operate strictly on-prem with tight security restrictions, a prior feasibility assessment is essential.
Closing
NextGen’s Office Hours rarely deliver roadmap-changing announcements. Their value lies elsewhere: proximity to the product team, direct Q&A, and staying aligned with platform direction. The June 17 session was a good example: necessary updates, increased international availability of Command Center, and clear signals about what’s coming in 4.8—enough to bring some structure to the technical roadmap for the coming months.
Do you use Mirth Connect in your organization and have questions about upgrading or how Command Center fits into your architecture? You can contact us for a no-obligation technical assessment.
