Research Studies

  • Improved Study, Dataset, and List Reloading
    • As part of the study reload process, you can: (1) Create new datasets from Excel spreadsheets. When reloading, columns will be added or removed from existing Datasets based on the incoming data file. (2) Load data into datasets from Excel and TSV files. (3) Load data into lists from Excel and TSV files. (docs)
    • New reloading process requires much less metadata configuration. Simply place new data files in the 'datasets' or 'lists' directory as appropriate. (docs)
  • Structured Narrative Datasets - The SND module allows developers to define hierarchical data structures for storing research and clinical data, including electronic health records in a "coded procedure" manner that can be easily quantified, analyzed, and billed. (docs)


  • PHI Data Handling - PHI data handling and logging has been expanded for general use. Supported data includes: study datasets and lists. (docs)
  • Dataset PHI logging - When users access dataset queries, an optional setting allows the system to log (1) the SQL queried, (2) the list of participant id's accessed, and (3) the set of PHI columns accessed. (docs)
  • Disable Guest Access (Experimental Feature) - Administrators can disable guest access (i.e. anonymous users). When guest access is disabled, only logged in users can access the server. (docs)


  • Edit Reports in RStudio - Edit R reports in RStudio instead of LabKey's native R designer. (docs)
  • QC Trend Reports (Experimental Feature) - Add quality control tracking to GPAT and file based assays. (docs)
  • File Substitution Syntax - R reports now support standard syntax for substitution parameters; prior inline syntax has been deprecated. (docs)

System Integration

  • Improved File Watcher
    • Configure a file watcher using a graphical user interface. (docs)
    • New tasks can be triggered by the file watcher, including: study reload, dataset creation, dataset data import, list data import. (docs)
  • S3 Storage - Use an Amazon S3 storage bucket as the file/pipeline root. (docs)


  • Disable File Upload - Disable file upload through the File Repository site-wide. (docs)
  • Reply-To in Email Templates - Email templates include a Reply-To field. (docs)
  • Files Table - All files under @files, @pipeline, and @filesets in a container can be managed using a new exp.Files table. Developers can use exp.Files to programmatically control all files at once. (docs)
  • Messages Default to Markdown - Markdown is a simple markup language for formatting pages from plain text, similar to LabKey's Wiki syntax. The Messages editor window includes a Markdown syntax key and message preview tab. (docs)
  • Improved Import/Export - Additional column properties are supported for export/import of Folders, Studies, and Lists, including: the 'Required' property, default value types, default values, and validators. (docs)


  • Pharmacokinetic Calculations - See the stability, longevity, and uptake of compounds of interest. (docs)
  • Figures of Merit for Quantitation Data - Summary statistics show the mean, standard deviation, and %CV for the replicates, along with lower limit of detection, quantitation, etc. (docs)


  • Luminex: Exclude Individual Wells - Instead of excluding the replicate group, exclude only a single well. (docs)
  • Luminex: Improved Curve Comparison Adjustments - Edit the y-axis, scale, and legend directly in the curve comparison UI. (docs)


  • Auditing Domain Property Events - Per-property changes to any domain (list, dataset, etc.) are recorded in the audit log. (docs)
  • New Role: See Absolute File Paths - A new site-level role allows users to see absolute file paths in the File Repository. (docs)
  • Impersonation Auditing - Audit records are created when a user starts or stops impersonating a role or group. (docs)
  • API Keys - Client code can access the server using API keys. Administrators can allow users to obtain new API keys and manage when keys expire. (docs)
  • Captcha for Self Sign-up - Self-registration now includes a captcha step to prevent abuse by bots. (docs)
  • Cross-Site Request Forgery (CSRF) Protection Changes - All LabKey pages have been tested and updated to protect against CSRF. We recommend that site admins change the default CSRF protection setting to "All POST requests" to enable this increased protection. This may cause issues with custom pages that are not configured to submit CSRF tokens when doing an HTTP POST. For details see the Potential Backwards Compatibility Issues section below.

Natural Language Processing

  • Improved Document Metrics - New columns display the number of documents in the current batch, the number of annotated documents, and the number of reviewed documents. (docs)
  • Metadata Export - Metadata is included (in JSON format) upon export. (docs)
  • Schema Column - The Schema column displays a link to the metadata used by the current batch. Clicking the link downloads the metadata file. (docs)


  • Assay Types Configuration - Folder Administrators may add, edit, and delete the available assay designs and control the assay label as it appears in the case details view. (docs)


  • Improved Navigation - Redesigned navigation bars have replaced the "breadcrumb" links. Multiple tabs have been added to select details pages in the registry. (docs)
  • Bulk Import Entities - Bulk import nucleotide sequences, protein sequences, molecules, mixtures, and mixture batches using an Excel file, or other tabular file format. (docs)
  • Editable Grid for Assay Data - Enter assay data directly into the data grid without the need for a file-based import. (docs)
  • GenBank File Format - Import and export data using the GenBank file format. (docs)
  • Multiple Sample Assay Data Upload (docs)
  • Improved Media Registration - Include an expiration date for batches of media. Mark raw materials and media batches as "consumed" to track the current supply. (docs)


  • User Feedback and Comments - Documentation users can now provide feedback on individual topics using a built-in utility on every page. We welcome both positive and negative feedback on our documentation. We are especially interested if a topic contains inaccurate or incomplete information. Feedback is only used internally to improve the documentation. It will never be used in marketing and outreach campaigns, nor will it be released to the public.


  • Support for Microsoft SQL Server 2017 on Windows and Linux - For details, see Supported Technologies.
  • Support for Tomcat 9.0.x - For details, see Supported Technologies.
  • Allow extra time for upgrade to 18.1 - The 18.1 upgrade may take longer than usual to complete depending on the type and number of experiment runs in the database. Flow cytometry runs with many FCS files are known to take a long time to upgrade. Please don't stop the server while the upgrade is running.

Potential Backwards Compatibility Issues

  • Assay XAR Data Export - Prior to version 18.1, Assay data exported to XAR included the original data file imported and did not reflect any changes made to the assay data on the server. Starting in 18.1 we export the most recent data for an assay.
  • Password Encoding Change - Starting in 18.1, passwords are always encoded and decoded using UTF-8 instead of following the operating system's default encoding. Some users may be required to reset their passwords. In particular users with passwords that are 5+ years old and that contain non-ASCII characters.
  • New Cross-Site Request Forgery Protection (CSRF) Recommendation - We recommend that administrators begin the process of converting their servers from the current default CSRF protection setting of "Admin requests" to "All POST requests". The more stringent security setting may cause issues for custom pages that submit HTTP POST requests. If you have no custom pages or forms, we recommend that you immediately change the CSRF setting for all test, staging, and production servers running 18.1. If you have custom pages and forms, we recommend that you begin testing on your test and staging servers. In a future release, LabKey Server will enforce that all HTTP POSTs include the CSRF token, at which point all custom pages will be required to be do so. For details on configuring custom pages with CSRF protection, see Cross-Site Request Forgery (CSRF) Protection.
  • Changes to Messages API - A new site-scoped role, Use SendMessage API, controls access to the LABKEY.Message API. Only users with this role can send messages via the API. Previously, read permission to a container automatically granted this level of access, so Guests or other groups might need to be added to the new role. Also, in a related change, the server no longer sends emails to users who have never logged into the server, except for the initial invitation email to set up their user account. (docs)
  • Compliance: Explictly Grant PHI Access to Admins - To comply with logging and audit requirements, administrators are no longer automatically granted access to Protected Health Information (PHI). Assign the appropriate level to these users or groups to provide access to PHI data.

- Denotes Premium Edition functionality.

Was this content helpful?

Log in or register an account to provide feedback

expand allcollapse all