What's New With SimpleRisk 20251118-001 Release

by Dorian Arthur
(Director of Customer Success)

SimpleRisk Release Notes

Version: 20251118-001

If you are not yet running SimpleRisk, please download it and follow the installation instructions for your chosen method. If you're currently running a previous release, go to the Configure menu, select Register & Upgrade, and click Upgrade the Application. This will upgrade both the application and database to the latest release.

 

SimpleRisk Core

 

🚀 New Functionality

 

  • Added functionality so that when responding to an assessment it auto-saved the answers every 30 seconds.
     
  • Added a Completion Date column to the Questionnaire Results page, likely using the audit trail’s completion record to obtain the completion date.
     
  • Added an "Email Instructions" section to the Questionnaires that could be used to include additional text in the emails sent with a questionnaire.
     
  • Created a button on User Profiles that allowed an Admin to force a reset of MFA, enabling the user to set up a new device.
     

  • Created a checkbox for audit tests to determine whether they automatically initiated or had to be initiated manually each time they became due.

     

  • Added the ability to select the displayed fields in the audit timeline report and to filter those columns, similar to other places where this customization had been made possible.
     
  • Added functionality to queue actions that did not need to take place in real time.
     
  • Added promise functionality to serialize the running of queue tasks.
     

  • Fixed an issue where the audit trail did not record files being added or removed from audits, making it unclear who submitted the file and when it was last updated.

     

  • Converted email sending to use the queue by default.

     
  • Updated logging to write to a common file at /var/log/simplerisk.log.
     

  • Split logging into critical, error, warning, notice, info, and debug levels.

     

  • Converted AI recommendations, AI document creation, and AI document-to-control matching processes to use the queue.
     
  • Converted keyword creation for new and updated documents, as well as new and updated controls, to use the queue.
     
  • Migrated the CVSS scoring to use a modal.

     
  • Added a new API call to retrieve queue items.

     
  • Added a new Queue Monitor for Admin users.

     
  • Added a cron job to delete tmp_files entries older than 24 hours.

     
  • Added a cron job to recalculate the TF-IDF once per week.

     
  • Added document-to-text conversion for Word, spreadsheets, PDFs, and CSVs.

     
  • Added new file types and extensions to the list of currently supported ones for file uploads.

     

  • Converted the ping check to use the queue.

     

  • Converted the Reporting -> Lessons Learned report to a sortable dataTable.

     

 

 

 

Bug Fix

  • Fixed a bug where language_file was being called before the function definition had loaded.

     
  • Identified logic that was using an IM extra–exclusive table in the core's upgrade.php.

     
  • Fixed an issue where, after editing a compliance audit test, that test could no longer be initiated.

     
  • Fixed multiselect custom fields that were not working on the Add Asset section of the Manage Assets page.

     
  • Fixed an issue where exporting a dynamic risk report never included the status column or its data, regardless of selections made.

     
  • Fixed an issue where, if a user's name was set to a “Firstname, Lastname” format, the comma was treated as a data separator in the Dynamic Risk Report's user dropdown.

     
  • Fixed a datatable error causing the Assessments → Risk Analysis page to fail to load.

     
  • Fixed an issue where, if an Incident Management extra was not activated, an error occurred while upgrading the database from the 20250411 version.

     
  • Fixed an issue where users could not see assets with no team assigned (when created by the Vulnerability Management extra), even if the option to allow users to see team-less assets had been enabled.

     
  • Fixed improper escaping of SAML assertion values for team and role, which caused characters like & to be interpreted incorrectly and prevented proper team/role mapping.

     
  • Fixed the Edit Questionnaire page failing to render when the questionnaire did not have tabs enabled.

     
  • Updated the documents table, which previously stored framework_ids and control_ids as varchar(500), to use proper mapping tables instead.

     
  • Fixed an issue where submitting a questionnaire assessment broke any active SimpleRisk session and required the user to re-log in.

     
  • Fixed an issue where admins received duplicate risk notifications based on team membership when they belonged to multiple teams associated with the same risk.

     

  • Fixed an issue where Scheduled Notifications for “reviewed” and “past due review” could no longer send the “before it's due” emails, and forcing “run now” triggered an error in the UI.

     

  • Fixed an issue where tabs were lost during export/import because no information about them was exported or mappable.

     
  • Fixed a 500 error that occurred when activating the Risk Assessment Extra through the API.

     
  • Fixed an issue where risks created by the Tenable import were not cleaned up properly upon deletion and continued to appear in Vulnerability Management while being ignored on subsequent imports.

     
  • Fixed an issue on the Risk Management → Risk Detail page where users were unable to access the Edit Details page.

     
  • Ensured that an audit was not initiated when clicking “Cancel” in the popup used to specify a tag for the audit.

     
  • Fixed a string conversion issue in worddoc.php and resolved a related PHPOffice library bug.

     
  • Fixed an error on the Governance → Document Program page that occurred when updating a document without selecting a framework or control.

     
  • Fixed an error on the Governance → Document Program page that occurred when updating a document even when frameworks and controls had been selected.

     
  • Allowed duplicate file types to be mapped to different file extensions and allowed duplicate file extensions to be mapped to duplicate file types.

     

  • Fixed an issue on the Reporting → Dynamic Risk Report page where the download button failed, resulting in a blank page.

     

  • Fixed an issue where the Subject column Z→A sorting did not work correctly, while A→Z sorting functioned as expected.

     
  • Fixed a failure in Vulnerability Management’s InsightVM import caused by unchecked array access.

     
  • Adjusted the text display for comments when displaying reviews to match the text wrap behavior seen when writing.

     
  • Limited the number of assets displayed at a time on the Edit Asset page, as detailed in the card.

     
  • Fixed an issue where, when installing a new database and creating a new account, the default values for custom_perform_reviews_display_settingscustom_plan_mitigation_display_settings, and custom_reviewregularly_display_settings were not set.

     
  • Fixed a bug with the external reference ID CVE calculation.

     
  • Added improved handling of network connectivity issues.

     
  • Fixed a bug in update_setting where the maximum name length had been set to 50 characters instead of 100.

     
  • Fixed a bug where “Show All” on the Document to Control Mapping report triggered a datatable error.

     
  • Fixed a bug where upload_compliance_files was not being passed a user ID when called by update_document.

     
  • Added a permission check for compliance file downloads to prevent users from circumventing team-based file separation restrictions.

     
  • Fixed an issue where some fields were left empty while editing a Questionnaire.

     

  • Fixed an issue where newly created data was not visible after clicking the Add button in the Control section.

     

  • Fixed an issue where the Duplicate button in the Control section was not working properly.

     
  • Fixed an error that occurred when filtering for a team on the Plan Mitigation, Perform Reviews, or Review Regularly pages.

     
  • Fixed the Submit Risk API call (v1) to include missing fields and handle file uploads.

     
  • Fixed an issue where clicking the risk ID did not open the Risk Details page.

     
  • Fixed the Rich Text Editor issue where the URL field was disabled in the “Insert/Edit Link” modal, preventing link creation.

     
  • Fixed an issue on the Initiate Audits page where the popup to specify tags did not allow selecting both test and audit type tags.

     
  • Fixed the Owner dropdown on the Questionnaire create/edit pages, which was supposed to be single-select but was initialized as multi-select.

     
  • Fixed an issue where entering a CVE in the External Reference ID field on the Submit Risk page no longer populated data in the WYSIWYG fields (assessment & notes).

     
  • Fixed an error that occurred on the Questionnaire Template Edit page.

     
  • Fixed an issue on the Reporting → Risk Management → Connectivity Visualizer page where selecting values in “Filter by” and “Selected” caused errors unless “Filter by” was set to “Risk.”

     
  • Added audit trail entries for changes made to the Auto Initiate Status and Auto Initiate Offset fields.

     
  • Updated the delete file type and delete file type extension functionality to also remove their mappings.

     

  • Fixed an issue where Assessment Import did not correctly handle tags that contained commas.

     

  • Fixed an error on the Assessments → Import/Export page that was logged in php_error.log when exporting assessments.

     
  • Fixed a display issue on the Assessments → Risk Analysis page where the Risk Detail modal appeared incorrectly when clicking the View button.

     
  • Fixed an issue where some fields were left empty while editing Questionnaire Questions.

     
  • Fixed an issue where the File Upload Maximum Size was not updating after a successful update toast.

     
  • Fixed an issue on the Questionnaire Result Details page where the audit trail logs did not appear initially and only displayed after changing the duration dropdown value.

     
  • Updated Test Import to prevent importing a test without a tester.

     
  • Updated the file upload check logic to verify the file type and extension simultaneously.

     
  • Moved the CVSS scoring from a popup window to a modal.

     
  • Improved distinction between database IDs and risk IDs using the convert_id function and considered renaming it to a more descriptive name like convert_to_risk_id.

     
  • Fixed an issue on the Dynamic Risk Report page where mitigation fields with rich text were not exported properly.

     
  • Fixed a treegrid error on the Governance → Document Program page that occurred after adding a document.

     
  • Fixed an issue where updating a test on the Initiate Audits page did not work.

     
  • Added functionality to allow manual resizing of the editor widget on the Questionnaire create/edit page.

     

  • Fixed an issue where editing an unapproved exception still showed the "Unapprove" button, even though it was not approved.

     

  • Fixed an issue where setting the instance timezone was not validated before updating the database.

     

  • Fixed inconsistencies in the numbers displayed on the file upload widgets for questionnaires that had previously been saved as drafts.

     

TAGS
Feature Development & Parity SimpleRisk Roadmap & Updates UI & System Updates