The SimpleRisk 20220701-001 release contains a couple of new features, including the introduction of tags with SimpleRisk's Compliance and audit testing functionality and the ability to define multiple locations for an asset, as well as several security and bug fixes.
In our commitment to keeping SimpleRisk secure we have implemented a few security fixes discovered during this cycle in SimpleRisk which include:
- Fixed an XSS in Plan Projects.
- Migrated the moment.js library to PHP Composer and updated it to the latest version.
This release also included many well deserved bug fixes which are listed below:
- Added a fix to prevent an admin user from being able to save an invalid SimpleRisk Base URL.
- Fixed a bug where newly completed audits were affecting the test date of the test and currently active audit tests.
- If there was only one mapped control framework left on a control, it could not be removed. This has been fixed.
- Fixed an issue where new backups run by the scheduled backups were not showing in the UI but were still saved to the machine.
- Fixed an issue where custom risk level names did not display in the Graphical Risk Analysis.
- Fixed an issue where some error messages would display “Unabled” instead of “Unable”.
- Fixed an “implode” function call whose format was obsoleted in PHP 8. (Note: PHP 8 is not yet fully supported and we will continue to make updates to bring PHP 8 compatibility to SimpleRisk in line with the EOL of PHP 7.)
A few usability changes have been made to improve the experience which include:
- Changed the Site/Location field for assets into a multi-select dropdown so multiple locations can be associated with a single asset.
- Added multi-lingual support for the Graphic Risk Analysis Report
The SimpleRisk Extras are the paid for functionality that extend the features of the SimpleRisk Core. This is another release that targets bugs and security patches. One of the biggest fixes being for users who could not see custom fields while editing risks.
The full list of updates to Extras are as follows:
- Fixed an issue where CSVs were not forcibly converted to UTF8. This will most likely be the last update to the CSV style imports as we transition to XLS for import/export completely.
- Added a new column to be exported/imported called Mapped Control Numbers. When this field is populated, apply each entry (separated by commas) to each entry in the Control Frameworks field (also separated by commas).
Compliance Forge Extra
- When generating an Assessment template from Compliance Forge when choosing standard risks are not being created only pass/fail status. It will now also generate risks on "no"s.