The SimpleRisk 20220823-001 release is focused in on improving quality of life and mitigating struggles experienced with long term adminship of a SimpleRisk Instance the most noticeable change on the surface will be shown in the audit trail as you make new entries the system will now record in detail what values were changed, their previous values, and the time at which the user made the change. This provides for a better experience when investigating any unexpected changes or recovering from certain accidental updates.
This release included a few security patches and are listed below:
- Fixed a XSS issue for Risk Assessment and Additional Notes fields in Risks and Issues report.
- Fixed a stored XSS on the Assessments/Questionnaire Templates page when editing a template.
- Removed the inclusion of Box\Spout via Composer.
We also made a small number of changes to the UI which included:
- Changed the Site/Location field for assets into a multi-select dropdown so multiple locations can be associated with a single asset.
- Added multi-lingual support for the Graphic Risk Analysis Report
Last we would like to mention a number of bugs fixed based on community request which included:
- Fixed a bug where the Risk Scoring pie chart on the Overview report would count risks scored with Contributing Risks scoring method toward the unassigned label.
- Fixed the column filtering configurations in the Risk Management module for Plan Mitigations, Perform Reviews, and Review Regularly. All fields listed available should display as intended now.
- Fixed an issue where lists of tags on the Review Regularly page would display items separated by a pipe.
- Fixed an issue in the Reporting section where charts with a “Download as” function would generate output files in black and white.
- Fixed an issue where the Compliance Past Audits page would not actually restrict table contents based on filter selections.
- Resolved an issue where mouseover pop ups did not display as intended on charts in the Reporting module.
The SimpleRisk Extras are the paid for functionality that extend the features of the SimpleRisk Core. This is another release that targets bugs and security patches. One of the biggest fixes being for users who could not see custom fields while editing risks.
The full list of updates to Extras are as follows:
- Fixed an issue where values not mapped on a risk import update could be cleared or emptied.
- Added the ability to change the Template Group a risk displays with via import update.
- Added Asset ID to asset exports and made it available to map during import. Asset names can now be updated without losing their associations.
- Updated Import Export to support XLS/XLSX/CSV. All should work interchangeably. All exports will be XLSX from now on except where directly noted such as the Dynamic Risk Report which remains XLS for now.
- Unified all separators of list items for all mappable columns. Expectations will now always be “Item 1”, “Item 2”...
- Fixed an issue where schedule reports would not properly filter based on the configuration selection for that report resulting in users receiving unintended messages.
- Updated Notification Extra to show custom fields properly.
- Fixed an issue where editing tables in a notifications template could result in a field adjacent to the edited cell to no longer display the value in the e-mail.
- Fixed an issue where imports with a mapped field but no update to be made would still report to the audit log the risk was updated. This is also further mitigated by verbose auditing addition also on this release.
- Fixed issues regarding Import triggering notifications that should not otherwise be generated.
- Fixed an instance where an import could trigger a notification that would send a blank message.
Risk Assessment Extra
- Updated the Pending Risk Additional Notes field to TEXT type. It should now correctly record any amount of details the additional notes field will display will save to the generated risk correctly now.
- Fixed an issue that prevented editing the order of questions on a template via the UI or Import/Export.
Incident Management Extra
- Updated the Summary field so it can no longer be edited and emptied.
- Updated incident saving logic so updates only affect the related risks and assets the users have access to.
- Fixed an issue where deleting evidence would not return you to the incident properly.
- Fixed an issue where Incidents did not display all the related incidents and risks selected.
- Updated the tabs on the response UI to be able to link to specific tabs and activate those tabs on page load.
- Updated logic so Evidence could be added without actually attaching a file.
- Updated error reporting so file upload failures will now display a red error message to indicate the reason for the failure.