What's New With SimpleRisk 20250731-001 Release

by Dorian Arthur
(Director of Customer Success)

SimpleRisk Core

 

The SimpleRisk 20250731-001 is a general update including a host of new features and bug fixes.  If you run into trouble upgrading please contact support@simplerisk.com so we may assist you with any issues that you may run into.

20250711-001

This release introduces the following new functionality: 

  • Added an “Associated Exceptions” section above Comments on Risk Details pages to list linked policy or control exceptions.
  • Added the Team field to the “Who to Notify” section for audit status change notifications, audit comments, and automated audit notifications.
  • Added a Planned Mitigation Date variable for mitigation action-based notifications.
  • Added a “Notify on Initiated Audits” action notification with full configuration options.
  • Added the ability to batch delete questions directly from the UI.
  • Added a default option to require answering all questions before submitting an assessment.
  • Added the Due Date variable to Unreviewed and Past Due Risks email notifications.
  • Updated Control Types for Maturity Questions to match the selected control types.
  • Added an option to bypass “Pending Risk” status so risks can be created automatically after completing an assessment.
  • Added “Unapprove” functionality to each exception on the Governance > Define Exception page.
  • Updated Notification Extra to support new audit fields.
  • Added a custom editable WYSIWYG widget to the UI Layout Widget system.
  • Added TF-IDF analysis to compare keywords between policies and controls for relatedness.
  • Added Date Range filtering to Active Audits and Past Audits pages, including support for single-date filters.
  • Added an option to disable scoring normalization.
  • Updated tenable.io API calls to include recommended headers.
  • Added a “Document to Control Mapping” report to show calculated relationships between documents and controls.
  • Added TF-IDF analysis to compare keywords in policies to keywords in controls and determine if they are related
  • Able to filter on a Date Range instead of an exact date(Test Date field) for Active Audits and Past Audits pages. Make sure that you can filter on a single date if the range's start and end date are the same.
  • Added the option to disable scoring normalization
  • Updated tenable.io API calls to include their recommended headers
  • Added a "Document to Control Mapping" report which shows the calculated relationships between documents and controls

 

This release also addresses the following Bugs:

 

  • Fixed audit logging so it now records changes correctly and no longer throws exceptions when changing an asset location from empty through the UI.
  • Replaced the varchar list of IDs with proper mapping tables for threat/risk associations in the risks table.
  • Excluded policy and control exceptions with a “Closed” status from email notifications.
  • Corrected maturity compliance questions so setting a control maturity to “Not Performed” now updates the control as expected.
  • Fixed XLS export from the Dynamic Risk Report to properly handle rich text.
  • Fixed the asset edit modal to correctly recall Tags and Associated Risks.
  • Removed duplicate function declarations during upgrades.
  • Fixed mitigation view so rich text fields with attached controls display correctly.
  • Corrected mitigation acceptance to trigger the mitigation update notification.
  • Fixed asset group attachment so only actual attached assets appear under controls.
  • Restored content display on the “Submitted Risks by Date” page when team-based separation is active.
  • Allowed importing new Control logic with duplicate short_name values, matching existing behavior.
  • Fixed the Update Framework modal on Compliance > Initiate Audit to show all expected fields.
  • Corrected Governance > Document Program so updating a document changes both frameworks and controls.
  • Fixed Controls tab navigation so switching back to Frameworks tab shows the correct menu.
  • Corrected Compliance > Past Audits to show the audit test closed date instead of last completed audit date.
  • Fixed exceptions thrown by vulnerability management imports from tenable.io.
  • Restored data visibility under Configure > Audit Trails without requiring Tags.
  • Removed visible UI line artifacts between dropdown options.
  • Restored visibility of variables in Tags.
  • Fixed tag rendering in details views.
  • Ensured layout changes revert correctly after disabling Edit Mode.
  • Standardized visibility of page headings in the Response Details section.
  • Corrected asset edit to populate custom fields properly.
  • Fixed exception status and associated risks updates in Audit Trails.
  • Fixed Update Control modal on Compliance > Initiate Audit to display correctly regardless of customization extra setting.
  • Restored visibility of unapproved exceptions after unapproving from the Approver field.
  • Fixed Risk Dashboard chart to display risk levels in the correct order.
  • Corrected associated asset display under controls to only show correctly attached assets.
  • Fixed Risk Dashboard to restrict views properly based on team selection for Admin users.
  • Corrected export from Dynamic Risk Report to populate the Mitigation Control field.
  • Prevented creation of controls and tests with empty names.
  • Enabled mass accept/reject/delete of vulnerabilities on the Triage tab in Vulnerability Management.
  • Removed unwanted escapement in notifications for Security Recommendations and Requirements.
  • Fixed incorrect file count display during uploads.
  • Restored radio button selection in Questionnaire forms.
  • Ensured updating assets now creates an audit trail log.
  • Disabled “Delete Selected Questions” button when no questions are selected.
  • Fixed DataTables Ajax error caused by repeatedly clicking the Subject column header.
  • Corrected Risk Appetite Report so status changes to “Mitigation Planned” after mitigating.
  • Reversed colors in Overview so closed now appears correctly.
  • Added permission check for users checking preparation checkboxes.
  • Added audit log entries for who checked a checkbox in IM.
  • Added audit log entries for each incident.
  • Added an audit log entry when a user edits the mail configuration.
  • Fixed Compliance > Past Audits page dropdowns so filter headers display properly when no rows are present.
  • Fixed dropdown options visibility on the Active Audits page table UI.
  • Made validation messages visible when adding tags.
  • Restored visibility of Scheduled Notification “Run At” time values in the UI.
  • Fixed text overflow in “Team(s)” dropdown in Update Test Modal.
  • Restored missing mandatory asterisks (*) in fields.
  • Removed duplicate comments on multiple submissions.
  • Made uploaded files immediately visible without requiring a page refresh.

 

Other Notes:

 

  • A user reported difficulty logging in with the default username admin and password admin. Investigation revealed that PHP was enforcing secure cookies, but the application was not using SSL, preventing session values from being set. If you encounter this issue, try installing an SSL certificate and running SimpleRisk over HTTPS to resolve it.

 

 

 

TAGS
Education & Training Industry Trends & News SimpleRisk Hosted UI & System Updates Technology & Innovation