On November 23, 2020, SimpleRisk went live with our Q4 2020 release. This release primarily focused on fixing a number of bugs found in various places in the SimpleRisk Core and SimpleRisk Extras.
The biggest addition to the SimpleRisk Core in the 20201123-001 release is a new page to identify any broken files as a result of the upload bug in the 20201005-001 release. Instances that were not impacted will not see it, but for those that were, you should see a new "Fix Upload Issues" page at the top of the list of options under the Configuration menu. If you see this page, you will need to replace the identified file with a new version. Once all impacted files have been fixed, this page will disappear.
Other items added into the SimpleRisk Core as part of this release are:
- A warning message will be displayed if a user attempts to create a tag in excess of 255 characters in length.
- An issue was fixed which caused problems viewing the edit and delete buttons in the Document Program page in Governance.
- A UI bug was fixed in the User Management page under the Configure menu.
The SimpleRisk Extras are the paid for functionality that extend the features of the SimpleRisk Core. This release included a some new functionality and bug fixes for our SimpleRisk Extras:
- Added the ability to properly remove the Risk Mapping field via the Customization Extra.
- Fixed a bug where the questionnaire tracking table was not set to use innodb.
- Fixed an issue with hitting the API while encryption is on.
- Fixed an issue where users were unable to sort by a given column on the Dynamic Risk Report as long as Encryption was enabled.
- Added the FedRAMP Low Baseline Controls to the one-click framework installation option.
- Added the FedRAMP Moderate Baseline Controls to the one-click framework installation option.
- Added the FedRAMP High Baseline Controls to the one-click framework installation option.
- Added the NIST SP 800-171 DoD Assessment to the one-click assessment installation option.
- Saved Reports will now export to XLS properly using the Dynamic Risk Report.
- Fixed an issue where exported affected assets would not properly escape certain symbols.
- Fixed an issue preventing scheduled notifications from being sent.
- Fixed an issue where SAML authentication did not work if SimpleRisk was not being run out of the web server context root.
- Fixed a bug that would leave a PHP warning in the log when an AD user's account is created upon the first login.
- Fixed a performance issue for SAML users with Organizational Hierarchy enabled.
- Fixed an issue where updating the incident subject didn't show after being saved.
- Fixed an issue where updating the incident status didn't show after being saved.
- Fixed an issue where the risk subject was not decrypted with Encryption enabled.
- Fixed an issue where the asset name was not decrypted with Encryption enabled.