The SimpleRisk 20220122-001 release is a minor first release of the year that includes a few quality of life changes such as increasing the maximum length of file types added for upload.
We also updated the term Desired Frequency to Test Frequency so that it is easier to follow the usage of the field as well as making filters that tried to review Desired Frequency now pull the Test Frequency instead.
The full list of changes made for better usability includes:
- Updating the file content type field max character length so long file type names will no longer be truncated when they are saved.
- Updating the term Desired Frequency to the Test Frequency and all places you would have seen Desired Frequency previously will now pull the “Test Frequency”.
- Added the ability to search the “Owner” and “Owner’s Manager” fields during risk submission and editing the details of a risk.
- Added a default risk grouping entry that is assigned to all the risk categories without a group creating
We also introduced a few security fixes in SimpleRisk which include:
- Added a check SSL certificate option to enforce SSL certificate verification. This option is found in the “Settings” menu in the “Configure” module at the top in the “Security” tab.
- Fixed 2 possible SQL injection vulnerabilities in the Risk Assessment Extra.
This release also includes a few bug fixes and are as follows:
- Added the Threat Grouping field to Add and Remove Values.
- Fixed an issue where users could not upgrade when the table engine converting logic did not perform as expected.
- Fixed a bug where the supporting documentation in risk details was not displayed as intended.
The SimpleRisk Extras are the paid for functionality that extend the features of the SimpleRisk Core. This release was mostly focused on bug fixes but one noticeable change is the Risk Assessment Extra questionnaires display has been updated to be easier to follow which answer is selected.
The full list of updates to Extras are as follows:
Risk Assessment Extra
- Updated the design of the answers displayed on completed questionnaires, results, shared results and the compare results pages
Vulnerability Management Extra
- Fixed an issue where the cron would not run as intended due to looking for a session cookie that did not exist.