SimpleRisk Core
The SimpleRisk 20250326-001 release is another large step in starting the reap the benefits of the UI refresh and starting to see more of the bugs resolved and new quality of life features appearing, if you run into trouble upgrading please contact support@simplerisk.com as these issues so we may address any issues encountered swiftly.
This release includes the New Features:.
● Created Dynamic Audit Report combining active and past audits.
● Integrated Gridstacks into Yarn. The Risk Overview can now be re-arranged and
personalized with further customization and additions to come in later releases
● Added mapped control number and audit test ID fields to the Dynamic Audit Report.
This release also addresses the following Bugs:
● Prevented creation of Playbook Actions with blank names.
● Ensured correct sorting for tagged questionnaire questions.
● Resolved display issues in the Control Template main field.
● Fixed full-page reload when canceling framework deletion.
● Displayed error messages correctly on Control Gap Analysis selection.
● Corrected sorting for Test Result column in Past Audits.
● Updated mitigation percent logic for risks.
● Disallowed Playbook actions under incorrect tabs.
● Added confirmation prompts for role deletion and file type deletion.
● Resolved multiple issues related to saving fields with only spaces.
● Ensured data does not persist after cancel actions across various modules.
● Fixed unexpected behaviors like multiple submissions, validation issues, and incorrect
data persistence.
● Resolved dropdown visibility, data table counts, tooltip issues, and UI alignment.
● Removed login dependency on ping
● Improved line wrapping and alignment in reports and dropdowns.
● Standardized field and modal layouts.
● Enhanced readability of long text fields and mandatory field indications.
● Corrected color scheme and button visibility in modals and forms.
● Improved modal titles for accuracy and user clarity.
● Standardized alignment of action icons and fixed overflow issues in tables.
● Updated copyright to 2025.
● Refined datatable logic in user management to set default settings upon user creation. This release includes the Security fixes:
● Fixed reflected XSS issues in User Management, Installer, and Role Management pages.
● Patched stored XSS in /governance/index.php.
● Addressed LDAP wildcard vulnerability in custom authentication logic.
● Enforced password and username validation rules during login to block non-compliant
existing credentials.
The SimpleRisk Extras are the paid for functionality that extend the features of the SimpleRisk Core. This release targets bugs with incident managements’ display and .
Secure Controls Framework Extra:
● Fixed SCF upgrade failure due to process errors.
● Fixed and issue where upgrading the SCF did not properly add new frameworks To the list of available frameworks.
● Refactored SCF import scripts to improve maintainability and error handling. Risk Assessment Extra:
● Fixed a CSS issue causing irregular placement of checkboxes.
Other Notes:
● A user reported difficulty logging in with the default username admin and password admin. Investigation revealed that PHP was enforcing secure cookies, but the application was not using SSL, preventing session values from being set. If you encounter this issue, try installing an SSL certificate and running SimpleRisk over HTTPS to resolve it.
