SimpleRisk Release Notes

(20211115-001)
If you are not already running SimpleRisk, then you will need to DOWNLOAD it and follow the
instructions for your chosen installation method. If you are currently running a previous release of
SimpleRisk, then you will need to go to your Configure menu, select Register & Upgrade, and then
click the “Upgrade the Application” button. This will run both the application and database upgrades
to move you to the most recent release.

The complete list of changes for this release is below:

SimpleRisk Core

New Features
● Added a new action to the action dropdown menu named “mark as unmitigated” in the risk
details pages . When this action is selected the mitigation for this risk will be completely
deleted and the risk will be reported as unmitigated.
● Added a new action to the action dropdown menu named “mark as unreviewed” in the risk
details pages . When this action is selected any reviews for this risk will be completely deleted
and the risk will be reported as unreviewed.

Usability
● Set the default size of the Additional Notes and Risk Assessment fields back to their previously
default size of 4 lines rather than 1.

Security
● Upgraded TinyMCE library from 5.8.2 to 5.10.0.

Bug Fixes
● Fixed an issue where when the Risk matrix is greater than 5x5, Contributing risk displays
incorrect values after a value has been updated or changed after submission. The Risk score
will be correct but the likelihood or impact whichever was changed would display incorrectly.
● Made an update so under the "Risks and Assets" report, we now show the "%" sign after the
number for the Mitigation Percent field.
● Fixed an issue where custom fields would not be ordered correctly.
● Fixed an issue where the "Sort By" values in the Risks and Controls report show "Asset Name"
and "Asset Risk" instead of "Control Name" and "Control Risk".
● Fixed arrow icon for Risk details on the Questionnaires page facing the incorrect direction.
● Fixed an issue where the framework_control_test_results_to_risks table is added by the
assessment extra but is required for core functionality to work which would cause inoperability
in certain circumstances.
● Fixed an issue where on the compliance test creation menu where lower resolutions would not
display dropdowns correctly.
SimpleRisk Extras

Risk Assessment Extra

● Added the ability to create multiple tabs in a single questionnaire so users are no longer
required to display the entire assessment all at once all of the time.
● Fixed an issue where users using PHP 7.4 could not view questionnaires that did not generate a
pending risk.

Import/Export Extra
● Fixed an issue where the Dynamic Risk Report could not be exported with PHP 7.4.

Customization Extra
● Fixed a bug where having too many fields on the Project page would cause the headers to
display incorrectly.

Compliance Forge SCF Extra

● Fixed a missing base_url in SESSION with a ComplianceForge API call.

Other Notes

● A SimpleRisk user noted that they were having difficulty logging in with the default
username of “admin” with password of “admin”. Upon investigation, it was discovered
that PHP was enforcing secure cookies, but the application was not using SSL, so the
session values were not set. This may be an isolated instance, but if you experience this
issue, try installing a SSL certificate and run SimpleRisk over HTTPS to fix it.