January 15th, 2026
Batch operations now correctly send isPublic field to server, fixing RBAC visibility issues on newly created issues and vulnerabilities
Batch retry logic automatically retries failed batches individually to prevent data loss
FedRAMP test method defaults (Examine, Interview, Test) now automatically loaded from OSCAL catalogs into control test plans
New testMethod field on ControlTestPlan model with validation for valid test methods
OSCAL catalog parser extracts test methods from FedRAMP High Rev5 baselines
CLI command for importing test method mappings
Catalog import process automatically populates test method defaults during updates
CausalAnalysis model implementation with complete getList endpoint and CRUD functionality for root cause analysis tracking
Airflow DAG for OpenText WebInspect scanner integration
API URL construction for http:// domains broken by eMASS integration changes
QRadar compliance assessment now creates issues by default
QRadar POAM creation for failed assessments now properly populates all required fields
Description field uses HTML formatting instead of unformatted Markdown text
Related Controls field populated with comma-separated control IDs
Asset Identifier field populated with AWS Account ID
Recommended Actions field populated with HTML-formatted remediation steps
Date First Detected field populated with current date
POA&M Comments field populated with assessment metadata including date first detected
eMASS XML import now uses standard RegScale model patterns for creating Issues and SecurityPlans
DNS name validation added to vulnerability creation to prevent API rejection of invalid DNS formats
Prisma Cloud CLI commands ImportError preventing access to authenticate, sync_hosts, sync_images, and sync_sbom commands
Qualys integration
Policy import now correctly extracts title and metadata from FO API export format (TITLE vs policyName fields)
Assessment Details formatting now displays correctly without excessive whitespace and empty tables across all compliance integrations
Fixed systemic HTML rendering issue in base ComplianceIntegration class and all derived integrations
Removed literal newline characters () from HTML description generation that broke table and list rendering
AWS Audit Manager, AWS Config, GuardDuty, IAM, KMS, Org, and evidence generators now render HTML properly
QRadar Query Events assessments now display HTML tables and sections correctly
GCP compliance assessments now render without whitespace corruption
"Failed Resources" tables and other HTML content now display all data correctly in UI
Affects 15+ integration files with consistent fix pattern
Prisma Cloud SBOM tar.gz extraction security enhancements
Added archive format validation before extraction to prevent corrupted file processing
Implemented resource consumption limits (1GB file size, 10,000 member count) for zip bomb protection
Enhanced path traversal protection with comprehensive validation
Added symbolic and hard link filtering to prevent symlink attacks
Python 3.12+ data filter support with fallback for older versions
Refactored extraction logic into focused helper functions reducing cognitive complexity from 20 to <15
Added NOSONAR suppression for validation function with detailed security explanation
fixed cicd flow issue
Increased batch sizes from 100 to 1000 for assets, issues, and vulnerabilities for improved sync performance
Removed http.client dependency from eMASS client configuration to eliminate CVE-2025-13836 association
PDF text extraction now uses pypdfium2 (Chrome PDFium engine) for improved performance and reliability
Trivy, Grype, OpenText, Snyk, and Veracode scanner commands now use and options instead of and (breaking change)
Airflow DAGs for Trivy and Grype updated to use and parameters
S3 access for scanner integrations now supports config credentials (awsAccessKey, awsSecretKey, awsRegion) when AWS profile is unavailable
Code formatting migrated from black to ruff for faster formatting and linting
Build system modernized to use pyproject.toml exclusively, removing setup.py dependency
eMASS API client now uses httpx instead of urllib3 for improved performance and modern HTTP handling
QRadar API client migrated from requests/urllib3 to httpx for improved performance and modern HTTP handling
January 15th, 2026
Batch operations now correctly send isPublic field to server, fixing RBAC visibility issues on newly created issues and vulnerabilities
Batch retry logic automatically retries failed batches individually to prevent data loss
FedRAMP test method defaults (Examine, Interview, Test) now automatically loaded from OSCAL catalogs into control test plans
New testMethod field on ControlTestPlan model with validation for valid test methods
OSCAL catalog parser extracts test methods from FedRAMP High Rev5 baselines
CLI command for importing test method mappings
Catalog import process automatically populates test method defaults during updates
CausalAnalysis model implementation with complete getList endpoint and CRUD functionality for root cause analysis tracking
Airflow DAG for OpenText WebInspect scanner integration
API URL construction for http:// domains broken by eMASS integration changes
QRadar compliance assessment now creates issues by default
QRadar POAM creation for failed assessments now properly populates all required fields
Description field uses HTML formatting instead of unformatted Markdown text
Related Controls field populated with comma-separated control IDs
Asset Identifier field populated with AWS Account ID
Recommended Actions field populated with HTML-formatted remediation steps
Date First Detected field populated with current date
POA&M Comments field populated with assessment metadata including date first detected
eMASS XML import now uses standard RegScale model patterns for creating Issues and SecurityPlans
DNS name validation added to vulnerability creation to prevent API rejection of invalid DNS formats
Prisma Cloud CLI commands ImportError preventing access to authenticate, sync_hosts, sync_images, and sync_sbom commands
Qualys integration
Policy import now correctly extracts title and metadata from FO API export format (TITLE vs policyName fields)
Assessment Details formatting now displays correctly without excessive whitespace and empty tables across all compliance integrations
Fixed systemic HTML rendering issue in base ComplianceIntegration class and all derived integrations
Removed literal newline characters () from HTML description generation that broke table and list rendering
AWS Audit Manager, AWS Config, GuardDuty, IAM, KMS, Org, and evidence generators now render HTML properly
QRadar Query Events assessments now display HTML tables and sections correctly
GCP compliance assessments now render without whitespace corruption
"Failed Resources" tables and other HTML content now display all data correctly in UI
Affects 15+ integration files with consistent fix pattern
Prisma Cloud SBOM tar.gz extraction security enhancements
Added archive format validation before extraction to prevent corrupted file processing
Implemented resource consumption limits (1GB file size, 10,000 member count) for zip bomb protection
Enhanced path traversal protection with comprehensive validation
Added symbolic and hard link filtering to prevent symlink attacks
Python 3.12+ data filter support with fallback for older versions
Refactored extraction logic into focused helper functions reducing cognitive complexity from 20 to <15
Added NOSONAR suppression for validation function with detailed security explanation
Increased batch sizes from 100 to 1000 for assets, issues, and vulnerabilities for improved sync performance
Removed http.client dependency from eMASS client configuration to eliminate CVE-2025-13836 association
PDF text extraction now uses pypdfium2 (Chrome PDFium engine) for improved performance and reliability
Trivy, Grype, OpenText, Snyk, and Veracode scanner commands now use and options instead of and (breaking change)
Airflow DAGs for Trivy and Grype updated to use and parameters
S3 access for scanner integrations now supports config credentials (awsAccessKey, awsSecretKey, awsRegion) when AWS profile is unavailable
Code formatting migrated from black to ruff for faster formatting and linting
Build system modernized to use pyproject.toml exclusively, removing setup.py dependency
eMASS API client now uses httpx instead of urllib3 for improved performance and modern HTTP handling
QRadar API client migrated from requests/urllib3 to httpx for improved performance and modern HTTP handling
January 13th, 2026
Resolved issue that customers have been experiencing with SSO OAuth login with EntraID and Okta related to Email, FirstName, or LastName being required in the SSO Claim.
January 11th, 2026
Updated database compatibility to remove unintended dependencies introduced in the previous release, ensuring broader support across supported SQL Server editions.
Resolved an issue where the 6.27.4.0 release introduced a hard dependency on SQL Server Enterprise Edition, restoring compatibility with supported non-Enterprise editions.
Fixed a migration failure related to the CVE column that could cause upgrade issues in the current release.
January 9th, 2026
Centralized CVE validation utility with 200 character limit enforcement
Nessus scanner now creates separate findings for each CVE when vulnerabilities have multiple CVEs
CVE field validation to accept only single CVE values (max 200 characters) on Issue and Vulnerability models
Nessus integration now properly extracts all CVEs from XML instead of only the first one
Nessus integration now correctly extracts IP addresses from scan data instead of using hostnames
Qualys integration
Total cloud key issue
TypeError on single vuln
WAS Invalid api version issue
Policy Compliance API now uses FO API v3.0 with v2.0 fallback instead of unsupported QPS REST endpoints
Asset source module visibility in names and pluginIds to prevent duplication between VMDR and Total Cloud
Regscale Cli Config merge bug adding examples to dynamic dict k,v pairs
Improve Jira file upload error handling
January 8th, 2026
Qualys list_scans command to retrieve scan metadata from VMDR, WAS, Container Security, and Total Cloud modules with filtering by date range and optional JSON export
Qualys diagnostics script enhancements to include scan and report listing validation for all four main Qualys services
Prisma Cloud CSV import modernized to use Scanner Integration framework with shared models and automatic deduplication
Prisma Cloud integration now supports optional software inventory processing with --enable-software-inventory flag
Config updates to improve support and functionality
Prisma Cloud OS version parsing regex backtracking vulnerability replaced with safer lookahead assertions and explicit character classes
Config fixed an issue where merge config would overwrite values with defaults
January 8th, 2026
Improved FedRAMP (Legacy) CIS/CRM workbook generation to dynamically build control lists
Updated eMASS POA&M export formatting to align with eMASS ingest requirements
Improved visibility and usability of export-related info icons
Updated the New Component form to default to the Basic Info tab
Improved consistency of notification messages for Security Profiles JSON exports
Resolved a timeout error when finalizing a Continuous Monitoring Plan
Fixed missing NIST 800-60 identifiers in classification data
Corrected Swagger issues caused by inconsistent API capitalization
Fixed multiple UI layout issues including dark mode visibility, button containment, and redundant columns
Restored broken functionality across Evidence, Incidents, Risks, Requirements, and Security Controls modules
Fixed errors when viewing assets, dashboards, and control implementations
Corrected validation and save errors for Control Implementations, Control Settings, and Parts
Fixed issues preventing SSP deletion when child mappings exist
Resolved import failures for profiles exported from RegScale
Corrected rich text formatting so newline characters render properly
Ensured evidence collected during scheduled assessments appears correctly in reports
Fixed multiple Questionnaire issues including grading, rule application, disappearing responses, and filter errors
Restored generation of FedRAMP OSCAL exports including SAR, SAP, and POA&M
Fixed vulnerability batch processing endpoint failures
Corrected logout errors related to session timeout handling
Fixed dashboard preview issues in Dashboard Builder
Addressed improper field editability and required field indicators across Deviation, Privacy, and Issues modules
Fixed formatting and messaging issues in importer and notification messages
December 31st, 2025
OCSF (Open Cybersecurity Schema Framework) integration support for standardized security event processing
Qualys diagnostics command for troubleshooting API integration issues in isolated environments
Tanium integration
Implements a complete Tanium integration that syncs endpoints, vulnerabilities, and compliance findings to RegScale
CLI commands: tanium test_connection, tanium sync_assets, tanium sync_findings, tanium sync_all
Qualys integration KeyError when ASSET_ID field is missing from Total Cloud data
Qualys Container Security API authentication error messages now include troubleshooting guidance
Qualys WAS API error messages now include module enablement guidance
FedRAMP import errors around owner and leveraged auth metadata.
December 22nd, 2025
Fixed and issue with Control matching for catalog CMMC
GitLab SAST JSON import to sonarcloud import
December 22nd, 2025
eMASS POAM export now supports the NIST 800-53 Rev 5 catalog
RegML health check endpoint
Questionnaire responses now support viewing all responses across sections
Supply Chain module now allows optional FIPS Impact Level, Strategic Tier, and Contract Type
Compliance Setting default values can now be changed
Overall categorization changes now persist after saving
Control ID is now required when editing a Security Control in the UI
Facility Manager toggle logic is now consistent with other modules
SSP categorization now recalls the saved categorization correctly
Security Plans can now be linked to Components
New Requirements can now be created successfully
Capabilities, Programs, and Requests dashboard buttons now behave correctly
Component child records no longer cause errors when attached to Security Plans
Risk Mitigation can now be removed from Control Implementations
Evidence tab badge count now displays correctly without requiring interaction
Dashboard report View actions are now clickable and functional
Questionnaire rules using logical operators no longer break validation
Long questionnaires now scroll correctly and remain readable
Form Builder now supports setting fields to read-only or disabled
Rule Builder checkbox validations now work as expected
Response Automation jobs no longer remain stuck in progress indefinitely
Control Implementation drill-down no longer shows an invalid Create New option
New Components form now defaults to the correct Basic Info tab
Policy Status Board View drill-down is now functional
Questionnaire response alignment issues resolved
Requirements list view no longer shows invalid options
Risks list view no longer shows invalid options
Missing GetControlsByParentWithCatalog endpoint has been restored
Continuous Monitoring SAP exports now include LEADASSESSOR and Table 3-3 data
Continuous Monitoring SAR exports now include all expected data
