[6.34.65] - 2026-06-16

Changed

• Compliance scans no longer create issues from failed control assessments by default; failed controls remain visible on their assessments, and setting complianceCreation to Issue or POAM opts back in
• Documented the vulnerabilityCreation options: IssueCreation flags past-due issues as POAMs at import time, PoamCreation flags every issue as a POA&M

Fixed

• Axonius and FedRAMP POAM commands no longer fail to load when an environment has incompatible NumPy or pandas versions installed
• AWS Inspector sync now creates assets before submitting vulnerabilities so vulnerability-to-asset mappings are created on the first run
• Vulnerabilities consolidated across multiple assets now link to every affected asset instead of none
• AWS Security Hub and Inspector vulnerability imports no longer lose asset links and POAM creation when large batches time out and retry
• Large vulnerability batches now retry in smaller chunks instead of failing repeatedly with the same oversized payload
• Nessus assets and vulnerabilities now link correctly when the scan reports an invalid or multi-value host IP
• Very large Nessus scan files now stream assets the same way findings are streamed, so hosts are no longer dropped and the platform no longer creates empty unknown assets for their findings
• Nessus issues now link to their scanned asset instead of being attached to an unrelated unknown asset
• OpenSCAP imports now identify hosts by IP address when no hostname is present, instead of grouping unidentifiable hosts under a single shared unknown asset
• Nessus findings now use the scan date recorded in the file instead of the import date, including for very large files processed by the streaming parser
• Issues generated from vulnerabilities are now flagged as POAMs on every import path when vulnerabilityCreation is set to PoamCreation; deployments already configured with PoamCreation will see issues marked as POA&Ms starting with their next import
• Description-truncation warnings during bulk scan imports now log once per run instead of flooding the log with one warning per finding

Purpose

RegScale Orchestration Hub (ROH) enables organizations to automate the import and export of data between RegScale and external systems through configurable integrations and commands.

This beta release is intended for early adopters and validation of core orchestration capabilities. Functionality, supported integrations, and performance characteristics may change before General Availability (GA). This is a hotfix release for early adopters to fix bugs summarized below.

What's Fixed

This hotfix enables early adopters to correctly use the Qualys integration’s sync_qualys command to download larger Qualys Knowledgebase vulnerability datasets with a reliable fallback mechanism.

[6.34.59] - 2026-06-15

Added

• eMASS API commands (emass_api) for POA&M, control, milestone, and artifact synchronization are now available
• eMASS XML import now uploads referenced artifact files to the System Security Plan when they are present alongside the export
• Per-asset Issue/POAM creation for Prisma Cloud and Qualys scans when issueCreation is set to PerAsset, creating a separate record for each vulnerability-asset pair
• Configurable on-disk caching of Qualys KnowledgeBase data between syncs via qualysKbCacheHours

Changed

• eMASS integration now targets the RegScale v2 API for all platform operations
• Qualys vulnerability enrichment now fetches KnowledgeBase details in targeted batches instead of downloading the entire KnowledgeBase, with truncated responses followed to completion

Fixed

• eMASS control synchronization now resolves NIST control acronyms so control implementations push to eMASS as Test Results
• eMASS POA&M push and artifact upload now send correctly formatted requests instead of failing validation
• eMASS XML import no longer silently skips artifacts; missing artifact files are reported in the import summary
• Prisma Cloud CVE deduplication now links consolidated vulnerabilities to every affected asset instead of only the first
• Vulnerability imports now warn when records have no asset identifier instead of silently skipping asset linkage
• Qualys syncs with a single KnowledgeBase result no longer fail to parse
• Qualys sync progress now shows one task per phase instead of one per asset
• Resolved a dependency conflict that could corrupt installations when optional extras are installed
• CLI startup crash caused by a NumPy 1.x/2.x version mismatch after upgrading; numpy, pandas, and pyarrow are now pinned to compatible versions
• Updated aiohttp and pyjwt to patched releases that address known security vulnerabilities

Purpose

RegScale Orchestration Hub (ROH) enables organizations to automate the import and export of data between RegScale and external systems through configurable integrations and commands.

This beta release is intended for early adopters and validation of core orchestration capabilities. Functionality, supported integrations, and performance characteristics may change before General Availability (GA). This is a follow-on hotfix release for early adopters to fix bugs summarized below.

What's Fixed

This hotfix enables early adopters to use Okta single sign-on per our documentation.

[6.31.1.2] 06-11-2026

Fixes

Workflow Group Assignment Reliability

Resolved an issue where assigning a Workflow Group to a step did not persist or function as expected. Workflow Group assignments are now correctly applied, ensuring workflow steps follow the intended routing and ownership configuration.

Inventory Dashboard Navigation

Fixed an issue that prevented the Inventory Dashboard from opening when users selected the corresponding scorecard. Users can now successfully navigate from the scorecard to the Inventory Dashboard for a seamless reporting and analysis experience.

[6.34.55] - 2026-06-09

Changed

• AWS Integration Performance update
  • Move all ComputeCollector boto3 clients to init for thread safety
  • Fix EC2 double-pagination — single-pass describe_instances
  • Batch ECS describe_clusters — O(n) API calls → O(1)
  • Parallelize AMI batch describe_images calls
  • Parallelize collect_all() with ThreadPoolExecutor — 5-10x speedup
  • Stream Security Hub findings page-by-page to prevent OOM
  • Remove unconditional 200ms sleep between Security Hub pages
  • Use compact JSON serialization for inventory cache
  • Pre-compile SEVERITY_PATTERN regex at module level in common.py
  • Stream findings through consolidation — remove list() materialization in sync_findings

Fixed

• Fix FedRAMP CIS import crash on vendor workbooks with single-row headers
  • Guard out-of-bounds access and log extra CIS columns
• AWS Integration
  • Add NextToken pagination to fetch_aws_findings_v2 and fetch_aws_resources
  • ClientError fallback, and add test coverage

[6.34.50] - 2026-06-08

Added

• RSA Archer controls, findings, and evidence synchronization into RegScale
• Tanium CIS benchmark import to RegScale security checks
• FedRAMP DRF import (import-drf) now accepts --skip-rows to handle workbooks with title or metadata rows above the column header row

Changed

• AWS CloudTrail, S3, and SSM evidence integrations now produce one assessment and issue per failing NIST control per resource instead of collapsing multiple control failures into a single record

Fixed

• libxml2 explicitly installed in the Airflow container image to ensure the patched version is present and CVE-2026-43500 is resolved
• CSAM import now reports per-domain partial failures in an end-of-run summary instead of silently masking a failed sync as a clean run
• CIS/CRM import now directly scans the Instructions tab for the exact "System Name" header cell and reads the value from the row below it as a fallback when the primary column-header detection does not resolve a name
• CIS/CRM import no longer crashes with IndexError or ColumnNotFoundError when the Instructions worksheet has fewer than four header columns
• FIPS container image now correctly exposes the regscale command and imports the regscale module at runtime
• POAM import no longer degrades on large finding sets due to oversized batch requests
• POAM import severity mapping extended to handle full canonical severity strings (e.g., "II - Moderate - Reportable Condition")
• POAM import missing Status Date warnings now emitted as a per-sheet summary instead of one warning per row
• POAM import now accepts container image references and other non-HTTP URI schemes (e.g. docker://, oci://) as asset identifiers, so container-scan POA&M rows are no longer silently dropped
• Exception tracebacks are now automatically included in log output when an error occurs inside an except block

[6.31.1.1] 06-05-2026

Changes & Enhancements

Workflow & Issue Management

• Added validation to ensure FedRAMP High AU-2 requirements are properly enforced, helping organizations maintain compliance with audit logging and event monitoring expectations.
• Introduced new vulnerability creation workflows within the Vulnerability Service and Issue Service, providing a more flexible and extensible foundation for future vulnerability management enhancements.
• Added support Issue Workflows, enabling workflow capabilities similar to SSP Approval Workflows.
• Improved issue creation behavior during STIG CKL imports to provide greater control over how imported findings are managed.
• Enhanced issue workflow record linking to improve navigation and traceability between related records.

Questionnaire & Planning Improvements

• Expanded Questionnaire support by adding additional entity types, including User, Facility, and Organization, for improved data collection and relationship management.
• Added the ability to update Security Plans directly from Questionnaire responses, streamlining assessment and documentation workflows.

Security & Infrastructure

• Hardened TCP Syslog/TLS processing to improve secure log transport and reliability.
• Improved TLS connection handling for TCP Syslog integrations by ensuring TLS is always required when configured, regardless of SysLogTCPUseTls override settings.
• Replaced a synchronous proxy HTTP implementation with an in-process background execution model, improving performance and reducing residual Server-Side Request Forgery (SSRF) exposure.

---

Fixes

Issue & Vulnerability Management

• Resolved an issue where the First Seen Date was not being populated on issues generated from vulnerability imports.
• Fixed an issue preventing the GetUserByUsername endpoint from functioning correctly when administrator credentials were used.
• Corrected malformed links generated by Issue Workflow records, ensuring users are directed to the appropriate records.

Questionnaire

• Fixed issues affecting Questionnaire entity handling and improved overall reliability when working with User, Facility, and Organization records.

Imports & Integrations

• Corrected STIG CKL import behavior that could result in unintended issue creation during import processes.

[6.34.45] - 2026-06-03

Added

• RSA Archer controls, findings, and evidence synchronization into RegScale
• Tanium CIS benchmark import to RegScale security checks
• FedRAMP DRF import (import-drf) now accepts --skip-rows to handle workbooks with title or metadata rows above the column header row

Changed

• AWS CloudTrail, S3, and SSM evidence integrations now produce one assessment and issue per failing NIST control per resource instead of collapsing multiple control failures into a single record

Fixed

• FIPS container image now correctly exposes the regscale command and imports the regscale module at runtime
• POAM import no longer degrades on large finding sets due to oversized batch requests
• POAM import severity mapping extended to handle full canonical severity strings (e.g., "II - Moderate - Reportable Condition")
• POAM import missing Status Date warnings now emitted as a per-sheet summary instead of one warning per row
• Exception tracebacks are now automatically included in log output when an error occurs inside an except block

Purpose

RegScale Orchestration Hub (ROH) enables organizations to automate the import and export of data between RegScale and external systems through configurable integrations and commands.

This beta release is intended for early adopters and validation of core orchestration capabilities. Functionality, supported integrations, and performance characteristics may change before General Availability (GA).

What's Included

Core Capabilities

ROH Beta Supports:

• Multiple scheduled job configurations per integration to support different data sources, configuration options, secrets, etc.
• Run instant jobs for ad hoc data loads
• Job splitting enables breaking larger jobs up into multiple smaller batches to support processing very large collections of data more quickly
• Review logs of currently running job executions or previously completed job executions
• Review of the health of different ROH components from a dashboard about job workers
• Managing different sets of credentials and settings in a secret set so the same kind of job can be run against multiple different environment with different credentials or environments
• Executing jobs ad-hoc by a user pressing a button or running a job on a schedule without direct user interaction

Newly Supported Integrations

Known Limitations

Functional Limitations

• A ROH deployment can only execute two jobs at the same time. This behavior is not dynamic.
• A ROH deployment can only talk to integrations using HTTP 1.1, HTTP 2 is disabled for stability purposes.

Performance Limitations

• Issue Ingestion Limitations

  • The issue ingest functionality of the core RegScale Platform does not completely performantly for smaller batches of 100 items or less at a time. For integration_command sync_all and integration_command sync_issues commands, add the secret issuesBatchSize 500, Type Integer, and Category General.

• Vulnerability Ingestion Limitations

  • The vulnerability ingestion functionality of the core RegScale Platform does not perform stably for large batches over 1,000 items at a time. For integration_command sync_all and integration_command sync_vulnerabilities commands, add the secret vulnerabilityBatchSize 500, Type Integer, and Category General.

• Integration-specific Limitations

  • Azure AD

    • The azure sync_admins, azure sync_general, azure sync_readonly command is not near real-time. With default settings, the command will ingest approximately 333 users per minute successfully.
    • The azure sync_admins command will not perform reliably for ingesting more than 50,000 users at one time.

  • Jira

    • The jira issues command is not near real-time. With default settings, the command will ingest approximately 500 issues per minute.
    • The jira tasks command is not near real-time. With default settings, the command will ingest approximately 540 issues per minute.

  • Rapid7

    • The rapid7 sync_all command is not near real-time. With default settings, the command will ingest approximately 2,100 items per minute.
    • The rapid7 sync_assets command is not near real-time. With default settings, the command will ingest approximately 3,300 items per minute.

  • Tenable.io

    • The tenable_io sync_assets command is not near real-time. With default settings, the command will ingest approximately 1,300 assets per minute.
    • The tenable_io sync_findings command is not near real-time. With default settings, the command will ingest approximately 1,100 findings per minute.