[6.28.2.0] - 2026-02-06

Changes

• Updated Questionnaires Builder to use buttons instead of tabs for improved usability
• Added field to the response for
• Added new endpoint for NIST 800-53 based catalogs to address missing or incorrect sortIds.
• Updated customer licensing language (EULA / Legal documentation) for RegScale

Fixes

• Fixed API to correctly return the attribute used by Evidence Locker upload automation scripts
• Resolved an issue where UCF and RegScale catalogs failed to load after refresh
• Addressed residual bugs in the batchCreateOrUpdate issues API endpoint
• Improved Response Automation review modal behavior in limited-space scenarios to support efficient response and citation validation
• Fixed frontend modal overflow rendering issues
• Corrected Not Applicable status handling for control parts in the Security Plan
• Fixed an issue where the AI Auditor tab was visible when RegML was disabled
• Resolved an issue preventing users from creating or updating individual secrets in Automation Manager
• Removed unintended commas appearing in the vulnerabilities list

[6.29.16.0] - 2026-02-04

Added

• New init.yaml variable for default vulnerability filters in Wiz integration

Fixed

• Asset map GraphQL query only returning 50 assets instead of all assets when component mapping is enabled
• Milestone creation failing with "'Milestone' object has no attribute 't'" error when using legacy unique fields format
• AWS CLI parameter naming inconsistencies - all parameters now use hyphens (Click standard) with underscore aliases for backward compatibility
• Wiz , , and commands now correctly parse filter_by_override JSON strings
• Wiz commands now consistently apply project ID filter to all data queries
• AppIntegrationsCore tests now compatible with Linux CI environments using defensive attribute access for RsVariablesMeta metaclass properties

Changed

• Asset map loading performance improved by 4x for large datasets (100k+ assets) with increased page sizes and proper pagination
• AWS CLI commands now accept both and , and for improved consistency

[6.29.15.1] - 2026-02-04

Fixed

• ServiceNow parameter now consistently validates incident types across all commands and maps 'critical' to 'high' for better user experience
• FedRAMP CIS/CRM import now works on first run when creating a new Security Plan
• VALID_MODULE_NAMES constant now dynamically generated from Modules().api_names() to prevent sync issues
• version check now uses metadata

Changed

• RegScale module parameter () now uses strict validation against list of valid modules for improved error messages and user experience
• Module validation is now case-insensitive (e.g., "Issues" and "issues" both work)
• ServiceNow help text improved for clarity on accepted incident type values

[6.29.15.0] - 2026-02-02

Added

• Comprehensive Test Suite for due date handler
• Python 3.14 support with CI testing

Changed

• AssetCache now uses multi-field O(1) indexing for all identifier lookups instead of O(n) iteration
• Expanded module ID mappings in modules.py from 18 to 36 modules, now covering all RegScale modules including vulnerabilities, controls, capabilities, and other previously unmapped modules
• Updated _module_id class variables for core models: Vulnerability (20→41), Control (5→15), CausalAnalysis (0→24), and added explicit module IDs for Issue (10) and Asset (3) to ensure proper API routing

Fixed

• ScannerVariables attribute access for Python 3.14 compatibility
• SSL verification setting () now correctly applied to httpx HTTPTransport for CSAM and other integrations
• homePageUrl attribute validation for older RegScale version on the User model
• Mapping severity during Snyk imports
• Asset lookup fallback now checks all identifier fields including awsIdentifier, azureIdentifier, googleIdentifier, qualysId, tenableId, wizId, and other cloud/scanner identifiers
• AWS Audit Manager resource_id format for consistency with AWS inventory asset identifiers
• CSAM:
  • Removed the "includeActive" flag on CSAM API call as it was crashing some environments
  • Added User Indicated Severity custom field to the issues module and mapped it to poams.userIdentifiedCriticality
• Fallback value not being honored when parsing dates from Qualys
• init.yaml corruption and improved failsafes when multiple tasks are trying to update the config
• Configuration save functionality that was accidentally removed during FileLock implementation
• Config defaults template now validates at load time to prevent empty dict values from being added
• SafeConfigManager now includes built-in cross-process file locking for concurrent write protection

[6.28.1.1] - 2026-01-29

Fixes

• Fixed an issue in RegML SSP Author where extracted statement previews rendered extra blank bullets and excessive spacing.
• Resolved a bug in RegML Response Automation UI that prevented confidence scores from displaying.
• Fixed an issue where the RegML enable button was not appearing in the Modules and Features section.
• Corrected custom fields behavior.
• Resolved a migration issue related to operations requiring sysadmin priviledges.
• Fixed an incorrect redirect URL to Workflow.

Changes

• Improved overall stability and compatibility of RegML features across tenant configurations.

[6.29.14.1] - 2026-01-28

Added

• Tanium integration component selection support allowing sync to SSP or specific Component via and options
• Custom CA certificate support for corporate proxy environments (Netskope, Zscaler) via config option with SSL_CERT_FILE and REQUESTS_CA_BUNDLE environment variable fallback
• OWASP ASVS framework handler for control ID matching with CWE-based vulnerability mapping
• CWE-to-control lookup methods in ControlMatcher for SARIF and vulnerability scan integrations
• SentinelOne integration for syncing agents, threats, and vulnerabilities from SentinelOne Management Console
• Unified severity mapper for consistent severity mapping across 17+ integrations
• Asset and finding parser framework for configurable data transformation
• Resilience patterns including circuit breaker, retry policies, and checkpoint manager
• Observability framework with structured logging, metrics collection, and distributed tracing
• Integration configuration manager for centralized settings management
• Dynamic connection pool sizing that scales with thread configuration
• Added Databricks Integration [Beta], allows for querying Databricks Catalog and importing as a json file
• FedRAMP CIS/CRM workbook validation command () to pre-check files before import
• SARIF compliance sync integration for mapping static analysis findings to security controls
  • New CLI command for syncing SARIF compliance data to RegScale
  • Maps SARIF findings via CWE IDs to OWASP Top 10 or NIST 800-53 controls
  • Automatically toggles control implementation status between Planned and In Remediation

Changed

• GraphQL pagination now uses iterative approach instead of recursive for improved stability
• FedRAMP CIS/CRM import now uses flexible column header matching with aliases for better template compatibility
• Api class now uses thread-local singleton pattern for improved connection pool efficiency and thread safety
• AssetCache now uses multi-field O(1) indexing for all identifier lookups instead of O(n) iteration

Fixed

• FedRAMP CIS/CRM import performance improved with optimized control implementation loading
• Asset lookup fallback now checks all identifier fields
• Custom CA certificate validation now fails fast on invalid paths instead of warning and continuing
• SARIF compliance integration now escapes HTML in user-controlled data to prevent stored XSS vulnerabilities
• SentinelOne SSL warning suppression now scoped to client requests only, no longer affects other integrations

[6.28.1.0] - 2026-01-26

Added

• Severity Label to default metadata
• Real-time cost savings streaming per control in AI Generator
• Support for global (non-U.S.) facilities in Facility Manager
• API support for creating custom fields
• Inheritance navigation to visualize security plan inheritance
• Ability for users to reset ConMon data (Assets, Vulnerabilities, Issues, linkages)
• Appendix Q export
• Separation of Duties export
• OpenTelemetry monitoring for exports and background services
• Enhanced OpenTelemetry instrumentation for RegML
• Microsoft Authenticator support for MFA
• OSCAL POA&M export update
• Appendix Q custom data object in Export Builder
• Separation of Duties custom data object in Export Builder
• Questionnaire rule support for tables
• Exposed affected control field in Report Builder

Changed

• Updated OSCAL platform exports to call new OSCAL controller APIs
• Removed group membership for disabled accounts
• Removed inheritance and component summaries from Control Implementations dialog
• Improved RBAC inheritance during batch create/update operations
• Updated Vulnerabilities, Issues, and POA&Ms management flow
• Improved Intelligent Questionnaire titles
• Updated Stakeholders endpoint (backward compatibility impact)
• Made Causal Analysis categorization and significance configurable
• Updated Kanban to respect Form Builder configuration
• Clarified Report Builder list report sorting for Lead Assessor field
• Status Boards now reflect custom compliance roll-up statuses
• Removed invalid options from Control Implementations list view
• Removed unintended bold formatting from embedded parameters in Netskope exports
• Removed supplemental guidance from FedRAMP Appendix A export
• Removed leading zeros from control titles
• Restored backward compatibility for Facility endpoint
• Tightened duplicate field validation

Fixed

• Hover cursor and highlight behavior on risk score pills
• Control preview display issues in dark mode
• Component selector overlap in Assets Module
• FedRAMP Appendix A export handling for duplicate control IDs
• Vulnerability mappings API behavior
• Missing X-axis labels in bar charts with large result sets
• Policy Status Board drill-down view
• Inheritance issues when inheriting into plans with blank parameters
• Dashboard chart drill-down functionality
• Unreadable 100% compliance score display
• Form Builder scorecard tab caching issue
• SSP export when tagging multiple diagrams
• Drill-down errors on custom reports
• Incorrect compliance status values in CMMC SSP export
• Custom fields not displaying on security controls
• Duplication of original custom fields in new tenants
• Embedded tables in SSP exports
• Incorrect component counts on Security Plan Status Board
• 500 errors on saved searches using custom fields
• Inconsistent FedRAMP Appendix A table-of-contents generation
• Unintended child record deletion when deleting an SSP
• Profiles list API timeout (504 error)
• Inability to save partial control implementations
• Saving multiple questionnaire rule actions
• Lightning Assessments finalization flow
• PDF preview display in file subsystem
• Missing CVEs and remediation comments in reports
• License format error on new instances
• Asset batch create/update integration key handling
• ConMon FedRAMP SAR and SAP export generation
• Form Browser page titles not reflecting selected tab
• Font switching issue when updating FedRAMP Appendix A TOC
• User Management navigation causing 404
• Control Title field issues in Export Builder
• Multiple Appendix A Export Builder defects
• Misleading questionnaire toast errors in on-prem environments
• Intermittent login errors for users without assigned roles
• Relabeled fields not appearing in Report Builder
• AI Auditor not completing after audits
• SSP Author failing to run after startup
• Missing Save button on Maturity & Quality tab
• Importing Form Builder exports
• RegML extractor failures with large file sets
• Issues ↔ Assets mapping table errors
• Security finding related to overexposed keys
• Issue Status Board analytics tab
• Unimplemented Angular questionnaire methods
• Inability to create new user accounts
• Required Issue custom fields not saving
• SSP Author timeout (504 error)
• Validation errors when saving forms with custom fields
• Incorrect compliance hygiene display on Status Boards

[6.29.13.0] - 2026-01-23

Added

• Unified severity mapper for consistent severity mapping across 17+ integrations
• Asset and finding parser framework for configurable data transformation
• Resilience patterns including circuit breaker, retry policies, and checkpoint manager
• Observability framework with structured logging, metrics collection, and distributed tracing
• Integration configuration manager for centralized settings management
• Dynamic connection pool sizing that scales with thread configuration

Changes

• GraphQL pagination now uses iterative approach instead of recursive for improved stability

Fixed

• Fixed an issue with default config affecting config decryption/encryption

[6.29.7.6] - 2026-01-22

Fixed

• Fixed requirements.txt package to lock version
• Set minimum versions for rich and typing-extensions to prevent pip dependency conflicts
• Prisma Cloud scanner integration kwargs compatibility with ScannerIntegration base class
• Prisma Cloud IntegrationFinding field mapping to use correct scanner_integration field names (affected_packages, installed_versions, fixed_versions)
• Prisma Cloud Issue field population in RegScale UI (title, source identifier, identification, severity handling)
• Prisma Cloud vulnerability parsing AttributeError when status field is None from API (502 parsing errors fixed)
• Prisma Cloud integration now accepts non-CVE vulnerability identifiers (GHSA, PRISMA, GO, etc.) instead of rejecting them
• Prisma Cloud AttributeError when status field contains enum object instead of string value during fix version extraction
• Prisma Cloud warning about unable to map status value by passing string instead of enum to IntegrationFinding
• Scanner integration status mapping now recognizes common vulnerability status values (fail/failed, active, new, fixed)
• Removed unused frontend dependency to reduce transitive dependencies

[6.29.7.5] - 2026-01-21

Fixed

• Fixed a conflict with emass integration
• Airflow container update security patch
• Fixed an issue causing AirFlow DAG's to not load properly