HomeGuidesChangelog
Changelog
Back to All

RegScale 6.29.2.0

March 15th, 2026

[6.29.2.0] - 2026-03-13

Changes

  • Added notifications for Access Requests to improve visibility for administrators.
  • Introduced Request Access link to streamline user onboarding.
  • Implemented Cross-BU reporting capabilities.
  • Added endpoint to return available exports for all modules.
  • Added RBAC endpoint to add or remove group permissions from a record in AppBuilder.
  • Added support for enabling modules during tenant creation.
  • Migrated module enablement seeding from to module configuration files.
  • Updated RegScale AI routing to leverage v1 primitives instead of calling models directly.
  • Implemented prompt access pattern (), response contracts, and telemetry usage for RegML integration with the RegScale app.
  • Marked legacy Export Builder exports as DEPRECATED.
  • Removed NGRX Store from the application.
  • Added New Threat Models functionality.
  • Introduced New Risk creation option on Capability Risks tab.

Fixes

Access Requests & User Access

  • Fixed issue where new user access requests were not handled correctly.
  • Fixed issue where users could not approve access requests from Setup > Users.
  • Fixed issue where access requests disappeared after refreshing the page.
  • Fixed issue where users were incorrectly redirected to the App Store page to request access after upgrade.
  • Fixed issue preventing users from being added to the tenant admin list.

Performance & API

  • Improved performance of the Request Access API, which previously took ~50 seconds to respond.
  • Fixed query failures when was not set.
  • Fixed Policy Generator timeout issues due to insufficient async polling attempts with v1 query.

Security & RBAC

  • Fixed multiple role-based access control issues, including:

    • Users with CR access able to update Assessment Plans
    • Users with CR access able to delete Assessment Plans
    • Users with CRU access able to delete Threats
    • IssueScreener and IssueUser roles not receiving Issue Screening access

UI / UX

  • Fixed Browse Applications grid spacing issues on lower screen widths.
  • Fixed Login banner intermittently not appearing.
  • Fixed App Management > Group back button navigating incorrectly to General instead of Groups.
  • Fixed Create New buttons appearing in Cross-App mode where creation should not be allowed.
  • Fixed Bulk Editor appearing in Cross-App mode.
  • Fixed Component > Bulk Actions appearing in Cross-App mode.
  • Fixed Add Mappings appearing in Cross-App mode.
  • Fixed Multiple field not disabled on Questionnaire while in Cross-App mode.
  • Fixed Create New appearing in Component > Score Card > Manage Risk when not permitted.
  • Fixed Create New Risk appearing incorrectly in certain contexts.
  • Fixed Mini Subsystem buttons missing in UI.
  • Fixed Tags dropdown opening behind modal in Mini Subsystem files.

Data Integrity

  • Fixed issue where file attachment (paperclip) created records with incorrect parent ID/module.
  • Fixed issue allowing access to Request records after deletion.
  • Fixed issue where Threat Model owner field changed unexpectedly on creation.

Export Builder

  • Fixed Export Builder preview errors when viewing export files.
  • Fixed Export Builder XLSX functionality regressions introduced in 6.29.1.

RegML / AI Features

  • Fixed Response Automation not returning responses.
  • Fixed AI Generator progress status bar not updating correctly.
  • Fixed AI Generator cost savings showing when run by app users or admins.
  • Fixed RegML features returning 403 errors.

AppBuilder / Controls

  • Fixed Control Builder Primary Responsible Role not setting correctly (422 error).
  • Fixed Control Implementations loading slowly.
  • Fixed Tasks Advanced Search not working.

System / Environment

  • Fixed email functionality not enabling correctly.

Reporting

  • Fixed issue where Reports failed to load in Cross-App view with a 400 console error.
  • Fixed issue where Tenant Admins could not create new reports in Cross-App view.

Vulnerabilities & Security

  • Fixed vulnerability in mop-up functionality.
  • Fixed error loading vulnerability data.

Implementation Limitations and Known Issues in this Release

This is for everyone to be aware on any updates for SSO that involve our government customers.
With the .NET 10 upgrade that was part of our 6.29.X release there is no leniency in the verification of the login URL for SSO. There are now two Azure urls. Previously either could be used, they both return the same data indicating the .com url. If the customer is not GCC high, their validation is actually in the commercial (.com) not the government endpoint (.us).

Symptoms: The Console in the browser shows an “Issue mismatch”.

Resolution: If OAuth from Azure Entra fails after upgrading a customer to 6.29.X and their Authority url contains login.microsoftonline.us change it to login.microsoftonline.com.

Other

  • To avoid unexpected timeouts and being logged out of the application, set the session timeout value greater than the browser inactivity value. Session timeout is being enforced prior to inactivity. There is currently no warning to the end user before being automatically logged out of the application.

  • Inorder to delete an Interconnection the user must have both Update and Delete permissions.