RegScale 6.31.1.5

[6.31.1.5] 07-15-2026

Known Limitations and Important Information

This release is a hotfix that is only applicable to the 6.31.1.x releases. If your current version is equal to or greater than the 6.32.0.0 release DO NOT APPLY this hotfix.

Enhancements

POA&M Custom Rules

Added support for configurable custom rules for Plans of Action and Milestones (POA&Ms), providing organizations with greater flexibility to tailor POA&M management to their internal processes and compliance requirements.

Automated Cyber Reportable Risk Flagging

Enhanced automation for POA&Ms and milestones by automatically setting the Cyber Reportable Risk flag based on configured workflows, helping ensure reportable risks are consistently identified and tracked.

Improved Test Result Export Labels

Updated the eMASS test result exports to include the [r5] prefix on applicable controls, providing clearer identification of NIST SP 800-53 Revision 5 content.

Updated CIA Value Color Scheme

Refined the visual presentation of Confidentiality, Integrity, and Availability (CIA) values by introducing an updated color scheme for Low impact ratings, improving readability and consistency across the platform.

Hardware and Software Export Improvements

Improved hardware and software inventory exports by eliminating duplicate component assets, resulting in cleaner and more accurate exported data.


Fixes

Vulnerability Status Board Asset Counts

Resolved an issue where the Vulnerability Status Board always displayed zero affected assets, ensuring accurate asset counts are presented.

Issue Milestone Persistence

Fixed a problem that could cause milestones created on issues to disappear after creation. Milestones are now retained correctly.

FedRAMP POA&M Export Asset Completeness

Resolved an issue where FedRAMP POA&M exports could omit associated assets. Exports now include the complete set of related assets.

Over Time Dashboard Stability

Fixed an issue where the Over Time dashboard reset the selected time period when switching tabs and could display stale data from a previously viewed SSP. The selected timeframe and displayed data now remain accurate throughout navigation.

Scan History Ordering

Corrected the ordering of entries on the Scan History tab so scan history is displayed in the expected chronological order.

CIS/CRM Import Status Mapping

Resolved an issue affecting CIS/CRM imports where setting controls could incorrectly populate the Other Status field. Imported status values are now mapped correctly.

Security Fixes

Updated HTML-to-PDF Conversion Engine Dependencies

Resolved multiple security vulnerabilities affecting the HTML-to-PDF conversion component used for document and report exports. The underlying third-party dependencies were updated to address several critical and high-severity security issues in the legacy rendering engine. This update strengthens the security of PDF generation while maintaining existing export functionality.

Customer impact: Improved security for document and report export capabilities with no expected changes to the end-user experience.

Updated OpenAPI/Swagger Dependencies

Updated the OpenAPI and Swagger components used to generate REST API documentation to remediate a high-severity security vulnerability in a transitive dependency. This enhancement improves the security posture of the API documentation framework while preserving compatibility with existing API documentation and developer workflows.

Customer impact: Enhanced security for API documentation generation with no expected changes to published APIs or the Swagger user experience.