What's new in release 3.6.3

Modified on Thu, 20 Nov at 6:18 PM

C1Risk V2 Release Notes: Version 3.6.3

Date: November 20, 2025 Version: 3.6.3

API Documentation

Comprehensive API Documentation has been added for several resources, including Obligation Section, Control Library, Crosswalk, Directory, Assessment Campaign, Audit Program, Test Procedure, Test Result, Incident Management/Incidents, and Incident Management/Incident Types. Documentation was also added for Manage Group.

Finding Management

Enhanced "Days Open" Logic has been implemented for Findings. The system now uses defined logic for calculating "Days Open" based on the Finding's status.
- If a Finding is not published, Days Open = N/A.
- If published, Days Open = Today minus Published Date (if less than 24 hours, it defaults to 1 day).
- If published and closed, Days Open = Closed Date minus Published Date.
- New fields were added to track Published Date and Published By when a user publishes a Finding. Help Text has also been added to the UI to explain the Days Open logic.

Control Library

The Total Policy count in the Control Library now only counts policies that are directly linked. Indirect counts have been removed to ensure accuracy.

Dashboard

The logic governing the "My Tasks" list has been updated. Findings and Risk Mitigations are now listed only under the Primary, Risk Manager, Additional, and Incident Manager roles. They have been removed from the Record Owner and Reporter "My Task" lists.

Contact Management and Workflow

We have removed restrictions that stopped operation when records contain inactive contacts (including primary, additional, record owner, and reviewer contacts). This allows for continuous operation.
The Reviewer dropdown logic has been adjusted to show and highlight inactive users.

API Key Management

The UI now supports deactivating a user API key. This is done via a call to the POST /api/user/apiKey/deactivate endpoint
We have implemented a security restriction that ensures API key creation is only allowed for the owner, preventing administrator users from creating API keys for other users.

Global UI

The redundant reset icon within the keyword search box has been removed, as the main "Reset" button provides this functionality.

Reports and Evidence

Report Export Error Fixed: Resolved a bug that caused an error when exporting reports to CSV. This fix addresses a syntax error in the count query and ensures that count queries for multiple CSV exports match the conditions of the main query.

Asset Management

Risk Score Chart Restored: Fixed an issue where the Risk Score charts were missing from the Summary tab of Enterprise Assets.
Asset Clone Functionality Fixed: Cloning assets from the detail page is now working correctly.

Policy Management

Policy Clone Content Fixed: Resolved an issue where the content section (both text and files) was not copied when attempting to clone a policy. The top menu action for this function should now display as 'Clone'.

Assessment

Attachment Upload Error Fixed: Resolved an issue during attachment uploads for Assessments where the page displayed an "error on access server" message while loading.

Incident Management

Incident Summary Chart Accuracy: Fixed issues related to the Top 10 Incident Type chart: the sort label is now correct (high to low), and the total record count is accurate.

Infrastructure

Email Deliverability Improvement: The Amazon SES (email server) region was changed to help prevent spam mails. This involved updating necessary DNS records.