v3.16.0

What's Changed

• feat: turn the justification in markdown format field by @martinzerty in #3947
• build(deps): bump mako from 1.3.10 to 1.3.11 in /automation by @dependabot[bot] in #3945
• build(deps): bump python-multipart from 0.0.22 to 0.0.26 in /cli by @dependabot[bot] in #3938
• chores: add publiccode.yml file by @ab-smith in #3952
• fix: update MCP tools for exceptions management by @ab-smith in #3954
• fix: ensure the html export respect the order on Postgre by @ab-smith in #3955
• fix: added "restart: always" for front CT in every docker compose by @Okuromatsu in #3920
• fix: use translated questions in serializer, exports, and tree helpers by @nas-tabchiche in #3943
• feat(lib): Règles OIV - Secteur "Transport Aérien" (2016) by @tarkadia in #3935
• feat(lib): Cadre de Conformité Cyber France (3CF) v3.1 by @tarkadia in #3913
• fix: reference link on entity assessment was lacking backend persistence by @ab-smith in #3956
• fix: disable evidences creation on the fly for now from task's autocomplete by @ab-smith in #3963
• fix: move computation to backend to fix scoring logic inconsistency by @ab-smith in #3949
• fix(doc): Update Global README.md by @tarkadia in #3957
• fix(lib): fix Framework name for "Règles OIV - Secteur « Activités civiles de l'Etat »" by @tarkadia in #3958
• fix: remove dead code by @eric-intuitem in #3965
• fix(ui): truncate long options on AutoComplete Select choices by @ab-smith in #3959
• feat: include description column to findings table by @ab-smith in #3967
• fix: allow reseting priority and impact on applied controls by @ab-smith in #3968
• chores: upgrade helm chart to match v3.15.9 by @ab-smith in #3971
• feat: include more objects in domain export/import by @ab-smith in #3969
• feat: ajout de la loi marocaine n° 09-08 relative à la protection des données personnelles (CNDP) 🇲🇦 by @oulkhabou in #3948
• feat(skill): Claude skill to prepare mappings by @ab-smith in #3972
• feat(lib): upgrade doc-pol to become 'key reference controls' and a skill to map to it by @ab-smith in #3973
• feat: context menu for vulnerabilities to quickly toggle severity and status by @ab-smith in #3976
• feat(lib): enrich recyf with recommended controls by @ab-smith in #3975
• feat(data wizard): add Asset.is_business_function attribute by @martinzerty in #3708
• fix: debug the field_visibility attribute on the framework view by @martinzerty in #3951
• fix(i18n): add missing i18n keys by @tarkadia in #3990
• chore: accept legacy column existing_controls for risk assessment by @Mohamed-Hacene in #3982
• fix: add plural for target frameworks in campaigns by @eric-intuitem in #3974
• build(deps): bump lxml from 6.0.2 to 6.1.0 in /backend by @dependabot[bot] in #3995
• fix: vulns table source consistency and search across aliases by @ab-smith in #3999
• feat(wizard): support detected_at and due_date during vulnerability import by @ab-smith in #3997
• fix: 500 error and residual tabs when hiding fields on a framework by @Mohamed-Hacene in #3980
• feat: add the possibility to add an exception in the past by @martinzerty in #3942
• fix(DORA): b_05.01.c0030 foreign key empty instead of 0 when not applicable by @nas-tabchiche in #4004
• feat: action plan for incidents by @ab-smith in #3988
• fix(perf): optimize assets page load time by @ab-smith in #4006
• feat: cancelled status for risk scenario by @ab-smith in #4009
• feat(perf): applied controls list load time improvement by @ab-smith in #4008
• fix: improve perimeter fetching logic and handle django validation errors more robustly by @tchoumi313 in #4010
• fix: clicking issue on incident export by @ab-smith in #4011
• feat(builder): UX adjustments and bug fixes by @nas-tabchiche in #4005
• fix: framework duplicate fails with UNIQUE constraint on long names by @nas-tabchiche in #3923
• fix: Processing natures are not permissions-gated anymore by @ab-smith in #4018
• fix: check if LICENSE_EXPIRATION is 'unset' as its default value is by @martinzerty in #3738
• feat: button to reset filters on table and clear out the cache by @ab-smith in #4019
• fix: enhance autocompleteselect function by @tchoumi313 in #4016
• feat: merge applied controls by @ab-smith in #3986
• fix: additional controls on SOA export honor translation and ref_id order by @ab-smith in #4024
• feat(helm) : extra volumes and affinity config by @Nathanael-Mtd in #4000
• feat: journeys presets can support implementation groups and generic pages by @ab-smith in #4026
• fix(lib): solve several issues with Framework-Nazionale-C-DP by @eric-intuitem in #4017
• feat: allow admins to include a custom dashboard on the analytics' extra tab by @ab-smith in #4013
• feat(lib): enrich NIST CSF 2.0 with recommendations by @ab-smith in #4027

New Contributors

• @Okuromatsu made their first contribution in #3920

Full Changelog: v3.15.9...v3.16.0

v3.15.9

What's Changed

• fix: align EE on CE for hardening by @eric-intuitem in #3929
• feat: add links and detailed task list variable in task email templates by @Mohamed-Hacene in #3892
• fix: restore presets and tasksReview sidebar entries by @nas-tabchiche in #3931
• feat(ux): Sort domains in asset graph and fix multi-level domain filtering by @monsieurswag in #3932
• feat(EBIOS): add button to go back to parent study in strategic scenario detail by @martinzerty in #3922
• feat: relate vulnerabilities to the followups in the datawizard by @martinzerty in #3908
• Fix currencyHelpText typo in French by @tovam in #3933
• feat: sanitize finding export for round trip by @Mohamed-Hacene in #3936
• feat: update risk assessment import/export by @Mohamed-Hacene in #3937
• feat: add a link attribute in the exception model by @martinzerty in #3911
• feat(cli): add name flag for assessments by @Mohamed-Hacene in #3909
• feat: export audit in Cyfun format by @ab-smith in #3927

Full Changelog: v3.15.8...v3.15.9

v3.15.8

What's Changed

• fix: correct applied_control 'impact' attribute for the csv export by @martinzerty in #3784
• feat: tprm exports by @Mohamed-Hacene in #3891
• fix: "Executive Summary" in "CRQ Studies" fails to load due to an error retrieving the authors' email by @tarkadia in #3912
• fix: prevent browser error for some matrices by @eric-intuitem in #3914
• build(deps-dev): bump pytest from 9.0.2 to 9.0.3 in /backend by @dependabot[bot] in #3915
• build(deps-dev): bump pytest from 9.0.2 to 9.0.3 in /enterprise/backend by @dependabot[bot] in #3916
• fix: autocompleteSelect creates partial text instead of selecting existing match by @tchoumi313 in #3921
• feat: another approach for average of averages scoring to match Cyfun 2025 logic by @ab-smith in #3905
• build(deps-dev): bump pytest from 9.0.2 to 9.0.3 in /dispatcher by @dependabot[bot] in #3917
• feat(DORA): handle subcontracting chains in ROI exports by @nas-tabchiche in #3910
• feat: hardening of containers by @eric-intuitem in #3328

Full Changelog: v3.15.7...v3.15.8

v3.15.7

What's Changed

• fix: solve dependabot alert by upgrading lupa by @eric-intuitem in #3906
• feat(epic): expand vuln management capabilities by @ab-smith in #3893

Full Changelog: v3.15.6...v3.15.7

v3.15.6

What's Changed

• feat: support batch actions on labels for applied-controls and findings by @ab-smith in #3873
• chores: align helm chart to v3.15.5 by @ab-smith in #3878
• chore(oidc): show extra_data in debug mode by @Mohamed-Hacene in #3769
• chores: migrate to vite 6 by @ab-smith in #3880
• feat: Scenarios table starting on the next page on risk analysis PDF export by @melinoix in #3881
• build(deps): bump django from 6.0.3 to 6.0.4 in /backend by @dependabot[bot] in #3886
• build(deps): bump django from 6.0.3 to 6.0.4 in /enterprise/backend by @dependabot[bot] in #3885
• feat(pro): inlined documentation for supported attributes on word export by @ab-smith in #3879
• build(deps): bump cryptography from 46.0.6 to 46.0.7 in /backend by @dependabot[bot] in #3888
• build(deps): bump cryptography from 46.0.6 to 46.0.7 in /cli by @dependabot[bot] in #3889
• build(deps): bump cryptography from 46.0.6 to 46.0.7 in /automation by @dependabot[bot] in #3890
• feat(pro): new timeline visualization with better performance and UX by @ab-smith in #3874
• feat: light mode on ebios-rm by @ab-smith in #3887
• fix: handle the case of local MFA while SSO is enabled by @ab-smith in #3902
• feat: reflect client name change in page's title by @Axxiar in #3900
• build(deps-dev): bump @sveltejs/kit from 2.53.3 to 2.57.1 in /frontend by @dependabot[bot] in #3904
• fix: avoid round-trip for SSO users preventing PAT management by @ab-smith in #3903
• fix: implementation groups for dynamic frameworks by @Mohamed-Hacene in #3894
• fix(lib): tisax framework missing version by @melinoix in #3898
• feat: add DGSSI Exigences de Qualification de Services Cloud framework (Morocco, arrêté 3-17-25) by @oulkhabou in #3899
• feat(lib): add French National Authority for Health certification for quality of care by @ImanABS in #3845
• feat(builder): improvements by @nas-tabchiche in #3871
• feat(lib): EUDI Wallet ARF HLRs by @ImanABS in #3785
• fix: applied controls export/import inconsistencies by @Mohamed-Hacene in #3882

New Contributors

• @oulkhabou made their first contribution in #3899

Full Changelog: v3.15.5...v3.15.6

v3.15.5

What's Changed

• fix: fix webauthn rp_id for good by @eric-intuitem in #3877

Full Changelog: v3.15.4...v3.15.5

v3.15.4

What's Changed

• fix: make webauthn work in cloud deployment by @eric-intuitem in #3876

Full Changelog: v3.15.3...v3.15.4

v3.15.3

What's Changed

• fix: regression on attach existing items on applied controls by @ab-smith in #3853
• feat(lib): NIST CSF 2.0 Journey by @blockanz in #3760
• fix: analytics console error about chart pointer by @ab-smith in #3855
• feat(i18n): support Lithuanian translation by @ab-smith in #3856
• fix: issue for uploading excel on Mac since the recent upgrade by @ab-smith in #3857
• feat(lib): add ANS HospiConnect HOPEN2 Program Library by @lulustucru-dsn in #3840
• fix: regression on applied control duplication by @ab-smith in #3861
• fix: reference control layout for associated applied controls sync by @ab-smith in #3862
• fix: missing link for non-compliant items and batch csf actions by @ab-smith in #3864
• fix: regression on copy from reference controls by @ab-smith in #3870
• feat(lib): add translations for cyfun-small-self-assessment by @fastlorenzo in #3868
• docs: enterprise docker readme by @Mohamed-Hacene in #3764
• feat: orphan controls identification by @ab-smith in #3815
• feat: support security keys (fido2, fingerprint, etc.) as second authN factor by @ab-smith in #3854
• feat: yearly tasks review ui improvement by @ab-smith in #3865

New Contributors

• @blockanz made their first contribution in #3760

Full Changelog: v3.15.2...v3.15.3

v3.15.2

What's Changed

• chores: update helm chart to match v3.15.1 by @ab-smith in #3837
• Add vulnerabilities capabilities to the mcp server by @jledoze in #3732
• fix: add french translation in attack path stakeholder type by @monsieurswag in #2867
• chore: add spanish translations to risk matrix iso 27005 by @iamrubeng in #3846
• feat: reverse foreign keys for vulnerabilities to include them on nested tabs by @ab-smith in #3816
• fix(builder): framework builder preview by @nas-tabchiche in #3848
• fix(builder): parent-child requirement order on framework builder save by @nas-tabchiche in #3847
• fix: remove eval()-based isinstance template filter by @glitch-ux in #3851
• feat(lib): add german language to risk matrix by @hlederhaas in #3751
• fix: sync is_published for policies documents to the parent object by @ab-smith in #3852
• feat: dora incidents reporting by @ab-smith in #3843

New Contributors

• @iamrubeng made their first contribution in #3846
• @glitch-ux made their first contribution in #3851

Full Changelog: v3.15.1...v3.15.2

v3.15.1

What's Changed

• chores: update helm chart to match v3.15.0 by @ab-smith in #3813
• feat: applied controls support 'degraded' status and kanban view styling by @ab-smith in #3812
• fix: seats count by @Mohamed-Hacene in #3830
• chores(deps): dependencies upgrade by @ab-smith in #3831
• build(deps-dev): bump @sveltejs/kit from 2.52.2 to 2.53.3 in /frontend by @dependabot[bot] in #3835
• chores(deps): lodash upgrade for n8n by @ab-smith in #3836
• chores: switch to PyTorch-cpu for RAG inference for now to reduce image size by @ab-smith in #3834
• fix: applied controls layout when reference control is attached by @ab-smith in #3817
• fix: regression on scoring labels not being displayed by @ab-smith in #3833

Full Changelog: v3.15.0...v3.15.1