· intuitem · News  · 4 min read

What's New in CISO Assistant — Week 23, 2026 (v3.17.1 – v3.17.2)

Two releases close out the week: v3.17.1 brings a Prometheus metrics endpoint, user-configurable date formats, expanded comments and audit aggregation; v3.17.2 piles on an expanded AI/MCP server, the ABRO framework, a tables column selector, action-plan cost breakdowns, SSO redirect handling, and a big batch of data-wizard, framework-builder, and ordering fixes.

Two releases close out the week: v3.17.1 brings a Prometheus metrics endpoint, user-configurable date formats, expanded comments and audit aggregation; v3.17.2 piles on an expanded AI/MCP server, the ABRO framework, a tables column selector, action-plan cost breakdowns, SSO redirect handling, and a big batch of data-wizard, framework-builder, and ordering fixes.

Two releases this week: v3.17.1 on June 3 and a feature-heavy v3.17.2 on June 5. The theme is operability and depth — observability hooks, a meatier AI/MCP server, a new framework, more flexible tables and assets, smarter SSO, and a generous round of fixes.

Headline Features

  • Prometheus metrics endpoint — A new endpoint exposes metrics for Prometheus scraping, making it far easier to monitor a CISO Assistant deployment with standard observability tooling (PR #4061), with a follow-up to expose metrics for enterprise as well (PR #4258). Thanks to @melinoix.
  • Expanded AI / MCP server — The MCP server gains vulnerability CRUD, asset classes, and richer risk scenario reads — broadening what AI assistants can do against your GRC data (PR #4256). Thanks to @jledoze.
  • Cost breakdown on action plans — Action plans now surface a cost breakdown, bringing budget visibility directly into remediation planning (PR #4272). Thanks to @ab-smith.
  • Audit aggregation through ancestors — Audit results can now aggregate up through their ancestor hierarchy, giving cleaner consolidated views across nested scopes (PR #4245). Thanks to @ab-smith.
  • Expanded comments — The comments feature has been broadened for richer collaboration across objects (PR #4253). Thanks to @ab-smith.

Framework & Library Updates

  • ABRO Framework — A new ABRO framework library is now available (PR #4252). Thanks to @tarkadia.
  • Journey preset filter in library list — The library list gains a preset filter for journeys (PR #4279). Thanks to @tarkadia.
  • Library toolingconvert_library_v2.py now supports Threats annotations (PR #4274), plus an updated example_framework.xlsx and restored French metadata in the Vendor Due Diligence framework (PRs #4275, #4276). Thanks to @tarkadia.

Data Wizard

  • Header normalization — The data wizard now normalizes headers on import, smoothing out messy source files (PR #4160). Thanks to @martinzerty.
  • ref_id support across the wizard — All data-wizard flows now accept ref_id in addition to name, plus a new test harness to keep the wizard honest (PRs #4087, #4151). Thanks to @tchoumi313.

UX

  • Tables column selector — Tables now offer a column selector, letting users tailor which columns are shown (PR #4263). Thanks to @ab-smith.
  • User-configurable date format — Users can now choose their preferred date format (PR #4236). Thanks to @ab-smith.
  • 1–3 properties scale on assets — Assets can use a 1–3 properties scale (PR #4281). Thanks to @ab-smith.
  • Task occurrence description — A task’s occurrence now shows its description (PR #4267). Thanks to @Axxiar.
  • Higher autocomplete cap — The autocomplete lazy-mode cap was raised to 20 for more useful suggestions (PR #4268). Thanks to @ab-smith.

Security & Infrastructure

  • SSO redirect handling — After SSO login, users are now returned to the URL they originally requested instead of a generic landing page (PR #4255). Thanks to @tchoumi313.
  • Allowed IPs list — Infrastructure configuration gains an allowed-IPs list, letting operators restrict access at the application layer (PR #4250). Thanks to @tchoumi313.
  • Hide “About” menu for third parties — The About menu is now hidden from third-party users (PR #4240). Thanks to @melinoix.

Performance

  • Faster framework library updates — Fixed an O(N²) dedup in the framework library update path (PR #4264). Thanks to @Mohamed-Hacene.

Bug Fixes

  • Framework builder nodes at deep nesting — Builder nodes are no longer unusably narrow at deep nesting levels (PR #4271). Thanks to @nas-tabchiche.
  • Ordering with negative number values — Fixed wrong ordering for selects with negative number values (PR #3618). Thanks to @monsieurswag.
  • Name column ordering — Sorting by the name column now behaves correctly (PR #4242). Thanks to @Mohamed-Hacene.
  • Risk-assessment scenario filters — Scenarios can now be filtered by current level and residual level (PR #4257). Thanks to @tchoumi313.
  • Incident uniqueness and freshness — Incident uniqueness is now limited to ref_id (PR #4266), and an incident’s last-update timestamp refreshes when timeline entries change (PR #4280). Thanks to @ab-smith.
  • Vulnerabilities link in findings — Fixed the link to vulnerabilities from findings (PR #4241). Thanks to @Mohamed-Hacene.
  • Markdown rendering and translations — Restored a missing MarkdownRenderer across several pages (PR #3983) and fixed untranslated framework name and description (PR #4278). Thanks to @tarkadia.

Internationalization

  • 🇨🇿 Czech localization — A comprehensive update to the Czech translation (PR #4261). Thanks to @zdenek-pergl.

Maintenance

  • Vite 7 upgrade — The frontend moved to Vite 7, with the associated Vitest upgrade (PR #4247). Thanks to @ab-smith.
  • Pull request template — A PR template was added to streamline contributions (PR #4243). Thanks to @nas-tabchiche.
  • Documentation touch-ups — Updated CyFun export docs and fixed a broken link for ENISA’s risk acceptance (PRs #4238, #4244).

For full details, check out the v3.17.1 and v3.17.2 release notes on GitHub.

Share:
Back to Blog

Related Posts

View All Posts »
What's New in CISO Assistant — Week 22, 2026 (v3.16.5 – v3.17.0)

What's New in CISO Assistant — Week 22, 2026 (v3.16.5 – v3.17.0)

A big stretch: native project management arrives, framework-driven reporting goes cross-domain, requirement nodes gain their own score scales, and OIDC picks up a strict state/nonce mode. Plus new NCSC CAF v4.0 and TRUE II frameworks, analytics on applied controls, the psycopg2→psycopg3 upgrade, and a long tail of fixes across four releases (v3.16.5 → v3.17.0).

What's New in CISO Assistant — Week 21, 2026 (v3.16.3 – v3.16.4)

What's New in CISO Assistant — Week 21, 2026 (v3.16.3 – v3.16.4)

Two releases land back-to-back: v3.16.3 brings the AI Defense Matrix and KSA PDPL frameworks, a Responsibility Matrix (RACI/RASCI/RAPID), Ebios RM import in Egerie format, task labels, and full Estonian language support — followed by a v3.16.4 hotfix round covering Matrix Editor, breadcrumbs, and journey templates.

What's New in CISO Assistant — Week 20, 2026 (v3.16.2)

What's New in CISO Assistant — Week 20, 2026 (v3.16.2)

v3.16.2 brings two new framework libraries (EU CER directive, UK Defence Standard 05-138), an experimental UI mode for asset creation, a specialized wizard for customer questionnaire prefill, the start of CBDDO and DoW ZT-OT framework support, plus a healthy round of audit performance work, mapping engine fixes, and i18n improvements.

What's New in CISO Assistant — Week 18, 2026 (v3.16.1)

What's New in CISO Assistant — Week 18, 2026 (v3.16.1)

A focused v3.16.1 release: a new journeys editor, Azure Blob Storage as an alternative to S3, AI chat memory improvements, EPSS feeds, IEC 62443 outline, NIST CSF 1.1 enriched with reference controls, expanded respondent mode for third parties, and a steady stream of performance and bug fixes.