What's New in CISO Assistant — Week 26, 2026 (v3.18.3)

A single, tightly-scoped release this week — v3.18.3 on June 22 — pairing a security hardening pass with a few quality-of-life improvements ahead of the larger v3.19.0 minor.

Security

• Hardened IAM checks & retired fallback login — Integration IAM checks were tightened and the fallback login endpoint decommissioned, closing off a legacy authentication path (PR #4383). This is a breaking change — review any automation that relied on the old endpoint. Thanks to @ab-smith.

New Features

• Evidence at the domain level — Evidence is now visible directly within a domain, making it easier to see supporting documents in context (PR #4369). Thanks to @eric-intuitem.

UX

• Centralized folder/domain field rendering — Folder and domain field rendering is now centralized in ModelForm.svelte, giving consistent behavior across forms (PR #4373). Thanks to @eric-intuitem.
• Reusable add-journey modal — The add-journey modal is now reused and supports other objects, reducing duplication across the UI (PR #4390). Thanks to @ab-smith.

Bug Fixes

• Library import ref_id limit — Raised the limit on ref_id during library imports to accommodate larger references (PR #4291). Thanks to @melinoix.

For full details, check out the v3.18.3 release notes on GitHub.