What's New in CISO Assistant — Week 27, 2026 (v3.19.0)
A packed minor release: SCIM provisioning with IdP groups mapping, offline-ready AI with pre-baked models, managed portals, admin-driven MFA reset, and a long list of UX, i18n, and bug fixes.
A packed minor release: SCIM provisioning with IdP groups mapping, offline-ready AI with pre-baked models, managed portals, admin-driven MFA reset, and a long list of UX, i18n, and bug fixes.
A focused patch release that surfaces evidence at the domain level, centralizes folder/domain field rendering, and hardens IAM checks while retiring the fallback login endpoint.
Two patch releases land a long-awaited dark mode, pro-tier custom fields and audit-log forwarding, a security hardening against internal redirects, and a wave of translation and table-mode fixes.
Two releases close the week: a focused v3.17.3 patch, then a feature-rich v3.18.0 bringing dynamic Jira field mappings, a per-object audit trail, two new Saudi NCA frameworks, an IDOR fix, and the backend's move from Poetry to uv.
Two releases close out the week: v3.17.1 brings a Prometheus metrics endpoint, user-configurable date formats, expanded comments and audit aggregation; v3.17.2 piles on an expanded AI/MCP server, the ABRO framework, a tables column selector, action-plan cost breakdowns, SSO redirect handling, and a big batch of data-wizard, framework-builder, and ordering fixes.
A big stretch: native project management arrives, framework-driven reporting goes cross-domain, requirement nodes gain their own score scales, and OIDC picks up a strict state/nonce mode. Plus new NCSC CAF v4.0 and TRUE II frameworks, analytics on applied controls, the psycopg2→psycopg3 upgrade, and a long tail of fixes across four releases (v3.16.5 → v3.17.0).