· intuitem · News · 3 min read
What's New in CISO Assistant — Week 25, 2026 (v3.18.1 – v3.18.2)
Two patch releases land a long-awaited dark mode, pro-tier custom fields and audit-log forwarding, a security hardening against internal redirects, and a wave of translation and table-mode fixes.
Two releases this week — v3.18.1 on June 15 and a packed v3.18.2 on June 20 — that pair a couple of headline UI and pro features with a broad cleanup of translations, table mode, and form handling.
Headline Features
- Dark mode — CISO Assistant now ships a full dark mode, with follow-up polish for the rough edges (PRs #4326, #4361). Thanks to @Mohamed-Hacene and @Axxiar.
- Custom fields (pro) — Objects can now carry custom fields, letting teams extend records with their own structured data (PR #4363). Thanks to @ab-smith.
- Audit-log forwarding (pro) — A new capability forwards audit logs to external sinks, building on the per-object audit trail introduced last week (PR #4333). Thanks to @ab-smith.
Security
- Hardened against internal redirects — Added protection against potential internal redirect abuse (PR #4368). Thanks to @ab-smith.
Integrations & API
- “Mapping from” capability — Mappings can now be defined from a source framework, complementing the dynamic mapping work shipped in v3.18.0 (PR #4283). Thanks to @eric-intuitem.
- Bulk data pull API — New endpoints expose bulk data pulls for applied controls and assets, easing large exports and integrations (PR #4356). Thanks to @ab-smith.
UX
- Validation notes & exception notifications — Validation notes are now surfaced in the UI, and exceptions trigger notifications so nothing slips through unnoticed (PR #4359). Thanks to @Mohamed-Hacene.
- Evidences in audit action plan export — The audit action plan export now includes evidences (PR #3924). Thanks to @martinzerty.
Framework & Library Updates
- Nazionale CS DP Framework fix — Corrected the Italian Nazionale CS DP framework library (PR #4343). Thanks to @tarkadia.
Internationalization
- Score translation regression — Fixed a regression in score translations (PR #4336). Thanks to @tarkadia.
- Analytics charts & reports translations — Recovered missing translations across analytics charts and reports (PR #4367). Thanks to @ab-smith.
- Implementation Group name in audit forms — Fixed a wrong Implementation Group name translation in the audit creation/edit form (PR #4338). Thanks to @tarkadia.
- Kanban & flash mode back label — Translated the back label in kanban and flash mode views (PR #4366). Thanks to @Axxiar.
Bug Fixes
- Table mode with hidden select fields — Fixed table mode when select fields are hidden (PR #4337). Thanks to @Mohamed-Hacene.
- Table mode mapping inference — Repaired broken table mode caused by outdated
mapping_inferenceusage (PR #4322). Thanks to @monsieurswag. - Framework builder node IDs — Heals duplicate
node_ids and propagates URN renames in the framework builder (PR #4342). Thanks to @nas-tabchiche. - Audit-log native columns (pro) — Read the audit-log actor and folder from native columns for correctness (PR #4360). Thanks to @nas-tabchiche.
- Feature-flag toggling consistency — Made feature-flag toggling behave consistently (PR #4355). Thanks to @ab-smith.
- EBIOS workshop 3 sorting — Fixed sorting by entity name in EBIOS RM workshop 3 (PR #4341). Thanks to @Axxiar.
- Evidence revision attachments on domain delete — Evidence revision attachments are now removed when their domain is deleted (PR #4086). Thanks to @monsieurswag.
- Double hyphen in forms — Allowed double hyphens in form input (PR #4316). Thanks to @Axxiar.
Maintenance
- Backend formatting — Aligned backend formatting to ruff v0.15.x (PR #4335). Thanks to @ab-smith.
- Documentation touch-ups — Documented the log-forwarding capability (PR #4348), added a ROSI/ROC calculation explanation (PR #4354), and added a warning about template management (PR #4339), plus routine dependency upgrades.
For full details, check out the v3.18.1 and v3.18.2 release notes on GitHub.
