Link Search Menu Expand Document
OpenRMF Professional Help

Version 2.13.02

This is a patch release to fix the MongoBleed CVE as well as provide additional secure software images using RapidFort’s software for curated images and tracking. It also includes a few bug fixes, a few new features, updated online help, and the latest DISA templates mentioned below.

  • MongoDB Update to 7.0.28 to fix MongoBleed CVE-2025-14847
  • Added a way to ingest a system export XML file from eMASS to start your new System Package accreditation (per user request)
  • Added the framework to the listing on the Manage System Packages screen
  • Added operatingSystem to the general JSON format patch vulnerability uploads allowed
  • Added a way to set the prefix on STIG ID, Vulnerability Number, and STIG Name for custom checklists (per user request)
  • Added a note on the Frameworks page to load default frameworks, if none exist
  • Added Assessment Procedure Numbers and Text to generating compliance and compliance statements via CCI (per user request)
  • Added source as a filter on the POAM listing page (per user request)
  • Added 4 framework reports to show framework information to users, not just Framework Administrators
  • Updated jQuery, DataTables and other UI libraries for the latest versions and various fixes
  • Updated the Team Subpackage Last Updated date to show the last time any data in the Team Subpackage was updated (per user request)
  • Updated our base image for software to include a RapidFort FIPS enabled updated Alpine Linux image
  • Bug fix on default controls (CM-6 for NIST 800-53) not always filling in for system packages to generate full compliance
  • Bug fix on CKLB files not updating in STIG Viewer 3.x because of a unique ID issue
  • Bug fix on not removing all data from the report database when doing a bulk hardware delete
  • Added a resync of report data based on the bug above from bulk hardware delete, to clean up old data
  • Bug fix on exporting out Checklist to XLSX when comments or details are over 32k characters
  • Bug fix on exporting out Compliance Details to XLSX when comments or details are over 32k characters
  • Bug fix on checklist details showing a paperclip for evidence but not listing the evidence files
  • Bug fix on trimming and normalizing CCIs, controls, overlays, and tailoring for uploads
  • Bug fix to load Cyber Readiness Settings even if the Sample System Package load is disabled
  • Bug fix on the Create Checklist from Template page to require Asset Type on creation
  • Bug fix for showing the proper control and title on adding evidence files to compliance statements
  • Bug fix on removing an extra slash / on Auditing calls that broke some Kubernetes installation pages
  • Bug fix for updating the compliance statement structure on the external API calls
  • Upgraded Prometheus to 3.8.0-jammy-fips-rfcurated
  • DISA Template updates as of January 10, 2026 from DISA public.cyber.mil

Copyright © 2021 - 2026 Soteria Software LLC.
Do The Work. Automate the Paperwork!SM