- [IR-4321] - Under certain circumstances, Risk Patterns can be re-imported into an existing model when they shouldn’t be, this causes some of the countermeasures in the Implemented or Required states to be reset back to Recommended. This bug was introduced in 2.3.0.
SaaS instances of IriusRisk will have the hotfix applied and the state of any affected countermeasures will automatically be corrected.
For OnPrem customer, this release corrects this bug but does not automatically revert Countermeasures that were affected by it. In order to correct those countermeasures, follow the procedure outlined below:
Step 1 - Update your IriusRisk instance to version 2.3.3.
Step 2 - Execute the test_controls_changed.sql script against the IriusRisk database. It will print the number of countermeasures that were affected by this bug. If it returns zero rows, then no further action is required and the update is complete. If it returns one or more rows, then proceed to step 3.
Step 3 - Execute the fix_controls_changed.sql script. Verify that the number of rows updated matches the number of rows affected in Step 2. If these values don't match, contact our support team.
Please note that the sql scripts you need to use are different for Postgres and MSSQL. Chose them based on the database you are using and the prefix of the file.