Skip to main content

Risk Register

Risk ID Description of Risk Source Likelihood Impact Risk Score Current Controls Planned Mitigation / Treatment Risk Owner Status Review Date
R-2025-06-03-01 Vulnerable Rack dependency (2.2.13) could enable request-handling issues; mitigated by upgrading to 2.2.17 in commit 28b6cd3 Code commit Medium High 6 Staging validation; management approval; Azure Defender; MFA; log reviews Continue monthly dependency checks (bundle outdated), quarterly vulnerability scans Tim Pollard Mitigated (2025-06-03) 2025-09-03
R-2025-04-08-01 Outdated Nokogiri (1.18.3→1.18.7) and Rack (2.2.11→2.2.13) may expose parsing/request risks; upgraded in commit c64ce9b Code commit Medium High 6 Staging validation; management approval; Azure Defender; MFA Maintain monthly checks; track Nokogiri/Rack advisories; quarterly vuln scans Tim Pollard Mitigated (2025-04-08) 2025-07-08
R-2025-03-04-01 Multiple gem security patches (cgi 0.3.6→0.3.7, date 3.4.0→3.4.1, net-imap 0.4.17→0.4.19, nokogiri 1.18.1→1.18.3, rack 2.2.10→2.2.11, timeout 0.4.1→0.4.3, uri 0.12.2→0.12.4) to reduce exploit surface; commit f3870ae Code commit Medium High 6 Staging validation; management approval; Azure Defender; log reviews Keep monthly dependency audits; document exceptions if deferrals needed Tim Pollard Mitigated (2025-03-04) 2025-06-04
R-2025-02-03-01 jquery-ui-rails outdated (6.0.1) with known issues; upgraded to 7.0.0 per issue #132; commit 97ef51a Code commit Medium Medium 4 Staging validation; management approval Monitor upstream JS library advisories; retire legacy plugins where possible Tim Pollard Mitigated (2025-02-03) 2025-05-03
R-2025-01-10-01 Vulnerable rails-html-sanitizer/loofah and Nokogiri versions could enable XSS via unsafe markup; upgraded (loofah 2.23.1→2.24.0, rails-html-sanitizer 1.6.0→1.6.2, nokogiri 1.16.7→1.18.1); commit 841b5ab Code commit Medium High 6 Staging validation; management approval; secure coding standards Continue monthly audits; add quarterly targeted XSS tests Tim Pollard Mitigated (2025-01-10) 2025-04-10