Product Release 4.46

Overview

This release details many new features and improvements, including:

• Import of LeanIX diagrams
• Widget showing Risk Reduction Over Time
• Expanded Azure DevOps Field Mapping
• New filters on the Technical Countermeasures Report
• A ton more...

Take a look at the full information below, or go directly to the Release Notes here.

API V2 (Formerly Beta) Now Finalized

We’ve introduced a new API versioning framework to ensure clearer version control, smoother upgrades, better performance, and predictable change management. API v2 is now finalized and generally available for production use. Learn more here.

Importing LeanIX Diagrams

Accelerate threat modeling by reusing existing LeanIX architecture models in IriusRisk.

Teams using LeanIX often struggle to efficiently transfer their architecture diagrams into IriusRisk without manual rework. Enhanced compatibility ensures smooth imports of LeanIX models through the existing DrawIO-supported import feature.

Expanded Azure DevOps Field Mapping

Greater flexibility and efficiency in creating Azure DevOps work items, reducing errors and manual effort while ensuring richer, more complete tickets.

Previously, integration was limited to a few predefined fields, requiring manual entry for key attributes. This increased the risk of typos, invalid entries, and additional configuration steps outside IriusRisk. Expanded field mapping now allows any available Azure DevOps field—both mandatory and optional—to be mapped directly in IriusRisk. Dropdown selections for Work Item Type, Severity, and Priority further simplify configuration, prevent errors, and streamline ticket creation.

‍

Blueprint Creation for Imported Visio and Lucidchart Diagrams

Streamlined license management and reduced unnecessary license consumption when importing diagrams.

Importing Visio (VSDX) or Lucidchart diagrams previously created a full project that consumed a license, despite no threats or countermeasures being generated. Imported VSDX diagrams now default to Blueprints, ensuring they don’t consume a license until the project is actively used.

Project Questionnaire Accessible from the Project Menu

Enhanced usability and streamlined workflows by making project questionnaires clearly accessible at the project level.

Previously, the model questionnaire was nested within the diagram context, creating confusion. Users had to open a diagram to complete it, even though the questionnaire applied to the entire project.The questionnaire has been moved into the Project menu, aligning the UI with its true scope and making it clear that it applies across the whole project.

Over-time Risk Reduction Widget

Gain a clear understanding of how risk reduction evolves over time, enabling users to demonstrate continuous impact and justify strategic decisions.

Without historical visibility, it is difficult for organizations to identify trends, measure the effectiveness of risk reduction efforts, or support resource and process decisions with concrete data. The Over-time Risk Reduction Widget allows users to visualize risk reduction trends across selected time periods—daily, weekly, or annually—filtered by business units and workflow states. This enables detailed historical analysis, helping teams track progress, spot patterns, and make data-driven decisions.

Filters on Technical Countermeasures Report

Improved usability and efficiency by allowing users to focus on the most critical technical countermeasures and prioritize actions with greater precision.

Previously, the Technical Countermeasure Report lacked key filters, making it difficult for users to manage large volumes of data and identify high-priority issues. This led to long, noisy reports and limited the report’s usefulness for decision-making and prioritization. New filtering options—by Priority, State, and Test Result—give users greater control over the report output. This aligns the Technical Countermeasure Report with existing filtering capabilities in the Current Risk, Technical Threats, and Compliance reports, helping users quickly access the information that matters most.

Faster & More Visual Components Page

Faster, more intuitive browsing of components, allowing users to quickly find and manage content with improved clarity and visual appeal.

The previous Components page was slower to load, visually cluttered, and less intuitive, making it harder for users to navigate and manage large sets of components efficiently. The Components page has been enhanced with faster load times through accordion-based category expansion, visual component icons for quick identification, elimination of flicker during category toggling, and category badges showing the number of components at a glance. These improvements deliver a smoother, more visually engaging user experience.

‍

Model Questionnaire Builder Improvements

Faster, more intuitive questionnaire creation and editing, enabling users to build and troubleshoot questionnaires with greater efficiency and precision.

The previous Questionnaire Builder included unnecessary steps, limited response options, and provided unclear feedback when issues arose, slowing down the workflow and making troubleshooting more difficult. Improvements include a “Create Question” button for empty tabs, clearer error feedback when importing invalid XML, automatic saving of answer edits without needing a “Done” button, and support for very short responses (e.g., Y/N). These changes streamline workflows, enhance clarity, and allow fully flexible questionnaire design.

‍

Safer Project Restoration

We’ve added an extra safeguard when restoring archived projects. Clicking “Restore” now displays a clear confirmation modal, letting you know the action will consume one of your available licenses. This ensures you understand the implications before proceeding and helps prevent accidental restorations.

‍

Clearer User Deletion Messaging

We’ve improved the confirmation dialog shown when admin users delete another account to remove any confusion about what’s affected. The updated message now makes it clear that only the user’s account and access are removed — all their projects and data remain intact. This ensures admins can take action with confidence, knowing exactly what will (and won’t) be deleted.

‍

Clearer Password Reset Option

We’ve updated the “Require password on next login” toggle label when creating a new user to “Require password reset on next login.” This clearer wording removes any ambiguity, making it obvious that the user will only be prompted to reset their password once — during their next login — helping admins configure accounts with confidence.

‍

Rules Dropdown Always Visible

No more clipped menus! We’ve fixed an issue in the Rules view where the dropdown filter could appear cut off when only one search or filter result was shown. Now, the container automatically fills the space so your options are always displayed in full — making it easier to see and select exactly what you need without any guesswork.

Download Project Home Dashboard for Reporting Purposes

Threat Model Practitioners, Coordinators, and Security Experts can now effortlessly include the Project Home Dashboard’s visual summary in their external reports and presentations. Your insights are ready to share with stakeholders in just a click, making it easier than ever to showcase progress and security posture at a glance.

‍

Clearer Call to Action for Jeff AI Onboarding Screen

When new users land on an empty project list, the “Model with Jeff AI” option is now presented as a clear button within the card (with the header removed). This makes it more visible and consistent with other actions on the page, ensuring first-time users can easily discover and start modeling with AI right away.

New Components and Standards

New componentsClient Side - Components
‍Microsoft Azure - Components

• Azure Container App Environment
• Azure Log Analytics Workspace
• Microsoft Graph API

• Passkey

Improvements

• Added ASVS levels 1 and 2
• Fix threats related with Lateral Movement STRIDE category
• Update the Agentic AI and A2A Protocol components to assure we have a good coverage of all OWASP Agentic AI threats T1–T15

‍

Release Notes and Documentation

For more information, see Version 4.46 Release Notes or check out our Documentation.

Shape the future of Threat Modeling with us!

Join IriusRisk Horizon - Customer Research, Product Discovery, and Early Access. Join today.

Swaggerhub & Github

Find out more of what you need in GitHub and Swaggerhub Repos:

https://app.swaggerhub.com/apis/continuumsecurity/IriusRisk/1.24.0 - We provided this featured API to allow for deeper customer integrations as well as enable very flexible automations within the many varied environments IriusRisk needs to operate.

https://iriusrisk.github.io/iriusrisk-api/v2/latest/- Please note that this version of the API is currently in beta. While it offers advanced features for deeper integrations and flexible automations, we reserve the right to make breaking changes during this phase and encourage caution in production environments.

https://github.com/iriusrisk/IriusRisk-Central - Provides content useful for IriusRisk threat modelling, including templates, API scripts, libraries and more.

‍