April 17th, 2026
OpenRMF® Professional v2.14 Released!
Soteria Software released a major update to their flagship product OpenRMF® Professional v2.14 today. Please log into the Software & Documentation portal under the Resources link on the website and download the upgrade as soon as you can.
OpenRMF® Professional version v2.14 was released today. This is a major release to consolidate components, improve security, updated features as well as several fix bugs. And this also updates DISA templates.
This update was a consolidation of 8 different API components down to 2. And a consolidation of 9 message components down to 1. For the messaging components, we run 2 of them for better load balancing of processes. This allows an easier upgrade path, easier troubleshooting, and faster feature development for us going forward. We have heard from a few customers that the complexity made it hard to configure, upgrade, and troubleshoot. And we heard you and focused on that as our priority #1.
This also was a needed reset so we can add the requested features and roadmap items we have schedule in a much quicker manner going forward.
- Consolidation of 7 internal API components into a single API component, with the External API remaining as is
- Consolidation of 9 internal message components into a single message component, which we will cluster for performance and messaging
- Removal of Javascript libraries no longer needed
- Added internal security checks and hardening on values passed in and sent back on API calls
- Added security checks on data throughout to improve validation
- Updated the eMASS POAM export format to match the latest update to eMASS for all DoW services and users
- Updated the `swagger.json` from the External API for newer calls
- Removed data from the External API showing username and user ID values not needed
- Updated 3rd party images with RapidFort curated images for reduced CVEs and security
- Updated the NATS messaging credential accounts for future Service Provider Interface creation
- Bug fix on POAM being updated correctly when a checklist has a hostname entered and status changed, when it was created with no hostname entry
- Bug fix on null checklist vulnerability comments from the newer SCC application generating different CKLB format files
- Bug fix to require AssetType on Bulk Edit Details of checklists
- Bug fix on resetting an entire table listing when editing from a table in MS Edge
- Bug fix on setting a default AssetType for a checklist created from the Template listing page
- Bug fixes on `//` double slashes on certain pages with filtering
- Bug fix on checklist history page listing showing the last date updated for the top current row
- Bug fix on some checklist and template CKLB history downloads return a CKL file
- Bug fix on tables refreshing the entire contents when you edit just a single row versus inline update without a total refresh
- Bug fix on checklist download history for CKLB format to download correctly
- Bug fix on system package total checklist history score listing using the current date, not the last updated date
- Updated MongoDB to v7.0.31 for a known CVE with the curated image from RapidFort
- Updated Keycloak to v 26.5.6 with the curated image from RapidFort and updated the login theme to be cleaner
- Updated Grafana to v 11.6.13 with the curated image from RapidFort
- Updated Prometheus to v3.10 with the curated image from RapidFort
- Updated NATS to v 2.12.6 with the curated image from RapidFort
- Updated the Elastic Stack to v 9.3.2 with the curated image from RapidFort
- Updated Postgres to v 16.13 with the curated image from RapidFort
- DISA Template updates as of April 10, 2026 from DISA [public.cyber.mil](https://www.cyber.mil/stigs/downloads)
- Improved automated scans for security and bugs in our development pipeline to catch issues earlier
- Updated the base image for our software components with the latest Alpine Linux curated image from RapidFort
- Updated the internal version to 2.14 on setup and configuration
- DISA Template updates as of April 10, 2026 from DISA
More information on the software release and its availability as well as training can be found at their website www.soteriasoft.com.