21 May 2026 - Cirrus is not affected by Copy.fail and variants
May 26th - Feature
[EU/CA/AU/SG]
Feature
- Data & Insights (CR-23870 / CR-24594)
Improvements:
- Added support for Match item types in candidate delivery (CR-24670)
- Added the ReadSpeaker field to "Print Key Codes" (CR-25536)
Bug fixes:
- Simplified Blueprint: fixed an issue where checkbox overlaps collection name in selection popup (CR-25730)
- Fixed an issue where Blueprint random selection could still deliver withdrawn questions if taxonomies had been removed from the item prior to withdrawal and after the assessment was republished (CR-25739)
May 21st - Cirrus is not affected by Copy.fail and variants - CVE-2026-31431
As a precaution, all public-facing systems were patched earlier this week.
- CVE-2026-31431 (also known as copy.fail)
- CVE-2026-43284 and CVE-2026-31431 (also known as "DirtyFrag" or copy.fail 2)
- CVE-2026-46300 (also known as "Fragnesia")
See also AWS Security Bulletin 2026-030-AWS
These notices are published proactively to help security-sensitive customers who may receive questions from their security teams and auditors.
May 13th - Services
[EU-prem]
- strict_connection_validation
May 12th - Services
[EU/CA/AU/SG]
Improvements:
- Added a role permission to control access to the Archive button for markers in the Assess tab. (CR-25562)
Bug fixes:
- Fixed an issue where item exports excluded some media elements. (CR-25650)
- Fixed an issue where pulling candidate results could result in a different question order in the reports. (CR-25663)
- Fixed an issue where review sessions could not be started when Proctorio was enabled at schedule level. (CR-25728)
April 29th - Hotfix
[EU/CA/AU/SG]
Bug fixes:
- Fixed an issue where anonymous links and preview functionality did not work when Proctorio was enabled at the assessment level (CR-25697).
April 28th - Services
[EU/CA/AU/SG]
Improvements:
- Added section title to API [GetResults] response (CR-25532)
- Proctorio: Implemented the Proctorio "Observe" code to enhance logging integration with Cirrus (CR-25159)
[EU-prem]
Bug fixes:
- Fixed an issue where the schedule window could not be set to exactly two years (CR-25504)
Improvements:
- Improved QTI import functionality (CR-25600)
April 20th - Services
[EU-prem]
Bug fixes:
- Fixed an issue where the simplified blueprint caused problems when certain items were used in combination with a fixed form (CR-25567)
- Fixed an issue where anonymisation could fail on allocations (CR-25565)
This release was deployed outside the standard release window due to overlapping exams during the usual release cycles.
April 14th - Services
[EU/CA/AU/SG]
Bug fixes:
- Improved QTI import functionality (CR-25600)
- Fixed an issue where the schedule window could not be set to exactly two years (CR-25504)
- Fixed an issue where the simplified blueprint caused problems when certain items were used in combination with a fixed form (CR-25567)
- Fixed an issue where anonymisation could fail on allocations (CR-25565)
The EU-Prem release will be skipped for this release.
March 31st - Services
[EU/CA/AU/SG]
Improvements:
- Added translation key for NEO Candidate Delivery (CR-25482)
- Set "Allow" as the default clipboard option in SEB settings (CR-25408)
Bug fixes:
- Fixed an issue where the enlarge button for images in question preview was not working (CR-25472)
- Restored export of preliminary results to ZIP format (CR-25514)
[EU-prem]
Improvements:
- NEO Candidate Delivery: Added support for the new item type "Candidate Feedback." (CR-24685)
- O365 Integration: Improved access to the Full View, removing the need to manually click Refresh Access. (CR-25468)
Bug fixes:
- Fixed an issue where keyboard shortcuts during marking could change the intended mark. (CR-25471)
- Fixed an issue where the Preliminary Report export was not working. (CR-25479)
- Restored export of preliminary results to ZIP format (CR-25514)
March 17th - Services
[EU/CA/AU/SG]
Improvements:
- NEO Candidate Delivery: Added support for the new item type "Candidate Feedback." (CR-24685)
- O365 Integration: Improved access to the Full View, removing the need to manually click Refresh Access. (CR-25468)
Bug fixes:
- Fixed an issue where keyboard shortcuts during marking could change the intended mark. (CR-25471)
- Fixed an issue where the Preliminary Report export was not working. (CR-25479)
[EU-prem]
Improvements:
- Reporting: Added bulk export of preliminary reports across multiple schedules in a single action (CR-25268)
- Login: Redesigned login page with refreshed look and feel and security code cleanup (CR-25282)
- Reporting: Added Learning Objectives and Taxonomies columns to candidate results extended export (CR-25381)
- Security: Applied latest security patches to frontend components (CR-25414)
- Login: Fixed ARIA accessibility issues for screen reader compatibility (CR-25446)
- O365 Integration: Improved access to the Full View, removing the need to manually click Refresh Access. (CR-25468)
Bug fixes:
- O365: Fixed Office viewer in marking dashboard showing the previous candidate's file when switching quickly (CR-25443)
- Fixed an issue where the Preliminary Report export was not working. (CR-25479)
March 3rd - Services
[EU/CA/AU/SG]
- Reporting: Added bulk export of preliminary reports across multiple schedules in a single action (CR-25268)
- Login: Redesigned login page with refreshed look and feel and security code cleanup (CR-25282)
- Reporting: Added Learning Objectives and Taxonomies columns to candidate results extended export (CR-25381)
- Security: Applied latest security patches to frontend components (CR-25414)
- O365: Fixed Office viewer in marking dashboard showing the previous candidate's file when switching quickly (CR-25443)
- Login: Fixed ARIA accessibility issues for screen reader compatibility (CR-25446)
[EU-prem]
- O365: Added automatic retry handling to improve preview link reliability (CR-25265)
- Improved cleanup jobs even when external systems (e.g. Creatio) are unavailable (CR-25267)
- Data management: Improved configuration options for cleaning up obsolete data (CR-25269)
February 17th - Services
[EU/CA/AU/SG]
- O365: Added automatic retry handling to improve preview link reliability (CR-25265)
- Improved cleanup jobs even when external systems (e.g. Creatio) are unavailable (CR-25267)
- Data management: Improved configuration options for cleaning up obsolete data (CR-25269)
[EU-prem]
- Improved version check for Safe Exam Browser (CR-25275)
February 3rd - Services
[EU/CA/AU/SG]
Improvements:
- Improved version check for Safe Exam Browser (CR-25275)
[EU-prem]
Feature
- Added auto-delete option to schedule (CR-24423). For more information see Automatic Schedule Data Deletion.
Improvements:
- Improved extra time options through API (CR-25115)
- Reliability/Performance: Improved invigilator message handling (CR-25281)
- Internal maintenance and improvements (CR-25053)
January 22nd - Hotfix [EU, EU Premium, CA, AU, SG]
Bug fixes:
- Fixed an issue that caused error Q43 for some candidates. (CR-25375)
January 20th - Services
[EU/CA/AU/SG]
Feature
- Added auto-delete option to schedule (CR-24423). For more information see Automatic Schedule Data Deletion.
Improvements:
- Improved extra time options through API (CR-25115)
- Reliability/Performance: Improved invigilator message handling (CR-25281)
- Internal maintenance and improvements (CR-25053)
[EU-prem]
Improvements:
- Added a minimum word limit option for open questions (CR-25078)
- General improvements to QTI handling (CR-25276)
- Backend request handling improvements (CR-24398)
- Front-end stability and maintainability improvements (CR-20219)
Bug fixes:
- Improvements to NEO candidate delivery (CR-25155, CR-24957, CR-24671)
Safe Exam Browser policy update
Starting from 2026, Cirrus will no longer block new Safe Exam Browser releases. This allows the use of SEB security updates as soon as they are released.
If, after the 60-day grace period, the minimum version check is updated, this will be communicated through the Release Notes.
The Safe Exam Browser and System Requirements articles have already been updated.