Skip to content
English
Customer portal
Contact us
  • There are no suggestions because the search field is empty.

SimpleRisk Upgrade Guide

SimpleRisk is a simple and free tool to perform risk management activities. Based entirely on open source technologies and sporting a Mozilla Public License 2.0, a SimpleRisk instance can be stood up in minutes and instantly provides the security professional with the ability to submit risks, plan mitigations, facilitate management reviews, prioritize for project planning, and track regular reviews. It is highly configurable and includes dynamic reporting and the ability to tweak risk formulas on the fly. It is under active development with new features being added all the time and can be downloaded for free or demoed at https://www.simplerisk.com.

We assume that if you are reading this guide, then you already have a version of SimpleRisk installed on your system. If not, then you should close this guide and instead read the SimpleRisk Installation Guide. Now that we know you are in the right place, let us continue. Also, in order to run the standard upgrade process, you will need to provide your database user with permission to SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, and ALTER. Without these permissions, the upgrade process may not work properly.

Please take a moment to backup your SimpleRisk Database. Complete details can be found here: How to Backup Your SimpleRisk Database

SimpleRisk Upgrade Extra


The easiest way to upgrade SimpleRisk is by installing the Upgrade Extra. The Extra is free, but requires registration of your SimpleRisk instance. To register your instance and begin using the Upgrade Extra, log in to your SimpleRIsk instance and select the “Configure” menu from the top. Then, select “Register & Upgrade” from the side menu. There, you will see a section labeled “Registration Information” prompting for your full name, company, job title, phone, and e-mail address. This information will never be sold to a third-party and will solely be used to support you with your use of SimpleRisk. Enter the information and select “Update”. If it doesn’t work, check to make sure that your simplerisk directory is writeable by the web user. Once the Extra is installed, this page will automatically check to see if a new version of SimpleRisk is available. If it is, it will provide you with one-click links to backup your database, upgrade the application, and upgrade the database. This same registration information is also used to provide updates to licensed SimpleRisk Extras. If you leverage the SimpleRisk Upgrade Extra, then you
will not need to follow the process outlined below as it is handled for you automatically.


Obtaining SimpleRisk


The latest version of SimpleRisk can be found by going to https://www.simplerisk.com and clicking on the “Downloads” link. Our file naming convention is simple: simplerisk-<release date>-<version>.tgz To upgrade an existing SimpleRisk installation, you will only require the latest version of the “Bundle” file.


Backup Your Configuration


The SimpleRisk installation process is intended to overwrite all of the application files with the latest versions. We can do this since all of the data is stored in the database. There is still one exception, though, which is the file which tells us how to connect to the database. This file is located in the “includes” directory and is named “config.php”. Back this up to someplace safe. Don’t keep it in a web accessible directory though as attackers may look for it and be able to read it if it’s no longer a .php file.


Replace/Remove Previous Version


Next we suggest moving /var/www/simplerisk to another directory or renaming the directory
temporarily and deleting the old version after the upgrade has been completed. You can move it to /tmp/ if you are unsure but it should be noted files in /tmp will be deleted when the server reboots or shuts down


Installing the Web Files


Take the latest SimpleRisk web bundle (ex: simplerisk-20251118-001.tgz) and move it into your web root. Extract the file into the directory. If you are running on a Linux system, the command to do this is going to be “tar –xvzf ”. This will extract all of the SimpleRisk files into a directory in your web root named “simplerisk” so if you renamed your SimpleRisk web root, you may need to copy the files into that new location.


Replace the Configuration File


Before we displaced or removed the previous version, you backed up your configuration file. Sometimes settings can change in these files so you will want to examine the database configuration in your old file and update the new file with that information. A quick comparison in a text editor of your choice should quickly point out any new values added to the configuration file that may be needed and can be copy pasted over with their default value.


Permissions and Ownership


Generally this is only a precaution but we suggest running the following commands to set proper file permissions and file ownership for the SimpleRisk directory, it should also be noted that your apache web user may run under a different name when using distros of Linux other than Ubuntu:
chown -R www-data: /var/www/simplerisk
chmod -R 755 /var/www/simplerisk


Authenticating the Database Upgrade


It would be really bad if just anyone could run your database upgrade script, wouldn’t it? Because of this, we require that you authenticate with an administrative user (ie. One with “Configuration menu” privileges) before upgrading the database. Navigate your web browser to
https://path_to_your_simplerisk_installation/admin/upgrade.php and log in with an administrative user account.


Upgrading the Database


Assuming that you have the right upgrade script to upgrade this version, it should tell you to click “CONTINUE in order to proceed: Click “CONTINUE”. You should see a series of messages indicating that the database is being upgraded. Assuming that it completes successfully, you should see a final message indicating that the SimpleRisk database upgrade is complete.

Custom Authentication Extra users only


If you have our Custom Authentication extra or login via SAML specifically. It is recommended to navigate to the /tmp/systemd-{longhash}-apache2.service…/tmp/ directory andrun “rm simplesaml” to delete the directory found there as it is a cache and we have found when the module is updated having this old cache present can create error log entries. It will be generated upon first login using SSO.


Logging in to SimpleRisk


You should now have performed all of the steps you need for SimpleRisk to be upgraded to the latest version. The upgrade script shouldn’t work anymore for this version, but it wouldn’t be a bad idea to remove it just in case. Now is the moment of truth where we hopefully get to see if all of your hard work paid off. You now need to point your web browser to the URL where SimpleRisk would be installed. It might be something like https://192.168.0.1/simplerisk or maybe https://localhost/. This would be based on how your web server is configured and whether you left the SimpleRisk files in the “simplerisk” directory or not. You will know that you’ve got the right page when you see something like this: Login with your username and password and begin enjoying the latest version of SimpleRisk!


Roll with the Changes


From time to time changes will be made to SimpleRisk that may affect user functionality. You will want to check the release notes as these changes should be documented along with instructions on how to configure the new user settings. User may need to log out and then log back in for the changes to take effect.