Remediation for Security Exposure Management release notes
Summarize
Summarized using AI
This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.
Summary of Remediation for Security Exposure Management Release Notes
The Remediation for Security Exposure Management application on the ServiceNow Store is designed to help security teams efficiently manage and remediate exposure findings from Unified Security Exposure Management (USEM) applications. It centralizes remediation workflows across infrastructure, application, container, and configuration compliance exposures. Version 30.2.0 introduces a significant architectural upgrade to USEM, requiring use of a Migration assistant for existing Vulnerability Response users upgrading to USEM.
Show less
Key Features and Improvements
- Version 31.0.1 (April 2026):
- One-to-one mapping of remediation tasks with findings in the SEM workspace for precise tracking and ownership.
- Admin console enhancements with a centralized Users and Groups list view for role and access management.
- Ability to create manual remediation tasks for all eligible findings at once using "All" selection mode.
- AI-powered approver recommendations in the workspace for eligible service tiers to streamline approval processes.
- Export of SEM workspace configurations (exception rules, remediation rules, rollup calculators, etc.) to update sets for easier promotion across environments.
- Modularized system properties for simplified management directly from the Administration console.
- Improved UI including inline notifications on configuration saves, refreshed exception management pages, and clearer integration messaging.
- Integration drill-down support in the new integration framework for easier navigation from the workspace.
- Bulk deferral validation preventing duplication and notifying users of excluded items.
- Version 31.0.2 (June 2026):
- Fixed issue where vulnerable items remained linked to remediation tasks after rule conditions changed during re-evaluation.
- Improved performance and stability of remediation task lookups by limiting retrieval query results.
Fixes and Usability Enhancements
- Delegated approvers can now access their assigned vulnerability items without security restrictions.
- Resolved UI bugs such as approval button states, dark mode display for approval recommendations, drag-and-drop functionality, and form layout consistency.
- Enhanced rule authoring experience by stopping unnecessary field refreshes during editing.
- Correct filtering of tag-type fields and consistent behavior of messaging and button states in administration forms.
- Addressed a security vulnerability in query handling to ensure data protection.
Practical Impact for ServiceNow Customers
ServiceNow customers using the Remediation for Security Exposure Management app can expect more precise remediation tracking, streamlined approval workflows with AI assistance, and easier management of users, roles, and configurations. The ability to export settings simplifies moving configurations across environments. Stability and performance improvements ensure smoother remediation task handling. Customers upgrading from Vulnerability Response to USEM must use the Migration assistant to ensure a safe transition to the new architecture.
Version history for the ServiceNow® Remediation for Security Exposure Management application on the ServiceNow Store.
Important:
For details on system requirements and family compatibility, view the application
listing on the ServiceNow Store
website.
- Version 31.0.2 - June 2026 (USEM)
- Fixed:
- Resolved an issue where vulnerable items remained linked to a remediation task after the task's rule conditions no longer matched during a re-evaluate operation.
- Improved performance and stability of remediation task lookups by applying a result limit during retrieval queries.
- Fixed:
- Version 31.0.1 - April 2026
-
- New:
- Remediation tasks in the Security Exposure Management (SEM) workspace now map one-to-one with findings for more precise tracking and ownership.
- The Admin console now includes a Users and Groups list view for centralized access and role management.
- Manual remediation tasks can now be created for remediation orders using "All" selection mode to include all eligible findings at once
- AI-powered approver recommendations are now available in the workspace, suggesting approvers based on context (available to eligible service tiers).
- Changed:
- SEM workspace configurations including exception rules, exclusion rules, remediation task rules, rollup calculators, and exception management settings can now be exported to update sets for easier promotion across environments.
- System properties in the Security Exposure Management workspace are now modularized for simpler management directly from the Administration console.
- The advanced settings page now shows inline success and error notifications when configuration changes are saved or fail.
- Approval forms have been updated with cleaner layouts and more consistent field behavior.
- Exception management pages have been refreshed with clearer interactions and a more refined visual presentation.
- The integrations page now displays an explicit message when an integration is not supported, replacing an ambiguous empty stateIntegration drill-down is now supported in the new integration framework, enabling navigation into integration details from the workspace.
- Bulk deferral now validates that selected items are not already deferred before processing, and notifies users when items are excluded.
- Fixed:
- Delegated approvers can now correctly view vulnerability items assigned to them, resolving a security constraint that previously blocked access.
- The New Risk Rule form no longer pre-fills with values from a previously viewed rule.
- The "Approve/Reject" button is no longer incorrectly disabled during approval or rejection actions.
- Approval level records now display the full set of approver field choices after upgrading to v30.
- Now Assist approval recommendations now display correctly in dark mode.
- Drag-and-drop interactions now work correctly across all supported workspace views.
- Custom columns can once again be added to the grouping criteria of remediation task rules.
- The Condition field in remediation task rules no longer refreshes on every keystroke, improving the rule authoring experience.
- The "Applies to" column filter in the USEM administration page now correctly filters tag-type fields.
- A security vulnerability in query handling has been resolved.
- Multiple layout, spacing, and field visibility issues across administration forms have been corrected.
- Messaging, button states, and read-only enforcement in administration rule forms now behave consistently regardless of the user's role.
- New:
- Version 30.2.0 - January 2026
-
-
Note:This app version is intended for Unified Security Exposure Management (USEM), a significant architectural upgrade to the Vulnerability Response applications. If you are currently using Vulnerability Response and upgrading to USEM for the first time, you must use the Migration assistant for Unified Security Exposure Management to ensure a safe and successful upgrade. If you do not intend to upgrade to USEM, please select a version below 30.x when installing or upgrading.
- The Remediation for Security Exposure Management application enables security teams to efficiently group and manage exposure findings across all Unified Security Exposure Management (USEM) applications into remediation tasks.
- Tasks can be created manually or automatically usingRemediation Task Rules—all defined centrally in theAdmin Console within the Security Exposure Management (SEM) Workspace. This ensures consistent remediation workflows across infrastructure, application, container, and configuration compliance exposures.
-