New
- Added SBOM questionnaire auto-assignment on engagement creation.
- Added SAE template versioning capability support.

Changed
- Replaced GlideRecord with GlideRecordSecure in TPRMDueDiligenceAjax for security compliance.
- Updated ACL query rules based on 2025 May MSI (CVE-2025-3648).
- Replaced vendor reviewer role with GRC reader on report view ACLs.
- Added retired=false filter to SAE template reference qualifiers.
- Removed orphan ACLs from dd_element table.

Fixed
- Corrected domain separation issues on issues and event-driven rules (PRB2020926).
- Fixed duplicate audit creation on current.update() (PRB1992222).
- Resolved engagement primary contact creation issue when toggling "Same as third-party contact" option (PRB1988772).