From 20cf09e2468fe222ab2f341dc1cef7f73ac52ca9 Mon Sep 17 00:00:00 2001 From: smitapaloalto <156162707+smitapaloalto@users.noreply.github.com> Date: Mon, 30 Sep 2024 11:35:35 +0530 Subject: [PATCH 1/9] Pascal-update1-PCCE-RN --- docs/en/compute-edition/33/rn/book.yml | 2 + .../33/rn/book_point_release.yml | 6 +- .../release-notes-33-01.adoc | 106 ++++++++++++++++++ 3 files changed, 111 insertions(+), 3 deletions(-) create mode 100644 docs/en/compute-edition/33/rn/release-information/release-notes-33-01.adoc diff --git a/docs/en/compute-edition/33/rn/book.yml b/docs/en/compute-edition/33/rn/book.yml index 7176da01a..9efe92e31 100644 --- a/docs/en/compute-edition/33/rn/book.yml +++ b/docs/en/compute-edition/33/rn/book.yml @@ -20,6 +20,8 @@ topics: file: release-information.adoc - name: 33.00 (Build 33.00.169) file: release-notes-33-00.adoc + - name: 33.01 (Build 33.01.TBD) + file: release-notes-33-01.adoc - name: Fixed and Known Issues in 33.xx file: known-issues-33.adoc --- diff --git a/docs/en/compute-edition/33/rn/book_point_release.yml b/docs/en/compute-edition/33/rn/book_point_release.yml index 6e9c73723..621c90ec1 100644 --- a/docs/en/compute-edition/33/rn/book_point_release.yml +++ b/docs/en/compute-edition/33/rn/book_point_release.yml @@ -2,7 +2,7 @@ kind: book title: Prisma Cloud Compute Edition Release Notes author: Prisma Cloud team -version: 33.00 +version: 33.01 ditamap: prisma-cloud-compute-edition-release-notes dita: techdocs/en_US/dita/prisma/prisma-cloud/33/prisma-cloud-compute-edition-release-notes --- @@ -12,8 +12,8 @@ dir: release-information topics: - name: Prisma(TM) Cloud Compute Edition Release Information file: release-information.adoc - - name: 33.00 (Build 33.00.169) - file: release-notes-33-00.adoc + - name: 33.01 (Build 33.01.TBD) + file: release-notes-33-01.adoc --- kind: chapter name: Get Help diff --git a/docs/en/compute-edition/33/rn/release-information/release-notes-33-01.adoc b/docs/en/compute-edition/33/rn/release-information/release-notes-33-01.adoc new file mode 100644 index 000000000..db6c4eccf --- /dev/null +++ b/docs/en/compute-edition/33/rn/release-information/release-notes-33-01.adoc @@ -0,0 +1,106 @@ +:toc: macro +== 33.01 Release Notes + +The following table outlines the release particulars: + +[cols="1,4"] +|=== +|Build +|33.01.TBD + +|Code name +|Pascal + +|Release date +|October 07-TBD, 2024 + +|Type +|Major release + +|SHA-256 +|TBD +|=== + +Review the https://docs.prismacloud.io/en/compute-edition/33/admin-guide/install/system-requirements[system requirements] to learn about the supported operating systems, hypervisors, runtimes, tools, and orchestrators. + +// You can download the release image from the Palo Alto Networks Customer Support Portal, or use a program or script (such as curl, wget) to download the release image directly from our CDN: + +// https://cdn.twistlock.com/releases/orvGojie/prisma_cloud_compute_edition_33_00_169.tar.gz[https://cdn.twistlock.com/releases/orvGojie/prisma_cloud_compute_edition_33_00_169.tar.gz] + +toc::[] + +[#upgrade] +=== Upgrade from Previous Releases + +[#upgrade-defender] +==== Upgrade Defenders + +With the `v33.00` release, the https://docs.prismacloud.io/en/compute-edition/32/admin-guide/upgrade/support-lifecycle[Defender versions supported (n, n-1, and n-2)] are `v33.00`, `v32.00`, and `v31.00` respectively. In addition, starting from this release (version 33.00), Prisma Cloud will not restrict the usage of Defender versions or REST API calls from the n-3 version. So the current release will allow Defenders and REST API calls from release 30.xx also. Failure to upgrade Defenders below version `v30.00`, such as `v22.12`, will result in disconnection of the Defenders from the Console. + +However, to maintain full support, you must upgrade your Defenders to `v31.xx` or a higher release. + +To summarize, the level of support for the different versions of Defenders is as follows: + +* Defender versions 33.xx, 32.xx, and 31.xx have full support +* Defender versions 30.xx are functional (will be able to connect to version 33.xx Console) but support is not available for such Defenders +* Defender versions previous to 30.xx, such as 22.12, are neither supported nor functional (cannot connect to version 33.xx Console) + + +[#upgrade-console] +==== Upgrade the Prisma Cloud Console + +With the `v33.00` release, the https://docs.prismacloud.io/en/compute-edition/32/admin-guide/upgrade/support-lifecycle[supported Console versions (n, n-1, and n-2)] are `v33.00`, `v32.00`, and `v31.00` respectively. + +NOTE: Defenders from the n-3 release will remain functional as described above. + +You can upgrade the Prisma Cloud console directly from any n-1 version to n. With `v33.00` as n and `v32.00` as n-1, you can upgrade directly from `v32.05.124` to `v33.00.169`. + +NOTE: You have to upgrade any version of `v31.00` to `v32.00` before upgrading to `v33.00`. For example, you can upgrade from `v31.02.137` to `v32.07.123` and then upgrade to `v32.00.159`. + + +[#announcement] +=== Announcement + + +=== Lifecycle Support Update + +Prisma Cloud officially guarantees backward compatibility with up to two previous major versions (n-2). + +Although the support lifecycle remains unchanged, starting from version 33.xx, Prisma Cloud will not restrict the usage of Defender versions or REST API calls from up to three major releases before the current version (upto n-3 major releases). + +For example, with the current version at 33.xx, API calls and Defenders from version 30.xx will be allowed. However, support and complete backward compatibility is guaranteed for the 32.xx and 31.xx releases. + +[#cve-coverage-update] +=== CVE Coverage Update + +[#enhancements] +=== Enhancements + + + +//[#new-features-agentless-security] +// === New Features in Agentless Security + +// [#new-features-core] +// === New Features in Core + +// [#new-features-host-security] +// === New Features in Host Security + +// [#new-features-serverless] +// === New Features in Serverless + +// [#new-features-waas] +// === New Features in WAAS + +[#api-changes] +=== API Changes and New APIs + + +// [#addressed-issues] +// === Addressed Issues + + +// [#deprecation-notices] +// === Deprecation Notices + From 54411686f7a491890e4f9fa8e3801da631719809 Mon Sep 17 00:00:00 2001 From: mkumar6 Date: Sun, 6 Oct 2024 22:53:20 +0530 Subject: [PATCH 2/9] rn for 33.01 --- .../release-information/known-issues-33.adoc | 70 ++++++++++++++++++- .../release-notes-33-01.adoc | 62 +++++++++++++--- 2 files changed, 121 insertions(+), 11 deletions(-) diff --git a/docs/en/compute-edition/33/rn/release-information/known-issues-33.adoc b/docs/en/compute-edition/33/rn/release-information/known-issues-33.adoc index 6421a1a58..6e40e6313 100644 --- a/docs/en/compute-edition/33/rn/release-information/known-issues-33.adoc +++ b/docs/en/compute-edition/33/rn/release-information/known-issues-33.adoc @@ -1,6 +1,6 @@ == Fixed and Known Issues in 33.xx -The following table lists the fixed issues for 33.00 release. +The following table lists the fixed issues for 33.xx releases. === Fixed Issues @@ -9,6 +9,74 @@ The following table lists the fixed issues for 33.00 release. |*ISSUE ID* |*DESCRIPTION* +|*CWP-62084* + +tt:[Fixed in 33.01.137] + +| *Fix binaries names* + +Fixed an issue, where the scan results displayed in the *Image details* dialog (*Monitor > Vulnerabilities* page, *Images* tab) did not display the binary packages impacted by a vulnerability. + +|*CWP-62084* + +tt:[Fixed in 33.01.137] + +| *Fix binaries names* + +Fixed an issue, where the scan results displayed in the *Image details* dialog (*Monitor > Vulnerabilities* page, *Images* tab) did not display the binary packages impacted by a vulnerability. + +|*CWP-61947* + +tt:[Fixed in 33.01.137] + +| *Boot volume encryption in agentless scanning* + +Fixed an issue with the agentless scanner boot volume default encryption. + +|*CWP-61606* + +tt:[Fixed in 33.01.137] + +| *Inclusion of missing host names in CSV files* + +Previously, in the Deployed image results under *Monitor > Vulnerabilities > Images > Deployed*, individual host names were not displayed when multiple hosts ran the same image. Only the total number of hosts was shown, and the downloaded CSV did not include the host names. + +This issue is resolved. When downloading the CSV, the exported file now lists the names of all hosts running the same image. However, if the total length of the listed host names exceeds 32,757 characters, the list will be truncated, and the number of truncated host names will be indicated in the CSV. + +|*CWP-59281* + +tt:[Fixed in 33.01.137] + +| *Improved vulnerability reporting for Debian images* + +When scanning Debian images, Prisma Cloud occasionally missed some CVEs related to specific package versions. This issue is fixed. + +The fix prioritizes CVE matches from the security repository and Prisma Cloud now reports all previously missing CVEs for packages in Debian images. + +|*CWP-58952* + +tt:[Fixed in 33.01.137] + +| *Improved vulnerability detection for multiple Python versions* + +In previous versions of Defender, vulnerabilities were only detected and reported for a single Python installation on a host, even if multiple Python versions were installed. This resulted in False Negatives (FN), where vulnerabilities in other Python versions were missed. + +The issue is fixed. Prisma Cloud will now scan and report vulnerabilities for each installed Python version on a host. + + +|*CWP-59654* + +tt:[Fixed in 33.01.137] + +| *Support for Amazon Linux CVEs* + +Previously, Prisma Cloud reported several false positive vulnerabilities for Amazon Linux CVEs that were marked as "not affected" by Amazon. + +Prisma Cloud now fully supports CVEs classified as “not affected” by Amazon, improving the accuracy of vulnerability reporting for Amazon products and resolving the false positive issue. The supported Amazon Linux distributions include Amazon Linux, Amazon Linux 2, and Amazon Linux 2023. + +NOTE: Prisma Cloud does not support CVEs labeled as "pending fix" or "no fix planned," as Amazon does not provide the required package version details for precise CVE status reporting. + + |*CWP-61444* tt:[Fixed in 33.00.169] diff --git a/docs/en/compute-edition/33/rn/release-information/release-notes-33-01.adoc b/docs/en/compute-edition/33/rn/release-information/release-notes-33-01.adoc index db6c4eccf..76442ff3a 100644 --- a/docs/en/compute-edition/33/rn/release-information/release-notes-33-01.adoc +++ b/docs/en/compute-edition/33/rn/release-information/release-notes-33-01.adoc @@ -6,19 +6,19 @@ The following table outlines the release particulars: [cols="1,4"] |=== |Build -|33.01.TBD +|33.01.137 |Code name |Pascal |Release date -|October 07-TBD, 2024 +|October 06, 2024 |Type |Major release |SHA-256 -|TBD +|_TBD_ |=== Review the https://docs.prismacloud.io/en/compute-edition/33/admin-guide/install/system-requirements[system requirements] to learn about the supported operating systems, hypervisors, runtimes, tools, and orchestrators. @@ -35,7 +35,7 @@ toc::[] [#upgrade-defender] ==== Upgrade Defenders -With the `v33.00` release, the https://docs.prismacloud.io/en/compute-edition/32/admin-guide/upgrade/support-lifecycle[Defender versions supported (n, n-1, and n-2)] are `v33.00`, `v32.00`, and `v31.00` respectively. In addition, starting from this release (version 33.00), Prisma Cloud will not restrict the usage of Defender versions or REST API calls from the n-3 version. So the current release will allow Defenders and REST API calls from release 30.xx also. Failure to upgrade Defenders below version `v30.00`, such as `v22.12`, will result in disconnection of the Defenders from the Console. +Starting with the `v33.00` release, the https://docs.prismacloud.io/en/compute-edition/33/admin-guide/upgrade/support-lifecycle[Defender versions supported (n, n-1, and n-2)] are `v33.00`, `v32.00`, and `v31.00` respectively. In addition, starting from release 33.00, Prisma Cloud will not restrict the usage of Defender versions or REST API calls from the n-3 version. So the current release will allow Defenders and REST API calls from release 30.xx also. Failure to upgrade Defenders below version `v30.00`, such as `v22.12`, will result in disconnection of the Defenders from the Console. However, to maintain full support, you must upgrade your Defenders to `v31.xx` or a higher release. @@ -49,13 +49,13 @@ To summarize, the level of support for the different versions of Defenders is as [#upgrade-console] ==== Upgrade the Prisma Cloud Console -With the `v33.00` release, the https://docs.prismacloud.io/en/compute-edition/32/admin-guide/upgrade/support-lifecycle[supported Console versions (n, n-1, and n-2)] are `v33.00`, `v32.00`, and `v31.00` respectively. +Starting with the `v33.00` release, the https://docs.prismacloud.io/en/compute-edition/33/admin-guide/upgrade/support-lifecycle[supported Console versions (n, n-1, and n-2)] are `v33.00`, `v32.00`, and `v31.00` respectively. -NOTE: Defenders from the n-3 release will remain functional as described above. +NOTE: Defenders from the n-3 release will remain functional as described above. -You can upgrade the Prisma Cloud console directly from any n-1 version to n. With `v33.00` as n and `v32.00` as n-1, you can upgrade directly from `v32.05.124` to `v33.00.169`. +You can upgrade the Prisma Cloud console directly from any n-1 version to n. For example, with `v33.00` as n and `v32.00` as n-1, you can upgrade directly from `v32.05.124` to `v33.01.137`. -NOTE: You have to upgrade any version of `v31.00` to `v32.00` before upgrading to `v33.00`. For example, you can upgrade from `v31.02.137` to `v32.07.123` and then upgrade to `v32.00.159`. +NOTE: You have to upgrade any version of `v31.00` to `v32.00` before upgrading to `v33.00`. For example, you must upgrade from `v31.02.137` to `v32.07.123` before you upgrade to `v33.01.137`. [#announcement] @@ -76,6 +76,48 @@ For example, with the current version at 33.xx, API calls and Defenders from ver [#enhancements] === Enhancements +// CWP-61917 + +==== Multiple Intelligence builders (IS versioning) + +Starting from this release, Prisma Cloud will introduce versioning for the Intelligence Stream (IS) to ensure compatibility across different Console and Defender versions. + +*Purpose of Intelligence Stream (IS) versioning* + +* *Maintain functionality for older Consoles and Defenders:* IS versioning ensures that older Consoles and Defenders continue to operate properly, even if they are unable to support the latest Intelligence feeds (for example, due to changes in external data feed formats). +* *Reduce disruptions:* Versioning helps minimize disruptions caused by updates, such as changes in downloaded JSON file fields that could impact CVE accuracy or result in duplicate CVEs. + +*Impact on Prisma Cloud Customers* + +* *Enterprise Edition (SaaS) customers:* These customers always have the latest Console version, so they will not be affected by this change. +* *Compute Edition (self-hosted) customers:* IS versions will be aligned with specific Console versions. For example, older 31.xx and 32.xx Consoles will be supported by the IS version released for Console 33.00. When customers upgrade to the latest Console version, they will receive the most recent IS updates. + +*Vulnerability Reporting Consistency* + +* *New Intelligence Stream (IS) logic updates:* These updates will only apply to the latest IS versions. +* *Vulnerability data:* All IS versions will continue to provide up-to-date vulnerability information, and changes in IS logic or algorithms will not affect the vulnerability metrics and reporting in the Console. + +// CWP-61840 + +==== Podman + +Previously, Prisma Cloud supported scanning Podman images in the CI pipeline using _twistcli_. With this release, Prisma Cloud now also supports deploying Defenders on Podman containers, providing comprehensive visibility and protection for workloads running in Podman environments. + +This enhancement enables full protection for Podman containers, including continuous vulnerability scanning, compliance policy enforcement, and active runtime security monitoring. + + +// CWP-61241 + +==== SHA-256 Checksum for Defender Image Downloads + +Prisma Cloud now enables users to validate the integrity of Defender images downloaded from the Console using a SHA-256 checksum. + +Here is how you can access the feature: + +. In the Console, go to *Manage > System > Utilities*. The SHA-256 checksum is now available next to the downloadable Defender image. +. Click *Show Checksum* to view the checksum to verify the downloaded image. + +This feature ensures that Defender images are secure and protected from tampering. //[#new-features-agentless-security] @@ -93,8 +135,8 @@ For example, with the current version at 33.xx, API calls and Defenders from ver // [#new-features-waas] // === New Features in WAAS -[#api-changes] -=== API Changes and New APIs +// [#api-changes] +// === API Changes and New APIs // [#addressed-issues] From e88aab47c4a48d3f22982607c504e03a6ea6295c Mon Sep 17 00:00:00 2001 From: mkumar6 Date: Mon, 7 Oct 2024 13:25:07 +0530 Subject: [PATCH 3/9] updates for Compute 33.01 --- .../rn/known-issues/known-fixed-issues.adoc | 73 +++++++++++++++++++ .../features-introduced-in-october-2024.adoc | 60 +++++++++++++++ 2 files changed, 133 insertions(+) diff --git a/docs/en/enterprise-edition/rn/known-issues/known-fixed-issues.adoc b/docs/en/enterprise-edition/rn/known-issues/known-fixed-issues.adoc index d0bdc5132..1d367a6ef 100644 --- a/docs/en/enterprise-edition/rn/known-issues/known-fixed-issues.adoc +++ b/docs/en/enterprise-edition/rn/known-issues/known-fixed-issues.adoc @@ -378,6 +378,79 @@ CVE-2024-3154 - Arbitrary Systemd Property Injection as Defender does not direct |*ISSUE ID* |*DESCRIPTION* +|*CWP-62084* + +tt:[Secure the Runtime] + +tt:[Fixed in 33.01.137] + +| *Updating the list of binaries exposed to a vulnerability after rerunning a scan* + +//Fixed an issue, where the scan results displayed in the *Image details* dialog (*Monitor > Vulnerabilities* page, *Images* tab) did not display the binary packages impacted by a vulnerability. + +Rerunning a scan didn't update the binary packages exposed to a vulnerability. This issue is fixed now. + +|*CWP-61947* + +tt:[Secure the Runtime] + +tt:[Fixed in 33.01.137] + +|*Boot volume encryption in agentless scanning* + +Fixed an issue with the agentless scanner boot volume default encryption. + +|*CWP-61606* + +tt:[Secure the Runtime] + +tt:[Fixed in 33.01.137] + +|*Inclusion of missing host names in CSV files* + +Previously, the Deployed image results under *Monitor > Vulnerabilities > Images > Deployed*, didn't display individual host names when multiple hosts ran the same image. Only the total number of hosts was shown, and the downloaded CSV did not include the host names. + +This issue is resolved. The CSV exported file now lists the names of all hosts running the same image. However, if the total length of the listed host names exceeds 32,757 characters, the list is truncated, and the number of truncated host names is indicated in the CSV. + + +|*CWP-59281* + +tt:[Secure the Runtime] + +tt:[Fixed in 33.01.137] + +|*Improved vulnerability reporting for Debian images* + +When scanning Debian images, Prisma Cloud occasionally missed some CVEs related to specific package versions. This issue is fixed. + +The fix prioritizes CVE matches from the security repository and Prisma Cloud now reports all previously missing CVEs for packages in Debian images. + +|*CWP-58952* + +tt:[Secure the Runtime] + +tt:[Fixed in 33.01.137] + +| *Improved vulnerability detection for multiple Python versions* + +In previous versions of Defender, vulnerabilities were only detected and reported for a single Python installation on a host, even if multiple Python versions were installed. This resulted in False Negatives (FN), where vulnerabilities in other Python versions were missed. + +The issue is fixed. Prisma Cloud will now scan and report vulnerabilities for each installed Python version on a host. + +|*CWP-59654* + +tt:[Secure the Runtime] + +tt:[Fixed in 33.01.137] + +| *Support for Amazon Linux CVEs* + +Previously, Prisma Cloud reported several false positive vulnerabilities for Amazon Linux CVEs that were marked as "not affected" by Amazon. + +Prisma Cloud now fully supports CVEs classified as “not affected” by Amazon, improving the accuracy of vulnerability reporting for Amazon products and resolving the false positive issue. The supported Amazon Linux distributions include Amazon Linux, Amazon Linux 2, and Amazon Linux 2023. + +NOTE: Prisma Cloud does not support CVEs labeled as "pending fix" or "no fix planned," as Amazon does not provide the required package version details for precise CVE status reporting. + // CWP-61444 |tt:[Fixed in 33.00.169] diff --git a/docs/en/enterprise-edition/rn/prisma-cloud-release-info/features-introduced-in-2024/features-introduced-in-october-2024.adoc b/docs/en/enterprise-edition/rn/prisma-cloud-release-info/features-introduced-in-2024/features-introduced-in-october-2024.adoc index 747af11ee..ea5e8e1da 100644 --- a/docs/en/enterprise-edition/rn/prisma-cloud-release-info/features-introduced-in-2024/features-introduced-in-october-2024.adoc +++ b/docs/en/enterprise-edition/rn/prisma-cloud-release-info/features-introduced-in-2024/features-introduced-in-october-2024.adoc @@ -53,6 +53,66 @@ If you have any questions or feedback, contact your Prisma Cloud Customer Suppor |*Feature* |*Description* + +| *Multiple Intelligence Stream (IS) Builders for Compatibility across Console and Defender Versions* +// CWP-61917 + +tt:[Secure the Runtime] + +tt:[33.01.137] + +|Starting from this release, Prisma Cloud will introduce versioning for the Intelligence Stream (IS) to ensure compatibility across different Console and Defender versions. + +*Purpose of Intelligence Stream (IS) versioning* + +* *Maintain functionality for older Consoles and Defenders:* IS versioning ensures that older Consoles and Defenders continue to operate properly, even if they're unable to support the latest Intelligence feeds (for example, due to changes in external data feed formats). + +* *Reduce disruptions:* Versioning helps minimize disruptions caused by updates, such as changes in downloaded JSON file fields that could impact CVE accuracy or result in duplicate CVEs. + +// * *Provide flexibility:* The new versioning system allows customers to upgrade their Console and Defender versions independently, without being forced to update both at the same time. + +*Impact on Prisma Cloud Customers* + +* *Enterprise Edition (SaaS) customers:* Aren't affected as they always have the latest Console version. + +* *Compute Edition (self-hosted) customers:* IS versions will be aligned with specific Console versions. For example, older 31.xx and 32.xx Consoles will be supported by the IS version released for Console 33.00. When customers upgrade to the latest Console version, they will receive the most recent IS updates. + +*Vulnerability Reporting Consistency* + +* *New Intelligence Stream (IS) logic updates:* These updates will only apply to the latest IS versions. + +* *Vulnerability data:* All IS versions will continue to provide up-to-date vulnerability information, and changes in IS logic or algorithms won't affect the vulnerability metrics and reporting in the Console. + + +| *Support for Deploying Defenders on Podman Containers* +// CWP-61840 + +tt:[Secure the Runtime] + +tt:[33.01.137] + +|Previously, Prisma Cloud supported scanning Podman images in the CI pipeline using _twistcli_. With this release, Prisma Cloud now also supports deploying Defenders on Podman containers, providing comprehensive visibility and protection for workloads running in Podman environments. + +This enhancement enables full protection for Podman containers, including continuous vulnerability scanning, compliance policy enforcement, and active runtime security monitoring. + + +|*SHA-256 Checksum for Defender Image Downloads* +// CWP-61241 + +tt:[Secure the Runtime] + +tt:[33.01.137] + +|Prisma Cloud now enables users to validate the integrity of Defender images downloaded from the Console using a SHA-256 checksum. + +Here is how you can access the feature: + +. In the Console, go to *Manage > System > Utilities*. The SHA-256 checksum is now available next to the downloadable Defender image. +. Click *Show Checksum* to view the checksum to verify the downloaded image. + +This feature ensures that Defender images are secure and protected from tampering. + + |*Prisma Cloud Copilot* //RLP-151264 From 8d2e55ec97feea365e0cda02f594532d93293dfd Mon Sep 17 00:00:00 2001 From: manukumar6 <108253187+manukumar6@users.noreply.github.com> Date: Mon, 7 Oct 2024 15:03:37 +0530 Subject: [PATCH 4/9] Corrected the order --- docs/en/compute-edition/33/rn/book.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/en/compute-edition/33/rn/book.yml b/docs/en/compute-edition/33/rn/book.yml index 9efe92e31..c907bc5f7 100644 --- a/docs/en/compute-edition/33/rn/book.yml +++ b/docs/en/compute-edition/33/rn/book.yml @@ -18,10 +18,10 @@ dir: release-information topics: - name: Prisma(TM) Cloud Compute Edition Release Information file: release-information.adoc + - name: 33.01 (Build 33.01.137) + file: release-notes-33-01.adoc - name: 33.00 (Build 33.00.169) file: release-notes-33-00.adoc - - name: 33.01 (Build 33.01.TBD) - file: release-notes-33-01.adoc - name: Fixed and Known Issues in 33.xx file: known-issues-33.adoc --- From 54d54d02ddbfccddee331ab7ef751871478851c2 Mon Sep 17 00:00:00 2001 From: manukumar6 <108253187+manukumar6@users.noreply.github.com> Date: Mon, 7 Oct 2024 15:11:44 +0530 Subject: [PATCH 5/9] Removed duplicate note --- .../33/rn/release-information/known-issues-33.adoc | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/docs/en/compute-edition/33/rn/release-information/known-issues-33.adoc b/docs/en/compute-edition/33/rn/release-information/known-issues-33.adoc index 6e40e6313..d3f0b27e7 100644 --- a/docs/en/compute-edition/33/rn/release-information/known-issues-33.adoc +++ b/docs/en/compute-edition/33/rn/release-information/known-issues-33.adoc @@ -13,17 +13,9 @@ The following table lists the fixed issues for 33.xx releases. tt:[Fixed in 33.01.137] -| *Fix binaries names* +| *Updating the list of binaries exposed to a vulnerability after rerunning a scan* -Fixed an issue, where the scan results displayed in the *Image details* dialog (*Monitor > Vulnerabilities* page, *Images* tab) did not display the binary packages impacted by a vulnerability. - -|*CWP-62084* - -tt:[Fixed in 33.01.137] - -| *Fix binaries names* - -Fixed an issue, where the scan results displayed in the *Image details* dialog (*Monitor > Vulnerabilities* page, *Images* tab) did not display the binary packages impacted by a vulnerability. +Rerunning a scan didn’t update the binary packages exposed to a vulnerability. This issue is fixed now. |*CWP-61947* From 8a833cd9227dca0b2ffbe11814aca3ce7278c35c Mon Sep 17 00:00:00 2001 From: Kamesh-PaloAlto <166385805+Kamesh-PaloAlto@users.noreply.github.com> Date: Mon, 7 Oct 2024 19:19:16 +0530 Subject: [PATCH 6/9] edited checksum blurb --- .../33/rn/release-information/release-notes-33-01.adoc | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/docs/en/compute-edition/33/rn/release-information/release-notes-33-01.adoc b/docs/en/compute-edition/33/rn/release-information/release-notes-33-01.adoc index 76442ff3a..528ed531d 100644 --- a/docs/en/compute-edition/33/rn/release-information/release-notes-33-01.adoc +++ b/docs/en/compute-edition/33/rn/release-information/release-notes-33-01.adoc @@ -110,11 +110,14 @@ This enhancement enables full protection for Podman containers, including contin ==== SHA-256 Checksum for Defender Image Downloads -Prisma Cloud now enables users to validate the integrity of Defender images downloaded from the Console using a SHA-256 checksum. +Prisma Cloud now enables users to validate the integrity of Defender images downloaded from the Console using a SHA-256 checksum, ensuring the downloaded image matches the server version. -Here is how you can access the feature: +To access the feature, do the following: + +. In the Console, go to *Manage > System > Utilities*. ++ +The SHA-256 checksum is available next to the downloadable Defender image. -. In the Console, go to *Manage > System > Utilities*. The SHA-256 checksum is now available next to the downloadable Defender image. . Click *Show Checksum* to view the checksum to verify the downloaded image. This feature ensures that Defender images are secure and protected from tampering. From 0c440d6c1a085fe2f1321e630a9b836a4f0be32b Mon Sep 17 00:00:00 2001 From: Kamesh-PaloAlto <166385805+Kamesh-PaloAlto@users.noreply.github.com> Date: Mon, 7 Oct 2024 20:03:53 +0530 Subject: [PATCH 7/9] Podman versions --- .../33/admin-guide/install/system-requirements.adoc | 7 ++++--- .../runtime-security/install/system-requirements.adoc | 6 +++--- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/docs/en/compute-edition/33/admin-guide/install/system-requirements.adoc b/docs/en/compute-edition/33/admin-guide/install/system-requirements.adoc index 949b99654..bfcb91996 100644 --- a/docs/en/compute-edition/33/admin-guide/install/system-requirements.adoc +++ b/docs/en/compute-edition/33/admin-guide/install/system-requirements.adoc @@ -211,11 +211,12 @@ Supported versions are listed in the <> section [#podman] === Podman -Podman is a daemon-less container engine for developing, managing, and running OCI containers on Linux. The twistcli tool can use the preinstalled Podman binary to scan CRI images. +Podman is a daemon-less container engine for developing, managing, and running OCI containers on Linux. -Podman v1.6.4, v3.4.2, v4.0.2 are supported. +The twistcli tool uses the pre-installed Podman binary to scan CRI images. The supported Podman versions are 1.6.4, 3.4.2, and 4.0.2. + +Prisma Cloud also supports deploying Defenders on Podman containers. Podman version 4.9 is the supported version for this feature. -*Note:* Defender installation is not supported on Podman hosts. [#helm] === Helm diff --git a/docs/en/enterprise-edition/content-collections/runtime-security/install/system-requirements.adoc b/docs/en/enterprise-edition/content-collections/runtime-security/install/system-requirements.adoc index 3ba65ef41..9c0ef9189 100644 --- a/docs/en/enterprise-edition/content-collections/runtime-security/install/system-requirements.adoc +++ b/docs/en/enterprise-edition/content-collections/runtime-security/install/system-requirements.adoc @@ -165,11 +165,11 @@ Supported versions are listed in the <> section [#podman] === Podman -Podman is a daemon-less container engine for developing, managing, and running OCI containers on Linux. The twistcli tool can use the preinstalled Podman binary to scan CRI images. +Podman is a daemon-less container engine for developing, managing, and running OCI containers on Linux. -Podman v1.6.4, v3.4.2, v4.0.2 are supported. +The twistcli tool uses the pre-installed Podman binary to scan CRI images. The supported Podman versions are 1.6.4, 3.4.2, and 4.0.2. -*Note:* Defender installation is not supported on Podman hosts. +Prisma Cloud also supports deploying Defenders on Podman containers. Podman version 4.9 is the supported version for this feature. [#helm] === Helm From 3f606c7cbeb9beccda0ed240b5b1003727775b4a Mon Sep 17 00:00:00 2001 From: Kamesh-PaloAlto <166385805+Kamesh-PaloAlto@users.noreply.github.com> Date: Mon, 7 Oct 2024 21:43:47 +0530 Subject: [PATCH 8/9] updated Podman blurb --- .../release-notes-33-01.adoc | 11 +++++++++- .../features-introduced-in-october-2024.adoc | 20 +++++++++++++++---- 2 files changed, 26 insertions(+), 5 deletions(-) diff --git a/docs/en/compute-edition/33/rn/release-information/release-notes-33-01.adoc b/docs/en/compute-edition/33/rn/release-information/release-notes-33-01.adoc index 528ed531d..af0413a51 100644 --- a/docs/en/compute-edition/33/rn/release-information/release-notes-33-01.adoc +++ b/docs/en/compute-edition/33/rn/release-information/release-notes-33-01.adoc @@ -101,10 +101,19 @@ Starting from this release, Prisma Cloud will introduce versioning for the Intel ==== Podman -Previously, Prisma Cloud supported scanning Podman images in the CI pipeline using _twistcli_. With this release, Prisma Cloud now also supports deploying Defenders on Podman containers, providing comprehensive visibility and protection for workloads running in Podman environments. +Previously, Prisma Cloud supported scanning Podman images in the CI pipeline using _twistcli_. With this release, Prisma Cloud now supports deploying Defenders on Podman containers, providing comprehensive visibility and protection for workloads running in Podman environments. This enhancement enables full protection for Podman containers, including continuous vulnerability scanning, compliance policy enforcement, and active runtime security monitoring. +To deploy a Linux Container Defender on Podman, navigate to *Manage* > *Defenders* > *Manual Deploy* > *Single Defender*. Select *Container Defender - Linux* as Defender Type. In the *Container Runtime Type* field, select *Podman* (the default is Docker). + +If you select Podman, the installation script automatically includes the `--install-podman` argument. + +If your Podman environment uses a custom runtime socket path, you can specify it using the `--podman-socket` argument. + +For example, to use Podman with a custom runtime socket path, the installation command would be: + +`curl -sSL --header "#########" -X POST /api/v1/scripts/defender.sh \| sudo bash -s -- -c "stage-consoles-cwp.cloud.twistlock.com" -v --install-podman --podman-socket ""` // CWP-61241 diff --git a/docs/en/enterprise-edition/rn/prisma-cloud-release-info/features-introduced-in-2024/features-introduced-in-october-2024.adoc b/docs/en/enterprise-edition/rn/prisma-cloud-release-info/features-introduced-in-2024/features-introduced-in-october-2024.adoc index ea5e8e1da..1044ad14a 100644 --- a/docs/en/enterprise-edition/rn/prisma-cloud-release-info/features-introduced-in-2024/features-introduced-in-october-2024.adoc +++ b/docs/en/enterprise-edition/rn/prisma-cloud-release-info/features-introduced-in-2024/features-introduced-in-october-2024.adoc @@ -91,10 +91,19 @@ tt:[Secure the Runtime] tt:[33.01.137] -|Previously, Prisma Cloud supported scanning Podman images in the CI pipeline using _twistcli_. With this release, Prisma Cloud now also supports deploying Defenders on Podman containers, providing comprehensive visibility and protection for workloads running in Podman environments. +|Previously, Prisma Cloud supported scanning Podman images in the CI pipeline using _twistcli_. With this release, Prisma Cloud now supports deploying Defenders on Podman containers, providing comprehensive visibility and protection for workloads running in Podman environments. This enhancement enables full protection for Podman containers, including continuous vulnerability scanning, compliance policy enforcement, and active runtime security monitoring. +To deploy a Linux Container Defender on Podman, navigate to *Manage* > *Defenders* > *Manual Deploy* > *Single Defender*. Select *Container Defender - Linux* as Defender Type. In the *Container Runtime Type* field, select *Podman* (the default is Docker). + +If you select Podman, the installation script automatically includes the `--install-podman` argument. + +If your Podman environment uses a custom runtime socket path, you can specify it using the `--podman-socket` argument. + +For example, to use Podman with a custom runtime socket path, the installation command would be: + +`curl -sSL --header "#########" -X POST /api/v1/scripts/defender.sh \| sudo bash -s -- -c "stage-consoles-cwp.cloud.twistlock.com" -v --install-podman --podman-socket ""` |*SHA-256 Checksum for Defender Image Downloads* // CWP-61241 @@ -103,11 +112,14 @@ tt:[Secure the Runtime] tt:[33.01.137] -|Prisma Cloud now enables users to validate the integrity of Defender images downloaded from the Console using a SHA-256 checksum. +|Prisma Cloud now enables users to validate the integrity of Defender images downloaded from the Console using a SHA-256 checksum, ensuring the downloaded image matches the server version. + +To access the feature, do the following: -Here is how you can access the feature: +. In the Console, go to *Manage > System > Utilities*. ++ +The SHA-256 checksum is available next to the downloadable Defender image. -. In the Console, go to *Manage > System > Utilities*. The SHA-256 checksum is now available next to the downloadable Defender image. . Click *Show Checksum* to view the checksum to verify the downloaded image. This feature ensures that Defender images are secure and protected from tampering. From f01ffb307e7e681f4d337745cc4e9a0377411a6e Mon Sep 17 00:00:00 2001 From: Kamesh-PaloAlto <166385805+Kamesh-PaloAlto@users.noreply.github.com> Date: Mon, 7 Oct 2024 21:54:37 +0530 Subject: [PATCH 9/9] removed orphan CVE coverage --- .../33/rn/release-information/release-notes-33-01.adoc | 6 +++--- .../features-introduced-in-september-2024.adoc | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/en/compute-edition/33/rn/release-information/release-notes-33-01.adoc b/docs/en/compute-edition/33/rn/release-information/release-notes-33-01.adoc index af0413a51..bcffdbc7e 100644 --- a/docs/en/compute-edition/33/rn/release-information/release-notes-33-01.adoc +++ b/docs/en/compute-edition/33/rn/release-information/release-notes-33-01.adoc @@ -70,15 +70,15 @@ Although the support lifecycle remains unchanged, starting from version 33.xx, P For example, with the current version at 33.xx, API calls and Defenders from version 30.xx will be allowed. However, support and complete backward compatibility is guaranteed for the 32.xx and 31.xx releases. -[#cve-coverage-update] -=== CVE Coverage Update +//[#cve-coverage-update] +//=== CVE Coverage Update [#enhancements] === Enhancements // CWP-61917 -==== Multiple Intelligence builders (IS versioning) +==== Multiple Intelligence Stream (IS) Builders for Compatibility across Console and Defender Versions Starting from this release, Prisma Cloud will introduce versioning for the Intelligence Stream (IS) to ensure compatibility across different Console and Defender versions. diff --git a/docs/en/enterprise-edition/rn/prisma-cloud-release-info/features-introduced-in-2024/features-introduced-in-september-2024.adoc b/docs/en/enterprise-edition/rn/prisma-cloud-release-info/features-introduced-in-2024/features-introduced-in-september-2024.adoc index a7668a46b..92b6a00f0 100644 --- a/docs/en/enterprise-edition/rn/prisma-cloud-release-info/features-introduced-in-2024/features-introduced-in-september-2024.adoc +++ b/docs/en/enterprise-edition/rn/prisma-cloud-release-info/features-introduced-in-2024/features-introduced-in-september-2024.adoc @@ -127,7 +127,7 @@ This means that the number of vulnerabilities with the same CVE ID will be reduc *Console Memory Usage in the 33.XX release*: For on-premise users upgrading to the latest Console, the Console memory requirement is 8 GB. This requirement is only for the self-hosted editions. -For a more detailed explanation of this transition, see the https://main%2D%2Dprisma-cloud-docs-website%2D%2Dhlxsites.hlx.live/en/compute-edition/assets/pdf/lookahead-transition-to-vex-format.pdf[Transition from Oval to VEX Files] document. +For a more detailed explanation of this transition, see the https://main%2D%2Dprisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/pdf/lookahead-transition-to-vex-format.pdf[Transition from Oval to VEX Files] document. For details on how CVEs are reported in the new VEX format as compared to the OVAL format, see https://main\%2D%2Dprisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/pdf/oval-vex-cves-comparison.pdf[CVEs Comparison between Oval and VEX]. If you have any concerns or need additional information about this transition, contact support@paloaltonetworks.com.