From 105c3cedce699d810a391cadc65a97594d23c92c Mon Sep 17 00:00:00 2001 From: smitapaloalto <156162707+smitapaloalto@users.noreply.github.com> Date: Mon, 14 Oct 2024 07:04:54 +0530 Subject: [PATCH 1/3] release-notes-link --- .../33/admin-guide/welcome/security-assurance-policy.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/en/compute-edition/33/admin-guide/welcome/security-assurance-policy.adoc b/docs/en/compute-edition/33/admin-guide/welcome/security-assurance-policy.adoc index f8d5de4f7..93ca72eaa 100644 --- a/docs/en/compute-edition/33/admin-guide/welcome/security-assurance-policy.adoc +++ b/docs/en/compute-edition/33/admin-guide/welcome/security-assurance-policy.adoc @@ -26,7 +26,7 @@ New releases of Prisma Cloud Compute are signed off with up-to-date dependencies ==== Vulnerabilities Not Analyzed * Any vulnerability with severity lower than high that does not have an existing fix. -* Any vulnerability with severity low; this includes vulnerabilties that the vendor will not fix as they are considered as having negligible impact. +* Any vulnerability with severity low; this includes vulnerabilities that the vendor will not fix as they are considered as having negligible impact. ==== Exceptions We also review vulnerabilities of any other severity when there is a known exploit or proof-of-concept that is affects Prisma Cloud Compute. @@ -50,7 +50,7 @@ If security fixes are released, you may be required to upgrade either or both th For the full details of which vulnerabilities were fixed in a release, refer to the ifdef::compute_edition[] -https://docs.paloaltonetworks.com/prisma/prisma-cloud/22-01/prisma-cloud-compute-edition-release-notes/release-information.html[release notes]. +xref: ../../../../rn/release-information/release-information.adoc[release notes]. endif::compute_edition[] ifdef::prisma_cloud[] From a05bd0577814bb3e629bddf75692f79d4227d814 Mon Sep 17 00:00:00 2001 From: smitapaloalto <156162707+smitapaloalto@users.noreply.github.com> Date: Mon, 14 Oct 2024 07:18:51 +0530 Subject: [PATCH 2/3] Update security-assurance-policy.adoc --- .../welcome/security-assurance-policy.adoc | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/docs/en/compute-edition/33/admin-guide/welcome/security-assurance-policy.adoc b/docs/en/compute-edition/33/admin-guide/welcome/security-assurance-policy.adoc index 5195721a4..504426d71 100644 --- a/docs/en/compute-edition/33/admin-guide/welcome/security-assurance-policy.adoc +++ b/docs/en/compute-edition/33/admin-guide/welcome/security-assurance-policy.adoc @@ -2,7 +2,7 @@ Prisma Cloud adheres to the guidelines outlined in the https://www.paloaltonetworks.com/product-security-assurance[Palo Alto Networks Product Security Assurance Policy]. -In accordance with this policy, Prisma Cloud Compute may have security releases outside of the regular release schedule. +Per this policy, Prisma Cloud Compute may have security releases outside of the regular release schedule. Security releases are used for the sole purpose of remediating vulnerabilities that affect Prisma Cloud Compute, whether in its codebase or its dependencies. @@ -25,24 +25,24 @@ New releases of Prisma Cloud Compute are signed off with up-to-date dependencies * Any vulnerability with moderate severity when a fix is available. ==== Vulnerabilities Not Analyzed -* Any vulnerability with severity lower than high that does not have an existing fix. +* Any vulnerability with a severity lower than high that does not have an existing fix. * Any vulnerability with severity low; this includes vulnerabilities that the vendor will not fix as they are considered as having negligible impact. ==== Exceptions -We also review vulnerabilities of any other severity when there is a known exploit or proof-of-concept that is affects Prisma Cloud Compute. -Including product vulnerabilities identified during development, reported by customers or third-party researchers. +We also review vulnerabilities of any other severity when there is a known exploit or proof-of-concept that affects Prisma Cloud Compute. +Including product vulnerabilities identified during development, and reported by customers or third-party researchers. To report a vulnerability in Prisma Cloud Compute, submit the vulnerability details to our https://www.paloaltonetworks.com/product-security-assurance[PSIRT] team. ==== Frequently Asked Questions * Which Prisma Cloud Compute releases receive security updates? -Prisma Cloud has an 'n-2' support policy that means the current release ('n') and the previous two releases ('n-1' and 'n-2') receive support. Security fixes will be backported only for supported releases. End of Life (EOL) releases will not receive security fixes. +Prisma Cloud has an 'n-2' support policy which means the current release ('n') and the previous two releases ('n-1' and 'n-2') receive support. Security fixes will be backported only for supported releases. End of Life (EOL) releases will not receive security fixes. For more information, see xref:../welcome/support-lifecycle.adoc[support lifecycle]. *Are security fixes provided for both Prisma Cloud Enterprise and Compute editions?* -Yes, security vulnerabilities are addressed in both the editions. +Yes, security vulnerabilities are addressed in both editions. *Do I have to upgrade my console/defender to get security updates?* @@ -51,7 +51,7 @@ If security fixes are released, you may be required to upgrade either or both th For the full details of which vulnerabilities were fixed in a release, refer to the ifdef::compute_edition[] -xref: ../../../../rn/release-information/release-information.adoc[release notes]. +xref:../../rn/release-information/release-information.adoc[release notes]. endif::compute_edition[] ifdef::prisma_cloud[] @@ -60,7 +60,7 @@ endif::prisma_cloud[] *What is the minimum severity for vulnerabilities to warrant a security release?* -See triage criteria above. +See the triage criteria above. *What is the frequency of security releases for Prisma Cloud Compute?* @@ -74,4 +74,4 @@ For known vulnerabilities that are assigned a https://www.cve.org/About/Overview For zero-days or undocumented vulnerabilities (such as PRISMA-IDs), we rely on severity determined by our researchers. *A new vulnerability is affecting Prisma Cloud Compute, but a security release was not issued.* -If the vulnerability affects the latest release, meets the criteria for a security release outlined above, but it has not yet been addressed: please report it through to https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClNSCA0[Palo Alto Networks Support] or to https://www.paloaltonetworks.com/product-security-assurance[PSIRT]. +If the vulnerability affects the latest release, meets the criteria for a security release outlined above, but has not yet been addressed, report it to https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClNSCA0[Palo Alto Networks Support] or to https://www.paloaltonetworks.com/product-security-assurance[PSIRT]. From 01fc487d9743a98d56ed79fbb6c1adeb1bf283b6 Mon Sep 17 00:00:00 2001 From: smitapaloalto <156162707+smitapaloalto@users.noreply.github.com> Date: Mon, 14 Oct 2024 07:26:41 +0530 Subject: [PATCH 3/3] Update security-assurance-policy.adoc --- .../admin-guide/welcome/security-assurance-policy.adoc | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/docs/en/compute-edition/33/admin-guide/welcome/security-assurance-policy.adoc b/docs/en/compute-edition/33/admin-guide/welcome/security-assurance-policy.adoc index 504426d71..26e1c2af5 100644 --- a/docs/en/compute-edition/33/admin-guide/welcome/security-assurance-policy.adoc +++ b/docs/en/compute-edition/33/admin-guide/welcome/security-assurance-policy.adoc @@ -48,15 +48,7 @@ Yes, security vulnerabilities are addressed in both editions. If security fixes are released, you may be required to upgrade either or both the Console and Defender. We recommend that all security releases are adopted immediately. -For the full details of which vulnerabilities were fixed in a release, refer to the - -ifdef::compute_edition[] -xref:../../rn/release-information/release-information.adoc[release notes]. -endif::compute_edition[] - -ifdef::prisma_cloud[] -https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-release-notes/prisma-cloud-compute-release-information.html[release notes]. -endif::prisma_cloud[] +For the full details of which vulnerabilities were fixed in a release, refer to the xref:../../rn/release-information/release-information.adoc[release notes]. *What is the minimum severity for vulnerabilities to warrant a security release?*