21.08 Update 1 Release Notes

The following table outlines the release particulars:
Code name
Iverson, 21.08 update 1
Release date
October 18, 2021
Maintenance release
SHA-256 digest

Improvements, fixes, and performance enhancements

  • Adds support for OpenShift 4.8.
  • Creates new permissions for the image analysis sandbox that lets users analyze images and read results. By default, these permissions are assigned to Admins and Operators. In this update, the permission is also now assigned to DevOps Users, so that you don’t have to grant privileged roles (Admin, Operator) for users that need to work with image sandbox analysis. Auditor and DevSecOps roles will get read-only access to review results only. For SaaS customers, use the Prisma Cloud permission group that maps to the DevOps role in Compute to grant access to use the image analysis sandbox.
  • Fixes an issue where Defender can’t be installed on K3S because it cannot find the containerd socket path.
  • Fixes false positives for Java vulnerabilities.
  • Handles errors gracefully when compiling Rego scripts for admission control (Open Policy Agent) feature.
  • Adds support for Podman 1.6.4 on RHEL7.
  • Emits the following info to syslog for each vulnerability found in CI scans when verbose scans are enabled:
    • Path to the vulnerable package.
    • Layer time and instruction for the layer that contains the vulnerability.
  • [WAAS] Updates WAAS certificate management to alert users about TLS certificate expiration 30 days in advance, rather than 7 days.
  • [WAAS] Fixes false positives in WAAS app firewall protections.
  • [WAAS] Lets you individually configure the SameSite and Secure attributes for Prisma Cloud session cookies.
  • [SaaS] Adds search to the integrations drop-down. Integrations are specified when setting up Compute alerts.
  • Fixes UI strings.
  • Validates support for Istio 1.11. Istio 1.11 is supported on all 21.08 releases.

Known issues

  • [SaaS] Auto-deploy for Host Defender on GCP fails with an authorization error. This issue is limited to SaaS only. Compute Edition (self-hosted) isn’t impacted.
  • When triggering custom file system rules that use the new file.md5 attribute on systems with 21.04-based Container Defenders or Host Defenders, none of the r ule’s actions fire (i.e., audit/incident/prevent/block). An error is printed to the Defender log when the md5 attribute is used in a custom rule’s message, but no error, and no audit, is printed when the md5 attribute is used in the custom rule’s condition. The file.md5 attribute was added to Prisma Cloud Compute in 21.08.

Recommended For You