22.01 Update 2 Release Notes

The following table outlines the release particulars:
Code name
Joule, 22.01 Update 2
Release date
March 27, 2022
Maintenance release
SHA-256 digest

Improvements, fixes, and performance enhancements

  • Adds a published date for vulnerabilities with the PRISMA-* identifier. With this fix, grace periods in vulnerability policies now work properly for PRISMA-* vulnerabilties.
  • Adds for support for AKS 1.22.6 for Linux and Windows with containerd.
  • Fixes an issue with code repo scanning when the policy specifies that Prisma Cloud should create pull requests with fixes. Previously, a new branch with the fixes was created, but no pull request was created, and a comment meant for the Prisma Cloud PR was added to a different, pre-existing, unrelated (wrong) PR. Now PRs are properly created.
  • Fixes a regression where the scan results returned from running twistcli with the --containerized option crashed the Console UI.
  • Fixes an issue with the autocomplete mechanism for input fields in the Console UI when there is a large amount of data.
  • Signs the Prisma Cloud Compute Host Defender binary for Windows so that it isn’t quarantined by Microsoft Defender.
  • [SaaS] Fixes a navigation issue in the SaaS Console, where system admins, who have access to all Compute Console pages, are initially redirected to the
    Radars > Containers
    page with an "Invalid path" error when navigating to a page in Compute Console from a page outside Compute Console.
  • Fixes an issue in Cloud Discovery where the results returned in the Console UI were just HTTP 429 rate limit error messages.
  • Fixes an issue where a reverse shell attack wasn’t properly identified on Alpine Linux.
  • Fixes an issue where Red Hat Enterprise Linux (RHEL) packages were incorrectly reported as vulnerable (for example, libxml2-python 2.9.1-6.el7_9.6).
  • Updates how the Prisma Cloud Compute scanning process impacts artifact metadata in JFrog Artifactory. The scanning process no longer updates the
    Last Downloaded
    date for all manifest files of all the images in the registry.
    Last Downloaded
    date of the manifest files of the images that are eventually pulled for scanning, based on your registry scan policy, will be updated. The scan process first evaluates which images to scan by retrieving all manifest files for all images. In this phase of the scan, the
    Last Downloaded
    date will no longer be impacted. In the next phase, where Prisma Cloud actually pulls an image to be scanned, the manifest file’s
    Last Downloaded
    date will be updated. Often, the number of images scanned will be a subset of all images in the registry, but that’s based on your scan policy.
    Just because an image has been selected for scanning, doesn’t mean that it will actually be pulled. If an image’s hash hasn’t changed, it won’t be pulled for scanning, so the
    Last Downloaded
    date will be unchanged.
    As part of the process for evaluating which images should be scanned, in addition to reviewing the manifest files, Prisma Cloud also examines the actual images. As part of examining the image files, the
    Last Downloaded
    date for these images files is updated. In the next release of Prisma Cloud, this will be fixed so that the
    Last Downloaded
    date won’t change unless the image is actually pulled and scanned.
    This new capability is supported on JFrog Artifactory 7.21.3 and later. When configuring Prisma Cloud registry settings, version must be set to
    JFrog Artifactory
    . This capability isn’t supported when version is set to
    Docker v2
  • Fixes an issue with runtime protection where audits and incidents were raised even when the events occurred in whitelisted file system paths.
  • Updates open source packages used in Prisma Cloud Compute.

Known issues

  • When Defender is installed on Windows hosts in AWS, and Prisma Cloud Compute Cloud Discovery is configured to scan your environment for protected hosts, the Windows hosts running Defender are reported as unprotected.
  • For JFrog registries configured with the Sub Domain Docker Access Method, image scans fail for Defenders upgraded to Joule update 2.
    If you are using the Sub Domain Docker Access Method for JFrog registry scanning, do not to upgrade Defenders that perform registry scanning using this method to Joule update 2, which is version 22.01.880. This issue is being worked on and will be addressed in an upcoming release.

Recommended For You