22.06 Update 1 Release Notes

The following table provides the release details:
Kepler, 22.06 Update 1
Release date
Jul 27, 2022
Maintenance release
SHA-256 digest

Improvements, Fixes, and Performance Enhancements

  • Added support for more orchestrators:
    • Google Kubernetes Engine (GKE) version 1.23.7 with containerd version 1.5.11
    • GKE version 1.24.1 running on ARM64 architecture. For the full announcement, refer to our blog.
    • VMware Tanzu Kubernetes Grid Integrated (TKGI) version 1.14
    • VMware Tanzu Kubernetes Grid Multicloud (TKGM) version 1.5.1 on Photon 3 and Ubuntu 20.04.03 LTS
  • Fixed the broken pipe error that occured while downloading a large image CSV for secondary consoles when using Projects. The error was fixed by extending the HTTP client timeout value.
  • Fixed the welcome tour screen for new users who don’t have an administrator role.
  • Fixed an issue wherein the Defenders blocked application deployments on SELinux due to incorrect SELinux labeling on proxy runc. The issue was fixed by applying the original runc’s SELinux label to the created runc proxy binary.
  • Fixed the validity period error of self-signed certificates. The limit of 365 has been waved off and the value can now be a whole number greater than or equal to 1.
  • Fixed an issue where a Defender scanning a non-docker (CRI-O) registry incorrectly reported all custom compliance checks as passed.
  • Fixed error that overwrote the communication port after upgrading a Defender with a custom port from the Prisma Cloud Console UI.
  • Fixed an issue that showed different fixes for the same CVE on a single image. Each CVE vulnerability is consolidated and grouped according to OS version for each image and package.
  • Fixed issue with missing runc path in TKGI with containerd. Specify a custom container runtime socket path when deploying Defenders on TKGI with containerd.
  • Fixed issue with the scanned images filter. With this fix, the filter lists all the tags when multiple images have the same digest.
  • Fixed an issue of duplicate or missing system rules for WAAS.
  • Fixed an issue of unprotected web apps and APIs missing from the report (Monitor > WAAS > Unprotected Web Apps and APIs).
  • Fixed an issue where XSS is not detected due to query key/value parsing.

Known Issues

  • Defenders are not accepting the self-signed proxy certificate configured for TLS intercept proxies.
    : Ensure the following conditions are met to workaround the issue.
    • Your proxy trusts the Prisma Cloud Console Certificate Authority (CA).
    • Your proxy uses the client certificate of the Defender when the proxy sends requests from the Defender to the console.
    • You obtained the certificates of the Defender and the Prisma Cloud Console CA. Use the /api/v1/certs/server-certs.sh API to obtain the needed files:
    • You obtained the password for the client key of the Defender using the api/v1/certs/service-parameter API.

End of Support Notifications

  • Debian 9 (Stretch) has reached End of Life (EOL), and users of Debian 9 will not receive any CVE security vulnerabilities from the Intelligence Stream feed associated with this OS version.

Recommended For You