1. Home
    2. Prisma
    3. Prisma Cloud
    4. Prisma Cloud Compute Edition Release Notes
    5. Prisma Cloud Compute Edition Release Information
    6. 22.12 Update 2 Release Notes

    22.12 Update 2 Release Notes

    The following table provides the release details:
    Build
    22.12.582
    Codename
    Lagrange, 22.12 Update 2
    Release date
    Feb 15, 2023
    Type
    Maintenance release
    SHA-256 digest
    6264e68c74512e2beea032cdfcc59138fe12ff9f4540e8d38f8d9eccfe62e4c5
    Review the system requirements to learn more details about the supported operating systems, hypervisors, runtimes, tools, and orchestrators.

    CVE Coverage Update

    • Fixed CVE-2022-41717 and CVE-2022-27664: Updated the golang.org/x/net Go module to v0.5.0. WAAS deployments were affected if you have a HTTP2 applications and have deployed WAAS to inspect HTTP2 traffic. Upgrade your Prisma Cloud console and deployed Defenders if you use WAAS to inspect HTTP2 traffic.
    • Fixed CVE-2023-0247: Updated the bits-and-blooms/bloom Go module to v3.3.1.
    • CVE-2022-41721 is included in the Intelligence Stream feed. Prisma Cloud doesn’t use MaxBytesHandler and this vulnerability doesn’t impact Prisma Cloud components. You can continue to run any of the supported Prisma Cloud releases without risk from this vulnerability. To remove the vulnerability alert, upgrade to the latest 22.12 release. If you are not ready to upgrade right away, add an exception in the default
      Ignore Twistlock Components
       rule. Go to
      Defend > Vulnerabilities > Images > Deployed
       to add the exception to suppress the vulnerability alerts for CVE-2022-41721.
    • CVE-2022-1996 is included in the Intelligence Stream feed. The Go-Restful package is a transitive dependency that is pulled with k8s.io/client-go and k8s.io/kube-openapi and is not being used directly in the Compute Defender and Console, thus it is suppressed.
    • The ubi-minimal base image’s packages are updated to the latest.

    Enhancements

    • Added support for cgroupv2:
      • Scans
        :
        • Full support for cgroup v1 and cgroup v2.
        • Hybrid mode not supported: this will not fail the scan, but the scan will run without the process limitation protection.
      • WAAS
        :
        • In-Line firewall:
          • Full support for cgroup v1 and cgroup v2.
          • Hybrid mode: partially supported. It is supported if the memory and CPU controllers are both under the legacy hierarchy (v1). Otherwise, the firewall will fail.
        • Out-Of-Band firewall:
          • Only cgroup v1 is fully supported.
          • Cgroup v2: not supported. The firewall will run but the memory limit of the defender’s cgroup will not be increased.
          • Hybrid mode: partially supported. Same as WAAS In-Line.
      • Console deployment
        :
        • Not supported in cgroup v2. The console can run on cgroup v2, but the stat periodic process will fail to run and will log an error to the console log.
      • cgroup v2 is not supported for Talos and other Operating Systems, as both don’t have Systemd.
    • Added support for Oracle Enterprise Linux (OEL) 8 and 9. You can now run Defenders on OEL 8 and 9 hosts. Prisma Cloud now also protects OEL containers and images.
    • Added support for Red Hat Enterprise Linux 9 on X86 architecture. You can now run Defenders on RHEL 9 hosts. Prisma Cloud now also protects RHEL 9 containers and images.
    • Added support for Rocky Linux 8 and 9. You can now run Defenders on hosts running Rocky Linux 8 and 9. Prisma Cloud now also protects Rocky Linux containers and images.
    • Added support for Windows Server 2022.
      • Container Defenders support the following features for Windows Server 2022.
        • Windows compliance scans
        • Vulnerability scans
        • Registry scans
        • Runtime scans
        • CNNS
        • Windows metadata scans in Alibaba, AWS, Azure, and GCP
      • Host Defenders support the following features for Windows Server 2022.
        • Windows compliance scans
        • Vulnerability scans
        • WAAS scans
        • Windows metadata scans in Alibaba, AWS, Azure, and GCP
    • Registry scan logs (
      Manage > Logs > Console
      ) now include information about registry scans that failed if there is no Defender available to scan the registry.
    • Add log when package manager files are missing in the scan
    Added a log in cases when during image scan, the package manager folders required for the scan (e.g, /var/lib/dpkg) don’t exist. The log will appear either in the Defender logs or twistcli stdout. In these cases, the scan might end with 0 vulnerabilities for this image.
    • Added support for custom tagging agentless scanners and resources created within your accounts. You can specify up to ten tags as a part of the advanced agentless configuration. These tags are added to any previously existing resource tags.
    • Introduced a new column
      Last changed
       to API Discovery with the date of the latest change to the API. The discovered API
      Change history
       log is shown in the details pane.

    Addressed Issues

    • Fixed crypto miner check issue that adversely impacted the performance of the host runtime protection and of the host. Enable this check to get alerts when crypto miners are created or executed in your deployment. You can prevent their execution by setting the
      Effect
       to
      Prevent
       in your runtime rules.
    • Fixed an issue in grouping the columns under
      Monitor > Events
      . The events grouped by any field now display relevant results.
    • Fixed an issue where adding or updating collections in large deployments took a significant amount of time to show in Prisma Cloud.
    • Fixed an issue where the
      Refresh
       action on the Vulnerability Explorer page/API failed in cases where some images in the environment had a large number of containers running (~10-20K containers per image).
    • Fixed an issue for App-Embedded WAAS events. To add an exception directly from an event, you can now use the
      Add as exception
       button.
    • Fixed an issue where the Prisma Cloud console displayed an expired certificate warning for Defenders even if the certificate was not in use. Now there is no incorrect warning displayed.
    • Fixed an issue wherein the registry scan stops when there is no running Defender found in one of the registry’s pre-defined scopes. The scan will continue, and the skipped registry will be re-scanned once a running defender is found for the registry’s scope.
    • Fixed a Definition Scan API error that happened when trying to display non-printable characters in the code editor.
    • Fixed an issue on Tanzu Application Services Windows apps where scanner containers were not removed if there was an error during download or upload of the app’s droplet.

    End of Support Notifications

    There are no end of support notifications for this update.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2023 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo