22.12 Update 3 Release Notes

The following table provides the release details:
Lagrange, 22.12 Update 3
Release date
Mar 12, 2023
Maintenance release
SHA-256 digest
Review the system requirements to learn more details about the supported operating systems, hypervisors, runtimes, tools, and orchestrators.

Upgrade Path to 22.12.694

If you are running a Prisma Cloud console version 22.06 or earlier, you must first upgrade the console to 22.12.585 and then to 22.12.694.

CVE Coverage Update

  • Fixed CVE-2023-25173 and CVE-2023-25153 (Severity - Moderate): the containerd package is used in the Prisma Cloud Defender and for Agentless Scanning. To address the vulnerability, upgrade to containerd version v1.6.18 or v1.5.18 as needed.
  • Fixed CVE-2022-1996 (Severity - Critical) is included in the Intelligence Stream feed. The Go-Restful package is a transitive dependency that is pulled with k8s.io/client-go and k8s.io/kube-openapi and is not being used directly in the Compute Defender and Console, thus it is suppressed.


  • Defender Upgrade All Improvements- When you select to Upgrade all Defenders (
    Manage > Defenders > Deployed Defenders
    ), you can only upgrade the Defenders that are eligible for the upgrade and for which you have the permission to upgrade, based on the collections that are assigned to your Prisma Cloud role. A confirmation dialog displays to confirm the upgrade. This change applies to upgrades for Host and Single Container Defenders on Linux and Windows.
  • Improved testing to support the automatic updates of GKE Autopilot clusters. The latest three Prisma Cloud releases are tested daily using the latest GKE Autopilot version for continued support.
  • Added support to scan images and containers running on cloud hosts in the supported Oracle Cloud environments.

Addressed Issues

  • Fixed an issue where only the numeric part of the JAR version was detected in scans, making it impossible to distinguish between versions with non-numeric qualifiers. To avoid false positives for JAR files, upgrade your Defenders to Lagrange update 3 and rescan to see the accurate results.
  • The count of events for WAAS agentless did not correspond to the actual number of attack requests sent, this is now fixed.
  • Fixed an API Discovery issue where API endpoints discovered on app-embedded deployments were missing workload value and were showing zero vulnerabilities when the protected workload had vulnerabilities.
  • On upgrading from 22.06 to 22.12.415, the compliance policy rules configured to "Block" effect fail the creation and edition of policies. This issue is fixed in 22.12.694, the "Block" effect for these compliance policies is disabled and set to "Alert" effect under
    Defend > Compliance > Containers and images > Deployed > Add rule

Breaking Change

On upgrading to 22.12.694, the Out-of-Band events are only supported if you first upgrade the Console to 22.12.585 and then upgrade to 22.12.694.

End of Support Notifications

There are no end of support notifications for this update.

Recommended For You