1. Overview

To receive email notifications about Prisma Cloud Compute’s maintenance schedules and upgrade notifications, subscribe to Palo Alto Networks status page for Prisma Cloud service: https://status.paloaltonetworks.com/

1.1. Console

Palo Alto Networks periodically upgrades your Prisma Cloud Compute Console. Detailed upgrade plan for each release will be published here: https://docs.twistlock.com/docs/enterprise_edition/welcome/announcements.html Ensure that you have read through all 'Breaking Changes' in release notes for each major release, for any action items from the users.

The currently installed version of Console is displayed in the bell menu.

upgrade compute version

1.2. Prisma Cloud Compute components

The versions of all deployed components should match exactly. To support the SaaS upgrade process, older versions of Prisma Cloud Compute components can continue to interoperate with newer versions of Console in a limited way. Plan to upgrade all Prisma Cloud Compute components as soon as possible.

After you upgrade Console, upgrade the following components:

1.2.1. Defenders

Console will automatically upgrade most Defender types for you. If Console fails to upgrade one or more Defenders, you will see error messages under Manage > Defenders > Manage tab. If you’ve created an alert for Defender health events, Console emits a message on the alert channel for any Defender it fails to upgrade. Please contact our support for assistance.

  • Auto-Upgrade Defenders

The following table shows the Defender types that will be auto-upgraded by Console. Incompatible Defenders can cause severe service disruptions such as, disconnection from upgraded Console, frozen runtime security of the environment (as new policies can’t be applied), defender container panics, excessive alerts on Console etc. The Defender auto-upgrade process ensures that there is no such impact caused by incompatibility between Console and Defenders, once Console is upgraded. With this process, Defenders are always maintained in a supported and compatible state without any user intervention required.

Defender type Auto-upgrade

Container Defender, which includes:

  • Single Container Defenders

  • Cluster Container Defenders

    • DaemonSets (Kubernetes, OpenShift)

    • Swarm global service

    • DC/OS app


Serverless Defender

Y* (see Serverless Defender auto-protect)

App embedded Defender


PCF Defender


Host Defender


Serverless Defender and App-Embdedded Defender types are backward compatible. They must still be manually upgraded as a best practice.

1.2.2. Other components

Manually upgrade all other Prisma Cloud Compute components, such as the Jenkins plugin and twistcli, so that their versions exactly match Console’s version.

Twistcli and Jenkins plugin will fail open in case of any inconsistencies so that CI/CD pipelines do not break when Console is upgraded.

API changes will be documented in each release. Refer to stability guide to learn more about our most commonly used API endpoints: https://docs.twistlock.com/docs/enterprise_edition/api/stable_api.html