1. Overview

This section lists the issues addressed in this release.

2. Improvements, fixes, and performance enhancements

  • Adds support for running any minor version of Defender within a major release. In other words, given a major version of Console, Prisma Cloud supports all minor versions of Defender. For example, if you’re running Prisma Cloud Compute Edition 20.09.345, and you upgrade Console to 20.09.365, then all deployed Defenders that are still on version 20.09.345 can continue to interoperate with Console 20.09.365 in a supported configuration.

  • Adds support for Istio 1.6. Deprecates support for Istio 1.4 and 1.5. Includes various Istio bug fixes. You must upgrade Defenders to 20.09.365 for Istio 1.6 support (previous 20.09.345 Defenders don’t support Istio 1.6).

  • Fixes an issue where you could not view docker or kubectl logs for some container that were launched or restarted in environments protected by Defender. This fix is in Defender, so Defender must be explicitly upgraded to 20.09.365. Also, any pods/containers that have this logging issue should be restarted after Defender is upgraded.

  • Fixes an issue with a misaligned icon in a policy dialog.

  • [Intelligence Stream] Re-adds links to Node.js vulnerabilities.

  • Fixes Defender runtime issues.

  • Fixes an issue where container processes could be incorrectly classified as interactive in runtime models.

  • Fixes vulnerabilities in Prisma Cloud Compute components.

  • Fixes how errors are handled when calling the API.

  • Fixes an issue where restoring from a backup file with twistcli didn’t work due to a permissions misconfiguration.

  • Fixes an issue with false positive vulnerabilities for Apache Tomcat 7 and 8.

  • Fixes an issue where setting a validating admission webhook on Kubernetes 1.19 cluster failed because of a certificate issue. Moves domain names from the Common Name field in the X.509 certificate to the Subject Alternative Name extension.

  • Fixes an issue with a missing path to runC for Kubernetes on DC/OS.

  • Fixes an issue where App-Embedded Defender failed to initialize because it couldn’t fetch GCP metadata.

  • Embeds the list of Prisma Cloud Compute open source software components and licenses in the Defender image.

  • Fixes an issue in WAAS where network controls were not applied in app list order.

  • Fixes an issue with how App-Embedded Fargate Defender uses LD_PRELOAD. Previously, Prisma Cloud completely overrode LD_PRELOAD. Now, any values set in LD_PRELOAD are retained.