Merge pull request #999 from hlxsites/runtime-pascal-update2-RN

Pascal update-2 RN changes

docs/en/compute-edition/33/rn/book.yml

@@ -18,6 +18,8 @@ dir: release-information
 topics:
   - name: Prisma(TM) Cloud Compute Edition Release Information
     file: release-information.adoc
+  - name: 33.02 (Build 33.02.130)
+    file: release-notes-33-02.adoc
   - name: 33.01 (Build 33.01.137)
     file: release-notes-33-01.adoc
   - name: 33.00 (Build 33.00.169)

docs/en/compute-edition/33/rn/book_point_release.yml

@@ -2,7 +2,7 @@
 kind: book
 title: Prisma Cloud Compute Edition Release Notes
 author: Prisma Cloud team
-version: 33.01
+version: 33.02
 ditamap: prisma-cloud-compute-edition-release-notes
 dita: techdocs/en_US/dita/prisma/prisma-cloud/33/prisma-cloud-compute-edition-release-notes
 ---
@@ -12,8 +12,8 @@ dir: release-information
 topics:
   - name: Prisma(TM) Cloud Compute Edition Release Information
     file: release-information.adoc
-  - name: 33.01 (Build 33.01.TBD)
-    file: release-notes-33-01.adoc
+  - name: 33.02 (Build 33.02.130)
+    file: release-notes-33-02.adoc
 ---
 kind: chapter
 name: Get Help

docs/en/compute-edition/33/rn/release-information/known-issues-33.adoc

@@ -9,6 +9,41 @@ The following table lists the fixed issues for 33.xx releases.
 |*ISSUE ID*
 |*DESCRIPTION*
 
+|*CWP-62313*
+
+tt:[Fixed in 33.02.130]
+
+//tt:[Pending Approval]
+
+| *Improved Status Filter for Cloud Security Agent Page*
+
+The "Status" filter under *Prisma UI > Manage > Defenders > Cloud Security Agent* was displaying only the statuses present in the table, instead of all possible statuses.
+
+This issue has been resolved. The CSA status filter now shows a list of all available statuses: Connected, Disconnected, and Lost. This ensures users can filter the table by any status.
+
+|*CWP-35710*
+
+tt:[Fixed in 33.02.130]
+
+//tt:[Pending Approval]
+
+| *Removing Namespaces After Resource Deletion*
+
+In some cases, namespaces remained visible even after all resources within them had been deleted. This led to incorrect vulnerability assessments as the namespaces were not properly removed from the results. This issue is now resolved.
+
+
+|*CWP-62296*
+
+tt:[Fixed in 33.02.130]
+
+//tt:[Pending Approval]
+
+| *Consistent Vulnerability Data for Red Hat-Sourced Packages*
+
+Certain vulnerabilities for Red Hat packages showed a Red Hat severity but CVSS scores from NVD. 
+
+This mismatch is now resolved. The fix ensures that both the severity and CVSS score now align with Red Hat's data, eliminating inconsistencies.
+
 |*CWP-62084*
 
 tt:[Fixed in 33.01.137]

docs/en/compute-edition/33/rn/release-information/release-notes-33-02.adoc

@@ -0,0 +1,162 @@
+:toc: macro
+== 33.02 Release Notes
+
+The following table outlines the release particulars:
+
+[cols="1,4"]
+|===
+|Build
+|33.02.130
+
+|Code name
+|Pascal Update 2
+
+|Release date
+|Nov 24, 2024
+
+|Type
+|Minor release
+
+|SHA-256
+|df7f48a231c7bea408cd6d5babd6bcf4b9e46a2159fd20a7baadb56849cd4657
+|===
+
+Review the https://docs.prismacloud.io/en/compute-edition/33/admin-guide/install/system-requirements[system requirements] to learn about the supported operating systems, hypervisors, runtimes, tools, and orchestrators.
+
+// You can download the release image from the Palo Alto Networks Customer Support Portal, or use a program or script (such as curl, wget) to download the release image directly from our CDN:
+
+// https://cdn.twistlock.com/releases/orvGojie/prisma_cloud_compute_edition_33_00_169.tar.gz[https://cdn.twistlock.com/releases/orvGojie/prisma_cloud_compute_edition_33_00_169.tar.gz]
+
+toc::[]
+
+=== Lifecycle Support Update
+
+Prisma Cloud officially guarantees backward compatibility with up to two previous major versions (n-2).
+
+Although the support lifecycle remains unchanged, starting from version 33.xx, Prisma Cloud will not restrict the usage of Defender versions or REST API calls from up to three major releases before the current version (upto n-3 major releases).
+
+For example, with the current version at 33.xx, API calls and Defenders from version 30.xx will be allowed. However, support and complete backward compatibility is guaranteed for the 32.xx and 31.xx releases.
+
+[#upgrade]
+=== Upgrade from Previous Releases
+
+[#upgrade-defender]
+==== Upgrade Defenders
+
+Starting with the `v33.00` release, the https://docs.prismacloud.io/en/compute-edition/33/admin-guide/upgrade/support-lifecycle[Defender versions supported (n, n-1, and n-2)] are `v33.00`, `v32.00`, and `v31.00` respectively. In addition, starting from release 33.00, Prisma Cloud will not restrict the usage of Defender versions or REST API calls from the n-3 version. So the current release will allow Defenders and REST API calls from release 30.xx also. Failure to upgrade Defenders below version `v30.00`, such as `v22.12`, will result in disconnection of the Defenders from the Console.
+
+However, to maintain full support, you must upgrade your Defenders to `v31.xx` or a higher release.
+
+To summarize, the level of support for the different versions of Defenders is as follows:
+
+* Defender versions 33.xx, 32.xx, and 31.xx have full support
+* Defender versions 30.xx are functional (will be able to connect to version 33.xx Console) but support is not available for such Defenders
+* Defender versions previous to 30.xx, such as 22.12, are neither supported nor functional (cannot connect to version 33.xx Console)
+
+
+[#upgrade-console]
+==== Upgrade the Prisma Cloud Console
+
+Starting with the `v33.00` release, the https://docs.prismacloud.io/en/compute-edition/33/admin-guide/upgrade/support-lifecycle[supported Console versions (n, n-1, and n-2)] are `v33.00`, `v32.00`, and `v31.00` respectively. 
+
+NOTE: Defenders from the n-3 release will remain functional as described above.
+
+You can upgrade the Prisma Cloud console directly from any n-1 version to n. For example, with `v33.00` as n and `v32.00` as n-1, you can upgrade directly from `v32.05.124` to `v33.01.137`.
+
+NOTE: You have to upgrade any version of `v31.00` to `v32.00` before upgrading to `v33.00`. For example, you must upgrade from `v31.02.137` to `v32.07.123` before you upgrade to `v33.01.137`.
+
+
+//[#cve-coverage-update]
+//=== CVE Coverage Update
+
+[#announcement]
+=== Announcement
+//CWP-61660
+//CWP-62319
+Prisma Cloud will use the following additional NAT IP addresses on the Google Cloud for the respective Prisma Cloud Enterprise Edition (SaaS) regions.
+
+The following table lists the regions and the additional reserved Ingress IP addresses.
+
+[cols="50%a,50%a"]
+|===
+| *Region* | *Additional Ingress IP Addresses*
+
+|  us-east1 | * 34.23.229.147  
+* 34.74.93.165
+* 35.185.127.202
+|  us-west1 | * 34.19.57.46  
+* 34.83.186.93
+* 34.168.3.165
+| northamerica-northeast1 | * 34.118.176.160  
+* 34.47.2.35
+| europe-west9            | * 34.163.241.103  
+* 34.163.12.56
+| europe-west3            | * 35.198.174.6  
+* 34.141.93.246
+* 34.141.89.174
+* 34.141.2.56
+* 35.198.185.51
+| europe-west2            | * 34.142.29.59  
+* 34.89.33.47
+| australia-southeast1    | * 34.116.88.189  
+* 35.189.14.189
+| asia-southeast1         | * 35.186.153.185  
+* 34.87.100.14
+| asia-south1             | * 34.93.124.157  
+* 34.47.154.73
+| asia-northeast1         | * 35.187.195.198  
+* 34.85.99.145
+|===
+
+
+[#enhancements]
+=== Enhancements
+
+//CWP-32911
+==== Scanning Support for Red Hat UBI Micro-images 
+
+Prisma Cloud now supports scanning of Red Hat UBI micro-images (versions 7, 8, and 9). 
+
+//CWP-61504
+==== Improved Vulnerability Detection for non-RPM OpenShift Packages 
+
+Vulnerability reports for OpenShift non-RPM container components now ensure consistent vulnerability matching across all OpenShift packages. This improvement reduces false positives by applying only relevant CVEs and excluding CVEs that have already been patched.
+
+//CWP-61508
+==== Improved Vulnerability Detection for Google Kubernetes Engine (GKE) Clusters 
+
+Vulnerability detection for Google Kubernetes Engine (GKE) Clusters includes the following enhancements:
+
+* Integration with Google security bulletins
+
+* Aligning CVEs with specific GKE cluster types and versions
+
+* Expanded support for all GKE modes, including Autopilot
+
+
+//[#new-features-agentless-security]
+// === New Features in Agentless Security
+
+// [#new-features-core]
+// === New Features in Core
+
+// [#new-features-host-security]
+// === New Features in Host Security
+
+// [#new-features-serverless]
+// === New Features in Serverless
+
+// [#new-features-waas]
+// === New Features in WAAS
+
+// [#api-changes]
+// === API Changes and New APIs
+
+
+// [#addressed-issues]
+// === Addressed Issues
+
+
+// [#deprecation-notices]
+// === Deprecation Notices
+

docs/en/enterprise-edition/rn/known-issues/known-fixed-issues.adoc

@@ -411,6 +411,41 @@ CVE-2024-3154 - Arbitrary Systemd Property Injection as Defender does not direct
 |*ISSUE ID*
 |*DESCRIPTION*
 
+|*CWP-62313*
+
+tt:[Fixed in 33.02.130]
+
+tt:[Pending Approval]
+
+| *Improved Status Filter for Cloud Security Agent Page*
+
+The "Status" filter under *Prisma UI > Manage > Defenders > Cloud Security Agent* was displaying only the statuses present in the table, instead of all possible statuses.
+
+This issue has been resolved. The CSA status filter now shows a list of all available statuses: Connected, Disconnected, and Lost. This ensures users can filter the table by any status.
+
+|*CWP-35710*
+
+tt:[Fixed in 33.02.130]
+
+tt:[Pending Approval]
+
+| *Removing Namespaces After Resource Deletion*
+
+In some cases, namespaces remained visible even after all resources within them had been deleted. This led to incorrect vulnerability assessments as the namespaces were not properly removed from the results. This issue is now resolved.
+
+|*CWP-62296*
+
+tt:[Fixed in 33.02.130]
+
+tt:[Pending Approval]
+
+| *Consistent Vulnerability Data for Red Hat-Sourced Packages*
+
+Certain vulnerabilities for Red Hat packages showed a Red Hat severity but CVSS scores from NVD. 
+
+This mismatch is now resolved. The fix ensures that both the severity and CVSS score now align with Red Hat's data, eliminating inconsistencies.
+
+
 |*RLP-151431*
 
 tt:[Fixed in 24.11.1]