Skip to content

Commit

Permalink
Merge pull request #944 from hlxsites/pascal-update1-api-ref-temp
Browse files Browse the repository at this point in the history
release-notes-link
  • Loading branch information
manukumar6 authored Nov 24, 2024
2 parents 5373402 + 1f7800a commit dd5fc92
Showing 1 changed file with 11 additions and 10 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

Prisma Cloud adheres to the guidelines outlined in the https://www.paloaltonetworks.com/product-security-assurance[Palo Alto Networks Product Security Assurance Policy].

In accordance with this policy, Prisma Cloud Compute may have security releases outside of the regular release schedule.
As per this policy, Prisma Cloud Compute may have security releases outside of the regular release schedule.

Security releases are used for the sole purpose of remediating vulnerabilities that affect Prisma Cloud Compute, whether in its codebase or its dependencies.

Expand All @@ -25,33 +25,34 @@ New releases of Prisma Cloud Compute are signed off with up-to-date dependencies
* Any vulnerability with moderate severity when a fix is available.

==== Vulnerabilities Not Analyzed
* Any vulnerability with severity lower than high that does not have an existing fix.
* Any vulnerability with severity low; this includes vulnerabilties that the vendor will not fix as they are considered as having negligible impact.
* Any vulnerability with a severity lower than high that does not have an existing fix.
* Any vulnerability with severity low; this includes vulnerabilities that the vendor will not fix as they are considered as having negligible impact.

==== Exceptions
We also review vulnerabilities of any other severity when there is a known exploit or proof-of-concept that is affects Prisma Cloud Compute.
Including product vulnerabilities identified during development, reported by customers or third-party researchers.
We also review vulnerabilities of any other severity when there is a known exploit or proof-of-concept that affects Prisma Cloud Compute.
Including product vulnerabilities identified during development, and reported by customers or third-party researchers.
To report a vulnerability in Prisma Cloud Compute, submit the vulnerability details to our https://www.paloaltonetworks.com/product-security-assurance[PSIRT] team.

==== Frequently Asked Questions

* Which Prisma Cloud Compute releases receive security updates?

Prisma Cloud has an 'n-2' support policy that means the current release ('n') and the previous two releases ('n-1' and 'n-2') receive support. Security fixes will be backported only for supported releases. End of Life (EOL) releases will not receive security fixes.
Prisma Cloud has an 'n-2' support policy which means the current release ('n') and the previous two releases ('n-1' and 'n-2') receive support. Security fixes will be backported only for supported releases. End of Life (EOL) releases will not receive security fixes.
For more information, see xref:../welcome/support-lifecycle.adoc[support lifecycle].

*Are security fixes provided for both Prisma Cloud Enterprise and Compute editions?*

Yes, security vulnerabilities are addressed in both the editions.
Yes, security vulnerabilities are addressed in both editions.

*Do I have to upgrade my console/defender to get security updates?*

If security fixes are released, you may be required to upgrade either or both the Console and Defender. We recommend that all security releases are adopted immediately.
For the full details of which vulnerabilities were fixed in a release, refer to the xref:../../rn/release-information/release-notes-33-01.adoc[release notes].

For the full details of which vulnerabilities were fixed in a release, refer to the xref:../../rn/release-information/release-information.adoc[release notes].

*What is the minimum severity for vulnerabilities to warrant a security release?*

See triage criteria above.
See the triage criteria above.

*What is the frequency of security releases for Prisma Cloud Compute?*

Expand All @@ -65,4 +66,4 @@ For known vulnerabilities that are assigned a https://www.cve.org/About/Overview
For zero-days or undocumented vulnerabilities (such as PRISMA-IDs), we rely on severity determined by our researchers.

*A new vulnerability is affecting Prisma Cloud Compute, but a security release was not issued.*
If the vulnerability affects the latest release, meets the criteria for a security release outlined above, but it has not yet been addressed: please report it through to https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClNSCA0[Palo Alto Networks Support] or to https://www.paloaltonetworks.com/product-security-assurance[PSIRT].
If the vulnerability affects the latest release, meets the criteria for a security release outlined above, but has not yet been addressed, report it to https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClNSCA0[Palo Alto Networks Support] or to https://www.paloaltonetworks.com/product-security-assurance[PSIRT].

0 comments on commit dd5fc92

Please sign in to comment.