April 2, 2021
Images now available from GCR
CNS-1411: The web interface command to deploy a Kubernetes/OpenShift enforcer
DaemonSetno longer includes
CNS-1412: The enforcer no longer blocks Prisma Cloud Compute Defenders from connecting to the Compute Console.
CNS-1544: Installation of the enforcer no longer fails if the key of a tag contains a space. The enforcer now ignores tags with keys that contain spaces.
CNS-1547: Installation of the enforcer no longer fails if the target host has both YUM and APT package managers.
CNS-153: When using relative time values with
apoctl, the values must be in relation to Pacific Standard Time (PST). For example, if you are in France and want to retrieve the last five minues of flow logs, you could use
-9h5m. Another workaround for this issue is to use absolute time values.
CNS-1651: The enforcer fails to recover after a third party removes some of its iptables rules.
Error: 'namespace' doesn't exist in the URL. Please make sure 'useInitUrlParam' is calledsometimes occurs when switching between panes under Dashboard.
CNS-1730: Traffic to the domain in an external network occasionally goes to
CNS-1733: Deselecting Show policed flows in the App Dependency Map pane produces unexpected results.
CNS-1750: Users with NetSecOps permissions have difficulty navigating between namespaces.
CNS-1755: Fonts in the web interface vanish on external monitors with a
Namespace Editor role: If you have any API authorizations using this role, migrate them to the Namespace Administrator role. We will remove the Namespace Editor role in a future release.
Host services: If you are using host services, migrate to external networks and network rulesets. We will remove host services in a future release.