https://live.paloaltonetworks.com/t5/next-generation-firewall/pan-os-known-issues-and-upgrades/m-p/526797#M750 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Raido_Rattameister_0-1673539688617.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/46957i717D3317F20F29D4/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="Raido_Rattameister_0-1673539688617.png" alt="Raido_Rattameister_0-1673539688617.png" /></span></P> <P>&nbsp;</P> Thu, 12 Jan 2023 16:08:20 GMT Raido_Rattameister 2023-01-12T16:08:20Z https://live.paloaltonetworks.com/t5/next-generation-firewall/pan-os-known-issues-and-upgrades/m-p/526789#M747 <P>Hello Everyone,&nbsp;</P> <P>&nbsp;</P> <P>In general, what is the industry practice to patch vulnerabilities in the PAN-OS. From time to time, Palo Alto release PAN-OS upgrades versions. However, with each new version there are known issues. Some of the known issues are fixed via the next new PAN-OS version and some of the known issues are not fixed by upgrades.&nbsp;For example, PAN OS version 10.1.4-h4 has lot of known issues and two of the high-risk issues (a - <A href="https://security.paloaltonetworks.com/CVE-2022-0024" target="_blank" rel="noopener">https://security.paloaltonetworks.com/CVE-2022-0024</A>&nbsp;b -&nbsp;<A href="https://security.paloaltonetworks.com/CVE-2022-0028" target="_blank" rel="noopener">https://security.paloaltonetworks.com/CVE-2022-0028</A>&nbsp; ) were fixed by much later version of PAN-OS.</P> <P>&nbsp;</P> <P>In interim, till Palo upgrades the PAN-OS version to fix known issues from prior version, what is a general (best) practice to deal with the known issues?&nbsp;</P> <P>&nbsp;</P> <P>Does every one wait for Palo to release new PAN-OS version or try to fix high risk issues such as two examples above alternatively.&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Thu, 12 Jan 2023 15:49:44 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/pan-os-known-issues-and-upgrades/m-p/526789#M747 mkgsgi 2023-01-12T15:49:44Z https://live.paloaltonetworks.com/t5/next-generation-firewall/pan-os-known-issues-and-upgrades/m-p/526792#M748 <P>Palo Alto TAC is keeping track of preferred releases.</P> <P>10.1.x branch preferred release is&nbsp;10.1.8-h2</P> <P>&nbsp;</P> <P>It is always smart to check known issues for specific release before upgrade.</P> <P>&nbsp;</P> <P><A href="https://live.paloaltonetworks.com/t5/customer-resources/support-pan-os-software-release-guidance/ta-p/258304" target="_blank">https://live.paloaltonetworks.com/t5/customer-resources/support-pan-os-software-release-guidance/ta-p/258304</A></P> Thu, 12 Jan 2023 15:53:59 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/pan-os-known-issues-and-upgrades/m-p/526792#M748 Raido_Rattameister 2023-01-12T15:53:59Z https://live.paloaltonetworks.com/t5/next-generation-firewall/pan-os-known-issues-and-upgrades/m-p/526793#M749 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/15603">@Raido_Rattameister</a>&nbsp;Thank you for the response. It seems access to the link above is denied.&nbsp;</P> Thu, 12 Jan 2023 16:03:19 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/pan-os-known-issues-and-upgrades/m-p/526793#M749 mkgsgi 2023-01-12T16:03:19Z https://live.paloaltonetworks.com/t5/next-generation-firewall/pan-os-known-issues-and-upgrades/m-p/526797#M750 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Raido_Rattameister_0-1673539688617.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/46957i717D3317F20F29D4/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="Raido_Rattameister_0-1673539688617.png" alt="Raido_Rattameister_0-1673539688617.png" /></span></P> <P>&nbsp;</P> Thu, 12 Jan 2023 16:08:20 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/pan-os-known-issues-and-upgrades/m-p/526797#M750 Raido_Rattameister 2023-01-12T16:08:20Z