Release Date Information

gundiculous · ‎04-15-2024

Does anyone have a list of release dates for all software update versions of PAN-OS for 11.1 , 11.0 and 10.2? Thank you.

reaper · ‎04-15-2024

https://live.paloaltonetworks.com/t5/customer-resources/support-pan-os-software-release-guidance/ta-...

this document (customers only) provides you with details on release dates and install recommendations

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

gundiculous · ‎04-15-2024

Thank you. Unfortunately my account does not have access to this. Would you be able to post the answer original request?

PavelK · ‎04-24-2024

Hello @gundiculous

below are release dates for PAN-OS 11.1, 11.0 and 10.2.

11.1
New	11.1.1-h1	04/16/24	New release, currently monitoring Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)
New	11.1.0-h3	04/16/24	New release, currently monitoring Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)
P	11.1.2-h3	04/14/24	Preferred Release Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)
New	11.1.2-h1	03/13/24	New release, currently monitoring
*	11.1.2	02/26/24	Later release Preferred
New	11.1.0-h2	01/08/24	New release, currently monitoring *Note:* PAN-OS Certificate Expirations and New, Comprehensive Certificate Management Process (reference Customer Advisory)
*	11.1.1	12/26/23	Later Release Preferred Preferred for Cosmos Platforms (PA-415-5G, PA-5445). Monitoring for other platforms
			New release, currently monitoring. *Note:* Emergency Update Required - PAN-OS Root and Default Certificate Expiration (reference Customer Advisory)
New	11.1.0	11/2/23	New release, currently monitoring.
11.0
New	11.0.1-h4	04/18/24	New release, currently monitoring Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)
New	11.0.0-h3	04/18/24	New release, currently monitoring Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)
New	11.0.4-h2	04/17/24	New release, currently monitoring. Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)
P	11.0.3-h10	04/16/24	New release, currently monitoring. Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)
New	11.0.2-h4	04/16/24	New release, currently monitoring. Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)
New	11.0.4-h1	4/14/24	New release, currently monitoring. Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)
New	11.0.4	4/08/24	New release, currently monitoring
*	11.0.3-h5	02/22/24	Later release preferred (affected by OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400))
*	11.0.3-h3	01/16/24	Later release preferred Note: GlobalProtect tunnel might disconnect shortly after being established when SSL is used as a transport protocol. Workaround: Disable Internet Protocol Version 6 (TCP/IPv6) on the PANGP Virtual Network Adapter. Note: The GlobalProtect app cannot connect to a portal or gateway and GlobalProtect Clientless VPN users cannot access applications if authentication takes longer than 20 seconds. Workaround: Increase the TCP handshake timeout to the maximum value of 60 seconds (reference PAN-227368). Note: Scheduled Antivirus updates failed when external dynamic lists were configured on the firewall. (reference PAN-220659). Note: Tabs in the ACC such as Network Activity, Threat Activity, and Blocked Activity do not display data when you applied a Time filter of Last 15 Minutes, Last Hour, Last 6 Hours, or Last 12 Hours, and the data that was displayed with the Last 24 Hours filter was not accurate. Reports that were run against summary logs also did not display accurate results (reference PAN-234929).
New	11.0.2-h3	01/10/24	New release, currently monitoring Note: PAN-OS Certificate Expirations and New, Comprehensive Certificate Management Process (reference Customer Advisory)
New	11.0.1-h3	01/08/24	New release, currently monitoring *Note:* PAN-OS Certificate Expirations and New, Comprehensive Certificate Management Process (reference Customer Advisory)
New	11.0.0-h2	01/08/24	New release, currently monitoring *Note:* PAN-OS Certificate Expirations and New, Comprehensive Certificate Management Process (reference Customer Advisory)
New	11.0.0-h1	11/7/23	New release, currently monitoring. *Note:* Emergency Update Required - PAN-OS Root and Default Certificate Expiration (reference Customer Advisory)
New	11.0.3	11/7/23	Note: A memory leak in the logrcvr process may cause the firewall to be unstable.
*	11.0.2-h2	9/21/23	Later release preferred. Note: Denial-of-Service (DoS) Vulnerability in BGP Software (reference CVE-2023-38802)
*	11.0.2-h1	8/17/23	Multiple issues addressed in 11.0.2-h2. (reference 11.0.2-h2 addressed issues) *Note:* Denial-of-Service (DoS) Vulnerability in BGP Software (reference CVE-2023-38802)
*	11.0.2	6/29/23	Multiple issues addressed in 11.0.2-h2. (reference 11.0.2-h2 addressed issues) *Note:* Denial-of-Service (DoS) Vulnerability in BGP Software (reference CVE-2023-38802)
*	11.0.1-h2	5/31/23	Multiple issues addressed in 11.0.2. (reference 11.0.2 addressed issues) *Note:* Denial-of-Service (DoS) Vulnerability in BGP Software (reference CVE-2023-38802)
*	11.0.1	3/30/23	Multiple issues addressed in 11.0.1-h2. (reference 11.0.1-h2 addressed issues) *Note:* Denial-of-Service (DoS) Vulnerability in BGP Software (reference CVE-2023-38802)
10.2
New	10.2.1-h2	04/18/24	New release, currently monitoring Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)
New	10.2.0-h3	04/18/24	New release, currently monitoring Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)
New	10.2.4-h16	04/18/24	New release, currently monitoring Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)
New	10.2.3-h13	04/18/24	New release, currently monitoring Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)
New	10.2.2-h5	04/18/24	New release, currently monitoring Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)
New	10.2.5-h6	04/16/24	New release, currently monitoring Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)
New	10.2.6-h3	04/15/24	New release, currently monitoring Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)
P	10.2.8-h3	04/15/24	Preferred release Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)
New	10.2.7-h8	04/15/24	New release, currently monitoring Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)
New	10.2.9-h1	04/14/24	New release, currently monitoring. Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)
	10.2.9	04/01/24	New release
*	10.2.8	02/12/24	Later release preferred
*	10.2.7-h6	03/04/24	Later release preferred
*	10.2.6-h1	01/08/24	*Note:* PAN-OS Certificate Expirations and New, Comprehensive Certificate Management Process (reference Customer Advisory)
*	10.2.4-h10	01/08/24	*Note:* PAN-OS Certificate Expirations and New, Comprehensive Certificate Management Process (reference Customer Advisory)
*	10.2.3-h12	02/28/24	*Note:* PAN-OS Certificate Expirations and New, Comprehensive Certificate Management Process (reference Customer Advisory)
*	10.2.3-h11	01/08/24	*Note:* PAN-OS Certificate Expirations and New, Comprehensive Certificate Management Process (reference Customer Advisory) Note: Traffic through a PA-3400 series device may stop completely after upgrading/downgrading from PAN-OS 10.2.3-h9/10.2.3-h11 to any PAN-OS version, including reinstalling the same version. If a firewall has not been upgraded to PAN-OS 10.2.3-h9/10.2.3-h11, do not upgrade to any of these two versions, but install directly PAN-OS 10.2.3-h12. If a firewall has already been upgraded to PAN-OS 10.2.3-h9/10.2.3-h11, then perform a reboot before upgrading to any release (reference Knowledge Base Article).
*	10.2.2-h4	01/08/24	*Note:* PAN-OS Certificate Expirations and New, Comprehensive Certificate Management Process (reference Customer Advisory)
*	10.2.1-h1	01/08/24	*Note:* PAN-OS Certificate Expirations and New, Comprehensive Certificate Management Process (reference Customer Advisory)
*	10.2.0-h2	01/08/24	*Note:* PAN-OS Certificate Expirations and New, Comprehensive Certificate Management Process (reference Customer Advisory)
*	10.2.7-h3	12/18/23	Later release preferred. Note: Addresses PAN-234929 (reference 10.2.7-h3 Addressed Issues) Note: GlobalProtect tunnel might disconnect shortly after being established when SSL is used as a transport protocol. Workaround: Disable Internet Protocol Version 6 (TCP/IPv6) on the PANGP Virtual Network Adapter.
	10.2.7-h1	11/22/23	Later release preferred. *Note:* Emergency Update Required - PAN-OS Root and Default Certificate Expiration (reference Customer Advisory)
	10.2.7	11/9/23	Later release preferred. Note: The tabs in the ACC, such as Network Activity, Threat Activity, Blocked Activity etc. might be blank when you apply a Time filter for the Last 15 Minutes, Last Hour, Last 6 Hours, or Last 12 Hours. With a Last 24 Hours Time filter, the data displayed might not be accurate. Additionally, reports run against summary logs might not display accurate results (reference PAN-234929 in 10.2.7 known issues).
	10.2.3-h9	11/7/23	Later release preferred. *Note:* Emergency Update Required - PAN-OS Root and Default Certificate Expiration (reference Customer Advisory) Note: Traffic through a PA-3400 series device may stop completely after upgrading/downgrading from PAN-OS 10.2.3-h9/10.2.3-h11 to any PAN-OS version, including reinstalling the same version. If a firewall has not been upgraded to PAN-OS 10.2.3-h9/10.2.3-h11, do not upgrade to any of these two versions, but install directly PAN-OS 10.2.3-h12. If a firewall has already been upgraded to PAN-OS 10.2.3-h9/10.2.3-h11, then perform a reboot before upgrading to any release (reference Knowledge Base Article).
	10.2.6	9/27/23	Later release preferred. Note: The tabs in the ACC, such as Network Activity, Threat Activity, Blocked Activity etc might be blank when you apply a Time filter for the Last 15 Minutes, Last Hour, Last 6 Hours, or Last 12 Hours. With a Last 24 Hours Time filter, the data displayed might not be accurate. Additionally, reports run against summary logs might not display accurate results (reference PAN-234929 in 10.2.6 known issues). Note: Addresses BGP vulnerability CVE-2023-38802.
	10.2.5	8/17/23	Later release preferred. *Note:* Denial-of-Service (DoS) Vulnerability in BGP Software (reference CVE-2023-38802) *Note:* On PA-220, installation of PAN-OS 10.2.5 image fails when upgrading from a 10.1 release. Workaround: Upgrade the firewall from 10.1 to 10.2.4 before upgrading to 10.2.5. (reference PAN-229865 in 10.2.5 known issues)
	10.2.4-h4	7/27/23	Later release preferred. *Note:* Denial-of-Service (DoS) Vulnerability in BGP Software (reference CVE-2023-38802)
	10.2.4-h3	7/5/23	Later release preferred. *Note:* Denial-of-Service (DoS) Vulnerability in BGP Software (reference CVE-2023-38802)
	10.2.4-h2	5/17/23	Later release preferred. *Note:* Denial-of-Service (DoS) Vulnerability in BGP Software (reference CVE-2023-38802)
	10.2.4	3/30/23	Later release preferred. Note: PA-5450 URL filtering not working when DPC is in slot 2. Workaround is use slots 3-6 for DPCs. Reference PAN-217431 in 10.2.4-h2 addressed issues. *Note:* Denial-of-Service (DoS) Vulnerability in BGP Software (reference CVE-2023-38802)

Help the community: Like helpful comments and mark solutions.

Unlock your full community experience!

Release Date Information

Release Date Information

11.1

11.0

10.2

Show your appreciation!