Release Date Information

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Release Date Information

L0 Member

Does anyone have a list of release dates for all software update versions of PAN-OS for 11.1 , 11.0 and 10.2? Thank you.

3 REPLIES 3

Cyber Elite
Cyber Elite

https://live.paloaltonetworks.com/t5/customer-resources/support-pan-os-software-release-guidance/ta-...

this document (customers only) provides you with details on release dates and install recommendations

 

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

Thank you. Unfortunately my account does not have access to this. Would you be able to post the answer original request?

Cyber Elite
Cyber Elite

Hello @gundiculous

 

below are release dates for PAN-OS 11.1, 11.0 and 10.2.

 

 

11.1

 

New

11.1.1-h1 04/16/24

New release, currently monitoring
Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)

New

11.1.0-h3 04/16/24

New release, currently monitoring
Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)

P

11.1.2-h3 04/14/24

Preferred Release
Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)

New

11.1.2-h1  03/13/24

New release, currently monitoring

*

11.1.2  02/26/24

Later release Preferred

New

11.1.0-h2  01/08/24

New release, currently monitoring
Note: PAN-OS Certificate Expirations and New, Comprehensive Certificate Management Process (reference Customer Advisory)

*

11.1.1 12/26/23 Later Release Preferred
Preferred for Cosmos Platforms (PA-415-5G, PA-5445). Monitoring for other platforms
     

New release, currently monitoring.
Note: Emergency Update Required - PAN-OS Root and Default Certificate Expiration (reference Customer Advisory)

New

11.1.0 11/2/23

New release, currently monitoring.


11.0

 

New

11.0.1-h4 04/18/24 New release, currently monitoring
Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)

New

11.0.0-h3 04/18/24 New release, currently monitoring
Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)

New

11.0.4-h2 04/17/24

New release, currently monitoring.

Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)

P

11.0.3-h10 04/16/24

New release, currently monitoring.
Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)

New

11.0.2-h4 04/16/24

New release, currently monitoring.
Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)

New

11.0.4-h1 4/14/24

New release, currently monitoring.
Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)

New

11.0.4 4/08/24

New release, currently monitoring

*

11.0.3-h5 02/22/24

Later release preferred (affected by OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400))

*

11.0.3-h3  01/16/24

Later release preferred

 

Note: GlobalProtect tunnel might disconnect shortly after being established when SSL is used as a transport protocol. Workaround: Disable Internet Protocol Version 6 (TCP/IPv6) on the PANGP Virtual Network Adapter.

 

Note: The GlobalProtect app cannot connect to a portal or gateway and GlobalProtect Clientless VPN users cannot access applications if authentication takes longer than 20 seconds. Workaround: Increase the TCP handshake timeout to the maximum value of 60 seconds (reference PAN-227368).

 

Note: Scheduled Antivirus updates failed when external dynamic lists were configured on the firewall. (reference PAN-220659).

 

Note: Tabs in the ACC such as Network Activity, Threat Activity, and Blocked Activity do not display data when you applied a Time filter of Last 15 Minutes, Last Hour, Last 6 Hours, or Last 12 Hours, and the data that was displayed with the Last 24 Hours filter was not accurate. Reports that were run against summary logs also did not display accurate results (reference PAN-234929).

New

11.0.2-h3  01/10/24

New release, currently monitoring

Note: PAN-OS Certificate Expirations and New, Comprehensive Certificate Management Process (reference Customer Advisory)

New

11.0.1-h3  01/08/24

New release, currently monitoring
Note: PAN-OS Certificate Expirations and New, Comprehensive Certificate Management Process (reference Customer Advisory)

New

11.0.0-h2  01/08/24

New release, currently monitoring
Note: PAN-OS Certificate Expirations and New, Comprehensive Certificate Management Process (reference Customer Advisory)

New

11.0.0-h1 11/7/23

New release, currently monitoring.
Note: Emergency Update Required - PAN-OS Root and Default Certificate Expiration (reference Customer Advisory)

New

11.0.3 11/7/23

Note: A memory leak in the logrcvr process may cause the firewall to be unstable. 

*

11.0.2-h2 9/21/23

Later release preferred.

Note: Denial-of-Service (DoS) Vulnerability in BGP Software (reference CVE-2023-38802)

*

11.0.2-h1 8/17/23

Multiple issues addressed in 11.0.2-h2. (reference 11.0.2-h2 addressed issues)
Note: Denial-of-Service (DoS) Vulnerability in BGP Software (reference CVE-2023-38802)

*

11.0.2 6/29/23

Multiple issues addressed in 11.0.2-h2. (reference 11.0.2-h2 addressed issues)

Note: Denial-of-Service (DoS) Vulnerability in BGP Software (reference CVE-2023-38802)

*

11.0.1-h2 5/31/23

Multiple issues addressed in 11.0.2. (reference 11.0.2 addressed issues)

Note: Denial-of-Service (DoS) Vulnerability in BGP Software (reference CVE-2023-38802)

*

11.0.1 3/30/23

Multiple issues addressed in 11.0.1-h2. (reference 11.0.1-h2 addressed issues)

Note: Denial-of-Service (DoS) Vulnerability in BGP Software (reference CVE-2023-38802)


10.2

New

10.2.1-h2 04/18/24 New release, currently monitoring
Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)

New

10.2.0-h3 04/18/24 New release, currently monitoring
Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)

New

10.2.4-h16 04/18/24 New release, currently monitoring
Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)

New

10.2.3-h13 04/18/24 New release, currently monitoring
Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)

New

10.2.2-h5 04/18/24 New release, currently monitoring
Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)

New

10.2.5-h6 04/16/24 New release, currently monitoring
Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)

New

10.2.6-h3 04/15/24

New release, currently monitoring
Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)

P

10.2.8-h3  04/15/24

Preferred release
Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)

New

10.2.7-h8  04/15/24

New release, currently monitoring
Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)

New

10.2.9-h1  04/14/24

New release, currently monitoring.
Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)

  10.2.9  04/01/24

New release

*

10.2.8  02/12/24

Later release preferred

*

10.2.7-h6  03/04/24

Later release preferred

*

10.2.6-h1  01/08/24

Note: PAN-OS Certificate Expirations and New, Comprehensive Certificate Management Process (reference Customer Advisory)

*

10.2.4-h10  01/08/24

Note: PAN-OS Certificate Expirations and New, Comprehensive Certificate Management Process (reference Customer Advisory)

*

10.2.3-h12 02/28/24

Note: PAN-OS Certificate Expirations and New, Comprehensive Certificate Management Process (reference Customer Advisory)

*

10.2.3-h11  01/08/24

Note: PAN-OS Certificate Expirations and New, Comprehensive Certificate Management Process (reference Customer Advisory)

Note: Traffic through a PA-3400 series device may stop completely after upgrading/downgrading from PAN-OS 10.2.3-h9/10.2.3-h11 to any PAN-OS version, including reinstalling the same version. If a firewall has not been upgraded to PAN-OS 10.2.3-h9/10.2.3-h11, do not upgrade to any of these two versions, but install directly PAN-OS 10.2.3-h12. If a firewall has already been upgraded to PAN-OS 10.2.3-h9/10.2.3-h11, then perform a reboot before upgrading to any release (reference Knowledge Base Article).

*

10.2.2-h4  01/08/24

Note: PAN-OS Certificate Expirations and New, Comprehensive Certificate Management Process (reference Customer Advisory)

*

10.2.1-h1  01/08/24

Note: PAN-OS Certificate Expirations and New, Comprehensive Certificate Management Process (reference Customer Advisory)

*

10.2.0-h2  01/08/24

Note: PAN-OS Certificate Expirations and New, Comprehensive Certificate Management Process (reference Customer Advisory)

*

10.2.7-h3 12/18/23

Later release preferred.

Note: Addresses PAN-234929 (reference 10.2.7-h3 Addressed Issues)

Note: GlobalProtect tunnel might disconnect shortly after being established when SSL is used as a transport protocol. Workaround: Disable Internet Protocol Version 6 (TCP/IPv6) on the PANGP Virtual Network Adapter.

 

10.2.7-h1 11/22/23

Later release preferred.

Note: Emergency Update Required - PAN-OS Root and Default Certificate Expiration (reference Customer Advisory)

 

10.2.7  11/9/23

Later release preferred.

Note: The tabs in the ACC, such as Network Activity, Threat Activity, Blocked Activity etc. might be blank when you apply a Time filter for the Last 15 Minutes, Last Hour, Last 6 Hours, or Last 12 Hours. With a Last 24 Hours Time filter, the data displayed might not be accurate. Additionally, reports run against summary logs might not display accurate results (reference PAN-234929 in 10.2.7 known issues).

 

10.2.3-h9 11/7/23

Later release preferred.
Note: Emergency Update Required - PAN-OS Root and Default Certificate Expiration (reference Customer Advisory)

Note: Traffic through a PA-3400 series device may stop completely after upgrading/downgrading from PAN-OS 10.2.3-h9/10.2.3-h11 to any PAN-OS version, including reinstalling the same version. If a firewall has not been upgraded to PAN-OS 10.2.3-h9/10.2.3-h11, do not upgrade to any of these two versions, but install directly PAN-OS 10.2.3-h12. If a firewall has already been upgraded to PAN-OS 10.2.3-h9/10.2.3-h11, then perform a reboot before upgrading to any release (reference Knowledge Base Article).

 

10.2.6 9/27/23

Later release preferred.

Note: The tabs in the ACC, such as Network Activity, Threat Activity, Blocked Activity etc might be blank when you apply a Time filter for the Last 15 Minutes, Last Hour, Last 6 Hours, or Last 12 Hours. With a Last 24 Hours Time filter, the data displayed might not be accurate. Additionally, reports run against summary logs might not display accurate results (reference PAN-234929 in 10.2.6 known issues). 
Note: Addresses BGP vulnerability CVE-2023-38802.

 

10.2.5 8/17/23

Later release preferred.

Note: Denial-of-Service (DoS) Vulnerability in BGP Software (reference CVE-2023-38802)
Note: On PA-220, installation of PAN-OS 10.2.5 image fails when upgrading from a 10.1 release.
Workaround: Upgrade the firewall from 10.1 to 10.2.4 before upgrading to 10.2.5. (reference PAN-229865 in 10.2.5 known issues)

 

10.2.4-h4 7/27/23

Later release preferred.

Note: Denial-of-Service (DoS) Vulnerability in BGP Software (reference CVE-2023-38802)

 

10.2.4-h3 7/5/23

Later release preferred.

Note: Denial-of-Service (DoS) Vulnerability in BGP Software (reference CVE-2023-38802)

 

10.2.4-h2 5/17/23

Later release preferred.

Note: Denial-of-Service (DoS) Vulnerability in BGP Software (reference CVE-2023-38802)

 

10.2.4 3/30/23

Later release preferred.
Note: PA-5450 URL filtering not working when DPC is in slot 2. Workaround is use slots 3-6 for DPCs. Reference PAN-217431 in 10.2.4-h2 addressed issues.

Note: Denial-of-Service (DoS) Vulnerability in BGP Software (reference CVE-2023-38802)

 
Help the community: Like helpful comments and mark solutions.
  • 3528 Views
  • 3 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!