Hello @gundiculous
below are release dates for PAN-OS 11.1, 11.0 and 10.2.
11.1
New
11.1.1-h1
04/16/24
New release, currently monitoring Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)
New
11.1.0-h3
04/16/24
New release, currently monitoring Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)
P
11.1.2-h3
04/14/24
Preferred Release Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)
New
11.1.2-h1
03/13/24
New release, currently monitoring
*
11.1.2
02/26/24
Later release Preferred
New
11.1.0-h2
01/08/24
New release, currently monitoring Note: PAN-OS Certificate Expirations and New, Comprehensive Certificate Management Process (reference Customer Advisory)
*
11.1.1
12/26/23
Later Release Preferred Preferred for Cosmos Platforms (PA-415-5G, PA-5445). Monitoring for other platforms
New release, currently monitoring. Note: Emergency Update Required - PAN-OS Root and Default Certificate Expiration (reference Customer Advisory)
New
11.1.0
11/2/23
New release, currently monitoring.
11.0
New
11.0.1-h4
04/18/24
New release, currently monitoring Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)
New
11.0.0-h3
04/18/24
New release, currently monitoring Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)
New
11.0.4-h2
04/17/24
New release, currently monitoring.
Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)
P
11.0.3-h10
04/16/24
New release, currently monitoring. Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)
New
11.0.2-h4
04/16/24
New release, currently monitoring. Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)
New
11.0.4-h1
4/14/24
New release, currently monitoring. Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)
New
11.0.4
4/08/24
New release, currently monitoring
*
11.0.3-h5
02/22/24
Later release preferred (affected by OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400))
*
11.0.3-h3
01/16/24
Later release preferred
Note: GlobalProtect tunnel might disconnect shortly after being established when SSL is used as a transport protocol. Workaround: Disable Internet Protocol Version 6 (TCP/IPv6) on the PANGP Virtual Network Adapter.
Note: The GlobalProtect app cannot connect to a portal or gateway and GlobalProtect Clientless VPN users cannot access applications if authentication takes longer than 20 seconds. Workaround: Increase the TCP handshake timeout to the maximum value of 60 seconds (reference PAN-227368).
Note: Scheduled Antivirus updates failed when external dynamic lists were configured on the firewall. (reference PAN-220659).
Note: Tabs in the ACC such as Network Activity, Threat Activity, and Blocked Activity do not display data when you applied a Time filter of Last 15 Minutes, Last Hour, Last 6 Hours, or Last 12 Hours, and the data that was displayed with the Last 24 Hours filter was not accurate. Reports that were run against summary logs also did not display accurate results (reference PAN-234929).
New
11.0.2-h3
01/10/24
New release, currently monitoring
Note: PAN-OS Certificate Expirations and New, Comprehensive Certificate Management Process (reference Customer Advisory)
New
11.0.1-h3
01/08/24
New release, currently monitoring Note: PAN-OS Certificate Expirations and New, Comprehensive Certificate Management Process (reference Customer Advisory)
New
11.0.0-h2
01/08/24
New release, currently monitoring Note: PAN-OS Certificate Expirations and New, Comprehensive Certificate Management Process (reference Customer Advisory)
New
11.0.0-h1
11/7/23
New release, currently monitoring. Note: Emergency Update Required - PAN-OS Root and Default Certificate Expiration (reference Customer Advisory)
New
11.0.3
11/7/23
Note: A memory leak in the logrcvr process may cause the firewall to be unstable.
*
11.0.2-h2
9/21/23
Later release preferred.
Note: Denial-of-Service (DoS) Vulnerability in BGP Software (reference CVE-2023-38802)
*
11.0.2-h1
8/17/23
Multiple issues addressed in 11.0.2-h2. (reference 11.0.2-h2 addressed issues) Note: Denial-of-Service (DoS) Vulnerability in BGP Software (reference CVE-2023-38802)
*
11.0.2
6/29/23
Multiple issues addressed in 11.0.2-h2. (reference 11.0.2-h2 addressed issues)
Note: Denial-of-Service (DoS) Vulnerability in BGP Software (reference CVE-2023-38802)
*
11.0.1-h2
5/31/23
Multiple issues addressed in 11.0.2. (reference 11.0.2 addressed issues)
Note: Denial-of-Service (DoS) Vulnerability in BGP Software (reference CVE-2023-38802)
*
11.0.1
3/30/23
Multiple issues addressed in 11.0.1-h2. (reference 11.0.1-h2 addressed issues)
Note: Denial-of-Service (DoS) Vulnerability in BGP Software (reference CVE-2023-38802)
10.2
New
10.2.1-h2
04/18/24
New release, currently monitoring Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)
New
10.2.0-h3
04/18/24
New release, currently monitoring Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)
New
10.2.4-h16
04/18/24
New release, currently monitoring Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)
New
10.2.3-h13
04/18/24
New release, currently monitoring Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)
New
10.2.2-h5
04/18/24
New release, currently monitoring Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)
New
10.2.5-h6
04/16/24
New release, currently monitoring Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)
New
10.2.6-h3
04/15/24
New release, currently monitoring Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)
P
10.2.8-h3
04/15/24
Preferred release Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)
New
10.2.7-h8
04/15/24
New release, currently monitoring Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)
New
10.2.9-h1
04/14/24
New release, currently monitoring. Note: Fixed OS Command Injection Vulnerability in GlobalProtect (reference CVE-2024-3400)
10.2.9
04/01/24
New release
*
10.2.8
02/12/24
Later release preferred
*
10.2.7-h6
03/04/24
Later release preferred
*
10.2.6-h1
01/08/24
Note: PAN-OS Certificate Expirations and New, Comprehensive Certificate Management Process (reference Customer Advisory)
*
10.2.4-h10
01/08/24
Note: PAN-OS Certificate Expirations and New, Comprehensive Certificate Management Process (reference Customer Advisory)
*
10.2.3-h12
02/28/24
Note: PAN-OS Certificate Expirations and New, Comprehensive Certificate Management Process (reference Customer Advisory)
*
10.2.3-h11
01/08/24
Note: PAN-OS Certificate Expirations and New, Comprehensive Certificate Management Process (reference Customer Advisory)
Note: Traffic through a PA-3400 series device may stop completely after upgrading/downgrading from PAN-OS 10.2.3-h9/10.2.3-h11 to any PAN-OS version, including reinstalling the same version. If a firewall has not been upgraded to PAN-OS 10.2.3-h9/10.2.3-h11, do not upgrade to any of these two versions, but install directly PAN-OS 10.2.3-h12. If a firewall has already been upgraded to PAN-OS 10.2.3-h9/10.2.3-h11, then perform a reboot before upgrading to any release (reference Knowledge Base Article).
*
10.2.2-h4
01/08/24
Note: PAN-OS Certificate Expirations and New, Comprehensive Certificate Management Process (reference Customer Advisory)
*
10.2.1-h1
01/08/24
Note: PAN-OS Certificate Expirations and New, Comprehensive Certificate Management Process (reference Customer Advisory)
*
10.2.0-h2
01/08/24
Note: PAN-OS Certificate Expirations and New, Comprehensive Certificate Management Process (reference Customer Advisory)
*
10.2.7-h3
12/18/23
Later release preferred.
Note: Addresses PAN-234929 (reference 10.2.7-h3 Addressed Issues)
Note: GlobalProtect tunnel might disconnect shortly after being established when SSL is used as a transport protocol. Workaround: Disable Internet Protocol Version 6 (TCP/IPv6) on the PANGP Virtual Network Adapter.
10.2.7-h1
11/22/23
Later release preferred.
Note: Emergency Update Required - PAN-OS Root and Default Certificate Expiration (reference Customer Advisory)
10.2.7
11/9/23
Later release preferred.
Note: The tabs in the ACC, such as Network Activity, Threat Activity, Blocked Activity etc. might be blank when you apply a Time filter for the Last 15 Minutes, Last Hour, Last 6 Hours, or Last 12 Hours. With a Last 24 Hours Time filter, the data displayed might not be accurate. Additionally, reports run against summary logs might not display accurate results (reference PAN-234929 in 10.2.7 known issues).
10.2.3-h9
11/7/23
Later release preferred. Note: Emergency Update Required - PAN-OS Root and Default Certificate Expiration (reference Customer Advisory)
Note: Traffic through a PA-3400 series device may stop completely after upgrading/downgrading from PAN-OS 10.2.3-h9/10.2.3-h11 to any PAN-OS version, including reinstalling the same version. If a firewall has not been upgraded to PAN-OS 10.2.3-h9/10.2.3-h11, do not upgrade to any of these two versions, but install directly PAN-OS 10.2.3-h12. If a firewall has already been upgraded to PAN-OS 10.2.3-h9/10.2.3-h11, then perform a reboot before upgrading to any release (reference Knowledge Base Article).
10.2.6
9/27/23
Later release preferred.
Note: The tabs in the ACC, such as Network Activity, Threat Activity, Blocked Activity etc might be blank when you apply a Time filter for the Last 15 Minutes, Last Hour, Last 6 Hours, or Last 12 Hours. With a Last 24 Hours Time filter, the data displayed might not be accurate. Additionally, reports run against summary logs might not display accurate results (reference PAN-234929 in 10.2.6 known issues). Note: Addresses BGP vulnerability CVE-2023-38802.
10.2.5
8/17/23
Later release preferred.
Note: Denial-of-Service (DoS) Vulnerability in BGP Software (reference CVE-2023-38802) Note: On PA-220, installation of PAN-OS 10.2.5 image fails when upgrading from a 10.1 release. Workaround: Upgrade the firewall from 10.1 to 10.2.4 before upgrading to 10.2.5. (reference PAN-229865 in 10.2.5 known issues)
10.2.4-h4
7/27/23
Later release preferred.
Note: Denial-of-Service (DoS) Vulnerability in BGP Software (reference CVE-2023-38802)
10.2.4-h3
7/5/23
Later release preferred.
Note: Denial-of-Service (DoS) Vulnerability in BGP Software (reference CVE-2023-38802)
10.2.4-h2
5/17/23
Later release preferred.
Note: Denial-of-Service (DoS) Vulnerability in BGP Software (reference CVE-2023-38802)
10.2.4
3/30/23
Later release preferred. Note: PA-5450 URL filtering not working when DPC is in slot 2. Workaround is use slots 3-6 for DPCs. Reference PAN-217431 in 10.2.4-h2 addressed issues.
Note: Denial-of-Service (DoS) Vulnerability in BGP Software (reference CVE-2023-38802)
... View more