Fixed an issue where BGP aggregate routes were not created and discard routes were not installed in the routing table.

Fixed an issue where the TLS handshake did not complete and the session did not go through. This occurred if the HTTP header insertion applied to an HTTP CONNECT request passing through the firewall, the scan-handshake feature was enabled, the session matched a decryption policy rule with the decrypt action, and if the TLS client hello was in a single packet and TLS 1.2 or below.

Fixed an issue where, when configuring Safenet HSMs in HA and authentication HSM manually, the second HSM server failed to authenticate due to the firewall overwriting the first HSM server's certificate with the second HSM server's certificate.

Fixed an issue on Panorama where a memory leak occurred related to the reportd process due to retaining memory that was temporarily used for report generation instead of releasing the memory for reuse, which resulted in continuous accumulation and memory exhaustion.

Fixed an issue where using the IKEv2 multiplier setting for VPN re-authentication resulted in the firewall not re-authenticating at the expected intervals when both sides initiated rekeying. The internal re-authentication counter incremented when the local side triggered the rekey, but not when the peer side triggered it.

Fixed an issue where the firewall became unresponsive after an upgrade due to the fsck command scanning drive partitions in parallel with the root partition, which caused the process to take an extended amount of time.

(VM-Series firewalls only) Fixed an issue where the firewall became inaccessible via the web interface and SSH and remained in an initializing state.

Fixed an issue where the LFC failed to validate Certificate Revocation Lists (CRL) for SSL syslog connections, which caused a failure to forward logs to external syslog servers.

Fixed an issue where the number of registered IP Tags on Panorama did not match the number of registered IP Tags on the managed firewalls due to a change in file format between PAN-OS releases.

Fixed an issue where push operations from Panorama failed on passive firewalls when an application was removed from a Security policy rule and the policy rule was referenced in a device group.

Fixed an issue where the GlobalProtect client (UWP) or metered hotspot connections triggered TLS resumption for GlobalProtect portal authentication, which caused the portal authentication to fail with a valid cert required error.

Fixed an issue where commit all operations failed when the application openair-psa was used as a keyword on a remote network instance that was upgraded to an affected release.

Fixed an issue where GlobalProtect clients experienced slow SMB-V3 download throughput when passing through a Prisma IPSec tunnel and the firewall and the SMB-V3 session owner dataplane was the same as the IPSec-ESP tunnel on the multi-dataplane firewall.