Extended the offline PAN-DB, Panorama, and WildFire certificates which were previously set to expire on September 2, 2024.

Extended the firewall Panorama root CA certificate which was previously set to expire on April 7th, 2024.

Fixed an issue where the configd process stopped responding due to a deadlock related to rule-hit-count.

Fixed an issue on Panorama that caused commit operations to be slower than expected.

Fixed an issue where the firewall issued /box/getserv/ requests with PAN-OS 7.1.0 and did not take device certificates.

When a device certificate is installed, renewed, or removed, the firewall will reconnect to the WildFire cloud to use the newest certificate.

A CLI command was added to address an issue where long-lived sessions aged out even when there was ongoing traffic.

Fixed an issue where duplicate predict sessions didn't release NAT resources.

Fixed an issue where all_pktproc stopped responding when network packet broker or decryption broker chains failed.

Fixed an issue where the mprelay process stopped responding, which caused a slot restart when another slot rebooted.

Fixed an issue where retransmitted DNS requests made by the firewall did not follow the Policy Based Forwarding (PBF) rule. With this fix, both original and retransmitted DNS requests follow the PBF rule.

(VM-Series firewalls in Microsoft Azure environments only) Fixed an issue where the dataplane interface status went down due to a DPDK driver issue.

Fixed an issue where the firewall did not receive dynamic address updates pushed from Panorama during initial registration to Panorama.

Fixed an issue where ikemgr stopped responding due to receiving CREATE_CHILD messages with a malformed SA payload.

Fixed an issue where the rasmgr process used 100% CPU due to a maximum duration timer not being set, which caused the GlobalProtect gateway to be unavailable.

Fixed an issue where a memory leak related to the snmpd process caused an out-of-memory (OOM) condition or caused the process to restart when using SNMPv3.

Fixed an issue where wifclient stopped responding due to shared memory corruption.

Fixed an issue where, after a high availability failover, IKE SA negotiation failed with the error message INVALID_SPI, which resulted in temporary loss of traffic over some proxy IDs.

Fixed an issue where the userID-Agent and TS-Agent certificates were set to expire on November 18, 2024. With this fix, the expiration date has been extended to January 2032.