Fixed an issue where, after manuallly creating a device telemetry bundle, the hour_cli_output.txt file within the bundle had a file size of 0 bytes. This occurred when checking the bundle content after enabling device telemetry and setting the device telemetry upload endpoint.

Fixed an issue on Panorama where API queries for correlated category logs incorrectly returned a count of 0.

Fixed an issue where the firewall experienced high disk utilization in the /opt/pancfg/mgmt/content-preview directory due to older content data not being automatically removed when an error occurred during the process.

Fixed an issue where, after upgrading to an affected PAN-OS release, the Visible Virtual System field referenced the vsys name instead of the vsys ID, which caused inter-vsys routing to fail. This occurred when a vsys display name matched one of the vsys IDs. If you're using a multivsys environment, you must upgrade your firewalls to a fixed PAN-OS version. The best practice is to upgrade both the firewalls and Panorama to a fixed PAN-OS version.

Fixed an issue where a long-lived session with many Machine Learning (ML) model triggers caused a memory leak of feature states associated with the ML model runs. This resulted in Spyware_State failure increases, allocation max outs, and impaired policy matching.

Fixed an issue where the the CLI command debug user-id refresh user-id agent all failed with the error message Invalid agent name. Agent name should be 1 to 31 characters long.

Fixed an issue where the proxy-protocol debug level was set to verbose on Prisma Access instances, even when it was not explicitly configured, which caused excessive logging by the pan_task process.

Fixed an issue where, when you used a syslog forwarding profile with the CEF format, an additional string was appended to the end of the log message when viewing the log entry from the Universal Forwarder directory.

Fixed an issue where the logrcvr process stopped responding due to memory allocation errors during Redis communication.

Fixed an issue where firewalls with the Send handshake messages to CTD for inspection setting enabled caused incorrect security policy rules to be matched. Specifically, traffic not identified as openai-base or openai-chatgpt applications was incorrectly matched by the ALLOW-OPEN-AI-FULL-ACCESS-URLS-ALERTS rule. Additionally, the expected response page for blocked URLs was not displayed.

Fixed an issue where Panorama did not display data in the Feature Adoption tab in Strata Cloud Manager due to the system creating and deleting a CLI user for each interval instead of reusing a permanent CLI user for telemetry.

Fixed an issue where administrators were unable to gather path monitoring failure information when troubleshooting high dataplane CPU utilization.

Fixed an issue with firewalls enabled with Security profiles where certain traffic conditions caused high dataplane CPU utilization and packet buffer exhaustion, which caused LACP flapping conditions.

Fixed an issue where, after upgrading Panorama in a High Availability (HA) pair, the configuration logs stopped synchronizing from the primary Panorama to the secondary Panorama. This issue occurred because the log forwarding flag was permanently disabled due to the connection state not being active when the log-fwd-ctrl message was received.

Fixed an issue where on the firewall where the routed process stopped responding after changing the MTU or any link state parameters when OSPF and PIM were enabled on the same interface.

Fixed an issue on Panorama where API jobs failed with the error message Server error: Timed out while getting config lock. This occurred due to slow set request performance when setting a large number of address objects in a single set call.

Fixed an issue where the firewall did not automatically recover after a machine check exception (MCE) occurred.

Fixed an issue where traffic logs incorrectly displayed the action as allow for traffic matching a Security policy rule configured with the action set to deny. This issue occurred due to the child session being used for policy rule lookup when a configuration update triggered a rematch if the FTP-data application was not in the rule.

Fixed an issue where packet buffer depletion occurred due to the a high number of tcp_pkt_queued packets when Jumbo was enabled.

Fixed an issue on airgapped firewalls where cloud connection errors flooded the system logs.

Fixed an issue where, when Panorama was upgraded to PAN-OS 10.2.10, and log collectors were on PAN-OS 10.2.9-h1, logs from a log collector group were not viewable on a Panorama.

Fixed an issue where URLs with over 965 characters were unable to be logged in the URL filtering log.

Fixed an issue where the firewall did not display the source address due to an uninitialized scalar variable.