From 1561a4495a7565c807c0b16fe799cb85c067cf77 Mon Sep 17 00:00:00 2001
From: mbaj <michael.baj@gmail.com>
Date: Tue, 14 Apr 2026 11:47:24 -0400
Subject: [PATCH 1/4] Initial 7.1.5-r2 release notes

---
 docs/about_releases.md               |  2 +-
 docs/concepts_ssr_chassis_manager.md |  2 +-
 docs/release_notes_128t_7.1.md       | 32 ++++++++++++++++++++++++++++
 3 files changed, 34 insertions(+), 2 deletions(-)

diff --git a/docs/about_releases.md b/docs/about_releases.md
index c6bb9fb757..4a610cdd97 100644
--- a/docs/about_releases.md
+++ b/docs/about_releases.md
@@ -54,7 +54,7 @@ However, issues resolved in `4.3.12`, which was released on 3/12/2021 are not ad
 
 | Version | Initial GA Version | First Release Shipping Date | Latest GA Version | Support Lifetime | End of Engineering support | End of Support |
 | -- | -- | -- | -- | -- | -- | -- |
-| Release 7.1 | [7.1.0](release_notes_128t_7.1.md#release-710-50r1) | December 4, 2025 | [7.1.4](release_notes_128t_7.1.md#release-714-3r2) | STS | March 10, 2027 | September 10, 2027 |
+| Release 7.1 | [7.1.0](release_notes_128t_7.1.md#release-710-50r1) | December 4, 2025 | [7.1.5](release_notes_128t_7.1.md#release-715-4r2) | STS | March 10, 2027 | September 10, 2027 |
 | Release 7.0 | [7.0.1](release_notes_128t_7.0.md#release-701-1r1) | October 14, 2025 | [7.0.1](release_notes_128t_7.0.md#release-701-1r1) | LTS | August 24, 2028 | February 24, 2029 |
 | Release 6.3 | [6.3.0](release_notes_128t_6.3.md#release-630-107r1) | September 30, 2024 | [6.3.7-6-sts](release_notes_128t_6.3.md#release-637-6-sts) | STS | May 6, 2026 | November 6, 2026 |
 | Release 6.2 | [6.2.0](release_notes_128t_6.2.md#release-620-39r1) | November 16, 2023 | [6.2.10-lts](release_notes_128t_6.2.md#release-6210-10-lts) | LTS | September 6, 2026 | March 6, 2027 |
diff --git a/docs/concepts_ssr_chassis_manager.md b/docs/concepts_ssr_chassis_manager.md
index 158ecd1cd4..a91e341d8b 100644
--- a/docs/concepts_ssr_chassis_manager.md
+++ b/docs/concepts_ssr_chassis_manager.md
@@ -89,7 +89,7 @@ The following commands are only available on the SSR400 and SSR440 platforms. Wh
 | [`show chassis led`](cli_reference.md#show-chassis-led) | Show the status of the chassis LEDs |
 | [`show chassis led phy`](cli_reference.md#show-chassis-led-phy) | Show the status of the port LEDs |
 | [`show chassis led system`](cli_reference.md#show-chassis-led-system) | Show the status of the System LED |
-| [`show chassis power`](cli_reference.md#show-chassis-power) | Show chassis power |
+| [`show chassis power`](cli_reference.md#show-chassis-power) | The `show chassis power` command displays power supply status for both single and dual power supply SSR4xx devices. |
 | [`show chassis temperature`](cli_reference.md#show-chassis-temperature) | Show chassis temperature sensor readings |
 | [`show chassis temperature-thresholds`](cli_reference.md#show-chassis-temperature-thresholds) | Show chassis temperature thresholds |
 
diff --git a/docs/release_notes_128t_7.1.md b/docs/release_notes_128t_7.1.md
index de130fddc3..894b39d047 100644
--- a/docs/release_notes_128t_7.1.md
+++ b/docs/release_notes_128t_7.1.md
@@ -67,6 +67,38 @@ An issue has been identified that may be observed in conductor deployments runni
 
 An issue has been identified when onboarding SSR routers installed with older versions of software (such as 5.4.4) to Conductors running 6.3.x, when running in offline-mode. In some cases, certain software packages are not available to be installed during onboarding. To work around this issue, import the **package-based** (the "128T" prefixed) ISO for the current conductor version onto the conductor. This provides the necessary software packages to complete the onboarding process. This issue will be resolved in a future release. 
 
+## Release 7.1.5-4r2
+
+**Release Date:** April 23, 2026
+
+### New Features
+
+- **I95-63393 SSR400/SSR440 power supply status visibility:** Added CLI support to display the status of power supplies on dual-AC SSR400/SSR440 platforms. The `show chassis power` command displays power supply status for both single and dual power supply devices. This improves operational visibility into power redundancy and health on SSR400/SSR440 systems.
+------
+- **I95-64568 TPM details in platform information:** The `show platform security` command has been added to display TPM information such as TPM family (version number), revision, firmware version, and manufacturer. This allows users to verify TPM availability and configuration for security and compliance workflows.
+------
+- **I95-64623 Plugin packaging improvements:** Updated plugin packaging to include `128T-plugin-support-files`. This ensures that plugin dependencies are available on systems that rely on the extra packages bundle.
+
+### Resolved Issues
+
+- **I95-62421 DHCP relay failures causing clients to miss IP assignment:** Resolved an issue where DHCP session information is lost on the hub, causing the session reverse flow to collide with the forward flow of the session initiated originally from the spoke. This includes a new (configurable) default behavior for collision resolution. For detailed information, see [`configure authority service-policy prefer-established-session {true | false}`](config_command_guide.md#configure-authority-service-policy-prefer-established-session). 
+------
+- **I95-62710 Unnecessary web server processing for `router all` in the PCLI:** Addressed a problem where the web server performed unnecessary work when PCLI commands referenced `router all`. This optimization reduces overhead and improves responsiveness.
+------
+- **I95-63174 IDP `Critical` profile not applied:** Resolved an issue where setting the IDP policy/profile to `Critical` was not properly applied on IDP. With this fix, profile changes to `Critical` now take effect as expected.
+------
+- **I95-63355 Node-level security controls for serial console and USB:** Restored support for configuring node-level security features that disable serial console output and USB boot/mass storage (for example, settings such as `serial-console-enabled` and `usb-mass-storage-enabled`). This allows users to reapply hardened platform settings where supported.
+------
+- **I95-63839 SNMP walk failures on Conductors onboarding to NMS:** Resolved an issue where SNMP walks on Conductors could fail with a `genError`, preventing successful onboarding into some network management systems. System MIB walks on Conductors now complete successfully; IF-MIB is no longer exposed on Conductors where it is not supported.
+------
+- **I95-64152 Conductor connectivity blocked by stale SSH control sockets:** Resolved a condition where, after a router reboot (particularly following an unclean shutdown), the router could remain **Disconnected** in the Conductor due to stale SSH control sockets. The SSH coordination logic now cleans up stale control sockets automatically, restoring Conductor–router connectivity.
+------
+- **I95-64187 Improved handling of TPM Dictionary Attack (DA) lockout:** Improved detection and handling when the TPM is in Dictionary Attack (DA) lockout mode. The integrity handler now detects this condition earlier and fails in a more predictable manner, simplifying troubleshooting of TPM-related integrity issues.
+------
+- **I95-64595 Excessive audit log severity:** Adjusted the log severity for the audit log event collector to better match expected operational conditions and reduce unnecessary log noise.
+------
+- **I95-64687 Recursive cleanup of Salt cache directory** Resolved an issue where cleanup of `/var/cache/salt/` was not performed recursively, which could leave behind cached data. The cleanup process now removes this directory recursively to ensure a more complete reset.
+
 ## Release 7.1.4-3r2
 
 **Release Date:** March 17, 2026

From fd678d01501891c8ca8b878e303f95f2edab1eba Mon Sep 17 00:00:00 2001
From: Chris <christophert@juniper.net>
Date: Tue, 14 Apr 2026 14:12:00 -0400
Subject: [PATCH 2/4] update config command guide, build numbers

---
 docs/about_releases.md         |   2 +-
 docs/config_command_guide.md   | 141 ++++++++++++++++++++-------------
 docs/release_notes_128t_7.1.md |   2 +-
 3 files changed, 86 insertions(+), 59 deletions(-)

diff --git a/docs/about_releases.md b/docs/about_releases.md
index 4a610cdd97..3431de9006 100644
--- a/docs/about_releases.md
+++ b/docs/about_releases.md
@@ -54,7 +54,7 @@ However, issues resolved in `4.3.12`, which was released on 3/12/2021 are not ad
 
 | Version | Initial GA Version | First Release Shipping Date | Latest GA Version | Support Lifetime | End of Engineering support | End of Support |
 | -- | -- | -- | -- | -- | -- | -- |
-| Release 7.1 | [7.1.0](release_notes_128t_7.1.md#release-710-50r1) | December 4, 2025 | [7.1.5](release_notes_128t_7.1.md#release-715-4r2) | STS | March 10, 2027 | September 10, 2027 |
+| Release 7.1 | [7.1.0](release_notes_128t_7.1.md#release-710-50r1) | December 4, 2025 | [7.1.5](release_notes_128t_7.1.md#release-715-5r2) | STS | March 10, 2027 | September 10, 2027 |
 | Release 7.0 | [7.0.1](release_notes_128t_7.0.md#release-701-1r1) | October 14, 2025 | [7.0.1](release_notes_128t_7.0.md#release-701-1r1) | LTS | August 24, 2028 | February 24, 2029 |
 | Release 6.3 | [6.3.0](release_notes_128t_6.3.md#release-630-107r1) | September 30, 2024 | [6.3.7-6-sts](release_notes_128t_6.3.md#release-637-6-sts) | STS | May 6, 2026 | November 6, 2026 |
 | Release 6.2 | [6.2.0](release_notes_128t_6.2.md#release-620-39r1) | November 16, 2023 | [6.2.10-lts](release_notes_128t_6.2.md#release-6210-10-lts) | LTS | September 6, 2026 | March 6, 2027 |
diff --git a/docs/config_command_guide.md b/docs/config_command_guide.md
index f455ec0b21..05739a7d87 100755
--- a/docs/config_command_guide.md
+++ b/docs/config_command_guide.md
@@ -26,7 +26,7 @@ Authority configuration is the top-most level in the SSR configuration hierarchy
 | `delete` | Delete configuration data |
 | [`district`](#configure-authority-district) | Districts in the authority. |
 | [`dscp-map`](#configure-authority-dscp-map) | Configure Dscp Map |
-| [`dynamic-hostname`](#configure-authority-dynamic-hostname) | Hostname format for interfaces with dynamic addresses. It is a template with substitution variables used to generate a unique hostname corresponding to Network Interfaces that have dynamically learned IP addresses. Uses the following substitution variables: `{interface-id}` for Network Interface Global Identifier, `{router-name}` for Router Name, `{authority-name}` for Authority Name. For example, `interface-\{interface-id\}.\{router-name\}.\{authority-name\}`. |
+| [`dynamic-hostname`](#configure-authority-dynamic-hostname) | Hostname format for interfaces with dynamic addresses. It is a template with subsitution variables used to generate a unique hostname corresponding to Network Interfaces that have dynamically learned IP addresses. Uses the following substitution variables: `{interface-id}` for Network Interface Global Identifier, `{router-name}` for Router Name, `{authority-name}` for Authority Name. For example, `interface-\{interface-id\}.\{router-name\}.\{authority-name\}`. |
 | [`enhanced-security-key-management`](#configure-authority-enhanced-security-key-management) | Use certificate-based security key management. |
 | [`fib-service-match`](#configure-authority-fib-service-match) | When creating FIB entries by matching route updates to service addresses, consider the specified service addresses. |
 | [`forward-error-correction-profile`](#configure-authority-forward-error-correction-profile) | A profile for Forward Error Correection parameters, describing how often to send parity packets. |
@@ -1677,7 +1677,7 @@ IP addresses.  Note that the resolution of a domain-name value
 may require to query multiple DNS records (e.g., A for IPv4
 and AAAA for IPv6).  The order of the resolution process and
 which DNS record takes precedence can either be defined
-explicitly or it may depend on the configuration of the
+explicitely or it may depend on the configuration of the
 resolver.
 
 Domain-name values use the US-ASCII encoding.  Their canonical
@@ -2143,7 +2143,7 @@ This type is used by other entities that need to reference configured resource g
 
 ## `configure authority dynamic-hostname`
 
-Hostname format for interfaces with dynamic addresses. It is a template with substitution variables used to generate a unique hostname corresponding to Network Interfaces that have dynamically learned IP addresses. Uses the following substitution variables: `{interface-id}` for Network Interface Global Identifier, `{router-name}` for Router Name, `{authority-name}` for Authority Name. For example, `interface-{interface-id}.{router-name}.{authority-name}`.
+Hostname format for interfaces with dynamic addresses. It is a template with subsitution variables used to generate a unique hostname corresponding to Network Interfaces that have dynamically learned IP addresses. Uses the following substitution variables: `{interface-id}` for Network Interface Global Identifier, `{router-name}` for Router Name, `{authority-name}` for Authority Name. For example, `interface-{interface-id}.{router-name}.{authority-name}`.
 
 #### Usage
 
@@ -2995,7 +2995,7 @@ IP addresses.  Note that the resolution of a domain-name value
 may require to query multiple DNS records (e.g., A for IPv4
 and AAAA for IPv6).  The order of the resolution process and
 which DNS record takes precedence can either be defined
-explicitly or it may depend on the configuration of the
+explicitely or it may depend on the configuration of the
 resolver.
 
 Domain-name values use the US-ASCII encoding.  Their canonical
@@ -3379,7 +3379,7 @@ IP addresses.  Note that the resolution of a domain-name value
 may require to query multiple DNS records (e.g., A for IPv4
 and AAAA for IPv6).  The order of the resolution process and
 which DNS record takes precedence can either be defined
-explicitly or it may depend on the configuration of the
+explicitely or it may depend on the configuration of the
 resolver.
 
 Domain-name values use the US-ASCII encoding.  Their canonical
@@ -4659,7 +4659,7 @@ IP addresses.  Note that the resolution of a domain-name value
 may require to query multiple DNS records (e.g., A for IPv4
 and AAAA for IPv6).  The order of the resolution process and
 which DNS record takes precedence can either be defined
-explicitly or it may depend on the configuration of the
+explicitely or it may depend on the configuration of the
 resolver.
 
 Domain-name values use the US-ASCII encoding.  Their canonical
@@ -6159,7 +6159,7 @@ IP addresses.  Note that the resolution of a domain-name value
 may require to query multiple DNS records (e.g., A for IPv4
 and AAAA for IPv6).  The order of the resolution process and
 which DNS record takes precedence can either be defined
-explicitly or it may depend on the configuration of the
+explicitely or it may depend on the configuration of the
 resolver.
 
 Domain-name values use the US-ASCII encoding.  Their canonical
@@ -7885,7 +7885,7 @@ IP addresses.  Note that the resolution of a domain-name value
 may require to query multiple DNS records (e.g., A for IPv4
 and AAAA for IPv6).  The order of the resolution process and
 which DNS record takes precedence can either be defined
-explicitly or it may depend on the configuration of the
+explicitely or it may depend on the configuration of the
 resolver.
 
 Domain-name values use the US-ASCII encoding.  Their canonical
@@ -8317,7 +8317,7 @@ A value from a set of predefined names.
 
 Options:
 
-- auto:            Use auto-negotiation for the Ethernet link
+- auto:            Use auto-negotation for the Ethernet link
 - 10Mbps-half:     Force the Ethernet link to 10 Mbps half duplex
 - 10Mbps-full:     Force the Ethernet link to 10 Mbps full duplex
 - 100Mbps-half:    Force the Ethernet link to 100 Mbps half duplex
@@ -8759,7 +8759,7 @@ configure authority router node device-interface network-interface <name>
 | [`hostname`](#configure-authority-router-node-device-interface-network-interface-hostname) | Hostname for the interface. This is an optional fully-qualified domain name (FQDN). |
 | [`icmp`](#configure-authority-router-node-device-interface-network-interface-icmp) | Enable/disable ICMP Blackhole |
 | [`ifcfg-option`](#configure-authority-router-node-device-interface-network-interface-ifcfg-option) | Interface config options for non-forwarding interfaces |
-| [`ingress-source-nat-pool`](#configure-authority-router-node-device-interface-network-interface-ingress-source-nat-pool) | Indicates whether source address (and optional port) translation is performed for flows targeted towards an inter-router peer. In this case, the nat will be applied on the ingress router as opposed to the final egress router. |
+| [`ingress-source-nat-pool`](#configure-authority-router-node-device-interface-network-interface-ingress-source-nat-pool) | Indicates whether source address (and optional port) translation is performed for flows targetted towards an inter-router peer. In this case, the nat will be applied on the ingress router as opposed to the final egress router. |
 | [`inter-router-security`](#configure-authority-router-node-device-interface-network-interface-inter-router-security) | The name of the security policy used for inbound inter-router traffic. |
 | [`management`](#configure-authority-router-node-device-interface-network-interface-management) | Allow management traffic to be sent over this interface |
 | [`management-vector`](#configure-authority-router-node-device-interface-network-interface-management-vector) | Vector configuration for non-forwarding interfaces |
@@ -13433,7 +13433,7 @@ IP addresses.  Note that the resolution of a domain-name value
 may require to query multiple DNS records (e.g., A for IPv4
 and AAAA for IPv6).  The order of the resolution process and
 which DNS record takes precedence can either be defined
-explicitly or it may depend on the configuration of the
+explicitely or it may depend on the configuration of the
 resolver.
 
 Domain-name values use the US-ASCII encoding.  Their canonical
@@ -13566,7 +13566,7 @@ IP addresses.  Note that the resolution of a domain-name value
 may require to query multiple DNS records (e.g., A for IPv4
 and AAAA for IPv6).  The order of the resolution process and
 which DNS record takes precedence can either be defined
-explicitly or it may depend on the configuration of the
+explicitely or it may depend on the configuration of the
 resolver.
 
 Domain-name values use the US-ASCII encoding.  Their canonical
@@ -13647,7 +13647,7 @@ A value from a set of predefined names.
 
 Options:
 
-- auto:        Inject keep-alive packets in order to keep the pinhole open on external NAT device for sessions that match a session type with keep-alive enabled.
+- auto:        Inject keep-alive packets in order to keep the pinhole open on external NAT device for sessions that match a session type with keep-alives enabled.
 - disabled:    Do not send keep-alive packets to keep pinhole open on an external NAT device.
 
 ## `configure authority router node device-interface network-interface adjacency nat-keep-alive tcp-inactivity-timeout`
@@ -15919,7 +15919,7 @@ IP addresses.  Note that the resolution of a domain-name value
 may require to query multiple DNS records (e.g., A for IPv4
 and AAAA for IPv6).  The order of the resolution process and
 which DNS record takes precedence can either be defined
-explicitly or it may depend on the configuration of the
+explicitely or it may depend on the configuration of the
 resolver.
 
 Domain-name values use the US-ASCII encoding.  Their canonical
@@ -16551,7 +16551,7 @@ IP addresses.  Note that the resolution of a domain-name value
 may require to query multiple DNS records (e.g., A for IPv4
 and AAAA for IPv6).  The order of the resolution process and
 which DNS record takes precedence can either be defined
-explicitly or it may depend on the configuration of the
+explicitely or it may depend on the configuration of the
 resolver.
 
 Domain-name values use the US-ASCII encoding.  Their canonical
@@ -16664,7 +16664,7 @@ A text value.
 
 ## `configure authority router node device-interface network-interface ingress-source-nat-pool`
 
-Indicates whether source address (and optional port) translation is performed for flows targeted towards an inter-router peer. In this case, the nat will be applied on the ingress router as opposed to the final egress router.
+Indicates whether source address (and optional port) translation is performed for flows targetted towards an inter-router peer. In this case, the nat will be applied on the ingress router as opposed to the final egress router.
 
 #### Usage
 
@@ -17003,7 +17003,7 @@ representation uses lowercase characters.
 In the value set and its semantics, this type is equivalent
 to the PhysAddress textual convention of the SMIv2.
 
-Required format: &#x27;XX:XX:XX:XX:XX:XX&#x27;, where &#x27;X&#x27; is a hexadecimal digit (e.g., 00:0a:95:9d:68:16). Length may vary from the example shown.
+Required format: &#x27;XX:XX:XX:XX:XX:XX&#x27;, where &#x27;X&#x27; is a hexidecimal digit (e.g., 00:0a:95:9d:68:16). Length may vary from the example shown.
 
 ## `configure authority router node device-interface network-interface neighborhood`
 
@@ -17488,7 +17488,7 @@ IP addresses.  Note that the resolution of a domain-name value
 may require to query multiple DNS records (e.g., A for IPv4
 and AAAA for IPv6).  The order of the resolution process and
 which DNS record takes precedence can either be defined
-explicitly or it may depend on the configuration of the
+explicitely or it may depend on the configuration of the
 resolver.
 
 Domain-name values use the US-ASCII encoding.  Their canonical
@@ -17594,7 +17594,7 @@ A value from a set of predefined names.
 
 Options:
 
-- auto:        Inject keep-alive packets in order to keep the pinhole open on external NAT device for sessions that match a session type with keep-alive enabled.
+- auto:        Inject keep-alive packets in order to keep the pinhole open on external NAT device for sessions that match a session type with keep-alives enabled.
 - disabled:    Do not send keep-alive packets to keep pinhole open on an external NAT device.
 
 ## `configure authority router node device-interface network-interface neighborhood nat-keep-alive tcp-inactivity-timeout`
@@ -19490,7 +19490,7 @@ IP addresses.  Note that the resolution of a domain-name value
 may require to query multiple DNS records (e.g., A for IPv4
 and AAAA for IPv6).  The order of the resolution process and
 which DNS record takes precedence can either be defined
-explicitly or it may depend on the configuration of the
+explicitely or it may depend on the configuration of the
 resolver.
 
 Domain-name values use the US-ASCII encoding.  Their canonical
@@ -20162,7 +20162,7 @@ configure authority router node device-interface shared-phys-address [<unicast-p
 
 A text value.
 
-Required format: &#x27;XX:XX:XX:XX:XX:XX&#x27;, where &#x27;X&#x27; is a hexadecimal digit (e.g., 00:0a:95:9d:68:16). Length may vary from the example shown.
+Required format: &#x27;XX:XX:XX:XX:XX:XX&#x27;, where &#x27;X&#x27; is a hexidecimal digit (e.g., 00:0a:95:9d:68:16). Length may vary from the example shown.
 Shared physical address must not be a multicast address nor 00:00:00:00:00:00
 
 ## `configure authority router node device-interface sriov-vlan-filter`
@@ -21097,7 +21097,7 @@ IP addresses.  Note that the resolution of a domain-name value
 may require to query multiple DNS records (e.g., A for IPv4
 and AAAA for IPv6).  The order of the resolution process and
 which DNS record takes precedence can either be defined
-explicitly or it may depend on the configuration of the
+explicitely or it may depend on the configuration of the
 resolver.
 
 Domain-name values use the US-ASCII encoding.  Their canonical
@@ -21233,7 +21233,7 @@ IP addresses.  Note that the resolution of a domain-name value
 may require to query multiple DNS records (e.g., A for IPv4
 and AAAA for IPv6).  The order of the resolution process and
 which DNS record takes precedence can either be defined
-explicitly or it may depend on the configuration of the
+explicitely or it may depend on the configuration of the
 resolver.
 
 Domain-name values use the US-ASCII encoding.  Their canonical
@@ -24008,7 +24008,7 @@ configure authority router reachability-profile protocol traffic-class <traffic-
 | ------- | ----------- |
 | [`acceptable-error-threshold`](#configure-authority-router-reachability-profile-protocol-traffic-class-acceptable-error-threshold) | Percentage of errors acceptable on the path before taking it offline. For TCP, this will include session closed before establishment, and any ICMP error that constitutes and session timeout before establishment. For UDP, this will include the destination unreachable class of ICMP errors |
 | `delete` | Delete configuration data |
-| [`enabled`](#configure-authority-router-reachability-profile-protocol-traffic-class-enabled) | Enable reachability-detection enforcement for this protocol and traffic class |
+| [`enabled`](#configure-authority-router-reachability-profile-protocol-traffic-class-enabled) | Enable reachability-detection enforcment for this protocol and traffic class |
 | `override-generated` | Force auto-generated configuration and any modifications to it to persist on commit |
 | `show` | Show configuration data for &#x27;traffic-class&#x27; |
 | [`time-to-establishment`](#configure-authority-router-reachability-profile-protocol-traffic-class-time-to-establishment) | Reachability-detection time-to-establishment metrics |
@@ -24044,7 +24044,7 @@ Range: 0-100
 
 ## `configure authority router reachability-profile protocol traffic-class enabled`
 
-Enable reachability-detection enforcement for this protocol and traffic class
+Enable reachability-detection enforcment for this protocol and traffic class
 
 #### Usage
 
@@ -26213,7 +26213,7 @@ Default: none
 
 ##### area-authentication-type (enumeration)
 
-OSPF area authentication. Can be overridden by interface authentication.
+OSPF area authentication. Can be overriden by interface authentication.
 
 Options:
 
@@ -29768,7 +29768,7 @@ Configure the maximum number of prefixes that will be accepted from a neighbor f
 | `delete` | Delete configuration data |
 | [`max-prefixes`](#configure-authority-router-routing-routing-protocol-neighbor-address-family-prefix-limit-max-prefixes) | Maximum number of prefixes that will be accepted from the neighbor for this address family |
 | `override-generated` | Force auto-generated configuration and any modifications to it to persist on commit |
-| [`restart-timer`](#configure-authority-router-routing-routing-protocol-neighbor-address-family-prefix-limit-restart-timer) | Time interval after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit for this address family. |
+| [`restart-timer`](#configure-authority-router-routing-routing-protocol-neighbor-address-family-prefix-limit-restart-timer) | Time interval after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit for this adddress family. |
 | `show` | Show configuration data for &#x27;prefix-limit&#x27; |
 | [`shutdown-threshold-pct`](#configure-authority-router-routing-routing-protocol-neighbor-address-family-prefix-limit-shutdown-threshold-pct) | Threshold on number of prefixes that can be received from a neighbor for this address family before generation of warning messages or log entries. |
 
@@ -29798,7 +29798,7 @@ An unsigned 32-bit integer.
 
 ## `configure authority router routing routing-protocol neighbor address-family prefix-limit restart-timer`
 
-Time interval after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit for this address family.
+Time interval after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit for this adddress family.
 
 #### Usage
 
@@ -32416,7 +32416,7 @@ Default: none
 
 ##### area-authentication-type (enumeration)
 
-OSPF area authentication. Can be overridden by interface authentication.
+OSPF area authentication. Can be overriden by interface authentication.
 
 Options:
 
@@ -35931,7 +35931,7 @@ Configure the maximum number of prefixes that will be accepted from a neighbor f
 | `delete` | Delete configuration data |
 | [`max-prefixes`](#configure-authority-router-routing-vrf-routing-protocol-neighbor-address-family-prefix-limit-max-prefixes) | Maximum number of prefixes that will be accepted from the neighbor for this address family |
 | `override-generated` | Force auto-generated configuration and any modifications to it to persist on commit |
-| [`restart-timer`](#configure-authority-router-routing-vrf-routing-protocol-neighbor-address-family-prefix-limit-restart-timer) | Time interval after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit for this address family. |
+| [`restart-timer`](#configure-authority-router-routing-vrf-routing-protocol-neighbor-address-family-prefix-limit-restart-timer) | Time interval after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit for this adddress family. |
 | `show` | Show configuration data for &#x27;prefix-limit&#x27; |
 | [`shutdown-threshold-pct`](#configure-authority-router-routing-vrf-routing-protocol-neighbor-address-family-prefix-limit-shutdown-threshold-pct) | Threshold on number of prefixes that can be received from a neighbor for this address family before generation of warning messages or log entries. |
 
@@ -35961,7 +35961,7 @@ An unsigned 32-bit integer.
 
 ## `configure authority router routing vrf routing-protocol neighbor address-family prefix-limit restart-timer`
 
-Time interval after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit for this address family.
+Time interval after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit for this adddress family.
 
 #### Usage
 
@@ -37849,7 +37849,7 @@ IP addresses.  Note that the resolution of a domain-name value
 may require to query multiple DNS records (e.g., A for IPv4
 and AAAA for IPv6).  The order of the resolution process and
 which DNS record takes precedence can either be defined
-explicitly or it may depend on the configuration of the
+explicitely or it may depend on the configuration of the
 resolver.
 
 Domain-name values use the US-ASCII encoding.  Their canonical
@@ -37961,7 +37961,7 @@ IP addresses.  Note that the resolution of a domain-name value
 may require to query multiple DNS records (e.g., A for IPv4
 and AAAA for IPv6).  The order of the resolution process and
 which DNS record takes precedence can either be defined
-explicitly or it may depend on the configuration of the
+explicitely or it may depend on the configuration of the
 resolver.
 
 Domain-name values use the US-ASCII encoding.  Their canonical
@@ -38195,7 +38195,7 @@ IP addresses.  Note that the resolution of a domain-name value
 may require to query multiple DNS records (e.g., A for IPv4
 and AAAA for IPv6).  The order of the resolution process and
 which DNS record takes precedence can either be defined
-explicitly or it may depend on the configuration of the
+explicitely or it may depend on the configuration of the
 resolver.
 
 Domain-name values use the US-ASCII encoding.  Their canonical
@@ -39428,7 +39428,7 @@ IP addresses.  Note that the resolution of a domain-name value
 may require to query multiple DNS records (e.g., A for IPv4
 and AAAA for IPv6).  The order of the resolution process and
 which DNS record takes precedence can either be defined
-explicitly or it may depend on the configuration of the
+explicitely or it may depend on the configuration of the
 resolver.
 
 Domain-name values use the US-ASCII encoding.  Their canonical
@@ -40452,7 +40452,7 @@ The shortest historical retention bucket
 | `delete` | Delete configuration data |
 | [`duration`](#configure-authority-router-system-metrics-retention-short-duration) | How long the short retention should retain metrics |
 | [`enabled`](#configure-authority-router-system-metrics-retention-short-enabled) | Whether short and subsequent retentions should be disabled |
-| [`interval`](#configure-authority-router-system-metrics-retention-short-interval) | How frequently metrics should be inserted into the short retention. This is equivalent to the deprecated &#x27;sample-period&#x27; element. |
+| [`interval`](#configure-authority-router-system-metrics-retention-short-interval) | How frequently metrics should be inserted into the short retention. This is equivallent to the deprecated &#x27;sample-period&#x27; element. |
 | `override-generated` | Force auto-generated configuration and any modifications to it to persist on commit |
 | `show` | Show configuration data for &#x27;short&#x27; |
 
@@ -40510,7 +40510,7 @@ Options: true or false
 
 ## `configure authority router system metrics retention short interval`
 
-How frequently metrics should be inserted into the short retention. This is equivalent to the deprecated &#x27;sample-period&#x27; element.
+How frequently metrics should be inserted into the short retention. This is equivallent to the deprecated &#x27;sample-period&#x27; element.
 
 #### Usage
 
@@ -40800,7 +40800,7 @@ IP addresses.  Note that the resolution of a domain-name value
 may require to query multiple DNS records (e.g., A for IPv4
 and AAAA for IPv6).  The order of the resolution process and
 which DNS record takes precedence can either be defined
-explicitly or it may depend on the configuration of the
+explicitely or it may depend on the configuration of the
 resolver.
 
 Domain-name values use the US-ASCII encoding.  Their canonical
@@ -40964,7 +40964,7 @@ IP addresses.  Note that the resolution of a domain-name value
 may require to query multiple DNS records (e.g., A for IPv4
 and AAAA for IPv6).  The order of the resolution process and
 which DNS record takes precedence can either be defined
-explicitly or it may depend on the configuration of the
+explicitely or it may depend on the configuration of the
 resolver.
 
 Domain-name values use the US-ASCII encoding.  Their canonical
@@ -41475,7 +41475,7 @@ IP addresses.  Note that the resolution of a domain-name value
 may require to query multiple DNS records (e.g., A for IPv4
 and AAAA for IPv6).  The order of the resolution process and
 which DNS record takes precedence can either be defined
-explicitly or it may depend on the configuration of the
+explicitely or it may depend on the configuration of the
 resolver.
 
 Domain-name values use the US-ASCII encoding.  Their canonical
@@ -42869,7 +42869,7 @@ IP addresses.  Note that the resolution of a domain-name value
 may require to query multiple DNS records (e.g., A for IPv4
 and AAAA for IPv6).  The order of the resolution process and
 which DNS record takes precedence can either be defined
-explicitly or it may depend on the configuration of the
+explicitely or it may depend on the configuration of the
 resolver.
 
 Domain-name values use the US-ASCII encoding.  Their canonical
@@ -43530,7 +43530,7 @@ IP addresses.  Note that the resolution of a domain-name value
 may require to query multiple DNS records (e.g., A for IPv4
 and AAAA for IPv6).  The order of the resolution process and
 which DNS record takes precedence can either be defined
-explicitly or it may depend on the configuration of the
+explicitely or it may depend on the configuration of the
 resolver.
 
 Domain-name values use the US-ASCII encoding.  Their canonical
@@ -45362,7 +45362,7 @@ Options:
 - metric-condition:                         A metric condition
 - origin-condition:                         An origin condition
 - peer-condition:                           A peer condition
-- probability-condition:                    A probability condition
+- probability-condition:                    A probablity condition
 - tag-condition:                            A tag condition
 
 ## `configure authority routing policy statement name`
@@ -45739,7 +45739,7 @@ Length: 32
 
 A hexadecimal string with octets represented as hex digits separated by colons. The canonical representation uses lowercase characters.
 
-Required format: &#x27;XX:XX:XX:XX:XX:XX&#x27;, where &#x27;X&#x27; is a hexadecimal digit (e.g., 00:0a:95:9d:68:16). Length may vary from the example shown.
+Required format: &#x27;XX:XX:XX:XX:XX:XX&#x27;, where &#x27;X&#x27; is a hexidecimal digit (e.g., 00:0a:95:9d:68:16). Length may vary from the example shown.
 Length: 47
 
 ## `configure authority security encryption-key`
@@ -45776,7 +45776,7 @@ Length: 32,64
 
 A hexadecimal string with octets represented as hex digits separated by colons. The canonical representation uses lowercase characters.
 
-Required format: &#x27;XX:XX:XX:XX:XX:XX&#x27;, where &#x27;X&#x27; is a hexadecimal digit (e.g., 00:0a:95:9d:68:16). Length may vary from the example shown.
+Required format: &#x27;XX:XX:XX:XX:XX:XX&#x27;, where &#x27;X&#x27; is a hexidecimal digit (e.g., 00:0a:95:9d:68:16). Length may vary from the example shown.
 Length: 47,95
 
 ## `configure authority security hmac`
@@ -45875,7 +45875,7 @@ Length: 8,16,32,40,64
 
 A hexadecimal string with octets represented as hex digits separated by colons. The canonical representation uses lowercase characters.
 
-Required format: &#x27;XX:XX:XX:XX:XX:XX&#x27;, where &#x27;X&#x27; is a hexadecimal digit (e.g., 00:0a:95:9d:68:16). Length may vary from the example shown.
+Required format: &#x27;XX:XX:XX:XX:XX:XX&#x27;, where &#x27;X&#x27; is a hexidecimal digit (e.g., 00:0a:95:9d:68:16). Length may vary from the example shown.
 Length: 11,23,47,59,95
 
 ## `configure authority security hmac-mode`
@@ -46855,7 +46855,7 @@ IP addresses.  Note that the resolution of a domain-name value
 may require to query multiple DNS records (e.g., A for IPv4
 and AAAA for IPv6).  The order of the resolution process and
 which DNS record takes precedence can either be defined
-explicitly or it may depend on the configuration of the
+explicitely or it may depend on the configuration of the
 resolver.
 
 Domain-name values use the US-ASCII encoding.  Their canonical
@@ -48317,6 +48317,7 @@ configure authority service-policy <name>
 | [`packet-resiliency`](#configure-authority-service-policy-packet-resiliency) | Types of packet resiliency govern how the SSR provides resilience for packets in the event of network loss. |
 | [`path-quality-filter`](#configure-authority-service-policy-path-quality-filter) | Enable/disable filtering out paths that exceed maximum quality limits. |
 | [`peer-path-resiliency`](#configure-authority-service-policy-peer-path-resiliency) | Whether or not session resiliency failover occurs among multiple peers. |
+| [`prefer-established-session`](#configure-authority-service-policy-prefer-established-session) | On a reverse flow collision with an incomplete session, prefer the established session. |
 | [`qp-preference`](#configure-authority-service-policy-qp-preference) | Preference for ordering interfaces by QP values. |
 | [`required-qp`](#configure-authority-service-policy-required-qp) | Minimum quality points required on network interface. |
 | [`reverse-gateway-change-detection`](#configure-authority-service-policy-reverse-gateway-change-detection) | Trigger a session-modify when the packet source-mac does not match the reverse next-hop ARP resolution for sessions that are not from inter-router or inter-node. |
@@ -48864,6 +48865,32 @@ A true or false value.
 
 Options: true or false
 
+## `configure authority service-policy prefer-established-session`
+
+On a reverse flow collision with an incomplete session, prefer the established session.
+
+#### Usage
+
+```
+configure authority service-policy prefer-established-session [<boolean>]
+```
+
+##### Positional Arguments
+
+| name | description |
+| ---- | ----------- |
+| boolean | The value to set for this field |
+
+#### Description
+
+Default: true
+
+##### boolean
+
+A true or false value.
+
+Options: true or false
+
 ## `configure authority service-policy qp-preference`
 
 Preference for ordering interfaces by QP values.
@@ -49596,7 +49623,7 @@ configure authority session-type <name>
 | [`description`](#configure-authority-session-type-description) | A description of the session type. |
 | [`initial-timeout`](#configure-authority-session-type-initial-timeout) | The inactivity timeout for sessions that are not yet established. |
 | [`name`](#configure-authority-session-type-name) | The name of the session type. |
-| [`nat-keep-alive`](#configure-authority-session-type-nat-keep-alive) | Enable/disable generation of NAT keep-alive for sessions of this type if the functionality is enabled in the neighborhood |
+| [`nat-keep-alive`](#configure-authority-session-type-nat-keep-alive) | Enable/disable generation of NAT keep-alives for sessions of this type if the functionality is enabled in the neighborhood |
 | `override-generated` | Force auto-generated configuration and any modifications to it to persist on commit |
 | [`resource-group`](#configure-authority-session-type-resource-group) | Associate this session type with a top-level resource-group. |
 | [`service-class`](#configure-authority-session-type-service-class) | The service class this type belongs to. |
@@ -49679,7 +49706,7 @@ Length: 0-63
 
 ## `configure authority session-type nat-keep-alive`
 
-Enable/disable generation of NAT keep-alive for sessions of this type if the functionality is enabled in the neighborhood
+Enable/disable generation of NAT keep-alives for sessions of this type if the functionality is enabled in the neighborhood
 
 #### Usage
 
@@ -50318,7 +50345,7 @@ IP addresses.  Note that the resolution of a domain-name value
 may require to query multiple DNS records (e.g., A for IPv4
 and AAAA for IPv6).  The order of the resolution process and
 which DNS record takes precedence can either be defined
-explicitly or it may depend on the configuration of the
+explicitely or it may depend on the configuration of the
 resolver.
 
 Domain-name values use the US-ASCII encoding.  Their canonical
@@ -50674,7 +50701,7 @@ configure authority tenant member <neighborhood>
 
 | name | description |
 | ---- | ----------- |
-| neighborhood | Neighborhood where tenant members are located. |
+| neighborhood | Neigborhood where tenant members are located. |
 
 ##### Subcommands
 
@@ -50682,7 +50709,7 @@ configure authority tenant member <neighborhood>
 | ------- | ----------- |
 | [`address`](#configure-authority-tenant-member-address) | The source address(es) within the neighborhood that define the tenant members. |
 | `delete` | Delete configuration data |
-| [`neighborhood`](#configure-authority-tenant-member-neighborhood) | Neighborhood where tenant members are located. |
+| [`neighborhood`](#configure-authority-tenant-member-neighborhood) | Neigborhood where tenant members are located. |
 | `override-generated` | Force auto-generated configuration and any modifications to it to persist on commit |
 | `show` | Show configuration data for &#x27;member&#x27; |
 
@@ -50751,7 +50778,7 @@ characters and leading zeros are not allowed.
 
 ## `configure authority tenant member neighborhood`
 
-Neighborhood where tenant members are located.
+Neigborhood where tenant members are located.
 
 #### Usage
 
@@ -51275,8 +51302,8 @@ Configure Web Theme
 | `delete` | Delete configuration data |
 | [`logo`](#configure-authority-web-theme-logo) | The logo used across the authority. |
 | `override-generated` | Force auto-generated configuration and any modifications to it to persist on commit |
-| [`primary-color`](#configure-authority-web-theme-primary-color) | The hexadecimal code of the primary color in the authority&#x27;s theme. |
-| [`secondary-color`](#configure-authority-web-theme-secondary-color) | The hexadecimal code of the secondary color in the authority&#x27;s theme. |
+| [`primary-color`](#configure-authority-web-theme-primary-color) | The hexidecimal code of the primary color in the authority&#x27;s theme. |
+| [`secondary-color`](#configure-authority-web-theme-secondary-color) | The hexidecimal code of the secondary color in the authority&#x27;s theme. |
 | `show` | Show configuration data for &#x27;web-theme&#x27; |
 | [`tab-icon`](#configure-authority-web-theme-tab-icon) | The icon displayed in the browser tab. |
 
@@ -51304,7 +51331,7 @@ A text value.
 
 ## `configure authority web-theme primary-color`
 
-The hexadecimal code of the primary color in the authority&#x27;s theme.
+The hexidecimal code of the primary color in the authority&#x27;s theme.
 
 #### Usage
 
@@ -51328,7 +51355,7 @@ Length: 6
 
 ## `configure authority web-theme secondary-color`
 
-The hexadecimal code of the secondary color in the authority&#x27;s theme.
+The hexidecimal code of the secondary color in the authority&#x27;s theme.
 
 #### Usage
 
diff --git a/docs/release_notes_128t_7.1.md b/docs/release_notes_128t_7.1.md
index 894b39d047..815d61bfa1 100644
--- a/docs/release_notes_128t_7.1.md
+++ b/docs/release_notes_128t_7.1.md
@@ -67,7 +67,7 @@ An issue has been identified that may be observed in conductor deployments runni
 
 An issue has been identified when onboarding SSR routers installed with older versions of software (such as 5.4.4) to Conductors running 6.3.x, when running in offline-mode. In some cases, certain software packages are not available to be installed during onboarding. To work around this issue, import the **package-based** (the "128T" prefixed) ISO for the current conductor version onto the conductor. This provides the necessary software packages to complete the onboarding process. This issue will be resolved in a future release. 
 
-## Release 7.1.5-4r2
+## Release 7.1.5-5r2
 
 **Release Date:** April 23, 2026
 

From 4198292af73bb9e45da2e40e4a275cdd2e266c1f Mon Sep 17 00:00:00 2001
From: Chris <christophert@juniper.net>
Date: Mon, 20 Apr 2026 11:04:08 -0400
Subject: [PATCH 3/4] fixing typos

---
 docs/config_command_guide.md | 94 ++++++++++++++++++------------------
 1 file changed, 47 insertions(+), 47 deletions(-)

diff --git a/docs/config_command_guide.md b/docs/config_command_guide.md
index 05739a7d87..3683942c2c 100755
--- a/docs/config_command_guide.md
+++ b/docs/config_command_guide.md
@@ -26,7 +26,7 @@ Authority configuration is the top-most level in the SSR configuration hierarchy
 | `delete` | Delete configuration data |
 | [`district`](#configure-authority-district) | Districts in the authority. |
 | [`dscp-map`](#configure-authority-dscp-map) | Configure Dscp Map |
-| [`dynamic-hostname`](#configure-authority-dynamic-hostname) | Hostname format for interfaces with dynamic addresses. It is a template with subsitution variables used to generate a unique hostname corresponding to Network Interfaces that have dynamically learned IP addresses. Uses the following substitution variables: `{interface-id}` for Network Interface Global Identifier, `{router-name}` for Router Name, `{authority-name}` for Authority Name. For example, `interface-\{interface-id\}.\{router-name\}.\{authority-name\}`. |
+| [`dynamic-hostname`](#configure-authority-dynamic-hostname) | Hostname format for interfaces with dynamic addresses. It is a template with substitution variables used to generate a unique hostname corresponding to Network Interfaces that have dynamically learned IP addresses. Uses the following substitution variables: `{interface-id}` for Network Interface Global Identifier, `{router-name}` for Router Name, `{authority-name}` for Authority Name. For example, `interface-\{interface-id\}.\{router-name\}.\{authority-name\}`. |
 | [`enhanced-security-key-management`](#configure-authority-enhanced-security-key-management) | Use certificate-based security key management. |
 | [`fib-service-match`](#configure-authority-fib-service-match) | When creating FIB entries by matching route updates to service addresses, consider the specified service addresses. |
 | [`forward-error-correction-profile`](#configure-authority-forward-error-correction-profile) | A profile for Forward Error Correection parameters, describing how often to send parity packets. |
@@ -1677,7 +1677,7 @@ IP addresses.  Note that the resolution of a domain-name value
 may require to query multiple DNS records (e.g., A for IPv4
 and AAAA for IPv6).  The order of the resolution process and
 which DNS record takes precedence can either be defined
-explicitely or it may depend on the configuration of the
+explicitly or it may depend on the configuration of the
 resolver.
 
 Domain-name values use the US-ASCII encoding.  Their canonical
@@ -2143,7 +2143,7 @@ This type is used by other entities that need to reference configured resource g
 
 ## `configure authority dynamic-hostname`
 
-Hostname format for interfaces with dynamic addresses. It is a template with subsitution variables used to generate a unique hostname corresponding to Network Interfaces that have dynamically learned IP addresses. Uses the following substitution variables: `{interface-id}` for Network Interface Global Identifier, `{router-name}` for Router Name, `{authority-name}` for Authority Name. For example, `interface-{interface-id}.{router-name}.{authority-name}`.
+Hostname format for interfaces with dynamic addresses. It is a template with substitution variables used to generate a unique hostname corresponding to Network Interfaces that have dynamically learned IP addresses. Uses the following substitution variables: `{interface-id}` for Network Interface Global Identifier, `{router-name}` for Router Name, `{authority-name}` for Authority Name. For example, `interface-{interface-id}.{router-name}.{authority-name}`.
 
 #### Usage
 
@@ -2995,7 +2995,7 @@ IP addresses.  Note that the resolution of a domain-name value
 may require to query multiple DNS records (e.g., A for IPv4
 and AAAA for IPv6).  The order of the resolution process and
 which DNS record takes precedence can either be defined
-explicitely or it may depend on the configuration of the
+explicitly or it may depend on the configuration of the
 resolver.
 
 Domain-name values use the US-ASCII encoding.  Their canonical
@@ -3379,7 +3379,7 @@ IP addresses.  Note that the resolution of a domain-name value
 may require to query multiple DNS records (e.g., A for IPv4
 and AAAA for IPv6).  The order of the resolution process and
 which DNS record takes precedence can either be defined
-explicitely or it may depend on the configuration of the
+explicitly or it may depend on the configuration of the
 resolver.
 
 Domain-name values use the US-ASCII encoding.  Their canonical
@@ -4659,7 +4659,7 @@ IP addresses.  Note that the resolution of a domain-name value
 may require to query multiple DNS records (e.g., A for IPv4
 and AAAA for IPv6).  The order of the resolution process and
 which DNS record takes precedence can either be defined
-explicitely or it may depend on the configuration of the
+explicitly or it may depend on the configuration of the
 resolver.
 
 Domain-name values use the US-ASCII encoding.  Their canonical
@@ -6159,7 +6159,7 @@ IP addresses.  Note that the resolution of a domain-name value
 may require to query multiple DNS records (e.g., A for IPv4
 and AAAA for IPv6).  The order of the resolution process and
 which DNS record takes precedence can either be defined
-explicitely or it may depend on the configuration of the
+explicitly or it may depend on the configuration of the
 resolver.
 
 Domain-name values use the US-ASCII encoding.  Their canonical
@@ -7885,7 +7885,7 @@ IP addresses.  Note that the resolution of a domain-name value
 may require to query multiple DNS records (e.g., A for IPv4
 and AAAA for IPv6).  The order of the resolution process and
 which DNS record takes precedence can either be defined
-explicitely or it may depend on the configuration of the
+explicitly or it may depend on the configuration of the
 resolver.
 
 Domain-name values use the US-ASCII encoding.  Their canonical
@@ -8317,7 +8317,7 @@ A value from a set of predefined names.
 
 Options:
 
-- auto:            Use auto-negotation for the Ethernet link
+- auto:            Use auto-negotiation for the Ethernet link
 - 10Mbps-half:     Force the Ethernet link to 10 Mbps half duplex
 - 10Mbps-full:     Force the Ethernet link to 10 Mbps full duplex
 - 100Mbps-half:    Force the Ethernet link to 100 Mbps half duplex
@@ -8759,7 +8759,7 @@ configure authority router node device-interface network-interface <name>
 | [`hostname`](#configure-authority-router-node-device-interface-network-interface-hostname) | Hostname for the interface. This is an optional fully-qualified domain name (FQDN). |
 | [`icmp`](#configure-authority-router-node-device-interface-network-interface-icmp) | Enable/disable ICMP Blackhole |
 | [`ifcfg-option`](#configure-authority-router-node-device-interface-network-interface-ifcfg-option) | Interface config options for non-forwarding interfaces |
-| [`ingress-source-nat-pool`](#configure-authority-router-node-device-interface-network-interface-ingress-source-nat-pool) | Indicates whether source address (and optional port) translation is performed for flows targetted towards an inter-router peer. In this case, the nat will be applied on the ingress router as opposed to the final egress router. |
+| [`ingress-source-nat-pool`](#configure-authority-router-node-device-interface-network-interface-ingress-source-nat-pool) | Indicates whether source address (and optional port) translation is performed for flows targeted towards an inter-router peer. In this case, the nat will be applied on the ingress router as opposed to the final egress router. |
 | [`inter-router-security`](#configure-authority-router-node-device-interface-network-interface-inter-router-security) | The name of the security policy used for inbound inter-router traffic. |
 | [`management`](#configure-authority-router-node-device-interface-network-interface-management) | Allow management traffic to be sent over this interface |
 | [`management-vector`](#configure-authority-router-node-device-interface-network-interface-management-vector) | Vector configuration for non-forwarding interfaces |
@@ -13433,7 +13433,7 @@ IP addresses.  Note that the resolution of a domain-name value
 may require to query multiple DNS records (e.g., A for IPv4
 and AAAA for IPv6).  The order of the resolution process and
 which DNS record takes precedence can either be defined
-explicitely or it may depend on the configuration of the
+explicitly or it may depend on the configuration of the
 resolver.
 
 Domain-name values use the US-ASCII encoding.  Their canonical
@@ -13566,7 +13566,7 @@ IP addresses.  Note that the resolution of a domain-name value
 may require to query multiple DNS records (e.g., A for IPv4
 and AAAA for IPv6).  The order of the resolution process and
 which DNS record takes precedence can either be defined
-explicitely or it may depend on the configuration of the
+explicitly or it may depend on the configuration of the
 resolver.
 
 Domain-name values use the US-ASCII encoding.  Their canonical
@@ -15919,7 +15919,7 @@ IP addresses.  Note that the resolution of a domain-name value
 may require to query multiple DNS records (e.g., A for IPv4
 and AAAA for IPv6).  The order of the resolution process and
 which DNS record takes precedence can either be defined
-explicitely or it may depend on the configuration of the
+explicitly or it may depend on the configuration of the
 resolver.
 
 Domain-name values use the US-ASCII encoding.  Their canonical
@@ -16551,7 +16551,7 @@ IP addresses.  Note that the resolution of a domain-name value
 may require to query multiple DNS records (e.g., A for IPv4
 and AAAA for IPv6).  The order of the resolution process and
 which DNS record takes precedence can either be defined
-explicitely or it may depend on the configuration of the
+explicitly or it may depend on the configuration of the
 resolver.
 
 Domain-name values use the US-ASCII encoding.  Their canonical
@@ -16664,7 +16664,7 @@ A text value.
 
 ## `configure authority router node device-interface network-interface ingress-source-nat-pool`
 
-Indicates whether source address (and optional port) translation is performed for flows targetted towards an inter-router peer. In this case, the nat will be applied on the ingress router as opposed to the final egress router.
+Indicates whether source address (and optional port) translation is performed for flows targeted towards an inter-router peer. In this case, the nat will be applied on the ingress router as opposed to the final egress router.
 
 #### Usage
 
@@ -17003,7 +17003,7 @@ representation uses lowercase characters.
 In the value set and its semantics, this type is equivalent
 to the PhysAddress textual convention of the SMIv2.
 
-Required format: &#x27;XX:XX:XX:XX:XX:XX&#x27;, where &#x27;X&#x27; is a hexidecimal digit (e.g., 00:0a:95:9d:68:16). Length may vary from the example shown.
+Required format: &#x27;XX:XX:XX:XX:XX:XX&#x27;, where &#x27;X&#x27; is a hexadecimal digit (e.g., 00:0a:95:9d:68:16). Length may vary from the example shown.
 
 ## `configure authority router node device-interface network-interface neighborhood`
 
@@ -17488,7 +17488,7 @@ IP addresses.  Note that the resolution of a domain-name value
 may require to query multiple DNS records (e.g., A for IPv4
 and AAAA for IPv6).  The order of the resolution process and
 which DNS record takes precedence can either be defined
-explicitely or it may depend on the configuration of the
+explicitly or it may depend on the configuration of the
 resolver.
 
 Domain-name values use the US-ASCII encoding.  Their canonical
@@ -19490,7 +19490,7 @@ IP addresses.  Note that the resolution of a domain-name value
 may require to query multiple DNS records (e.g., A for IPv4
 and AAAA for IPv6).  The order of the resolution process and
 which DNS record takes precedence can either be defined
-explicitely or it may depend on the configuration of the
+explicitly or it may depend on the configuration of the
 resolver.
 
 Domain-name values use the US-ASCII encoding.  Their canonical
@@ -20162,7 +20162,7 @@ configure authority router node device-interface shared-phys-address [<unicast-p
 
 A text value.
 
-Required format: &#x27;XX:XX:XX:XX:XX:XX&#x27;, where &#x27;X&#x27; is a hexidecimal digit (e.g., 00:0a:95:9d:68:16). Length may vary from the example shown.
+Required format: &#x27;XX:XX:XX:XX:XX:XX&#x27;, where &#x27;X&#x27; is a hexadecimal digit (e.g., 00:0a:95:9d:68:16). Length may vary from the example shown.
 Shared physical address must not be a multicast address nor 00:00:00:00:00:00
 
 ## `configure authority router node device-interface sriov-vlan-filter`
@@ -21097,7 +21097,7 @@ IP addresses.  Note that the resolution of a domain-name value
 may require to query multiple DNS records (e.g., A for IPv4
 and AAAA for IPv6).  The order of the resolution process and
 which DNS record takes precedence can either be defined
-explicitely or it may depend on the configuration of the
+explicitly or it may depend on the configuration of the
 resolver.
 
 Domain-name values use the US-ASCII encoding.  Their canonical
@@ -21233,7 +21233,7 @@ IP addresses.  Note that the resolution of a domain-name value
 may require to query multiple DNS records (e.g., A for IPv4
 and AAAA for IPv6).  The order of the resolution process and
 which DNS record takes precedence can either be defined
-explicitely or it may depend on the configuration of the
+explicitly or it may depend on the configuration of the
 resolver.
 
 Domain-name values use the US-ASCII encoding.  Their canonical
@@ -24008,7 +24008,7 @@ configure authority router reachability-profile protocol traffic-class <traffic-
 | ------- | ----------- |
 | [`acceptable-error-threshold`](#configure-authority-router-reachability-profile-protocol-traffic-class-acceptable-error-threshold) | Percentage of errors acceptable on the path before taking it offline. For TCP, this will include session closed before establishment, and any ICMP error that constitutes and session timeout before establishment. For UDP, this will include the destination unreachable class of ICMP errors |
 | `delete` | Delete configuration data |
-| [`enabled`](#configure-authority-router-reachability-profile-protocol-traffic-class-enabled) | Enable reachability-detection enforcment for this protocol and traffic class |
+| [`enabled`](#configure-authority-router-reachability-profile-protocol-traffic-class-enabled) | Enable reachability-detection enforcement for this protocol and traffic class |
 | `override-generated` | Force auto-generated configuration and any modifications to it to persist on commit |
 | `show` | Show configuration data for &#x27;traffic-class&#x27; |
 | [`time-to-establishment`](#configure-authority-router-reachability-profile-protocol-traffic-class-time-to-establishment) | Reachability-detection time-to-establishment metrics |
@@ -24044,7 +24044,7 @@ Range: 0-100
 
 ## `configure authority router reachability-profile protocol traffic-class enabled`
 
-Enable reachability-detection enforcment for this protocol and traffic class
+Enable reachability-detection enforcement for this protocol and traffic class
 
 #### Usage
 
@@ -26213,7 +26213,7 @@ Default: none
 
 ##### area-authentication-type (enumeration)
 
-OSPF area authentication. Can be overriden by interface authentication.
+OSPF area authentication. Can be overridden by interface authentication.
 
 Options:
 
@@ -29768,7 +29768,7 @@ Configure the maximum number of prefixes that will be accepted from a neighbor f
 | `delete` | Delete configuration data |
 | [`max-prefixes`](#configure-authority-router-routing-routing-protocol-neighbor-address-family-prefix-limit-max-prefixes) | Maximum number of prefixes that will be accepted from the neighbor for this address family |
 | `override-generated` | Force auto-generated configuration and any modifications to it to persist on commit |
-| [`restart-timer`](#configure-authority-router-routing-routing-protocol-neighbor-address-family-prefix-limit-restart-timer) | Time interval after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit for this adddress family. |
+| [`restart-timer`](#configure-authority-router-routing-routing-protocol-neighbor-address-family-prefix-limit-restart-timer) | Time interval after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit for this address family. |
 | `show` | Show configuration data for &#x27;prefix-limit&#x27; |
 | [`shutdown-threshold-pct`](#configure-authority-router-routing-routing-protocol-neighbor-address-family-prefix-limit-shutdown-threshold-pct) | Threshold on number of prefixes that can be received from a neighbor for this address family before generation of warning messages or log entries. |
 
@@ -29798,7 +29798,7 @@ An unsigned 32-bit integer.
 
 ## `configure authority router routing routing-protocol neighbor address-family prefix-limit restart-timer`
 
-Time interval after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit for this adddress family.
+Time interval after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit for this address family.
 
 #### Usage
 
@@ -32416,7 +32416,7 @@ Default: none
 
 ##### area-authentication-type (enumeration)
 
-OSPF area authentication. Can be overriden by interface authentication.
+OSPF area authentication. Can be overridden by interface authentication.
 
 Options:
 
@@ -35931,7 +35931,7 @@ Configure the maximum number of prefixes that will be accepted from a neighbor f
 | `delete` | Delete configuration data |
 | [`max-prefixes`](#configure-authority-router-routing-vrf-routing-protocol-neighbor-address-family-prefix-limit-max-prefixes) | Maximum number of prefixes that will be accepted from the neighbor for this address family |
 | `override-generated` | Force auto-generated configuration and any modifications to it to persist on commit |
-| [`restart-timer`](#configure-authority-router-routing-vrf-routing-protocol-neighbor-address-family-prefix-limit-restart-timer) | Time interval after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit for this adddress family. |
+| [`restart-timer`](#configure-authority-router-routing-vrf-routing-protocol-neighbor-address-family-prefix-limit-restart-timer) | Time interval after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit for this address family. |
 | `show` | Show configuration data for &#x27;prefix-limit&#x27; |
 | [`shutdown-threshold-pct`](#configure-authority-router-routing-vrf-routing-protocol-neighbor-address-family-prefix-limit-shutdown-threshold-pct) | Threshold on number of prefixes that can be received from a neighbor for this address family before generation of warning messages or log entries. |
 
@@ -35961,7 +35961,7 @@ An unsigned 32-bit integer.
 
 ## `configure authority router routing vrf routing-protocol neighbor address-family prefix-limit restart-timer`
 
-Time interval after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit for this adddress family.
+Time interval after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit for this address family.
 
 #### Usage
 
@@ -37849,7 +37849,7 @@ IP addresses.  Note that the resolution of a domain-name value
 may require to query multiple DNS records (e.g., A for IPv4
 and AAAA for IPv6).  The order of the resolution process and
 which DNS record takes precedence can either be defined
-explicitely or it may depend on the configuration of the
+explicitly or it may depend on the configuration of the
 resolver.
 
 Domain-name values use the US-ASCII encoding.  Their canonical
@@ -37961,7 +37961,7 @@ IP addresses.  Note that the resolution of a domain-name value
 may require to query multiple DNS records (e.g., A for IPv4
 and AAAA for IPv6).  The order of the resolution process and
 which DNS record takes precedence can either be defined
-explicitely or it may depend on the configuration of the
+explicitly or it may depend on the configuration of the
 resolver.
 
 Domain-name values use the US-ASCII encoding.  Their canonical
@@ -38195,7 +38195,7 @@ IP addresses.  Note that the resolution of a domain-name value
 may require to query multiple DNS records (e.g., A for IPv4
 and AAAA for IPv6).  The order of the resolution process and
 which DNS record takes precedence can either be defined
-explicitely or it may depend on the configuration of the
+explicitly or it may depend on the configuration of the
 resolver.
 
 Domain-name values use the US-ASCII encoding.  Their canonical
@@ -39428,7 +39428,7 @@ IP addresses.  Note that the resolution of a domain-name value
 may require to query multiple DNS records (e.g., A for IPv4
 and AAAA for IPv6).  The order of the resolution process and
 which DNS record takes precedence can either be defined
-explicitely or it may depend on the configuration of the
+explicitly or it may depend on the configuration of the
 resolver.
 
 Domain-name values use the US-ASCII encoding.  Their canonical
@@ -40800,7 +40800,7 @@ IP addresses.  Note that the resolution of a domain-name value
 may require to query multiple DNS records (e.g., A for IPv4
 and AAAA for IPv6).  The order of the resolution process and
 which DNS record takes precedence can either be defined
-explicitely or it may depend on the configuration of the
+explicitly or it may depend on the configuration of the
 resolver.
 
 Domain-name values use the US-ASCII encoding.  Their canonical
@@ -40964,7 +40964,7 @@ IP addresses.  Note that the resolution of a domain-name value
 may require to query multiple DNS records (e.g., A for IPv4
 and AAAA for IPv6).  The order of the resolution process and
 which DNS record takes precedence can either be defined
-explicitely or it may depend on the configuration of the
+explicitly or it may depend on the configuration of the
 resolver.
 
 Domain-name values use the US-ASCII encoding.  Their canonical
@@ -41475,7 +41475,7 @@ IP addresses.  Note that the resolution of a domain-name value
 may require to query multiple DNS records (e.g., A for IPv4
 and AAAA for IPv6).  The order of the resolution process and
 which DNS record takes precedence can either be defined
-explicitely or it may depend on the configuration of the
+explicitly or it may depend on the configuration of the
 resolver.
 
 Domain-name values use the US-ASCII encoding.  Their canonical
@@ -42869,7 +42869,7 @@ IP addresses.  Note that the resolution of a domain-name value
 may require to query multiple DNS records (e.g., A for IPv4
 and AAAA for IPv6).  The order of the resolution process and
 which DNS record takes precedence can either be defined
-explicitely or it may depend on the configuration of the
+explicitly or it may depend on the configuration of the
 resolver.
 
 Domain-name values use the US-ASCII encoding.  Their canonical
@@ -43530,7 +43530,7 @@ IP addresses.  Note that the resolution of a domain-name value
 may require to query multiple DNS records (e.g., A for IPv4
 and AAAA for IPv6).  The order of the resolution process and
 which DNS record takes precedence can either be defined
-explicitely or it may depend on the configuration of the
+explicitly or it may depend on the configuration of the
 resolver.
 
 Domain-name values use the US-ASCII encoding.  Their canonical
@@ -45739,7 +45739,7 @@ Length: 32
 
 A hexadecimal string with octets represented as hex digits separated by colons. The canonical representation uses lowercase characters.
 
-Required format: &#x27;XX:XX:XX:XX:XX:XX&#x27;, where &#x27;X&#x27; is a hexidecimal digit (e.g., 00:0a:95:9d:68:16). Length may vary from the example shown.
+Required format: &#x27;XX:XX:XX:XX:XX:XX&#x27;, where &#x27;X&#x27; is a hexadecimal digit (e.g., 00:0a:95:9d:68:16). Length may vary from the example shown.
 Length: 47
 
 ## `configure authority security encryption-key`
@@ -45776,7 +45776,7 @@ Length: 32,64
 
 A hexadecimal string with octets represented as hex digits separated by colons. The canonical representation uses lowercase characters.
 
-Required format: &#x27;XX:XX:XX:XX:XX:XX&#x27;, where &#x27;X&#x27; is a hexidecimal digit (e.g., 00:0a:95:9d:68:16). Length may vary from the example shown.
+Required format: &#x27;XX:XX:XX:XX:XX:XX&#x27;, where &#x27;X&#x27; is a hexadecimal digit (e.g., 00:0a:95:9d:68:16). Length may vary from the example shown.
 Length: 47,95
 
 ## `configure authority security hmac`
@@ -45875,7 +45875,7 @@ Length: 8,16,32,40,64
 
 A hexadecimal string with octets represented as hex digits separated by colons. The canonical representation uses lowercase characters.
 
-Required format: &#x27;XX:XX:XX:XX:XX:XX&#x27;, where &#x27;X&#x27; is a hexidecimal digit (e.g., 00:0a:95:9d:68:16). Length may vary from the example shown.
+Required format: &#x27;XX:XX:XX:XX:XX:XX&#x27;, where &#x27;X&#x27; is a hexadecimal digit (e.g., 00:0a:95:9d:68:16). Length may vary from the example shown.
 Length: 11,23,47,59,95
 
 ## `configure authority security hmac-mode`
@@ -46855,7 +46855,7 @@ IP addresses.  Note that the resolution of a domain-name value
 may require to query multiple DNS records (e.g., A for IPv4
 and AAAA for IPv6).  The order of the resolution process and
 which DNS record takes precedence can either be defined
-explicitely or it may depend on the configuration of the
+explicitly or it may depend on the configuration of the
 resolver.
 
 Domain-name values use the US-ASCII encoding.  Their canonical
@@ -50345,7 +50345,7 @@ IP addresses.  Note that the resolution of a domain-name value
 may require to query multiple DNS records (e.g., A for IPv4
 and AAAA for IPv6).  The order of the resolution process and
 which DNS record takes precedence can either be defined
-explicitely or it may depend on the configuration of the
+explicitly or it may depend on the configuration of the
 resolver.
 
 Domain-name values use the US-ASCII encoding.  Their canonical
@@ -51302,8 +51302,8 @@ Configure Web Theme
 | `delete` | Delete configuration data |
 | [`logo`](#configure-authority-web-theme-logo) | The logo used across the authority. |
 | `override-generated` | Force auto-generated configuration and any modifications to it to persist on commit |
-| [`primary-color`](#configure-authority-web-theme-primary-color) | The hexidecimal code of the primary color in the authority&#x27;s theme. |
-| [`secondary-color`](#configure-authority-web-theme-secondary-color) | The hexidecimal code of the secondary color in the authority&#x27;s theme. |
+| [`primary-color`](#configure-authority-web-theme-primary-color) | The hexadecimal code of the primary color in the authority&#x27;s theme. |
+| [`secondary-color`](#configure-authority-web-theme-secondary-color) | The hexadecimal code of the secondary color in the authority&#x27;s theme. |
 | `show` | Show configuration data for &#x27;web-theme&#x27; |
 | [`tab-icon`](#configure-authority-web-theme-tab-icon) | The icon displayed in the browser tab. |
 
@@ -51331,7 +51331,7 @@ A text value.
 
 ## `configure authority web-theme primary-color`
 
-The hexidecimal code of the primary color in the authority&#x27;s theme.
+The hexadecimal code of the primary color in the authority&#x27;s theme.
 
 #### Usage
 
@@ -51355,7 +51355,7 @@ Length: 6
 
 ## `configure authority web-theme secondary-color`
 
-The hexidecimal code of the secondary color in the authority&#x27;s theme.
+The hexadecimal code of the secondary color in the authority&#x27;s theme.
 
 #### Usage
 

From e47c8c008f0be23770310bc1dd33034401dd16f3 Mon Sep 17 00:00:00 2001
From: Chris <christophert@juniper.net>
Date: Tue, 21 Apr 2026 14:33:27 -0400
Subject: [PATCH 4/4] update build number, adding all CVEs resolved in the
 release.

---
 docs/about_releases.md         | 2 +-
 docs/release_notes_128t_7.1.md | 4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/docs/about_releases.md b/docs/about_releases.md
index 3431de9006..b73db9e27f 100644
--- a/docs/about_releases.md
+++ b/docs/about_releases.md
@@ -54,7 +54,7 @@ However, issues resolved in `4.3.12`, which was released on 3/12/2021 are not ad
 
 | Version | Initial GA Version | First Release Shipping Date | Latest GA Version | Support Lifetime | End of Engineering support | End of Support |
 | -- | -- | -- | -- | -- | -- | -- |
-| Release 7.1 | [7.1.0](release_notes_128t_7.1.md#release-710-50r1) | December 4, 2025 | [7.1.5](release_notes_128t_7.1.md#release-715-5r2) | STS | March 10, 2027 | September 10, 2027 |
+| Release 7.1 | [7.1.0](release_notes_128t_7.1.md#release-710-50r1) | December 4, 2025 | [7.1.5](release_notes_128t_7.1.md#release-715-7r2) | STS | March 10, 2027 | September 10, 2027 |
 | Release 7.0 | [7.0.1](release_notes_128t_7.0.md#release-701-1r1) | October 14, 2025 | [7.0.1](release_notes_128t_7.0.md#release-701-1r1) | LTS | August 24, 2028 | February 24, 2029 |
 | Release 6.3 | [6.3.0](release_notes_128t_6.3.md#release-630-107r1) | September 30, 2024 | [6.3.7-6-sts](release_notes_128t_6.3.md#release-637-6-sts) | STS | May 6, 2026 | November 6, 2026 |
 | Release 6.2 | [6.2.0](release_notes_128t_6.2.md#release-620-39r1) | November 16, 2023 | [6.2.10-lts](release_notes_128t_6.2.md#release-6210-10-lts) | LTS | September 6, 2026 | March 6, 2027 |
diff --git a/docs/release_notes_128t_7.1.md b/docs/release_notes_128t_7.1.md
index 55d4063652..87ca0b3afc 100644
--- a/docs/release_notes_128t_7.1.md
+++ b/docs/release_notes_128t_7.1.md
@@ -71,7 +71,7 @@ An issue has been identified that may be observed in conductor deployments runni
 
 An issue has been identified when onboarding SSR routers installed with older versions of software (such as 5.4.4) to Conductors running 6.3.x, when running in offline-mode. In some cases, certain software packages are not available to be installed during onboarding. To work around this issue, import the **package-based** (the "128T" prefixed) ISO for the current conductor version onto the conductor. This provides the necessary software packages to complete the onboarding process. This issue will be resolved in a future release. 
 
-## Release 7.1.5-5r2
+## Release 7.1.5-7r2
 
 **Release Date:** April 23, 2026
 
@@ -85,6 +85,8 @@ An issue has been identified when onboarding SSR routers installed with older ve
 
 ### Resolved Issues
 
+- **The following CVEs have been identified and resolved in this release:** CVE-2021-47670, CVE-2022-49985, CVE-2022-50087, CVE-2022-50228, CVE-2023-53125, CVE-2023-53305, CVE-2024-56644, CVE-2025-21727, CVE-2025-21759, CVE-2025-22026, CVE-2025-22058, CVE-2025-22097, CVE-2025-37797, CVE-2025-37914, CVE-2025-38085, CVE-2025-38159, CVE-2025-38200, CVE-2025-38211, CVE-2025-38250, CVE-2025-38332, CVE-2025-38350, CVE-2025-38352, CVE-2025-38380, CVE-2025-38392, CVE-2025-38449, CVE-2025-38461, CVE-2025-38464, CVE-2025-38477, CVE-2025-38498, CVE-2025-38527, CVE-2025-38556, CVE-2025-38718, CVE-2025-39730, CVE-2022-50367, CVE-2022-50386, CVE-2022-50543, CVE-2023-53178, CVE-2023-53226, CVE-2023-53257, CVE-2023-53297, CVE-2023-53386, CVE-2023-53401, CVE-2023-53513, CVE-2023-53539, CVE-2025-38724, CVE-2025-39697, CVE-2025-39718, CVE-2025-39817, CVE-2025-39825, CVE-2025-39841, CVE-2025-39849, CVE-2025-39864, CVE-2025-39883, CVE-2025-39898, CVE-2025-39955, CVE-2025-39971, CVE-2025-40300, CVE-2025-9230, CVE-2025-13601, CVE-2025-9086, CVE-2025-66418, CVE-2025-66471, CVE-2026-21441, CVE-2025-12084, CVE-2025-14104, CVE-2025-6176, CVE-2022-25883, CVE-2025-11021, CVE-2025-4945, CVE-2026-0719, CVE-2026-1761.
+------
 - **I95-62421 DHCP relay failures causing clients to miss IP assignment:** Resolved an issue where DHCP session information is lost on the hub, causing the session reverse flow to collide with the forward flow of the session initiated originally from the spoke. This includes a new (configurable) default behavior for collision resolution. For detailed information, see [`configure authority service-policy prefer-established-session {true | false}`](config_command_guide.md#configure-authority-service-policy-prefer-established-session). 
 ------
 - **I95-62710 Unnecessary web server processing for `router all` in the PCLI:** Addressed a problem where the web server performed unnecessary work when PCLI commands referenced `router all`. This optimization reduces overhead and improves responsiveness.