Your configuration listed above does have this
set security nat source address-persistent
The JTAC recomommended releases are just a general recomendation based on ticket activity. You may need to go with different versions to correct issues like this or use newer features required on the network.
You should definately open a ticket to confirm if you are hitting this PR or another one on the platform. I feel the behaviour listed is likely a bug. JTAC can confirm this with the deep logs.