We have a bunch of cisco catalyst 2960 switches (WS-C2960G-24TC-L, WS-C2960-48TT-L) with various IOS 12.2(25)SEE3, 12.2(35)SE1 with uptime 300 days and more that have gone mad: they answers very slow by snmp (or just doesn't answer), may not answer from ping, http almost don't work (it may allow you to log in but after that just hangs) and finally cisco don't allow you to login via telnet!!! It just prompts you for username and after you enter first char of it it just closes the session. There are !no errors! in the cisco log and after reboot everything is working ok. What is going on?
Firstly, you can pump the IOS anytime during the day and set a reboot/reload during the night or low traffic. I'd recommend a Change Control.
Next, "guarantee". Ain't no guarantee in place. This is why I am not recommending any versions. Choose a version of your liking and read the Release Notes.
I've been in organizations where people just configure and rack appliances without checking if the firmware running is the standard set by the company. In the end, it's people like you who has to stick their neck out to fix careless implementations like this.
Just to give you an idea what I'm using for my switches. I'm standardizing 2960/3560/3750 IOS to 12.2(46)SE and bootstrap is 12.2(44)SE5. I know you can't get this bootstrap version on the IOS but I upgrade to the newer 12.2(50) IOS for the bootstrap upgrade and downgrade the IOS.
Hope this helps.