Security Advisory: Unclear recommended version: 19.12, 19.13, or 19.14?

likely there won't be any for nw19.12. as nw19.14 has been released, nw19.13 has become the N-1. And Dell does not seem to always go back further back to address issues. Also depending on the issue btw, as it took almost 2 years to release a nw version that came with a higher nre (java version) so up until that point java issue weren't addressed. the fix was supposed to be released in nw19.11 but it took until nw19.13 to be released by updating nre8.x to nre17. This was never back ported as it was considered too big an impact on too many components.

So for certain issues, one might only expect fixes fro nw19.13 and up, while other recent fixes still also provided fixes for nw19.12.

The recommended version is also often trailing way behind on the DSA's being released and takes - for whatever reason - way longer than it should as the DSA's should be one of the reasons also why there would be a recommended version, even though possible stability should be a valid one, but when multiple critical DSA's are released, it would still be peculiar to recommend a vulnerable nw19.12 version.

But I'll give you that, whenever we see DSA's containing fairly old CVE's, that took a few years to be addressed, then one is tempted not not make too much a fuzz about it, as one would have been vulnerable already for years...

We consider to upgrade to nw19.13.0.3 as the very likely release next patch round, while definitely not going for the vanilla nw19.14. that is way too much bleeding edge.

One of the major reasons not to have considered nw19.13 before is the very wonky implementation of nre17 as it requires nre8 to be upgraded on any management system that you use to connect to the NMC. Also it needs way more manual configuration, even for individual users to create a desktop icon to use. No more a popup to select one of possible 7 nw servers entries (never understood that weird limitation for an enterprise product where there is a likelihood that one would have way more than "just" 7 nw backup servers).

I already am asking for years to be clear in all them DSA's in the sense that it should state what version to expect any update for, at least it mentions that we can expect a nw19.13 fix this month around, but it always depends if maybe also still an older - and that actually target version - nw version.

We keep on trying to convey to Dell that clarity is mandatory. Just tell us as customers what is to come and to be expected. Wouldn't be the first time either, that suddenly an older fix is released.

But DSA-2025-124 https://www.dell.com/support/kbdoc/en-us/000294392 even shows the opposite (besides actually not being able to view the DSA, having to reach out to Dell asking about it, it suddenly added two additional CVE's to the list of an already one year old DSA, so way long after the fact!

TL;DR don't expect any fixfor nw19.12, nor that Dell would actually respond on the forum.

Usually around X.Y.Z.3 release, branch becomes target code so expect following 19.13.0.3 when released to become target code (at the time of this writing, it has been released for appliance packages only).  19.14 is dev code (just as any TC+1 branch) so usually it gets things incorporated faster though much of it depends also on time cycle of release and urgency.  If you are sticking to TC, wait for 19.13..0.3 to be released (bare in mind that you will need to play around with NRE switch as well).