DSA-2024-070 rant

Hi.

DellEMC has come up with a security advisory for all supported Avamar versions, 19.4 - 19.9. The only way to remediate is to upgrade to 19.10.

19.10 is not the Target Code and I not expected to be for some time based on past experience since it's less than a month old. I asked DellEMC support and the TSE didn't understand my question about Target Code. "19.10 is already released on jan 16th" was the cheery answer.

Can I get a clarification from actual Dell Avamar personnel whether they consider this as business as usual?

Are versions <19.10 still supported and how do you define support if those versions are not getting security updates?!

As I see it, this is akin to Microsoft asking to upgrade to Windows Server 2022 if a vulnerability is found in Server 2019.