I'm looking at updating my current ICX firmware. The "Ruckus Networks - Security Advisory ID 20190815 FAQ", updated on 1-8-2020, is listed with a vulnerability score of 7.5 (HIGH) and state that "...all customers are strongly encouraged to apply the fix once available." All versions of ICX are listed as vulnerable. The recommended action being to upgrade 8092GA.
I reviewed the "Ruckus ICX Target Path Selection Guide", which was updated on 12-10-19. The current target path for ICX 7150-C12P is 08.0.90d.
The Target Path Selection Guide states:
The recommended release may be different from the latest Ruckus FastIron release for that platform. It could be the case that critical fixes that Ruckus wants all customers to use were done as part of the recommended release, and because this release has not experienced the customer exposure of two months, it would not yet be deemed a Target Path release. After the customer exposure time is met, it is possible that this recommended release could be promoted to a Target Path release.
Since the 08.0.92 GA was released more than two months ago, on 11-7-2019, then the guide is implying that a stable release would be promoted to the target path release. The 08.0.92 GA firmware release has not been promoted, so does Ruckus feel it is not stable? 08.0.x2a is a maintenance or minor feature release. 08.0.xyd is a patch release. Would then the wisest choose for a safe and stable version be to upgrade to 08.0.92d?
It appears that the Target Path Selection Guide's intention is to target a feature release (08.0.Xya) and for admins to upgrade to the current minor feature and/or patch releases, 'y' and 'a' releases. Why then does the guide list a patch version as the current target path? If the intention is to remain current, then would listing something like 08.0.9ya be clearer?