My ESXi servers are based on 7.03 build 20036589.
I need to patch to the latest patch file of VMware-ESXi-7.0U3j-21053776-depot but this only seems to include a bug fix, NOT a bug fix and a security fix.
The previous patch file of VMware-ESXi-7.0U3i-20842708-depot includes both a bug fix AND a security fix.
If I'm doing a new baseline to patch my 7.03 build 20036589 servers do I need to include the whole of VMware-ESXi-7.0U3i-20842708-depot and VMware-ESXi-7.0U3j-21053776-depot and hope it figures out what it needs?
I also notice VMware-ESXi-7.0U3f-20036589-depot includes a lot more files, but luckily that's the ISO version I've already installed so I don't need to worry about that. But, is this the way VMware does patching, where you need to check all of the previous ones to make sure you've covered everything?
Unless things are changing in the near future, ESXi product patches are cumulative, i.e. they include those fixes introduced with previous releases.
That is what I thought until I realised that VMware-ESXi-7.0U3j-21053776-depot doesn't include everything from VMware-ESXi-7.0U3i-20842708-depot. So, 'j' clearly doesn't include everything from 'i'.
'i' includes the bug fix rollup and security rollup.
'j' only includes the bug fix rollup.
I see, may I ask how did you determine this? Usually in the case of cumulative updates in the release notes there is a tendency to highlight only the improvements / corrections compared to the immediately previous version(s).
The 'j' patch is only 379.0 MB in size and the category only mentions bug fix.
The 'i' patch is 570.5 MB in size and the category mentions bug fix and security fix.
So, not quite cumulative in the way it use to be.
That there is a difference in size is not even discussed, because it also corresponds to a difference in content, it is different to assume that the most recent version available does carry only bug fixes because, IMHO well understood, would imply that anyone who upgrades directly to the latest version without going through the previous ones it receives no security fixes whatsoever.
Anything is possible but honestly, and it's always my opinion, it seems rather unlikely to me.
Everything depends from your vendor.
Would be great if you will have customized Add-On
The latest "j" patch includes all previous patches including the security patches from the "i" version.
The reason for the difference in the sizes is that the "i" version, had two patch options/bulletins, a complete one (ESXi-7.0U3i-20842708-standard), and one that only contains security patches (ESXi-7.0U3si-20841705-standard).
Please take a look at https://esxi-patches.v-front.de/vm-7.0.0.html to see the different contents.
And so we come full circle, which is that ESXi patches are cumulative.
Thanks for the information.
Ferdinando, you were right, thanks.
a_p_, the website link is useful, thanks.
I originally raised this ticket because I tried patching ESXi servers with "j" release and they failed, but if I patched with "i" release they succeeded, and I saw the size difference and thought it might be missing something. Anyway, now I know it wasn't. I'll raise a ticket with VMware Support about this.