VMware Cloud Community
AndrewCirel
Enthusiast
Enthusiast
‎02-15-2023 02:49 AM

ESXi Patching and what to include

My ESXi servers are based on 7.03 build 20036589.

I need to patch to the latest patch file of VMware-ESXi-7.0U3j-21053776-depot but this only seems to include a bug fix, NOT a bug fix and a security fix.

The previous patch file of VMware-ESXi-7.0U3i-20842708-depot includes both a bug fix AND a security fix.

If I'm doing a new baseline to patch my 7.03 build 20036589 servers do I need to include the whole of VMware-ESXi-7.0U3i-20842708-depot and VMware-ESXi-7.0U3j-21053776-depot and hope it figures out what it needs?

I also notice VMware-ESXi-7.0U3f-20036589-depot includes a lot more files, but luckily that's the ISO version I've already installed so I don't need to worry about that.  But, is this the way VMware does patching, where you need to check all of the previous ones to make sure you've covered everything?

Reply
0 Kudos
9 Replies
Kinnison
Commander
Commander
‎02-15-2023 02:59 AM

Hi,


Unless things are changing in the near future, ESXi product patches are cumulative, i.e. they include those fixes introduced with previous releases.


Regards,
Ferdinando

Reply
AndrewCirel
Enthusiast
Enthusiast
‎02-15-2023 03:18 AM

That is what I thought until I realised that VMware-ESXi-7.0U3j-21053776-depot doesn't include everything from VMware-ESXi-7.0U3i-20842708-depot.  So, 'j' clearly doesn't include everything from 'i'.

'i' includes the bug fix rollup and security rollup.

'j' only includes the bug fix rollup.

Reply
0 Kudos
Kinnison
Commander
Commander
‎02-15-2023 04:17 AM

Hi,


I see, may I ask how did you determine this? Usually in the case of cumulative updates in the release notes there is a tendency to highlight only the improvements / corrections compared to the immediately previous version(s).


Regards,
Ferdinando

Reply
0 Kudos
AndrewCirel
Enthusiast
Enthusiast
‎02-15-2023 07:42 AM

The 'j' patch is only 379.0 MB in size and the category only mentions bug fix.

The 'i' patch is 570.5 MB in size and the category mentions bug fix and security fix.

So, not quite cumulative in the way it use to be.

Reply
0 Kudos
Kinnison
Commander
Commander
‎02-15-2023 09:08 AM

Hi,


That there is a difference in size is not even discussed, because it also corresponds to a difference in content, it is different to assume that the most recent version available does carry only bug fixes because, IMHO well understood, would imply that anyone who upgrades directly to the latest version without going through the previous ones it receives no security fixes whatsoever.


Anything is possible but honestly, and it's always my opinion, it seems rather unlikely to me.


Regards,
Ferdinando

Reply
0 Kudos
maksym007
Expert
Expert
‎02-15-2023 09:28 AM

Everything depends from your vendor. 

Would be great if you will have customized Add-On

Reply
0 Kudos
a_p_
Leadership
Leadership
‎02-15-2023 09:52 AM

The latest "j" patch includes all previous patches including the security patches from the "i" version.

The reason for the difference in the sizes is that the "i" version, had two patch options/bulletins, a complete one (ESXi-7.0U3i-20842708-standard), and one that only contains security patches (ESXi-7.0U3si-20841705-standard).

Please take a look at https://esxi-patches.v-front.de/vm-7.0.0.html to see the different contents.

André

 

Reply
Kinnison
Commander
Commander
‎02-15-2023 10:10 AM

Hi,


And so we come full circle, which is that ESXi patches are cumulative.


Regards,
Ferdinando

Reply
0 Kudos
AndrewCirel
Enthusiast
Enthusiast
‎02-17-2023 02:10 AM

Thanks for the information.

Ferdinando, you were right, thanks.

a_p_, the website link is useful, thanks.

I originally raised this ticket because I tried patching ESXi servers with "j" release and they failed, but if I patched with "i" release they succeeded, and I saw the size difference and thought it might be missing something.  Anyway, now I know it wasn't.  I'll raise a ticket with VMware Support about this.

Reply
0 Kudos