Refresh my memory, I know patches are supposed to be cumulative, but I'm not certain the "cumulation" of a security patch actually upgrades vSphere.. say from 6.5 U1 to 6.5 U3..
Another way to ask is "If I apply a new security patch to a 6.5U1 system and then shortly afterward upgrade that system to 6.5U3, will this patch still be in affect? and If its cumulative do I even have to upgrade to vSPhere 6.5U3 or would I already be there as a result of apply the "cumulative" security patch.
Thanks in advance for this refresh of the basics
Patches are cumulative, in the documentation of each patch package you can check what they contain.
Individual security patches are eventually included in the next general patch package.
Security patches do not usually include drivers or vmware tools.
If you apply a security patch and after some time the next general patch is only updated with the newest one.
Attached are several links to the latest patch levels
In our attempts to apply the latest security patches just released they failed on our ESXi 6.5. Patch 01 and ESXi 6.5 U1g builds with the following error from VUM logs:
If you can't read the below image it says "One or more VIBs mapping to Bulletin ESXi670-202011301-SG have dependencies not installed on the system" .. so much for the cumulation.
If the patch was truly cumulative if would contain the dependencies required for installation. Nowhere in the security bulletin does it indicate a specific detail pertaining to exact versions of vSphere 6.5 required for the patch. So what ever VMware might have published, or what you think you understand about this, is hogwash if it doesn't work as designed.
I put this post together to determine the impact on the patch of upgrading after we applied the security patch.. but apparently this post is now completely irrelevant because we can't apply the patch until we upgrade.. and yes upgrading to 6.5U3, or 6.7U3 first then applying the patch worked out just fine...