VMware ESXi patches are released periodically to resolve issues or address security vulnerabilities – just like any other software product. These updates can either be downloaded automatically through VMware vSphere Update Manager (VUM) or manually by logging in to My VMware. Regardless of delivery means, the contents are the same: a collection of software packages, knowns as VIBs, that are grouped into bulletins to ensure dependencies are satisfied during installation.
Bulletins, Patches, and Rollups
There are two different types of patch bulletins for VMware ESXi: patches and rollups.
For any given VMware ESXi patch release, there is typically, at a minimum, one bulletin that contains the core system packages – esx-base, vsan, and vsanhealth. Often, there are additional bulletins if other packages have been revised in order to remedy bugs or security issues. These types of bulletins, that include a small set of packages, are known as patches in Update Manager.
Occasionally, VMware releases a more comprehensive service pack, known as an Update, that includes the latest versions of all packages that comprise VMware ESXi. These Update releases are classified as rollups in Update Manager.
Rollup Bulletin Now Included in Every Patch Release
In between the large Update releases, however, there has not been a simple workflow for vSphere administrators to use that would ensure hosts are on the absolute latest version of every package. While this can be accomplished with dynamic Update Manager baselines that are configured to include all applicable patch bulletins, some customers may have opted to apply just specific critical patches. In that scenario, over time, hosts may lack many useful fixes and updates that were released since the GA.
Starting in June 2018, each VMware ESXi patch release will also feature an optional rollup bulletin that includes every package that has been updated since GA. This is a straightforward approach to keeping the vSphere infrastructure current, because the Update Manager baseline requires just a single bulletin.
For detailed information on software fixes, each VMware ESXi patch release is described in a KB article, with a link to a child article for each bulletin included in the patch release. Take a look at a recent VMware ESXi 6.7 patch KB for an example.
VMware issues a patch release when software fixes are required – these includes one or more bulletins. Each bulletin includes a set of VIBs, which are the ESXi software packages. Bulletins come in two different types: patch (a few packages) and rollup (complete system). Going forward, all patch releases will include the traditional patch bulletins, and will also be supplemented with a rollup bulletin. This offers a simple way to ensure hosts are running the latest version of every package.