VMware ESXi Patch Tracker
Brought to you by the VMware Front Experience Blog

Jump to: ESXi 5.0.0 | ESXi 5.1.0 | ESXi 5.5.0 | ESXi 6.0.0 | Matrix view | Help

Help

On this site you can find extensive information about VMware ESXi (version 5.0 and later) patches as soon as they are released. All the information that is available here is created in a fully automated way and updated regularly (currently every hour), so that it is always up to date without requiring any manual intervention by me or anyone else!

But that does not mean that you need to check this web site for updates every hour. You can easily subscribe to it through RSS/Atom feeds (one for each ESXi version and one combining all versions) or E-Mail. You can also follow the bot @ESXiPatches on Twitter that will automatically send out a tweet whenever an ESXi patch is released. All these subscription services are currently delivered through Google Feedburner. Use the links in the top right corner to access them!

For each ESXi version (5.0, 5.1, 5.5 and 6.0) the patch releases are listed sorted by date (latest first) with the names of the included Imageprofiles (standard- and security-only if available), their build numbers and all the VIB packages that are updated in each of the Imageprofiles. For each VIB package the new version number, a direct download link, and a link to the VMware Knowledge Base (KB) article that lists the changes in them are provided, along with their high-level category (bugfix, security or enhancement) and severity (general, important, critical or security).

In addition to this Tracker view there is also a different view on Imageprofiles and VIB packages available: In the Matrix view you will see a table of each Imageprofile with all included VIB packages (not only the updated ones). Updated VIB packages are highlighted with hyperlinks that lead you to the relevant VMware KB articles. Use the links at the top of each page to switch between Tracker view and Matrix view!

If you are managing your ESXi hosts with vCenter then you should use the vCenter integrated VMware Update Manager (VUM) to patch your hosts. Once you have VUM properly configured to synchronize with the VMware Online Depot then you will find new patches in its repository right when (or shortly after) they have been announced here.

If you do not have vCenter and VUM available then you can still patch each individual host using esxcli commands. In this case please note the Imageprofile name of the new patch, then

• log in to the host via ssh (follow instructions in KB1017910 if you don't know how to do this)
• and run the following commands in the shell
  

    esxcli network firewall ruleset set -e true -r httpClient
    esxcli software profile update -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml -p ESXi-5.5.0-20150204001-standard
    esxcli network firewall ruleset set -e false -r httpClient

The first command will open the ESXi firewall for outgoing http(s) requests, so that esxcli can pull the updates directly from the VMware Online Depot using the second command. In this example we update an ESXi host using the Imageprofile ESXi-5.5.0-20150204001-standard (that is the Feb 2015 patch of ESXi 5.5). In most cases a reboot of the host will be required after the update. With the last command you disallow outgoing http(s) requests again. This is optional - you can as well keep the port open -, I do not consider this a big security risk.

For your convenience you can also just click on the Imageprofile name in the Tracker view, and a Javascript popup will open that displays the three code lines from above (with the selected Imageprofile name) so that you can copy and paste them into a remote shell session.

Please note that this Online method will only work if your ESXi host has a direct outbound Internet connection. If it does not then you need to download the Offline Bundle for the patch from the MyVMware Patch Download portal and upload that to a datastore of your hosts using the vSphere Client. You can then use a similar command as above to update your hosts - you just need to replace the reference to the VMware Online Depot with the full path to the Offline Bundle zip file:

  esxcli software profile update -d /vmfs/volume/your_datastore/ESXi550-201502001.zip -p ESXi-5.5.0-20150204001-standard

You can also use the ESXi-Customizer-PS script to create an Offline Bundle patch file - see references below.

The esxcli update method can also be used to upgrade between ESXi versions (5.0/5.1 -> 5.5 -> 6.0), but there might be some caveats and in some cases special instructions needed to make this work - again see the references below.

• ESXi-Customizer-PS: This is a PowerCLI script that greatly simplifies the process of creating ESXi Installation ISOs and Offline Bundles. See the project page for detailed documentation and usage examples.
• The V-Front Online Depot provides community supported ESXi packages (drivers and add-ons). You can use it with ESXi-Customizer-PS and with esxcli.
• Useful blog posts for updating/upgrading ESXi:
  • VMware releases vSphere 5.5 Update 2 - What's new and how to update free ESXi
  • How to update your standalone host to ESXi 5.5 - beware of missing drivers and do NOT upgrade virtual hardware!
  • How to add the missing ESXi 5.0 drivers to the ESXi 5.5 installation ISO
  • Sphere 6 is GA: The ultimate guide to upgrade your white box to ESXi 6.0
  • Are ESXi 5.x/6.x patches cumulative?

To the top