VMware ESXi Patch Tracker - Help
On this site you can find extensive information about VMware ESXi (version 5.0 and later) patches as soon as they are released. All the information that is available here is created in a fully automated way and updated regularly, so that it is always up to date without requiring any manual intervention by me or anyone else!
But that does not mean that you need to check this web site for updates every hour. You can easily subscribe to it through RSS/Atom feeds (one for each ESXi version and one combining all versions). You can also follow the bot @ESXiPatches on Twitter that will automatically send out a tweet whenever an ESXi patch is released. Use the links in the top right corner to access the subscription services!
In the Tracker view for each ESXi version the patch releases are listed sorted by date (latest first) with the names of the included Imageprofiles (standard- and security-only if available), their build numbers and all the VIB packages that are updated in each of the Imageprofiles. For each VIB package the new version number, a direct download link, and a link to the VMware Knowledge Base (KB) article that lists the changes in them are provided, along with their high-level category (bugfix, security or enhancement) and severity (general, important, critical or security).
In the Matrix view the names and versions of all the VIB packages are shown (not only the updated ones) in a scrollable table.
If you are managing your ESXi hosts with vCenter then you should use the vCenter integrated VMware Update Manager (VUM) to patch your hosts. Once you have VUM properly configured to synchronize with the VMware Online Depot then you will find new patches in its repository right when (or shortly after) they have been announced here.
If you do not have vCenter and VUM available then you can still patch each individual host using esxcli commands. In this case please note the Imageprofile name of the new patch, then
esxcli network firewall ruleset set -e true -r httpClient esxcli software profile update -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml -p ESXi-6.7.0-20190604001-standard
The first command will open the ESXi firewall for outgoing http(s) requests, so that esxcli can pull the updates directly from the VMware Online Depot using the second command. In this example we update an ESXi host using the Imageprofile ESXi-6.7.0-20190604001-standard (that is the June 2019 patch of ESXi 6.7). In most cases a reboot of the host will be required after the update.
In the Tracker view clicking on an Imageprofile name will pop up a window that shows the above mentioned commands to do an Online update with this specific Imageprofile.
Please note that this will only work if your ESXi host has a direct outbound Internet connection. If it does not then you need to download the Offline Bundle for the patch from the MyVMware Patch Download portal and upload that to a datastore of your hosts using the vSphere Client. You can then use a similar command as above to update your hosts - you just need to replace the reference to the VMware Online Depot with the full path to the Offline Bundle zip file:
esxcli software profile update -d /vmfs/volumes/your_datastore/ESXi670-201906002.zip -p ESXi-6.7.0-20190604001-standard
You can also use the ESXi-Customizer-PS script to create an Offline Bundle patch file - see references below.
Please note that the esxcli update method can also be used to upgrade between ESXi versions (5.0/5.1 -> 5.5 -> 6.0 -> 6.5 -> 6.7), but there might be some caveats and in some cases special instructions needed to make this work - again see the references below.