We don’t really have a dedicated SharePoint Administrator so we’re trying to figure out how often we should be applying SharePoint patches or cumulative updates to our farm.
In your opinion, is it better to:
- Apply them right away whenever they come out
- Wait until a couple come out and then apply them on a -2 schedule
- Wait until a service pack comes out and apply them all at once
- Only apply a patch if it fixes a specific issue that you are experiencing or a potential security threat
- If it ain’t broke, don’t fix it – don’t do anything until you upgrade to SharePoint vNext
I tend to go with option 5 , and if needed use option 2 , having patches and CU’s that break the farm cause a lot of pain, even if pushed to a test environment first some of the issues may be missed and will only be picked up once it is used in anger in Prod by the wider user base.
For an existing installation, I only apply CU if it fixes current patches.Â
For new installations, I install up to the latest CU/SP that has the Todd Klidnt OK stamp 🙂
Ah, good point. Â I almost think that’s a risk willing to take… the alternative is to leave the now-publicized security gaps open.
That can’t be good.
I suppose it doesn’t matter if certain organizations have access to the security vulnerabilities before they go public, though… like blackhats, or others
I only ask because that would determine whether you can attempt to be on the bleeding edge of patching or whether you have to wait for others to find the flaws. #4 is a safe bet. Sometimes patches include improvements in addition to bug fixes, so I think you should consider #2 (not -2 necessarily, but keep an eye on releases at least.)
Security patches have caused issues in the past. Â For example, the March security patch for SharePoint 2010 introduced the blob cache error we started seeing with the Feb 2013 CU.
