Simplify and automate these patches and more with SolarWinds Patch Manager.
The Patch Manager catalog contains the following products:
Adobe
Apple
Mozilla
Change History (current month + 2):
03/10
03/04
03/02
02/16
02/11
01/11
12/23
12/17
12/14
12/10
12/09
12/08
12/03
12/01
11/25
11/23
11/13
11/12
11/10
11/09
11/03
11/01
10/27
10/22
Opera 72.0.3815.148
10/20
10/16
10/15
10/14
10/13
10/07
10/02
10/01
09/30
09/29
09/25
09/24
09/16
09/11
09/10
09/09
09/08
09/02
08/31
08/26
08/21
08/13
08/12
08/10
08/07
08/06
08/05
07/31
07/28
07/22
07/17
OpenJDK 8u262
07/16
07/15
07/14
07/09
07/08
07/07
07/03
07/02
07/01
I’m not seeing the latest version of Firefox in Patch Manager. I updated the catalogs and ran a sync.
-Brandon
Thank you for directing me to the right place. Ideal has been created.
Brandon, I did a sampling of support and dev people inside SolarWinds who regularly sync content to their own Patch Manager installations, and nobody has experience similar issues. Likewise, I've not seen any issues on my own environments. Is the Firefox update the only one missing? If so, what happens if you launch a manual synchronization? If the sync fails, or if the Firefox package is still not present, my best suggestion is to open a support ticket via http://customerportal.solarwinds.com.
It showed up today when I checked. I wonder why the manual sync yesterday didn’t work. Are there other refresh settings related to the WSUS server I might need to modify?
What time yesterday (GMT) did your synchronization event run?
There are no other requirements. Synchronization is best handled as a scheduled event, and at the current time the best synchronization time to get the content as early as possible is about 1500-1600 GMT. If you synchronized earlier than 6/26 1500GMT, that would be one possible explanation.
That happens to me on occasion. Once this thread is updated with news of a new update being available, I usually give it a couple of hours before I attempt sync. It sounds like you might have synced at just the right time window to where it wasn’t quite ready.
Actually that experience should NOT be occurring.
By the time I get the notifications that updates have been published to the catalog, it's typically 30-60 minutes after I receive the notification that those updates are announced in this post.
I'll double-check with our teams to make sure that the catalogs are being published before the announcements are being pushed internally.
The other thing I'll point out here is that the best practice is to configure Patch Manager to schedule a daily synchronization (we publish updates almost daily) and to enable email notifications from the Patch Manager server that updates have been received. It's much more of a reliable task to automate the process and let the Patch Manager server get that content and tell you when it's actually there, than it is to monitor this post (which sometimes, to be sure, may not be updated for several hours after actual availability, depending on other activities in my work schedule) and then launch a synchronization in response.
Generally speaking, updates are published to the catalog by early morning -- it's now an overnight process for the most part -- so the optimum time to synchronize the SolarWinds catalog would be 1500-1600 GMT.
I may have overstated the occurrences. We have had Patch Manager for three years, and we are talking perhaps 5-6 total. We have a nightly scheduled sync at 11:00pm, and then I usually run a manual sync whenever there is an announcement of an update that we need. I just thought that the condition may be similar to what the other user was reporting.
Almost every time I publish an update it shows up in the Third Party Updates section, but says it's not downloaded (even though part of the publishing process was to download the file). Upon republishing, it usually works, but sometimes I have to do it a third time. Any ideas why?
There is a known issue when downloading/publishing content using the Package Download Assistant that does not auto-refresh the package list.
If you are downloading/publishing content that can be Direct Downloaded, a refresh is auto-generated
-Lawrence (from the Blackberry)
Even after refreshing it shows the package isn’t downloaded. If it shows not downloaded, can I still deploy it?
Typically this is an indication something was holding the content during publishing (probably AV software). McAfee seems to be the most common culprit.
Okay.. my previous reply, from the Blackberry, suffered from not being able to see the image... the subsequent reply did add some context, but the image makes the biggest difference.
"Downloaded" to the WSUS Server is a completely different thing than "Downloaded" to Patch Manager as part of the publishing process.
The reason the image above shows "not downloaded" is simply because the update is Not Approved. Once you add an Approval to that update, WSUS will simulate downloading the file (because, in fact, it's already there), and the icon will then show as "downloaded".
Strange…I wonder why it only happens sometimes then? An initial publish/download sometimes shows the downloaded icon, and sometimes I have to republish\download for it to work. I’ve never tried simply approving it and checking if the icon changed. I’ll try that next time.
What is this new ESR version of Flash I see?
ESR = "Extended Support Release". The ESR program is the maintenance of the downlevel version of Flash Player.
Flash Player v10 has reached End Of Life. The last release of Flash Player v10.3 was on June 11, 2013. Effective July 9, 2013, the ESR program now publishes Flash Player v11.7. (Flash v11.8 is the current release.)
No new significance in the process, really, just the explicit labelling of this older version as "ESR" (which we had not been doing previously).
Extended Support Release Updated to Flash Player 11.7!
You can find some info here...
Why would one want to stay on 11.7 ESR rather than upgrading to 11.8?
The most likely reason, given that Flash v11.8 is a brand new "feature" release, is that some organizations are a bit more conservative about deploying "feature" releases of products, than they are security updates.
Given the choice between v11.8.800.94, which contains new functionality (not yet tested by most organizations), and v11.7.700.232 ESR (which only contains security fixes, such is the purpose of the Extended Support Release program), there are likely many organizations who will choose to deploy v11.7.700.232 now, and v11.8.<whatever> later.
Can we get support for patching Trillian?
We're always interested in feedback and suggestions for catalog additions.
If you post the request in Patch Manager Feature Requests, the Product Manager will see it and handle it accordingly.
I haven't received an email update for this thread since 7/25, even though I'm subscribed and following. Any ideas why?
Also, the link takes me to a page where I see feature requests, but I don't see specific patches requested. Is there a seperate page for that?
Any updates to the above post/questions? Our security vulnerabilities are increasing by the minute
I'm looking into the question about email updates on this document and it's companion PatchZone thread, but I've spoken with others who also have email subs to this document, and they did receive an email notification on the last update on August 12.
I must confess, though, I'm somewhat confused by how the Email updates from this document would be causing you a backlog of security vulnerabilties. Everything announced in this document is after the update has been released to the Patch Manager catalog. Presumably you would be synchronizing that catalog on a daily basis automatically. (Please note that we do post updates to the catalog several times per week in most weeks.) The arrival of the updates to your Patch Manager server should be your official notification of the availability of the updates. The Patch Manager synchronization task does provide for email-based notifications when new updates arrive.
Neither the catalog, nor this document, should be used as a methodology for obtaining notifications of security vulnerabilities. There are other resources much better suited to that level of information.
Our purpose with this post is to provide a cross-reference to the content synchronized by Patch Manager, as well as an informative source to non-PatchManager customers (via PatchZone) to document the release of third-party updates. There are no guarantees of the timeliness of the updates to this document, and on occasion this document has not been updated for a couple of days after the actual release -- depending on my availability and other workloads.
If I remember correctly, the reason I switched from using the emails generated by the Patch Manager server was that it didn't include the version number of the patches.
Also, I'm getting an email like this:
However, it would be useful if it looked like:
Published Patch Version | New Release Version
This way we only see updates (in addition to their version numbers) for patches that we have published. In other words, it's not necessary for me to know a new Dell driver has been published if I don't publish those.
Any way to accomplish this? I believe we discussed this before, but obviously I missed something
Correct, it only displays the Product Category Name for Security or Critical Updates.
Beyond that, if you navigate to the Software Publishing node of the console, select the desired synchronization event, and then click on the Packages tab in the bottom half of the Details Pane, the complete list of package obtained during that synchronization event will be displayed.
Suggestions for revisions to the notification email are welcome and encouraged in the Feature Requests forum.
That's a pretty tedious way to do it. I'm surprised people haven't requested this before. It seems like a notification saying "Hey, new versions of your published packages are available," would be the main type of notification needed in an application like Patch Manager.
Is there a way to auto download/publish certain updates to certain groups when they are released to the catalog? If so, can there be an email notification when this happens? If not, is there a way to setup email notifications when certain updates are published manually? Thanks
There is not currently a methodology to auto-download or auto-publish updates to WSUS.
We do have an idea posted related to those ideas if you'd like to vote: http://thwack.solarwinds.com/ideas/1128
