Patching Cisco ISE 2.6

shubhampatki1994 · ‎07-07-2022

We are planning to install patch 10 on the 2.6 version. We have patch 7 already installed with a couple of hotfixes like Log4j and another bug. My question is, do we need to remove the hotfixes before installing the patch 10 and then again install these hotfixes? or should we straight go for installing the patch 10?

Regards

Shubham

balaji.bandi · ‎07-07-2022

you do not need to install old patches again.

https://www.cisco.com/c/en/us/td/docs/security/ise/2-6/upgrade_guide/Upgrade_Journey/HTML/b_upgrade_install_patch_2_6.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

shubhampatki1994 · ‎07-07-2022

Not even the Log4j one?

Do we need to remove the older patches?

Thanks and Regards

Shubham

Marvin Rhoads · ‎07-08-2022

Cisco technically recommds uninstalling any applied hotfixes prior to patching. However many users have reported that it works without the uninstallation, particularly for the log4j hotfix.

In all cases, ISE patches are cumulative. Installing a newer one does not require uninstalling an older one.

By the way, Patch 11 is currently the latest patch for ISE 2.6 and would be recommended over Patch 10.

https://www.cisco.com/c/en/us/td/docs/security/ise/2-6/release_notes/b_ise_26_RN.html#concept_c5h_yw3_ltb

balaji.bandi · ‎07-08-2022

as per i did last patch i re-applied Log4js again - not seen any issue.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Marvin Rhoads · ‎07-08-2022

Note Patch 11 explicitly includes the fixes for log4j. So no hotfix for that is required when using 2.6 Patch 11.