i can see now that cisco release hotfix for 6.6.5 and what im currently using is Cisco ASA5516-X Threat Defense (75) Version 6.6.1 (Build 91) and dunt know what do know ? actually i dont wanna go for upgrade ! dunt know if there ae any possible ways to keep this version and dunt know if the hotfix for 6.6.5 will be compatible with my version or what ?!!

is it just from FDM i can browse Cisco_FTD_Upgrade-6.6.5-81.sh.REL.tar  via gui and then upgrade ? and thats it?

is the  current configurations will be removed or shall get backup then restore again ?

need advice please??? 

@Marvin Rhoads 

can you please give the steps to upgrade from 6.6.1 to 6.6.5 asn im already donwloaded Cisco_FTD_Upgrade-6.6.5-81.sh.REL.tar and i just need to know if i have to install also boot image and tftp using and install asa from scratch or its just like browse from fdm gui browse the tar file and upgrade ? 

Many of the things you are asking are clearly explained in the online help that's available in FDM or the FMD configuration guide.

Please do your due diligence and at least check there before asking.

@Marvin Rhoads 

im using Device is running Cisco ASA5516-X Threat Defense (75) Version 6.6.1 (Build 91) and need to upgrade to the steps on below:

update to 6.6.5
update to 6.6.5.1
install hotfix DA

Note: my ftd is running/managed  on firepower device manager ? so shall i use this Cisco_FTD_Upgrade-6.6.5-81.sh.REL.tar for upload on device and upgrade ! 

Each of those upgrades has its own file which is clearly named on the downloads page.

Each one is installed the same way via FDM.

Install then in the order listed.

Dear i already installed the files in separated steps and now after hotfix has been installed and ftd reboot ? how do i make sure that hotfix has been installed ? is there any show commands to find this ?

my version now is :

Cisco Fire Linux OS v6.6.5 (build 13)
Cisco ASA5516-X Threat Defense v6.6.5.1 (build 15)

so need to know if hotfix already installed after i finished doing all steps!!!

@Marvin Rhoads  Dear i had check the hotfix version after installed and this what i got and is that refer to what i installed recently ?

Cisco_FTD_Hotfix_DA-6.6.5.2-4.sh.REL.tar

6.6.1-91
6.6.5-81
6.6.5.1-15
Hotfix_DA-4__856373902

Read the release notes!

https://www.cisco.com/c/en/us/td/docs/security/firepower/hotfix/Firepower_Hotfix_Release_Notes/about-firepower-hotfixes.html

@Marvin Rhoads 

okay for i can see the version 6.2.3 hotfix release and i need to ask you :
i currently run Cisco ASA5516-X Threat Defense v6.2.3.3 (build 76) so shall use the hotfix
file directly (Cisco_FTD_Hotfix_EM-6.2.3.18-13.sh.REL.tar) or i have to run this (Cisco_FTD_Patch-6.2.3.17-30.sh.REL.tar)
then running the hotfix after ?

also this is what u currently running now :
6.2.2-81
6.2.3-83
6.2.3.3-76

Firepower Threat Defense Hotfix 6.2.3 EM
do not untar
Cisco_FTD_Hotfix_EM-6.2.3.18-13.sh.REL.tar
Advisories
20-Dec-2021
135.47 MB

Firepower Threat Defense Patch 6.2.3.17
do not untar
Cisco_FTD_Patch-6.2.3.17-30.sh.REL.tar

Upgrade to 6.2.3.17 first using Cisco_FTD_Patch-6.2.3.17-30.sh.REL.tar.

After that is successful add the hotfix Cisco_FTD_Hotfix_EM-6.2.3.18-13.sh.REL.tar

This is key here people!!! I did not know about the patch_history.

The firmware version listed in the UI or even on the FXOS images scope will still show the old version!

I opened a TAC case because I did not know about the "patch_history" trick. You would think this would be in the UI.

I ended up verifying mine by running:

root@FTD:/# find . -name log4j*

./ngfw/var/cisco/ngfwWebUi/tomcat/webapps/ROOT/WEB-INF/lib/log4j-core-2.16.jar  <-- the core file will be 2.3 pre hotfix and 2.16 post hotfix