7

I am writing code to verify that the version I retrieved from CUCM/CallManager (e.g. 7.1.5.34900-7) includes a security fix found in a particular patch/update (e.g. 7.1(5b)su6a). Given that these two versions are of different formats, I am having trouble figuring out the connection enough to structure my logic.

Is there a strict 1 to 1 relationship between the versions I can retrieve from CUCM (available on the home page, e.g. "System version: 8.6.2.23900-10") and the versions listed in bulletins (e.g. 8.6.2SU3)? In other words, will there ever be a single "system version" that will relate to more than one "CUCM version" or the otherway around? In an upgrade compatibility document there is a table mapping "system version" to "CUCM version", and I have been using that to look up correspondences.

I read here that the format of the system version is Major.Minor.Release.Build-InHouseBuild. The article also states that the "build" part can increment by 1,000 for non-CUCM patches (i.e. OS security patch). The example they gave (which may or may not be real) is 6.1.2.2000 and 6.1.2.1112. The claim is that the latter contains CUCM patches that former does not. Do I need to ignore the "thousand" digit then when comparing? Or will this not occur in the wild with CUCM security updates?

Brett Lykins
  • 8,288
  • 5
  • 36
  • 66
chao-mu
  • 173
  • 1
  • 5
  • I am getting the feeling this is the WRONG place to post this question. Where would a more appropriate place be to move this? – chao-mu Sep 13 '13 at 18:21
  • 1
    how did you conclude this is the wrong site? It looks like the question is on topic to me, although as a relatively new beta, we haven't answered many CUCM questions yet... there might be someone who knows the answer – Mike Pennington Sep 13 '13 at 19:30

1 Answers1

5

Cisco does a fantastic job obscuring this information for some reason. To answer your specific questions:

  1. System Version 7.1.5.34900-7 is actually CUCM Version 7.1(5b)SU4. You'll need to download System Version 7.1.5.35901-1 or higher, to get the OS and Application fixes that are found in CUCM Version 7.1(5b)SU6a.
  2. I wouldn't go so far as to say that there is always a 1-to-1 relationship between the two formats (CUCM Version vs System Version). However, in my experience, when Cisco releases a new System Version, they also increment the CUCM version number.
  3. In older versions of CUCM, there was a much greater disconnect between "OS Fixes" and "CUCM Fixes", which would give you the disparity that Michael Luo describes in the page you linked. However in recent times (post version 7.1 days), all of the recommendations that I have received from Cisco TAC, seem to indicate that the higher the number, the better, period.

The only exceptions that I have encountered, are unreleased "Engineering Special" versions; special releases that are usually only distributed by TAC to fix a very specific and uncommon bug. In the event that you are on an "Unreleased ES" version, you should contact TAC for upgrade support anyway, as there may be undocumented bugs related to upgrading from that version to a normal, mainline release.

The longer answer is that we can piece together a good picture using information from the two sources you linked. They are actually my two "go to" locations for deciphering this information.

First, according to the page you linked from Michael Luo over at UC Corner, we get a picture of how Cisco is structuring the CUCM/Unity Connection/Presence/UCCX build numbers:

On each sub-version, there are also "build-numbers". e.g. 6.1.2.1000, 6.1.2.2000, etc. Build-number is the most confusing part.

Generally speaking, build numbers should increase in 1000, such as 6.1.2.1000, 6.1.2.2000, etc.

CUCM is built on Linux OS. Whenever Cisco release an OS security patch, they'll increase the build number by 1000. This is called PSIRT patch.

Remember CUCM is an application running on Linux. OS patch does not contain any CUCM bug fixes. Any bug fixes would be in ES (Engineering Special). ES versions would be indentified by the last three digits in build numbers (e.g. 6.1.2.1112)

Secondly, from the CUCM Software Compatability Matrix PDF, (sourced from Cisco Support documentation here), we can find a rough guide of what CUCM Version Number matches which System Version number. This has always in my experience proved to be an accurate guide.

For example:

CUCM Version    |    System Version
-----------------------------------
9.1(1a)         |    9.1.1.20000-5
9.1(1)          |    9.1.1.10000-11
9.0(1)          |    9.0.1.10000-37
8.6(2a)SU3      |    8.6.2.23900-10
8.6(2a)SU2      |    8.6.2.22900-9
Community
  • 1
Brett Lykins
  • 8,288
  • 5
  • 36
  • 66