On March 29, 2021, Microsoft released SQL Server 2016 SP2 Cumulative Update 17, which is Build 13.0.5888.11. By my count, there are 17 public hot fixes in this cumulative update. This is about an average number of hotfixes for a SQL Server Cumulative Update. This post has a little more detail about SQL Server 2016 SP2 Cumulative Update 17.
BTW, SQL Server 2016 will fall out of Mainstream Support from Microsoft on July 13th, 2021. That is only 105 days away as I write this. What that means is that there will be no more Service Packs or Cumulative Updates after that. There will only be security updates while it is in extended support.
Cumulative Update Importance
SQL Server cumulative updates are actually cumulative, which might seem obvious from the name. This means that when you install SQL Server 2016 SP2 Cumulative Update 17, you are going to get all of the hotfixes and product improvements from ALL of the previous CUs in SQL Server 2016 SP2. Microsoft has fixed hundreds of bugs since SQL Server 2016 SP2, and they have also added a significant number of product improvements and new features since the SP2 RTM release.
I have always been a public, vocal supporter of the concept of trying to keep your SQL Server instances properly patched as much as possible. Ideally, that means being on the latest public build, as soon as you can test and deploy it.
Unfortunately, Microsoft has decided that they are no longer going to have a separate KB article for every single hotfix or improvement in a SQL Server Cumulative Update. Instead, many fixes will be described and documented in the main KB article of the CU. More complex fixes will still have a separate KB article.
Despite some recent stumbles by Microsoft, I am still a big proponent of trying to keep your SQL Server instances as up to date as possible. You really are better off trying to stay as current as as you can on your SQL Server builds.
That doesn’t mean throwing a CU into Production the day it is released, but it also doesn’t mean never patching your SQL Server instances. Every organization needs to find a testing and patching cadence that works for them. Being proactive about patching (meaning having a plan and actually executing it) is much better than ignoring it completely.
I recently wrote about the Extended Events security update that was released on January 12th, 2021.
What do you think? I would love to hear your thoughts in the comments and on Twitter. I am pretty active on Twitter as GlennAlanBerry. Thanks for reading!