December 2019 CU for SharePoint 2013 product family is available for download

The product group released the December 2019 Cumulative Update for the SharePoint 2013 product family.

For December 2019 CU we have full server packages (also known as Uber packages). No other CU is required to fully patch SharePoint.

As this is a common question: Yes, December 2019 CU includes all fixes from December 2019 PU.

ATTENTION:

Be aware that all Updates for SharePoint 2013 require SharePoint Server 2013 SP1 to be installed first.

Please also have a look at the article that discusses how to properly patch a SharePoint 2013 farm which has Search enabled (see below).

Previous releases of the SharePoint Server 2013 cumulative update included both the executable and the .CAB file in the same self-extracting executable download. Because of the file size, the SharePoint Server 2013 package has been divided into several separate downloads. One contains the executable file, while the others contain the CAB file. All are necessary and must be placed in the same folder to successfully install the update. All are available by clicking the same Hotfix Download Available link in the KB article for the release.

This CU includes all SharePoint 2013 fixes (including all SharePoint 2013 security fixes) released since SP1. The CU does not include SP1. You need to install SP1 before installing this CU.

The KB articles for December 2019 CU should be available at the following locations in a couple of hours:

  • KB 4484185 – SharePoint Foundation 2013 December 2019 CU
  • KB 4484188 – SharePoint Server 2013 December 2019 CU
  • KB 4484187 – Project Server 2013 December 2019 CU
  • There was no fix released for Office Web Apps Server 2013 this month

The Full Server Packages for December 2019 CU are available through the following links:

After installing the fixes you need to run the SharePoint 2013 Products Configuration Wizard on each machine in the farm. If you prefer to run the command line version psconfig.exe ensure to have a look here for the correct Options.

Be aware that the SharePoint Server 2013 CU contains the SharePoint Foundation 2013 CU. And the Project Server 2013 CU also contains the SharePoint Server 2013 CU and SharePoint Foundation 2013 CU.

Related Info:

22 Comments


  1. What is the build number for SP 2013 Dec CU? Similar to the way you report on SP 2016:
    SharePoint 2016 December 2019 CU Build Numbers:

    Language independent fix: 16.0.4939.1000
    Language dependent fix: 16.0.4939.1000

    Reply

    1. Hi Mike,
      SP2016 consists only of 2 packages (the language dependent and the language independent) – so it is easy to provide the build number for each.
      SP2013 consists of 30+ packages – where each can have a different build number. Collecting this info for each CU is not trivial and would potentially be error prone.
      So I decided not to do it.
      Read more about it here:
      https://blog.stefan-gossner.com/2016/08/23/sharepoint-does-not-have-a-build-version-full-stop/
      Cheers,
      Stefan

      Reply

  2. Does this patch also contain the regression (from October 2019) that broke calendar overlays?

    Reply

    1. Hi Carol,
      the fix for the calendar overlay issue is currently planned for January 2020 CU.
      Cheers,
      Stefan

      Reply

      1. Hi Stefan,

        Does Microsoft publish current regressions that are found and when they are being fixed in future releases? I am working on patching the latest Dec 19 CU and did not know that the calendar overlays would break when I install this until I say Carol’s post.

        Thanks
        Dan

        Reply

        1. Hi Dan,
          we do not have a public list for this.
          We recommend not to install any SharePoint fixes in production before evaluating them in a test environment which resembles the production environment to verify that the fix does not break any specific scenarios used in your specific configuration.
          Cheers,
          Stefan

          Reply

      2. Hi Stefan…is the fix for the calendar overlay in the January 2020 CU?

        Reply

        1. Hi Andrea,
          yes it is.
          Cheers,
          Stefan

          Reply

  3. Hello, Stefan

    After patching, the SharePoint build number is equivalent to Nov 2019 CU instead of Dec 2019 CU.
    Product version 15.0.5197.1000 SPFarm Build Version 15.0.5189.1000.

    Reply

        1. Hi Josephine,
          you mean the required column?
          This should be true for all servers. Important is the “Missing” column.
          Cheers,
          Stefan

          Reply

  4. Great. Nothing returns from “Missing” column but it is annoying to see (get-spserver $env:computername).NeedsUpgrade returned true value for all SharePoint servers including email server.

    Get-SPServer | Where{ $_.NeedsUpgrade –eq $TRUE} also returns all SharePoint Servers including email server. (Should return a list of all servers in the farm that need an upgrade)
    Reference: https://docs.microsoft.com/en-us/powershell/module/sharepoint-server/get-spserver?view=sharepoint-ps

    Central Administration Server Status show “No Action Required”.
    Upgrade-SPFarm returns “This farm doesn’t need to be upgraded”.

    Thanks.

    Reply

    1. Hi Josephine, did you run the management shell with “run as administrator”? If yes it sounds strange. In this case I would recommend to open a support case with Microsoft to get this analyzed.

      Reply

  5. Yes, run as administrator as usual. Though it was strange so I wanted to check with you.
    First time experiencing this strange behavior out of 3 years of managing our current environment…
    Thanks for your guidance.
    Josephine

    Reply

    1. The fix is as well in November CU and in December CU.
      Cheers,
      Stefan

      Reply

  6. We use “psconfig.exe -cmd upgrade -inplace b2b -wait -cmd applicationcontent -install -cmd installfeatures -cmd secureresources -cmd services -install -cmd helpcollections -installall” in a script as part of installing monthly updates and it usually works fine but with SP 2013 Dec 2019 updates, we’re getting the error “There was no endpoint listening at http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc that could accept the message” during the DB upgrade step. Looks like IIS is still stopped when DB upgrade step reached although I’ve never paid close attention to see exactly when it’s supposed to start. It’s happening on every server in a particular farm but not on the server in a different single server farm. Any idea what might be causing this? Thanks.

    Reply

  7. Hell Stefan,
    I understand there is a PU from November (KB4484155 ?) and a CU from December 2019. I don’t think I need anything fixed from the CU’s (eventhough it includes PU’s). However I want to ensure I have all the latest security patches. What should I install ? It’s not clear to me how I can make the difference between CU’s and PU’s on the MS update page (https://docs.microsoft.com/en-us/officeupdates/sharepoint-updates).

    Thank you.

    Reply

    1. Hi Sylvain,
      4484155 is a full server package for November which includes all security and non security fixes for SharePoint Server 2013 released since SP1.
      If you would like to install only the security fixes released in November you need to apply 4484151 and 4484157 instead.
      But be aware that you should only do this if you installed October CU before. Otherwise you would have to ensure that you are installing all security fixes from each month from the last CU you applied till November.
      See here for more details:
      https://blog.stefan-gossner.com/2014/08/18/sharepoint-patching-demystified/
      Cheers,
      Stefan

      Reply

  8. Stefan,
    Thank you for the quick answer. Do I understand correctly that security updates/patches that are available to install through Windows update on the SP server such as “Security Update for Microsoft SharePoint Foundation 2013 (KB2956183)” for example are not sufficient to address Sharepoint vulnerabilities and that additional packages such as 448155 are needed to address all known vulnerabilities ?

    Thanks
    Sylvain

    Reply

Leave a Reply to Josephine Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.