September 2020 CU for SharePoint Server 2016 is available for download

The product group released the September 2020 Cumulative Update for SharePoint Server 2016 product family.

This CU also includes Feature Pack 1 which was released with December 2016 CU and Feature Pack 2 which was released with September 2017 CU.

The KB articles for September 2020 CU are available here:

  • KB 4484506 – September 2020 Update for SharePoint Server 2016 (language independent) – This is also a security update!
  • KB 4484512 – September 2020 Update for SharePoint Server 2016 (language dependent) – This is also a security update!

The download for September 2020 CU is available here:

Important: It is required to install both fixes (language dependent and independent) to fully patch a SharePoint server. This applies also to servers which do not have language packs installed. The reason is that each SharePoint installation includes a language dependent component together with a language independent component. If additional language packs are added later (only) the language dependent fix has to be applied again.

It is irrelevant which language you pick on the drop down in download center. Even the language dependent fixes are all in the same package for all languages.

After installing the fixes you need to run the SharePoint 2016 Products Configuration Wizard on each machine in the farm. If you prefer to run the command line version psconfig.exe ensure to have a look here for the correct options.

SharePoint 2016 September 2020 CU Build Numbers:

Language independent fix: 16.0.5056.1001
Language dependent fix: 16.0.5056.1000

To understand the different version numbers please have a look at my article which explains the different SharePoint build numbers.

Please ensure to have a look at the SharePoint Patching Best Practices before applying new fixes.

Related Links:

20 Comments


  1. Dear Stephan Gossner,
    The link on MS support page for kb4484506 to Download Center doesn’t work. The link returns with error message “We’re sorry, this download is no longer available. “

    Reply

    1. Hi Lajos,
      thanks for the info! I have double checked and it is indeed broken at the moment.
      I have reported it to the relevant team to get this fixed.
      Cheers,
      Stefan

      Reply

        1. Dear Stefan,
          it works
          thank you for fast help.
          br,
          Lajos

          Reply

  2. Hi Stefan,

    the CU 2020-08 for SharePoint 2013 contains the known issue with web parts causing page errors: KB4572409 https://support.microsoft.com/en-us/help/4572409/sharepoint-pages-not-render-when-using-unsafe-controls. We do experience very comparable behaviour on SharePoint 2016.

    Is it intentional that this change affects SP2016 in addition to the listed SP2010/SP2013 in KB4572409? And is this change to be considered permanent? I presume the answer is “yes” to both?

    Thank you and best regards,
    Adrian

    Reply

    1. Hi Adrian,
      I received an update from the relevant people in our product group: the code change in SP2010 and SP2013 is different from the code change in SP2016 and SP2019.
      SP2016 and SP2019 should not be affected by the same issue and thats the reason that the KB article only lists SP2010 and SP2013.

      If you see the issue on SP2016 then please open a ticket with Microsoft support to ensure that this can be analyzed in more detail.

      Thanks,
      Stefan

      Reply

      1. Hi, Stefan, I’m seeing the issue in my 2016 DEV environment. So it’s there, for sure.

        Reply

        1. Hi Radek, please ensure to open a ticket to ensure that this is tracked and can be analyzed in more details.

          Reply

          1. Hi Stefan, I would like to open the ticket but have no support plan. I’m just a normal developer knowing that dealing with SharePoint related tickets is like teaching parrots to talk. If there is a way to open the ticket for free, I can do it. Otherwise, I’m sorry…


  3. I updated our SharePoint 2016 servers with June 2020 CU. Is September 2020 CU critical one and do I need to update it? Or can I wait and do Dec 20 update?

    Reply

    1. Hi Kala,
      please have a look at the Kb articles for this CU.
      It includes references for each CVE for each security fix included which allows you to decide that based on your business requirements.
      Cheers,
      Stefan

      Reply

  4. I am also getting similar behavior on SP2016 with “The type could not be found or it is not registered as safe”. This is across all my site collections. We have custom solutions and master pages, however this is specifically complaining about a type that has never required a safe control entry. Even after manually adding a safe control in the web.config it continues to error out. It is as though SharePoint can no longer find the assemblies in the GAC even though they exist.

    I went as far as adding the ControlCompatMode=”true” attribute as stated in the workaround in KB4572409 and still no good. I will most likely be opening a case with Microsoft Monday morning.

    Reply

  5. Hi Stefan, we’re meeting this issue after applying the Sep 2020 CU.

    The base type ‘OurCustom.Branding.GenericPageLayout’ is not allowed for this page. The type OurCustom.Branding.GenericPageLayout, OurCustom.Branding, Version=1.0.0.0, Culture=neutral, PublicKeyToken=80842254f7ccc26f could not be found or it is not registered as safe.

    Comparing the web.config files between both Aug and Sep, the only (added) differences are as follows:

    Sep:

    Aug:

    Sep:

    Sep:

    Reply

    1. Hi Desmond,
      seems some content is missing in your comment.
      Cheers,
      Stefan

      Reply

      1. I think they were stripped out by the comment system. I’ve already opened a support case. Do you mind taking a look at it please? 21842067. Thank you.

        Reply

  6. Update: after putting in the correct safecontrol entry (which I didn’t need before the SP2016 Sept. patches) I was presented with a new error saying code blocks are not allowed in this file. It was referring to my master page. Putting an entry in the web.config allows my site to render correctly.

    Again, this all worked before the patches without the need of a workaround. I will still be opening a case with Microsoft tomorrow.

    Cheers!
    Tom

    Reply

  7. Hi Stefan,

    How would I determine if the web part errors would determine our 2016 environment? Is this mainly if you are running custom controls for ASP.net?

    Thanks,
    Jess

    Reply

    1. Hi Jess,
      from my understanding it would affect ghosted pages/page layouts/master pages which include inline code and custom controls which are not registered as safe controls in the web.config.
      Cheers,
      Stefan

      Reply

  8. Hi Stefan,

    After installing September 2020 SP patches, none of the farms show upgrade available option. Is there a known issue about this?

    Reply

  9. Just wanted to pass along something that had worked for me, as I too had the unsafe controls issue at a client site after running this update. When adding lines to the web.config, the vendor of web parts had been supplying lines via solution deployment as that had TypeName=”*”. To fix this, I had to be more specific and give the faulting typeName instead of the wildcard.

    Doesn’t appear that I can post the actual line here, so parameters that worked for me were:
    Assembly = Vendor.Portal.Runtime (removed vendor name, and this is the name of the DLL from the GAC)
    Namespace = Vendor.Portal.Runtime (removed vendor name, and this is the name of the DLL from the GAC)
    TypeName = SharePoint.Redirect (the actual faulting BaseType from error message without the Assembly prefixed)

    I’ll also note that no line for this control was previously in their web.config prior to this update and solution has worked since 2013.

    Reply

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.