What’s the difference between PSU (Patch Set Update) and CPU (Critical Patch Update) bundles?
The quarterly PSU (Patch Set Update) includes critical CVE (Common Vulnerability & Exposure) patches plus non-CVE bug fixes and new features. For supported customers, we also produce a quarterly CPU (Critical Patch Update) which includes only the current quarter’s CVE fixes on top of the previous quarter's now stabilized PSU update.
Since the CPU bundles do not have any new features or non-security bug fixes, they require less testing, which is more efficient for keeping a production environment secure.
Many of our customers use only CPUs, streamlining their processes and minimizing the need for testing. In this case, you will always be three months behind in getting new features, but you’ll never be at all behind in getting your critical security fixes. Another typical process is to rapidly deploy the CPU then take time to fully test (and watch for any updates to) the PSU before deploying the PSU in production in time to ensure there are no issues in your environment before the next quarterly update.