Revit Update clarification to the Autodesk clarification

Autodesk recently released a series of “Security Hotfixes” for Revit, 2017-1029. These hot fixes are required for C4R, but the execution and communication from Autodesk has been horrendous, so I wanted to get some more detailed information out there. This Revit BLOG post has the recent clarification from Autodesk, but it still doesn’t address the gravity of getting things wrong for subscription customers.

The main issue here is that, historically we get one or more hot fixes before the .1 release, which are available both on and off subscription, and appropriate to install for everyone. After .1 only Subscription customers get updates, and so we habitually install all updates as they arrive. With this update that could be a catastrophic mistake, because Autodesk has fundamentally changed the way this update behaves compared to previous hot fixes, but the version numbering and naming has not changed.

So, taking 2019 as an example, the two updates that encompass the fix are 2019.1, released 15.08.2018, and the new 2019.0.2, released 17.10.2018. If you are on Subscription and already have 2019.1 installed, 2019.0.2 will install right over it, remove all .1 update functionality, and break your install such that you cannot reinstall 2019.1. Your only recourse will be to uninstall completely then reinstall, skipping this new 2019.0.2 hot fix.
Even if you haven’t installed 2019.1 yet 2019.0.2 is still damaging as installing it will mean you can’t install 2019.1 later, again unless you uninstall everything and start from scratch. 2019.1 already has the security issue addressed, but Autodesk is not making that clear, nor that the 2019.0.2 hot fix should NOT be installed by subscription customers.
2017 & 2018 have a similar problem, with 2017.0.4 being the update for non subscription customers and 2017.2.4 being for subscription, and the two again being mutually exclusive. In 2018 it’s 2018.0.3 & 2018.3.2.

So, long story short, these Non Subscription hot fixes (2017.0.4, 2018.0.3 & 2019.0.2) are truly ONLY for non subscription customers, and if you are on subscription you should avoid them like the plague. However, the Subscription updates (2017.2.4, 2018.3.2 & 2019.1) are important (especially if you use C4R it seems) and safe to install.

Hopefully that clarifies things.