I am preparing myself before heading to my customer's site to help them patch their OpenAM 10.0.2 servers.
The past patches used to be standalone. So if there are 2 security advisories that introduced 3 patches, then one had to perform patch 3 times.
Today, I am seeing an accumulated patch released by ForgeRock for OpenAM.
So besides #201503-01 and #201503-02, it contains previous patches that were introduced some months back.
Is this a good move? Pretty convenient I would say because this particular customer has not applied #201502-* yet.
So this saves my time.