Maximizing Security: How to Apply 2024 Oracle Critical Patch Update to EPM Versions 11.2.12-14

With the release of 11.2.15, there are no more bundled quarterly patch updates that are certified by Oracle for the EPM suite for those clients on earlier versions still eligible for error correction support. At the time of this writing, versions 11.2.12 through 11.2.14 are still eligible for error correction support. If your organization wants to apply the Oracle Critical Patch Updates, OHS updates, and Java updates, they will have to do so using a more manual process. Fortunately, Oracle supplies documents like  “Critical Patch Update (CPU) January 2024 Patch Advisor for Enterprise Performance Management (EPM) - Archive (Doc ID 3016749.2)”. I’m referring to the Archive doc for January 2024’s version because per the document, “Oracle Fusion Middleware January 2024 Critical Patch Updates are supported with the EPM releases but have not been certified.  Certification will follow in the next EPM release update.”

3 months later the January 2024 patches are certified, and using the document to look for Hyperion Infrastructure Technology patches for 11.2.14, we see there are a number of eligible patches available for download. There is a patch for a Struts issue, an ADF bundle patch for Fusion Middleware, the Oracle WebLogic Server Stack Patch Bundle for Jan 2024, all usual suspects. The tricky new one here is under Oracle HTTP Server 12.2.1.4 with DB Client 19c. Wait, OHS has a DB Client? Yes, it installs with a 12c DB client for Oracle, for internal use, and that client is not usable or accessible by the rest of the system like an independently-installed Oracle DB client. No need to worry about updating the CACERTS file for this!

Oracle issued a document, “New Database Client 19c Upgrade for Oracle Fusion Middleware 12.2.1.4 - OID, OHS, OTD (Doc ID 2921245.1)”, which states that the Oracle Client installed with OHS, OID and OBIEE (12c) will no longer be supported after January 2024, and any Fusion Middleware patches for these products will only be available if the Client has been patched up to 19c with Patch 34761383! This is meant to allow support for newer SSL features as well as security fixes. I should point out that regardless of whether your shop uses Oracle DB or MSSQL, this Oracle 12c client is installed in your OHS implementation and should be updated to support continued patching of OHS.

Once the DB Client upgrade installer is downloaded and executed, you may then continue to download and apply the OHS patches listed in the CPU doc. This note is relevant to EPM versions 11.2.12-11.2.14. If you are on 11.2.15, apply your quarterly patch bundle as usual, the 11.2.16 patch bundle includes the DB Client upgrade and runs it - 3476183-OHSDBC-Windows.zip as it appears in my 11.2.16 Windows-versioned bundle.