Original Published Date : 10/21/2020 (Updated every Quarter) 

NOTE : 

Information in this blog is extracted as-is from the “Critical Patch Updates, Security Alerts and Bulletins Security Alerts” Oracle document, PSU ReadMe document, and other KM Articles referred in it :

Link: https://www.oracle.com/security-alerts/

This blog has PSU information specific to standalone WebLogic installation.

It is divided into the following sections:

Information related to WLS PSU in General :

  1. How often are PSU patches released by Oracle?

  2. Understanding the naming conversion of WLS PSU

  3. What is the difference between PSU / Samples SPU / ADR patches?

  4. Should I apply the WLS samples SPU patch in my environment? How to check if WLS samples are installed?

  5. Should I apply the ADR patch? How to check if ADR is installed in my environment?

  6. Error Correction dates

<Additional Info>

  1. Map CVEs to the Critical Patch Update Advisory or Security Alert that addresses them.

  2. Instructions for subscribing to email notifications of Critical Patch Update Advisories and Security Alerts

  3. Critical Patch Update and Security Alert Programs Frequently Asked Questions

  4. Different ways to Apply the Quarterly Released WebLogic Critical Patch Updates

  5. Advisor Webcast: MW – Simplified CPU/PSU Patching for Oracle WebLogic Server 12.2.1 and 14.1.1 on April 22, 2021 (Doc ID 2760202.1)

  6. ADVISOR WEBCAST: MW – New SPBAT Patching Tool for WebLogic Server 12.2.1.3, 12.2.1.4, and 14.1.1 on August 4, 2021 (Doc ID 2791572.1)

  7. ADVISOR WEBCAST: MW – New Admin Console Security Warnings for WebLogic Server (July 2021 PSU) on August 11, 2021 (Doc ID 2791616.1)

  8. Supported Java SE Downloads on MOS (Doc ID 1439822.1)

<Other Known Issues>

  1. Note 2259579.1 Native Windows Zip/Unzip Tools Fail To Extract Contents From Oracle Patch Zip Files
  2. Note 2429512.1 During Install PSU on WebLogic Get Windows Error “File or Path Name is too long”
  3. Note 1186923.1 Diagnosing “Encountered unrecognized patch ID” Failures When Trying to Patch WLS Using BSU

————-

Information related to WLS PSU in General :

1. How often are PSU patches released by Oracle?

Critical Patch Updates are collections of security fixes for Oracle products. They are available to customers with valid support contracts. Starting in April 2022, Critical Patch Updates will be released on the third Tuesday of January, April, July, and October (They were previously published on the Tuesday closest to the 17th day of January, April, July, and October). The next four dates are:

  • 18 April 2023
  • 18 July 2023
  • 17 October 2023
  • 16 January 2024

A pre-release announcement will be published on the Thursday preceding each Critical Patch Update release.

Link: https://www.oracle.com/security-alerts/

2. Understanding the naming conversion of WLS PSU

Understanding WebLogic Server Patch Set Update (PSU) Release Versions (Doc ID 2565576.1)    

3. What is the difference between ADR / Samples SPU / PSU patches?

ADR :

Automatic Diagnostic Repository (ADR) is part of the Oracle Fusion Middleware Diagnostic Framework.

The Oracle Fusion Middleware Diagnostic Framework helps you to collect and manage information about a problem so that you can resolve it or send it to Oracle Support for resolution.

Reference:

https://docs.oracle.com/en/middleware/fusion-middleware/12.2.1.4/asadm/diagnosing-problems.html#GUID-5E015FE1-C702-439B-898A-924CBA5020EA

SPU :

Security Patch Update. An iterative, cumulative patch consisting of security fixes.

WebLogic Samples SPU patch can not be applied when samples are not installed into the Oracle home.

Reference: 

https://docs.oracle.com/middleware/1213/wls/INTRO/examples.htm#INTRO299

Note: Do not configure the WebLogic Server sample applications on a production machine. 

https://docs.oracle.com/en/middleware/fusion-middleware/weblogic-server/12.2.1.3/lockd/secure.html#GUID-E5E57EA2-90AC-49E5-AF35-E217B8980BDC

PSU :

Oracle provides PSUs (Patch Set Updates) released with the Critical Patch Update program. You only need to apply the latest, as they are cumulative.

Always refer to the latest cumulative Fusion Middleware Patch Availability Document from the latest Security Advisory to obtain the initial announcement of PSUs and other steps to secure the environment:

Link: https://www.oracle.com/technetwork/topics/security/alerts-086861.html

Reference:

Patch Set Update (PSU) Administration Guide for Oracle WebLogic Server (WLS) (Doc ID 1306505.1)

4. Should I apply the WLS samples SPU patch in my environment? How to check if WLS samples are installed?

How to check if WLS samples are installed :

1. Run viewInventory.sh | cmd.
2. If Samples are installed you should see below FeatureSet in ViewInventory output:

FeatureSet: wls_examples 12.X.X
Component: oracle.wls.server.examples 12.X.X

WebLogic Samples SPU can not be applied when samples are not installed into the Oracle home.

The following messages are output when WLS Samples SPU is being applied by OPatch tool.

$ ../../OPatch/opatch apply
Oracle Interim Patch Installer version 13.9.X.X.X
Copyright (c) 2018, Oracle Corporation. All rights reserved.
Oracle Home : <MW_HOME/ORACLE_HOME>
Central Inventory : <DIR>/oraInventory
from : <MW_HOME/ORACLE_HOME>/oraInst.loc
OPatch version : 13.9.X.X.X
OUI version : 13.9.X.X.X
Log file location : <MW_HOME/ORACLE_HOME>/cfgtoollogs/opatch/opatch2020-XX-XX_XX-XX-XXAM_1.log
OPatch detects the Middleware Home as “<MW_HOME/ORACLE_HOME>”

Verifying environment and performing prerequisite checks…
Skip patch <Patch NO> from list of patches to apply: This patch is not needed.

After skipping patches with missing components, there are no patches to apply.
OPatch Session completed with warnings.
Log file location: <MW_HOME/ORACLE_HOME>/cfgtoollogs/opatch/opatch2020-XX-XX_XX-XX-XXAM_1.log

OPatch completed with warnings.
This message can be ignored. This is coming because there is no jars available for the patch to fix because those were not installed/available.

5. Should I apply the ADR patch? How to check if ADR is installed in my environment?

Automatic Diagnostic Repository (ADR) is part of the Oracle Fusion Middleware Diagnostic Framework.

You may verify the existence of the ADR component within your FMW/WLS installation in these ways:

  • Look for the presence of an ADR directory under the Oracle Home at <MW_HOME | ORACLE_HOME>/oracle_common/adr/adrci
    – If the ADR directory is present, your installation contains the ADR feature.
     
  • Use the ORACLE_HOME/oui/bin/viewInventory.sh script (viewInventory.cmd on Windows) to obtain a list of all Distributions, Feature Sets, and Components.
    – If the “oracle.adr” is listed, you have ADR component installed.
    – For example, within the output:

    FeatureSet: adr_platforms 12.1.2.0.0
    Component: oracle.adr 12.1.2.0.0

The ADR component is part of the Oracle Fusion Middleware Diagnostic Framework and is no longer required with WebLogic Server when installed alone (without Fusion Middleware products) or when features of ADR are not desired.

Reference: 

What is the Automatic Diagnostic Repository (ADR)? When Does ADR Need to be Updated? (Doc ID 2703429.1)    

Introducing New Lite, Slim and Quick Installers for Oracle WebLogic Server – Without the ADR Component (Doc ID 2703355.1)    

6. Error Correction dates

Click the document below to go directly to the “Error Correction information for Oracle WebLogic Server Patch Set Update”  section :

–> 

My Oracle Support
Note 2694898.1


Reference : 

Critical Patch Update (CPU) Program Oct 2020 Patch Availability Document (PAD) (Doc ID 2694898.1)    

Error Correction Support Dates for Oracle WebLogic Server (Doc ID 950131.1)    

Thank You!