In today’s evolving landscape, where attacks are increasingly becoming sophisticated, applying software updates is not only a best practice for cybersecurity but also a legal and regulatory requirement under many frameworks.
Every 3-5 months, AVDF releases a new update that addresses known vulnerabilities of the underlying components, along with bug fixes that improve system stability. We are now announcing the fourteenth release update – AVDF 20.14.
Fixes against reported vulnerabilities in AVDF 20.14
Compared to AVDF RU 20.13, the latest release update, AVDF 20.14, has the following fixes against reported vulnerabilities in its underlying components.
- There are eight CVEs addressed in Oracle Database Server from the two Critical Patch Updates, April 2025, and January 2025.
- There are sixty-two CVEs addressed for the underlying components, Oracle APEX, Oracle Rest Data Services (ORDS), Oracle Java SE, Oracle Autonomous Health Framework (AHF), and Oracle GoldenGate from the two Critical Patch Updates, April 2025, and January 2025
- CVE fixes for the embedded Oracle Linux 8.10 operating system
We have also fixed several customer-reported and internally discovered issues. Some of the critical bugs fixed in 20.14 are listed here.
Increased robustness of the update process
To streamline the update process and minimize errors, we continue to increase the checks with every release update. In AVDF 20.14, we made the following improvements:
- Ensure archive locations are mounted and accessible before upgrading
- Ensure that the Audit Vault servers are properly configured for HA
- Primary and standby Audit Vault servers must be in sync
- The standby Audit Vault server should have sufficient space in the ASM disk groups before pairing
- The primary Audit Vault server should start updating only after the standby is updated
- Improved pre-update warning messages to avoid unexpected reboots during the update process
- Diagnostic improvements for faster debugging
Operational improvements in audit data archiving
- Fixed insufficient space issues during the data archiving operation
- Fixed inaccessible data file issues during the data purge operation
- Updated diagnostics for efficient debugging
Important feature updates in AVDF 20.14:
Expanding support for tracking before/after values: AVDF currently collects before/after values from Oracle, Microsoft SQL Server, and MySQL databases to help customers meet compliance requirements where they need to track the change in values. However, the session information (Program name, OS username, Client host name/IP, OS terminal) is not available in the change data capture table of the Microsoft SQL Server, limiting our ability to show that. AVDF 20.14 now captures session information for before/after value changes related to customer-selected tables in Microsoft SQL Server transactions.
Oracle Database 23ai SQL Firewall log: Introduced in Oracle Database 23ai, SQL Firewall is built into the Oracle Database 23ai kernel to effectively address SQL injection attacks and unauthorized SQL statements. With AVDF 20.13, SQL Firewall violation events were available as part of the All Activity Report. In AVDF 20.14, we have now added a new SQL Firewall Violations Report.
Support for VMware vSphere 8.0 to install and run AVDF 20.13 and later RUs.
Get started today
For the security of the deployment, it is critical to apply AVDF release updates regularly and stay on the latest solution release. We strongly recommend that you apply the AVDF 20.14 release update to enhance the usability, stability, and security of your AVDF deployment.
You can download the updated software from Oracle Support (patch 37847983) or a fresh install software package from the Oracle Software Delivery Cloud.
You can also install AVDF on Oracle Cloud Infrastructure. The AVDF 20.14 image is available from the Oracle Cloud Marketplace, and you can provision a complete AVDF system in just a few minutes.
Learn More
If you want to try out AVDF without deploying on your own infrastructure, visit the LiveLabs guided workshop.
Watch AVDF short videos on specific features to understand their value proposition.
Oracle Database Security Product Management YouTube channel.