X

The Latest Oracle E-Business Suite Technology News direct from
Oracle E-Business Suite Development & Product Management

SameSite Cookie Attribute Now Available for EBS 12.2 and EBS 12.1.3

Elke Phelps
Product Management Director

We are pleased to announce an enhancement to Oracle E-Business Suite security whereby the SameSite cookie attribute setting is now available for EBS 12.2 and EBS 12.1.3. Setting the SameSite cookie attribute provides additional protection against cross-site request forgery (CSRF). We highly recommend that you apply the required patches and enable the SameSite cookie attribute for Oracle E-Business Suite.

When enabling the SameSite cookie attribute, be certain to test integrations that are deployed to a domain that is different from the EBS domain.  A few examples of integrations that may have a different domain include iProcurement punchout or single sign-on integration with Oracle Access Manager or Identity Cloud Service.

For Oracle E-Business Suite Release 12.2, Patch 29672027:R12.TXK.C delivers context file parameters to enable and configure the SameSite cookie attribute. For the latest requirement and configuration details, refer to the following:

For Oracle E-Business Suite Release 12.1.3, Patch 30185574:R12.FND.B delivers a profile to enable and configure the SameSite cookie attribute. For the latest requirement and configuration details, refer to the following:

References

Related Articles

Join the discussion

Comments ( 2 )
  • Mariana Sunday, July 26, 2020
    Hi Elke,

    Thank you very much for the extensive information. Very useful indeed.

    Just a small detail for those still on EBS R12.1

    "...Patch 30185574:R12.FND.B patch is buggy and has missing dependency issues on EBS instances with code level lower than JUL 2017 CPU
    Note: The most recent replacement for this patch is 31569642:R12.FND.B. "

    Kind regards
    Mariana Angelova
  • Elke Phelps (Oracle Development) Monday, July 27, 2020
    Mariana, Thanks for the post.

    Yes, I am aware of the change in the recommended patch for EBS 12.1 customers. This change occurred in July after this blog article was originally posted.

    Note that blog articles are point in time - much like news articles. This is why we typically do not include detailed steps in blog articles as it is not possible for us to update every blog articles with the updated recommendations for prerequisites, patches and steps. You should always follow the instructions per the official documentation. You will see that the EBS 12.1 documentation referenced was updated in July 2020 with the following: "1.1.6 July 2020 Updated SameSite patch number from 30185574 to 31569642".

    Please let us know if you have additional comments regarding Samesite enablement for your organization.

    Regards,
    Elke
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.