Steven Chan

Subscribe to Steven Chan feed
Oracle Blogs
Updated: 10 hours 22 min ago

Critical Patch Update for January 2018 Now Available

Thu, 2018-01-18 11:37

The Critical Patch Update (CPU) for January 2018 was released on January 16, 2018. Oracle strongly recommends applying the patches as soon as possible.

The Critical Patch Update Advisory is the starting point for relevant information. It includes a list of products affected, pointers to obtain the patches, a summary of the security vulnerabilities, and links to other important documents. 

Supported products that are not listed in the "Supported Products and Components Affected" Section of the advisory do not require new patches to be applied.

The Critical Patch Update Advisory is available at the following location:

It is essential to review the Critical Patch Update supporting documentation referenced in the Advisory before applying patches.

The next four Critical Patch Update release dates are:

  • April 17, 2018
  • July 17, 2018
  • October 16, 2018
  • January 15, 2019
References Related Articles
Categories: APPS Blogs

JRE 1.8.0_161/162 Certified with Oracle EBS 12.1 and 12.2

Wed, 2018-01-17 12:28

Java logo

Java Runtime Environment 1.8.0_161 (a.k.a. JRE 8u161-b12) and JRE 1.8.0_162 (a.k.a. JRE 8u162-b16) and later updates on the JRE 8 codeline are now certified with Oracle E-Business Suite 12.1 and 12.2 for Windows clients.

Java Web Start is available

This JRE release may be run with either the Java plug-in or Java Web Start.

Java Web Start is certified with EBS 12.1 and 12.2 for Windows clients.  

Considerations if you're also running JRE 1.6 or 1.7

JRE 1.7 and JRE 1.6 updates included an important change: the Java deployment technology (i.e. the JRE browser plugin) is no longer available for those Java releases. It is expected that Java deployment technology will not be packaged in later Java 6 or 7 updates.

JRE 1.7.0_161 (and later 1.7 updates) and 1.6.0_171 (and later 1.6 updates) can still run Java content.  They cannot launch Java.

End-users who only have JRE 1.7 or JRE 1.6 -- and not JRE 1.8 -- installed on their Windows desktop will be unable to launch Java content.

End-users who need to launch JRE 1.7 or 1.6 for compatibility with other third-party Java applications must also install the JRE 1.8.0_152 or later JRE 1.8 updates on their desktops.

Once JRE 1.8.0_152 or later JRE 1.8 updates are installed on a Windows desktop, it can be used to launch JRE 1.7 and JRE 1.6. 

How do I get help with this change?

EBS customers requiring assistance with this change to Java deployment technology can log a Service Request for assistance from the Java Support group.

All JRE 6, 7, and 8 releases are certified with EBS upon release

Our standard policy is that all E-Business Suite customers can apply all JRE updates to end-user desktops:

  • From JRE 1.6.0_03 and later updates on the JRE 6 codeline
  • From JRE 1.7.0_10 and later updates on the JRE 7 codeline 
  • From JRE 1.8.0_25 and later updates on the JRE 8 codeline
We test all new JRE releases in parallel with the JRE development process, so all new JRE releases are considered certified with the E-Business Suite on the same day that they're released by our Java team. 

You do not need to wait for a certification announcement before applying new JRE 6, 7, or 8 releases to your EBS users' desktops.

32-bit and 64-bit versions certified

This certification includes both the 32-bit and 64-bit JRE versions for various Windows operating systems. See the respective Recommended Browser documentation for your EBS release for details.

Where are the official patch requirements documented?

All patches required for ensuring full compatibility of the E-Business Suite with JRE 8 are documented in these Notes:

For EBS 12.1 & 12.2

Implications of Java 6 and 7 End of Public Updates for EBS Users

The Oracle Java SE Support Roadmap and Oracle Lifetime Support Policy for Oracle Fusion Middleware documents explain the dates and policies governing Oracle's Java Support.  The client-side Java technology (Java Runtime Environment / JRE) is now referred to as Java SE Deployment Technology in these documents.

Starting with Java 7, Extended Support is not available for Java SE Deployment Technology.  It is more important than ever for you to stay current with new JRE versions.

If you are currently running JRE 6 on your EBS desktops:

  • You can continue to do so until the end of Java SE 6 Deployment Technology Extended Support in June 2017
  • You can obtain JRE 6 updates from My Oracle Support.  See:

If you are currently running JRE 7 on your EBS desktops:

  • You can continue to do so until the end of Java SE 7 Deployment Technology Premier Support in July 2016
  • You can obtain JRE 7 updates from My Oracle Support.  See:

If you are currently running JRE 8 on your EBS desktops:

Will EBS users be forced to upgrade to JRE 8 for Windows desktop clients?

No.

This upgrade is highly recommended but remains optional while Java 6 and 7 are covered by Extended Support. Updates will be delivered via My Oracle Support, where you can continue to receive critical bug fixes and security fixes as well as general maintenance for JRE 6 and 7 desktop clients. Note that there are different impacts of enabling JRE Auto-Update depending on your current JRE release installed, despite the availability of ongoing support for JRE 6 and 7 for EBS customers; see the next section below.

Impact of enabling JRE Auto-Update

Java Auto-Update is a feature that keeps desktops up-to-date with the latest Java release.  The Java Auto-Update feature connects to java.com at a scheduled time and checks to see if there is an update available.

Enabling the JRE Auto-Update feature on desktops with JRE 6 installed will have no effect.

With the release of the January Critical patch Updates, the Java Auto-Update Mechanism will automatically update JRE 7 plug-ins to JRE 8.

Enabling the JRE Auto-Update feature on desktops with JRE 8 installed will apply JRE 8 updates.

Coexistence of multiple JRE releases Windows desktops

The upgrade to JRE 8 is recommended for EBS users, but some users may need to run older versions of JRE 6 or 7 on their Windows desktops for reasons unrelated to the E-Business Suite.

Most EBS configurations with IE and Firefox use non-static versioning by default. JRE 8 will be invoked instead of earlier JRE releases if both are installed on a Windows desktop. For more details, see "Appendix B: Static vs. Non-static Versioning and Set Up Options" in Notes 290807.1 and 393931.1.

What do Mac users need?

JRE 8 is certified for Mac OS X 10.8 (Mountain Lion), 10.9 (Mavericks), 10.10 (Yosemite), and 10.11 (El Capitan) desktops.  For details, see:

Will EBS users be forced to upgrade to JDK 8 for EBS application tier servers?

No.

JRE is used for desktop clients.  JDK is used for application tier servers.

JRE 8 desktop clients can connect to EBS environments running JDK 6 or 7.

JDK 8 is not certified with the E-Business Suite.  EBS customers should continue to run EBS servers on JDK 6 or 7.

Known Issues

Internet Explorer Performance Issue

Launching JRE 1.8.0_73 through Internet Explorer will have a delay of around 20 seconds before the applet starts to load (Java Console will come up if enabled).

This issue fixed in JRE 1.8.0_74.  Internet Explorer users are recommended to uptake this version of JRE 8.

Form Focus Issue Clicking outside the frame during forms launch may cause a loss of focus when running with JRE 8 and can occur in all Oracle E-Business Suite releases. To fix this issue, apply the following patch:

References

Related Articles
Categories: APPS Blogs

JRE 1.7.0_171 Certified with Oracle E-Business Suite 12.1 and 12.2

Wed, 2018-01-17 12:20

Java logo

Java Runtime Environment 1.7.0_171 (a.k.a. JRE 7u171-b11) and later updates on the JRE 7 codeline are now certified with Oracle E-Business Suite Release 12.1 and 12.2 for Windows-based desktop clients.

What's new in this update?

This update includes an important change: the Java deployment technology (i.e. the JRE browser plugin) is no longer available as of this Java release. It is expected that Java deployment technology will not be packaged in later Java 7 updates.

JRE 1.7.0_161  and later JRE 1.7 updates can still run Java content.  These releases cannot launch Java.

End-users who only have JRE 1.7.0_161 and later JRE 1.7 updates -- but not JRE 1.8 -- installed on their Windows desktop will be unable to launch Java content.

End-users who need to launch JRE 1.7 for compatibility with other third-party Java applications must also install the October 2017 CPU release JRE 1.8.0_151 or later JRE 1.8 updates on their desktops.

Once JRE 1.8.0_151 or a later JRE 1.8 update is installed on a Windows desktop, it can be used to launch JRE 1.7.0_161 and later updates on the JRE 1.7 codeline. 

How do I get help with this change?

EBS customers requiring assistance with this change to Java deployment technology can log a Service Request for assistance from the Java Support group.

All JRE 6, 7, and 8 releases are certified with EBS upon release

Our standard policy is that all E-Business Suite customers can apply all JRE updates to end-user desktops:

  • From JRE 1.6.0_03 and later updates on the JRE 6 codeline
  • From JRE 1.7.0_10 and later updates on the JRE 7 codeline 
  • From JRE 1.8.0_25 and later updates on the JRE 8 codeline
We test all new JRE releases in parallel with the JRE development process, so all new JRE releases are considered certified with the E-Business Suite on the same day that they're released by our Java team. 

You do not need to wait for a certification announcement before applying new JRE 6, 7, or 8 releases to your EBS users' desktops.

Effects of new support dates on Java upgrades for EBS environments

Support dates for the E-Business Suite and Java have changed.  Please review the sections below for more details:

  • What does this mean for Oracle E-Business Suite users?
  • Will EBS users be forced to upgrade to JRE 7 for Windows desktop clients?
  • Will EBS users be forced to upgrade to JDK 7 for EBS application tier servers?

32-bit and 64-bit versions certified

This certification includes both the 32-bit and 64-bit JRE versions for various Windows operating systems. See the respective Recommended Browser documentation for your EBS release for details.

Where are the official patch requirements documented?

How can EBS customers obtain Java 7?

EBS customers can download Java 7 patches from My Oracle Support.  For a complete list of all Java SE patch numbers, see:

Both JDK and JRE packages are now contained in a single combined download.  Download the "JDK" package for both the desktop client JRE and the server-side JDK package. 

Coexistence of multiple JRE releases Windows desktops

The upgrade to JRE 8 is recommended for EBS users, but some users may need to run older versions of JRE 6 or 7 on their Windows desktops for reasons unrelated to the E-Business Suite.

Most EBS configurations with IE and Firefox use non-static versioning by default. JRE 8 will be invoked instead of earlier JRE releases if both are installed on a Windows desktop. For more details, see "Appendix B: Static vs. Non-static Versioning and Set Up Options" in Notes 290807.1 and 393931.1.

Java Auto-Update Mechanism

With the release of the January 2015 Critical patch Updates, the Java Auto-Update Mechanism will automatically update JRE 7 plug-ins to JRE 8.

Coexistence of multiple JRE releases Windows desktops

The upgrade to JRE 8 is recommended for EBS users, but some users may need to run older versions of JRE 6 or 7 on their Windows desktops for reasons unrelated to the E-Business Suite.

Most EBS configurations with IE and Firefox use non-static versioning by default. JRE 8 will be invoked instead of earlier JRE releases if both are installed on a Windows desktop. For more details, see "Appendix B: Static vs. Non-static Versioning and Set Up Options" in Notes 290807.1 and 393931.1.

What do Mac users need?

Mac users running Mac OS X 10.7 (Lion), 10.8 (Mountain Lion), 10.9 (Mavericks), and 10.10 (Yosemite) can run JRE 7 or 8 plug-ins.  See:

Will EBS users be forced to upgrade to JDK 7 for EBS application tier servers?

JRE ("Deployment Technology") is used for desktop clients.  JDK is used for application tier servers.

JDK upgrades for E-Business Suite application tier servers are highly recommended but currently remain optional while Java 6 is covered by Extended Support. Updates will be delivered via My Oracle Support, where you can continue to receive critical bug fixes and security fixes as well as general maintenance for JDK 6 for application tier servers. 

Java SE 6 (excluding Deployment Technology) is covered by Extended Support until December 2018.  All EBS customers with application tier servers on Windows, Solaris, and Linux must upgrade to JDK 7 (excluding Deployment Technology) by December 2018. EBS customers running their application tier servers on other operating systems should check with their respective vendors for the support dates for those platforms.

JDK 7 is certified with E-Business Suite 12.  See:

Known Issues

When using Internet Explorer, JRE 1.7.0_01 had a delay of around 20 seconds before the applet started to load. This issue is fixed in JRE 1.7.0_95.

References

Related Articles
Categories: APPS Blogs

JRE 1.6.0_181 Certified with Oracle E-Business Suite 12.1 and 12.2

Wed, 2018-01-17 12:11

Java logThe latest Java Runtime Environment 1.6.0_181 (a.k.a. JRE 6u181-b10) and later updates on the JRE 6 codeline are now certified with Oracle E-Business Suite Release 12.1 and 12.2 for Windows-based desktop clients.

What's new in this update?

This update includes an important change: the Java deployment technology (i.e. the JRE browser plugin) is no longer available as of the Java 1.6.0_171 release. It is expected that Java deployment technology will not be packaged in later Java 6 updates.

JRE 1.6.0_171 and later JRE 1.6 updates can still run Java content.  These releases cannot launch Java.

End-users who only have JRE 1.6.0_171 and later JRE 1.6 updates -- but not JRE 1.8 -- installed on their Windows desktop will be unable to launch Java content.

End-users who need to launch JRE 1.6 for compatibility with other third-party Java applications must also install the October 2017 PSU release JRE 1.8.0_152 or later JRE 1.8 updates on their desktops.

Once JRE 1.8.0_152 or a later JRE 1.8 update is installed on a Windows desktop, it can be used to launch JRE 1.6.0_171 and later updates on the JRE 1.6 codeline. 

How do I get help with this change?

EBS customers requiring assistance with this change to Java deployment technology can log a Service Request for assistance from the Java Support group.

All JRE 6, 7, and 8 releases are certified with EBS upon release

Our standard policy is that all E-Business Suite customers can apply all JRE updates to end-user desktops:

  • From JRE 1.6.0_03 and later updates on the JRE 6 codeline
  • From JRE 1.7.0_10 and later updates on the JRE 7 codeline 
  • From JRE 1.8.0_25 and later updates on the JRE 8 codeline
We test all new JRE releases in parallel with the JRE development process, so all new JRE releases are considered certified with the E-Business Suite on the same day that they're released by our Java team. 

You do not need to wait for a certification announcement before applying new JRE 6, 7, or 8 releases to your EBS users' desktops.

Effects of new support dates on Java upgrades for EBS environments

Support dates for the E-Business Suite and Java have changed.  Please review the sections below for more details:

  • What does this mean for Oracle E-Business Suite users?
  • Will EBS users be forced to upgrade to JRE 7 for Windows desktop clients?
  • Will EBS users be forced to upgrade to JDK 7 for EBS application tier servers?
32-bit and 64-bit versions certified

This certification includes both the 32-bit and 64-bit JRE versions for various Windows operating systems. See the respective Deploying JRE documentation for your EBS release for details.

How can EBS customers obtain Java 6 updates?

Java 6 is now available only via My Oracle Support for E-Business Suite users.  You can find links to this release, including Release Notes, documentation, and the actual Java downloads here: Both JDK and JRE packages are contained in a single combined download after 6u45.  Download the "JDK" package for both the desktop client JRE and the server-side JDK package.

Coexistence of multiple JRE releases Windows desktops

The upgrade to JRE 8 is recommended for EBS users, but some users may need to run older versions of JRE 6 or 7 on their Windows desktops for reasons unrelated to the E-Business Suite.

Most EBS configurations with IE and Firefox use non-static versioning by default. JRE 8 will be invoked instead of earlier JRE releases if both are installed on a Windows desktop. For more details, see "Appendix B: Static vs. Non-static Versioning and Set Up Options" in Notes 290807.1 and 393931.1.

What do Mac users need?

Mac users running Mac OS X 10.10 (Yosemite) can run JRE 7 or 8 plug-ins.  See:

Will EBS users be forced to upgrade to JDK 7 for EBS application tier servers?

JRE ("Deployment Technology") is used for desktop clients.  JDK is used for application tier servers.

JDK upgrades for E-Business Suite application tier servers are highly recommended but currently remain optional while Java 6 is covered by Extended Support. Updates will be delivered via My Oracle Support, where you can continue to receive critical bug fixes and security fixes as well as general maintenance for JDK 6 for application tier servers. 

Java SE 6 (excluding Deployment Technology) is covered by Extended Support until December 2018.  All EBS customers with application tier servers on Windows, Solaris, and Linux must upgrade to JDK 7 by December 2018. EBS customers running their application tier servers on other operating systems should check with their respective vendors for the support dates for those platforms.

JDK 7 is the latest Java release certified with E-Business Suite 12 servers.  See:

References

Related Articles
Categories: APPS Blogs

New OA Framework 12.2.6 Update 8 Now Available

Fri, 2018-01-12 02:00

Web-based content in Oracle E-Business Suite Release 12 runs on the Oracle Application Framework (also known as OA Framework, OAF, or FWK) user interface libraries and infrastructure.

We periodically release updates to Oracle Application Framework to fix performance, security, and stability issues.

These updates are provided in cumulative Release Update Packs, and cumulative Bundle Patches that can be applied on top of the Release Update Packs. In this context, cumulative means that the latest RUP or Bundle Patch contains everything released earlier.

The latest OAF update for Oracle E-Business Suite Release 12.2.6 is now available:

Oracle Application Framework (FWK) Release 12.2.6 Bundle 8 (Patch 26953578:R12.FWK.C)

Where is this update documented?

Instructions for installing this OAF Release Update Pack are in the following My Oracle Support knowledge document:

Who should apply this patch?

All Oracle E-Business Suite Release 12.2.6 users should apply this patch. Future OAF patches for EBS Release 12.2.6 will require this patch as a prerequisite. 

What's new in this update?

This bundle patch is cumulative: it includes all fixes released in previous EBS Release 12.2.6 bundle patches.

In addition, this latest bundle patch includes fixes for the following issues:

  • The link ‘Skip navigation elements to page contents’ is gaining focus on clicking LOV search icon.

  • Rendering issues with Email Center(EMC) pages.

Related Articles

Categories: APPS Blogs

Updated: Database Vault 12.1.0.2 Certification with EBS 12.2

Wed, 2018-01-10 13:10

We are pleased to announce updated scripts for use with the integration of Oracle Database Vault 12.1.0.2 with Oracle E-Business Suite 12.2. The updated scripts include a number of bug fixes recently identified by customers.

If you are integrating Oracle Database Vault with Oracle E-Business Suite 12.2, please make certain to download and use the latest scripts available with patch 27294144.

For the latest instructions on how to integrate Oracle Database Vault with Oracle E-Business Suite 12.2, refer to the following My Oracle Support Knowledge Document:

Related Articles

References

Categories: APPS Blogs

Safari 11 on macOS Sierra and OS X El Capitan Certified with EBS 12

Mon, 2018-01-08 13:11

Oracle E-Business Suite Release 12 (12.1.3, 12.2.4 or higher) is now certified with Safari 11 on the following desktop configurations.

For macOS Sierra 10.12:

  • macOS Sierra version 10.12.6 or higher
  • Safari version 11 (11.0.2 or higher)
  • Oracle JRE 8 plugin (1.8.0_121 or higher)

For OS X El Capitan 10.11:

  • OS X El Capitan 10.11.6 or higher
  • Safari version 11 (11.0.2 or higher)
  • Oracle JRE 8 plugin (1.8.0_91 or higher)

Users should review all relevant information along with other specific patching requirements and known limitations listed in:

Pending Certification 

macOS High Sierra 10.13 with Safari 11 is not yet certified for E-Business Suite. This certification is in our plans.

Oracle's Revenue Recognition rules prohibit us from discussing certification and release dates, but you're welcome to monitor or subscribe to this blog. I'll post updates here as soon as soon as they're available.    

Related Articles

Categories: APPS Blogs

New OA Framework 12.2.5 Update 18 Now Available

Tue, 2018-01-02 05:33

Web-based content in Oracle E-Business Suite Release 12 runs on the Oracle Application Framework (also known as OA Framework, OAF, or FWK) user interface libraries and infrastructure. Since the initial release of Oracle E-Business Suite Release 12.2 in 2013, we have released a number of cumulative updates to Oracle Application Framework to fix performance, security, and stability issues.

These updates are provided in cumulative Release Update Packs, and cumulative Bundle Patches that can be applied on top of the Release Update Packs. In this context, cumulative means that the latest RUP or Bundle Patch contains everything released earlier.

The latest OAF update for Oracle E-Business Suite Release 12.2.5 is now available:

Where is this update documented?

Instructions for installing this OAF Release Update Pack are in the following My Oracle Support knowledge document:

Who should apply this patch?

All Oracle E-Business Suite Release 12.2.5 users should apply this patch.  Future OAF patches for EBS Release 12.2.5 will require this patch as a prerequisite. 

What's new in this update?

This bundle patch is cumulative: it includes (TBS) fixes in total, including all fixes released in previous EBS Release 12.2.5 bundle patches.

This latest bundle patch includes fixes for following bugs/issues:

  • Tip type is not displayed in 'Screen Reader Optimized' accessibility mode.
  • Null Pointer Exception is thrown with a specific Configurator Developer flow that uses the query bean.

Related Articles

Categories: APPS Blogs

Elliptic Curve Cryptography Certificates Now Certified with EBS Release 12.2

Tue, 2017-12-19 07:54

We are pleased to announce that Elliptic Curve Cryptography (ECC) certificates are now certified for use with Oracle E-Business Suite Release 12.2.

Key Points

  • Elliptic Curve Cryptography supports both forward secrecy and stronger cipher suites.
  • Apple's App Transport Security mandates forward secrecy, and we expect this to be a requirement for mobile clients.
  • For additional information, and instructions about deploying ECC certificates with Oracle E-Business Suite Release 12.2, refer to Enabling TLS in Oracle E-Business Suite Release 12.2 (Note 1367293.1).
  • We are currently working on certification of ECC certificates with EBS 12.1.3. Subscribe to this blog for the latest news about this and other EBS technology certification developments.

Related Articles

References

 

Categories: APPS Blogs

New OA Framework 12.2.4 Update 18 Now Available

Mon, 2017-12-18 09:34

Web-based content in Oracle E-Business Suite Release 12 runs on the Oracle Application Framework (also known as OA Framework, OAF, or FWK) user interface libraries and infrastructure. Since the initial release of Oracle E-Business Suite Release 12.2 in 2013, we have released a number of cumulative updates to Oracle Application Framework to fix performance, security, and stability issues.

These updates are provided in cumulative Release Update Packs, and cumulative Bundle Patches that can be applied on top of the Release Update Packs. In this context, cumulative means that the latest RUP or Bundle Patch contains everything released earlier.

The latest OAF update for Oracle E-Business Suite Release 12.2.4 is now available:

Where is this update documented?

Instructions for installing this OAF Release Update Pack are in the following My Oracle Support knowledge document:

Who should apply this patch?

All Oracle E-Business Suite Release 12.2.4 users should apply this patch. Future OAF patches for EBS Release 12.2.4 will require this patch as a prerequisite. 

What's new in this update?

This bundle patch is cumulative: it includes all fixes released in previous EBS Release 12.2.4 bundle patches.

This latest bundle patch includes a fix for the following issue:

  • Long notification title is not wrapping.

Related Articles

Categories: APPS Blogs

OpenSSL and mod_ssl Replacing Oracle Wallet and mod_ossl for EBS 12.1

Thu, 2017-12-14 12:14

The use of mod_ssl is being phased in along with OpenSSL for the E-Business Suite 12.1 product line. Oracle E-Business Suite Release 12.1 is migrating to OpenSSL and mod_ssl technology in order to future proof the TLS implementation.  OpenSSL and mod_ssl are required for TLS 1.1 or TLS 1.2 and to support new cipher suites.

We provided support for mod_ssl and OpenSSL in a phased approach, so that deployment can be planned methodically.  Given the rate of SSL and TLS vulnerabilities that have been found recently and the limited number of strong cipher suites supported with Oracle Wallet, we highly recommend that our customers make the transition to TLS 1.1 or 1.2 sooner rather than later. This way, migrating does not have to be done as a fire drill.

You should follow the instructions in Enabling TLS in Oracle E-Business Suite Release 12.1 (Note 376700.1) to implement or migrate to OpenSSL and mod_ssl. 

For reference, the older mod_ossl (SSL v3 and TLS 1.0) which uses the Oracle wallet for the certificates is documented in Enabling SSL or TLS in Oracle E-Business Suite Release 12 (2143099.1).  

Related Articles

References

Categories: APPS Blogs

Different Authentication Settings for Internal and External Users with EBS 12.2 Now Available

Tue, 2017-12-12 11:05

I'm pleased to inform you of a recent enhancement delivered for Oracle E-Business Suite 12.2  If you are using Oracle E-Business Suite 12.2.6 or higher you may now configure single sign-on and local authentication at the site and server level.   

Note:  Local authentication simply means that native Oracle E-Business Suite authentication is used. 

With prior Oracle E-Business Suite releases, if you integrated with Oracle Access Manager for Single Sign-On  all users were configured for single sign-on authentication.  Now, you may choose to register your Oracle E-Business Suite 12.2.6+ instance with Oracle Access Manager for single sign-on for all internal users while external users may use local user authentication.  This enhancement also eliminates the requirement to add external users to your corporate directory service.

 

 

For additional details regarding the configuration options refer to Section 6.5 Configure Single Sign-on at Site or Server Level  in Integrating Oracle E-Business Suite Release 12.2 with Oracle Access Manager 11gR2 (11.1.2) using Oracle E-Business Suite AccessGate (Doc ID 1576425.1)

Related Articles

References

Categories: APPS Blogs

Secure Configuration Guidelines for Oracle E-Business Suite 12.2 and 12.1

Mon, 2017-12-11 11:32

We've been providing Oracle E-Business Suite secure configuration guidelines or best practices in our published MOS Notes and guides for some time now. Our secure configuration deployment guidelines include the following recommendations:

Related Articles

References

Categories: APPS Blogs

Secure Oracle E-Business Suite 12.2 with Allowed Redirects

Thu, 2017-12-07 13:37

A redirect is an HTTP response status code "302 Found" and is common method for redirecting a URL. Client redirects are a potential attack vector. The Oracle E-Business Suite 12.2.4+ Allowed Redirects feature allows you to define a whitelist of allowed redirects for your Oracle E-Business Suite 12.2 environment. Allowed Redirects is enabled by default with Oracle E-Business Suite 12.2.6.

When the Allowed Redirects feature is enabled, redirects to sites that are not configured in your whitelist are not allowed. This feature provides defense against unknown and potentially damaging sites. This is an example of an attack that the Allowed Redirect feature will prevent if properly configured:

Your users will see an error message if a redirect is blocked by Allowed Redirects:

Note: Allowed Redirects will only block navigation to sites that happen via client redirects. It is not intended to prevent other methods for accessing external sites.

Where can I learn more?

Related Articles

References

Categories: APPS Blogs

Secure Oracle E-Business Suite 12.2 with Cookie Domain Scoping

Fri, 2017-12-01 11:56

A cookie is a mechanism of storing state across requests to web site. When a site is accessed, a user's browser uses the cookie to store information such as a session identifier. When the site is accessed on a future occasion, the information in the cookie can be reused. If a domain is not specified, then the browser does not send the cookie beyond the originating host.

The Oracle E-Business Suite 12.2 Cookie Domain Scoping feature allows you to define the scope of the cookie. Your scoping configuration requirements will be dictated by the external integrations used with your Oracle E-Business Suite environment and your network configuration. Refer to the documentation for more information regarding your configuration requirements.

Where can I learn more?

Related Articles

References

Categories: APPS Blogs

Secure Oracle E-Business Suite 12.2 with Allowed JSPs/Resources

Wed, 2017-11-29 11:38

Oracle E-Business Suite is delivered with JSPs and servlets. Most customers use only a subset of these provided resources. The Allowed JSPs or Allowed Resources feature allows you to reduce your attack surface by disabling JSPs or servlets that are not used in your environment. You can allow or deny resources at the family, product or resource level.

The Allowed JSPs feature allows you to define a whitelist of allowed JSPs for your Oracle E-Business Suite 12.2 environment. When enabled, accessing JSPs that are not configured in your whitelist is not allowed.

The Allowed Resources feature expands upon the concept of the Allowed JSPs feature and allows you to define a whitelist of allowed JSPs and servlets for your Oracle E-Business Suite 12.2 environment. When enabled, accessing JSPs or servlets that are not configured in your whitelist is not allowed.

Your users will see an error message if a resource is blocked by the Allowed JSPs or Allowed Resources feature.

Refer to the documentation for more information on how to to deploy and configure the Allowed JSPs or Allowed Resources feature.

Which EBS Releases include Allowed JSPs or Allowed Resources?

  • Allowed JSPs is delivered with Oracle E-Business Suite Release 12.2.4
  • Allowed Resources can be enabled with Oracle E-Business Suite 12.2.6+.
  • Allowed Resources with a new user interface and recommendations to provide ease of configuration is on by default with Oracle E-Business Suite 12.2.7.

Where can I learn more?

Related Articles

References

Categories: APPS Blogs

Check and Deploy Secure Configuration for Oracle EBS 12.2 and 12.1

Mon, 2017-11-27 12:43

The Secure Configuration Console provides a single dashboard for you to review if your Oracle E-Business Suite environment is in compliance with critical secure configuration guidelines. You may already be familiar with the set of secure configuration scripts that can be executed in your environment to check secure configuration. The Secure Configuration Console expands on these checks providing additional features and a new user interface. You can access the Secure Configuration Console from the Configuration Manager tab via the Functional Administrator responsibility.

Using the Secure Configuration Console dashboard, you can:

  • Check the high priority secure configuration items in your environment
  • Review and implement secure configuration recommendations where applicable
  • Click to automatically configure some checks in the console
  • Suppress checks that are not relevant to your system

Which Oracle E-Business Suite Releases include the Secure Configuration Console?

The Secure Configuration Console is available as of Oracle E-Business Suite 12.2.6. We recently enhanced this feature to include a total of 24 checks with the release of Oracle E-Business Suite 12.2.7. This feature has also been back-ported to Oracle E-Business Suite 12.1.3 after applying patch 26090737.

Where can I learn more?

Related Articles

References

Categories: APPS Blogs

Using Fast Offline Conversion to Enable Transparent Data Encryption in EBS

Mon, 2017-11-20 13:07

We are pleased to announce a new capability that enables you to perform offline, in-place conversion of datafiles for use with Transparent Data Encryption (TDE). This Fast Offline Conversion feature is now available for use with Oracle E-Business Suite 12.1.3 and 12.2.2 and later 12.2.x databases.

What does this feature do?

Fast Offline Conversion converts existing clear data to TDE-encrypted tablespaces.

The encryption is transparent to the application, so code does not have to be rewritten and existing SQL statements will work unchanged. Any authorized database session can read the encrypted data: the encryption only applies to the database datafiles and backups.

This new process is now the recommended procedure for converting to TDE with minimal downtime and lowest complexity. It supersedes previous methods for converting to TDE.

How do I go about using this feature?

You enable Fast Offline Conversion by applying a patch to your EBS 12.1.0.2 or 11.2.0.4 database. The patch - which is available on request from Oracle Support - enables offline, in-place TDE conversion of datafiles.

Where are the detailed instructions?

Full steps for enabling Fast Offline Conversion are provided in the following My Oracle Support knowledge document:

Related Articles

Categories: APPS Blogs

How Long Can I Get Support for a Specific Java Update?

Wed, 2017-11-15 15:11
Java logo

Support timelines for Oracle products can be tricky to understand.  The time that an overall product release gets updates is governed by the dates in the Oracle Lifetime Support Policies.

EBS users have 12 months to upgrade to the latest Fusion Middleware component patchsets, and 24 months to upgrade to the latest database components. These are called grace periods.

For dates of grace periods for specific Database or Fusion Middleware patchsets, see:

What are the support dates for different Java releases?

Extended Support for Java SE 6 ends on December 31, 2018. E-Business Suite customers must upgrade their servers to Java SE 7 before that date.

Premier Support for Java SE 7 runs to July 31, 2019. Extended Support for Java SE 7 runs to July 31, 2022. 

Do Java updates have grace periods?

No. Support for Java updates works differently than other Oracle products.  New bug fixes and security updates are always delivered on top of the latest Java update available at the time.

This policy applies to Java running on EBS servers, as well as JRE and Java Web Start running on end-user client desktops.

For example:

As of the date that this article was published, the latest Java SE 7 available is Update 1.7.0_161. 

If you report an issue today with an earlier Java SE 7 update such as Java 7 Update 1.7.0_10, you will be asked to apply 1.7.0_161 and attempt to reproduce the issue.

If the issue does not reproduce, then the solution will be to apply 1.7.0_161 to all of your end-user desktops.

If the issue does reproduce, then Oracle Java Support will log a bug and fix the issue on a Java release later than 1.7.0_161.

Related Articles

 

Categories: APPS Blogs

Can You Run ADOP (Online Patching) Over a Daylight Savings Time Change?

Mon, 2017-11-13 16:17

A customer running E-Business Suite 12.2 recently asked whether there were any issues with running ADOP or performing other Online Patching activities over the Daylight Savings Time changeover period.  

The answer: no, there are no issues with running ADOP or performing any other Online Patching functions when timezone definitions change due to Daylight Savings Time.

For more information about Daylight Savings Time in EBS environments, see:

Related Articles

Categories: APPS Blogs

Pages