Oracle® WLS Patch Set Update 12.2.1.4.

201001 README

Patch Set Update (PSU) for Bug : 31960985

Date : 02-Oct-20
Platform Patch for : Generic Platform
Product Patched : Oracle WebLogic Server
Product Version : 12.2.1.4.0

This document describes how to install patch for bug # 31960985.

It includes the following sections:

Section 1: Zero Downtime Patching

Section 2: Prerequisites

Section 3: Pre-Installation Instructions

Section 4: Installation Instructions

Section 5: Post-Installation Instruction

Section 6: Deinstallation Instructions

Section 7: Post Deinstallation Instructions

Section 8: Bugs Fixed by This Patch

Section 9: Known Issues

Section 1: Zero Downtime Patching

This patch has been marked as eligible for Zero Downtime Patching.
The type of Zero Downtime Patching supported by this patch is
FMW_ROLLING_ORACLE_HOME.

With Zero Downtime Patching, a Patch can be applied to a system in a manner that
does not incur any downtime.
This ensures that the system can remain available and functioning during the
patching process.
Certain pre-requisites, however, must be met before the patch can be applied.

For more information, see the following:

Doc ID 1942159.1 Introduction to Zero Downtime (ZDT) Patching for Oracle Fusion
Middleware / WebLogic Server
https://support.oracle.com/epmos/faces/DocumentDisplay?id=1942159.1

Section 2: Prerequisites
Ensure that you meet the following requirements before you install or deinstall the
patch:

1. Before applying the non-mandatory patches, ensure that you have the exact
symptoms described in the bug.

2. If using managed Coherence Servers, verify Coherence patch level

If you are using managed Coherence Servers you must install Coherence 12.2.1.4.3
patch or later.
Refer to the following for more information in Coherence patches:
Doc ID 2616220.1 Fixed Bugs List With Patch Downloads -- Oracle Coherence
12.2.1.4.0 for Java
https://support.oracle.com/epmos/faces/DocumentDisplay?id=2616220.1

3. Update Java SE (JDK/JRE):

For users of Oracle JDKs and JVMs, we strongly recommend applying the latest Java
Critical Patch Updates (CPUs)
as soon as they are released. Refer to the following for further information:

Doc ID 1506916.1 Obtaining Java SE (JDK/JRE) for Oracle Fusion Middleware Products
https://support.oracle.com/rs?type=doc&id=1506916.1

4. Update OPatch:

Oracle Fusion Middleware 12.2.1 products are installed with OPatch NextGen 13.3 to
apply interim patches.
The OPatch utility should be updated over time to resolve known issues.

You can check your version using the following command:

ORACLE_HOME/OPatch/opatch version

*** To install this PSU, you must use OPatch version 13.9.4.2.4 or later

If you try to install the PSU with an earlier opatch version (e.g. 13.9.2.0.0),
you will see an error similar to:

"
Verifying environment and performing prerequisite checks...
Prerequisite check "CheckMinimumOPatchVersion" failed.
The details are:

The OPatch being used has version 13.9.2.0.0 while the following patch(es)
require higher versions:
Patch 31537019 requires OPatch version 13.9.4.2.4 or later.
Please download latest OPatch from My Oracle Support.
"

*** OPatch 13.9.4.2.4 is available as Patch 28186730:

https://support.oracle.com/rs?type=patch&id=28186730

Review the following for more OPatch information:

Doc ID 1587524.1 Using OUI NextGen OPatch 13 for Oracle Fusion Middleware 12c
https://support.oracle.com/rs?type=doc&id=1587524.1

5. Verify the OUI Inventory

OPatch needs access to a valid OUI inventory to apply patches.

Note: This needs the ORACLE_HOME to be set(refer section "2. Pre-Installation

Instructions")
prior to run the below commands:

Validate the OUI inventory with the following commands:

$ opatch lsinventory -jre $ORACLE_HOME/oracle_common/jdk/jre

Note:
Make sure the JDK version you use is the certified version for your product.

If the command errors out, contact Oracle Support and work to validate and verify
the inventory setup before proceeding.

6. Create a location for storing the unzipped patch:

This location will be referred to later in the document as PATCH_TOP.

NOTE: On WINDOWS, the preferred location is the drive root directory.

For example, "C:\PATCH_TOP" and avoid choosing locations like, "C:\Documents and
Settings\username\PATCH_TOP".
This is necessary due to the 256 characters limitation on windows platform.

Section 3: Pre-Installation Instructions

1. Set the ORACLE_HOME environment variable to the directory where you have
installed ORACLE WEBLOGIC SERVER.

2. To install this PSU, you must use OPatch version 13.9.4. See Prerequisite
section above.

Section 4: Installation Instructions

1. Unzip the patch zip file into the PATCH_TOP.

$ unzip -d PATCH_TOP p31960985_122140_Generic.zip

NOTE: On WINDOWS, the unzip command has a limitation of 256 characters in the path
name.
If you encounter this, please use an alternate ZIP utility like 7-Zip to unzip the
patch.

For example: To unzip using 7-zip, run the command:

"c:\Program Files\7-Zip\7z.exe" x p31960985_122140_Generic.zip

2. Set your current directory to the directory where the patch is located.

$ cd PATCH_TOP/31960985

3. Run OPatch to apply the patch.

$ opatch apply

Note:
-----
When OPatch starts, it validates the patch and makes sure that there are no
conflicts with the software already installed in the ORACLE_HOME.

In case of opatch conflict, you will see a warning message similar to the one
mentioned below:

Interim Patch XXXX has Conflict with patch(es) [ YYYY ] in OH ...

Conflict patches: YYYY
Patch(es) YYYY conflict with the patch currently being installed (XXXX).
If you continue, patch(es) YYYY will be rolled back and the new patch (XXXX) will
be installed.

If a merge of the new patch (XXXX) and the conflicting patch(es) ( YYYY) is
required,contact Oracle Support Services and request a Merged patch.

Do you want to proceed? [y|n]

n

You must stop the patch installation and the following should be reviewed:

Doc ID 1329952.1 Oracle Fusion Middleware Patch Conflict Resolution

https://support.oracle.com/rs?type=doc&id=1329952.1

Contact Oracle Support if the conflict cannot be resolved or you need a Merge
Request.

Section 5: Post-Installation Instructions

None

Section 6: Deinstallation Instructions

If you experience any problems after installing this patch, remove the patch as
follows:

1. Make sure to follow the same Prerequisites or pre-install steps (if any) when
deinstalling a patch.
This includes setting up any environment variables like ORACLE_HOME and verifying
the OUI inventory before deinstalling.

2. Change to the directory where the patch was unzipped.

$ cd PATCH_TOP/31960985

3. Run OPatch to deinstall the patch.

$ opatch rollback -id 31960985

Section 7: Post Deinstallation Instructions

Restart all servers (AdminServer and all Managed server(s)).

This is necessary to redeploy the original applications and bring the environment
back to it's original state.
Section 8: Bugs Fixed by This Patch
Bug fixes in this patch are shown in the following list:

Issues Resolved in WLS Patch Set Update 12.2.1.4.201001

Issues Resolved in WLS Patch Set Update 12.2.1.4.200624
Issues Resolved in WLS Patch Set Update 12.2.1.4.200228
Issues Resolved in WLS Patch Set Update 12.2.1.4.191220

Issues Resolved in WLS Patch Set Update 12.2.1.4.201001

Applying this bundle patch resolves the issues listed in the following table:

Issues Resolved in WLS Patch Set Update 12.2.1.4.201001

Base Bug Number Description of the Problem

31913015

CONSOLEHELP/EN-US INCORRECT IN JULY PSU

31770512
JAVA:* URL LOOKUPS ARE BLOCKED IN IIOP

31765567

CVE-2020-14883

31765550

CVE-2020-14882

31657139

MANAGED WLS FAIL TO STARTAFTER APPLYING JULY PSU 12.2.1.4.200624,WITH CONNECTION

31567049

CVE-2020-14859

31510290

LIMIT DISABLE OF EXTERNAL ENTITIES TO SERVER CODE

31441174

CVE-2020-14841

31380363

CVE-2020-14825

31332264

CVE-2020-14820

31232471

CVE-2020-11022

31142740

RFA: coherence.web:DistributedSessions service is not joining back the cluster

after network outage

31011293

UNDO CHANGES FAILS WITH THE ERROR "JAVA.LANG.REFLECT.INVOCATIONTARGETEXCEPTION"

30155056

SERVICE MIGRATION GOES INTO A LOOP OR FAILS

29878681

CUSTOMER FACING NEW ISSUE WITH ECLIPSE LINK JAR BUNDLED WITH TOPLINK
Issues Resolved in WLS Patch Set Update 12.2.1.4.200624

Applying this bundle patch resolves the issues listed in the following table:

Issues Resolved in WLS Patch Set Update 12.2.1.4.200624

Base Bug Number Description of the Problem

31353368

CVE-2017-5645

31332368

CVE-2020-14687

31316252

CVE-2017-5645

31297042

CVE-2020-9546

31247235

CVE-2020-14652

31234666

CVE-2020-14645

31234573

CVE-2020-14644

31157988

CVE-2020-14625

31113242
CVE-2020-14622

31047981

STAGE 24 - 12.2.1.5.0 - BAM COMPOSER REPORTS DOESN'T SHOW DATA - ISSUE IN QUERYING
DATABASE

30964331

CVE-2020-2967

30961904

CONNECTION FILTER DOES NOT WORK AFTER APPLYING PSU 12.2.1.3.191217

30958807

CVE-2020-2966

30885128

CVE-2020-14589

30885114

CVE-2020-14588

30838007

UPGRADE 12.2.1.3JAN2020 XAER_PROTO:ROUTINE WAS INVOKED IN AN IMPROPER CONTEXT

30771358

THE PATCH 29971088 IS CAUSING INITIALCONTEXT TO BE NULL

30729141

SETSERVERGROUPS FAILING DUE TO EXCEPTION IN

JMSINFRASERVICEIMPL.GETUNIQUEASPECTVALUE

30692988

CVE-2020-14572

30670689

CVE-2019-16943
30568713

CVE-2019-17359

30510407

IGNOREHOSTNAMEVERIFIER VALUE IN SSLMBEAN IS NOT HONOURED

30478451

IIOP WTC TESTS FAIL WHEN TRYING TO GET AN INITIALCONTEXT

30465861

EMGC APPLICATION TRANSITION FROM NEW TO PREPARE TAKES TOO LONG

30326976

FIX THE QUOTE MARKS IN IDCS PROVIDER MESSAGE CATALOG

30295025

NOSUCHMETHODEXCEPTION WHEN CUSTOM EJB IS INVOKED AFTER APPLYING 12.2.1.3.190522

30285053

CVE-2020-14557

29971088

JAVA.IO.INVALIDOBJECTEXCEPTION: CAN'T DESERIALIZE ENUM IN WLS12.2.1.3

25219796

WLS 12.2.1 FAILS TO FETCH JAX-WS WEB SERVICES

Issues Resolved in WLS Patch Set Update 12.2.1.4.200228

Applying this bundle patch resolves the issues listed in the following table:

Issues Resolved in WLS Patch Set Update 12.2.1.4.200228

Base Bug Number Description of the Problem

30885237

CVE-2020-2884

30885217
CVE-2020-2883

30837932

RESOLVE COHERENCECONTAINERMT-CWEB TEST FAILURES

30814590

EMBEDDED LDAP CORRUPTED WHEN MGD SERVER IS KILLED

30801769

CVE-2020-2869

30740009

CVE-2020-2867

30734182

WEBLOGIC SSLCIPHERUTIL NEEDS TO SUPPORT NEW CIPHER SUITES ADDED IN TLS 1.3

30633620

SUPPORT FOR HTTP CORS IN WEBLOGIC REST API

30624882

CVE-2020-2811

30563848

CVE-2020-2801

30558254

CVE-2020-2798

30459026

BLOCKER: DEPLOYMENTPROGRESSOBJECTS RETURNING 502 ON JCS RECENTLY CREATED

30068341

CVE-2020-2766

29247835
WEBLOGIC IS FAILING TO INJECT ENTITYMANAGER INTERMITTENTLY
Issues Resolved in WLS Patch Set Update 12.2.1.4.191220

Applying this bundle patch resolves the issues listed in the following table:

Issues Resolved in WLS Patch Set Update 12.2.1.4.191220

Base Bug Number Description of the Problem

30589563

coherence-metrics.jar required for exporting coherence metrics is missing from

weblogic jar.

30362086

CVE-2020-2551

30362026

CVE-2020-2550

30342923

CVE-2020-2519

30341541

CVE-2020-2547

30230430

WLS WON'T START AT ALL IF THE IP V6 /64 LISTED ON THE CONNECTION FILTER

30153412

CVE-2019-2888

30067299

CVE-2020-6950

29769772

DEADLOCK ON WEBLOGIC.SERVLET.INTERNAL.ATTRIBUTEWRAPPER

29671344
CVE-2020-2519

26444945

CVE-2020-2544

Section 9: Known Issues

Bug fixes in this patch are shown in the following list:For information about
OPatch issues, see the following:

Doc ID 1587524.1 Using OUI NextGen OPatch 13 for Oracle Fusion Middleware 12c
(12.1.2+)
https://support.oracle.com/rs?type=doc&id=1587524.1

If you are running with a security manager and experience

java.io.SerializablePermission "serialFilter" permission exceptions, then you
will need to update the weblogic policy file to include the following line:

permission java.io.SerializablePermission "serialFilter";

in the coherence.jar section of the weblogic policy file:

grant codeBase "file:@WL_HOME/../coherence/lib/coherence.jar" {

DISCLAIMER:

Oracle recommends this Patch Set Update (PSU) for development and production
systems in accordance with Doc ID 1306505.1.

This PSU may conflict with an interim patch(es) that has been applied to customer
systems.
If a patch conflict is identified, customers should determine, through review of
the bugs fixed list whether the interim patch was included in the PSU.
If the interim patch is included in the PSU, the interim patch does not need to be
applied to systems where the PSU is applied.
If the interim patch is not included in the PSU, the conflict probably arises
because the PSU modifies the same module as the interim patch.
In such cases, customers should contact Oracle Support, provide information about
all patches applied to the system, and request
an overlay patch(es) that will resolve the conflict.

Copyright © 2020, Oracle and/oritsaffiliates.Allrightsreserved.