1.1 How To Use This Document

The following steps explain how to use this document.

Step 1   Assess your Environments

Determine the Oracle product suites and products and their release numbers for each of your environments.

Step 2   Read Important Announcements

Review "What's New in July 2020," as it lists documentation and packaging changes along with important announcements such as upcoming final CPUs.

Step 3   Determine Patches to be Applied

For each environment, determine which patches need to be applied by using the tables in "Patch Availability for Oracle Products." There is one availability table for each product suite release, such as Oracle Database 12.2.0.1, Oracle Identity Access Management 11.1.2.3, and Enterprise Manager Cloud Control 12.1.0.5.

• The table lists the patches to be applied either to the product or to the appropriate product Oracle homes that are associated with the product suite
• The patches are listed in the order released, with newest patches listed first
• For some patches, multiple Oracle homes are listed. Apply the patch to all of the homes indicated that are applicable to your environment and only to the listed Oracle homes
• The table lists only product releases that are under Premier Support or Extended Support and are under error correction as defined in My Oracle Support Note 209768.1, Database, FMW, Enterprise Manager, TimesTen In-Memory Database, and OCS Software Error Correction Support Policy. Patches are provided only for these releases. If you do not see the release that you have installed, then check "Final CPU History" and contact Oracle Support for further assistance
• Patches that include security vulnerabilities announced in the current quarter's CPU Advisory, list the vulnerability CVE numbers in the Advisory Number column. If you are interested in the risk matrix for the vulnerabilities fixed in the patch, then see the CPU Advisory at 
  <a href="http://www.oracle.com/technetwork/topics/security/alerts-086861.html">http://www.oracle.com/technetwork/topics/security/alerts-086861.html</a>

  . For patches that are listed from previous quarterly releases, or the current one without any security fixes, the column indicates "Released MMM YYYY"

• When a section is referenced in a table, follow the link to determine which patches to install. For example, when "Oracle Database" is referenced, determine the Oracle Database release that is installed, and find the patches to apply in the table for that Oracle Database release in "Oracle Database."

Step 4   Apply the Patches

Download the patches, review the READMEs, and apply the patches according to the instructions.

Step 5   Planning for Future Critical Patch Updates

To help you plan for future Critical Patch Updates, this document includes Final CPU information based on Oracle's Lifetime Support Policy and error correction policies.

"Final CPU Information (Error Correction Policies)" in "What's New in July 2020," documents product releases for which final Critical Patch Updates are upcoming or are being announced. In each product section, there is also an Error Correction Information Table that documents the final CPU program patch for the product. Products that have reached the end of error correction are documented in "Final CPU History."

1.2 Terminology in the Tables

The following terminology is used in this patch availability document and in the subsequent tables.

• Update - Release Update
• Revision -Release Update Revision
• BP - Bundle Patch
• Final CPU is the last quarter that a product is supported in the CPU program as per the Premier Support and Extended Support policies. http://www.oracle.com/us/support/lifetime-support/index.html.
• NA Not Applicable.
• OR On-Request. The patch is made available through the On-Request program.
• PSU - Patch Set Update
• SPU - Security Patch Update. An iterative, cumulative patch consisting of security fixes.
• Overlay SPU patch provided as an overlay on top of a PSU or BP instead of a base/patch set release.

1.3 On-Request Patches

Oracle does not proactively release patches for historically inactive platforms. However, Oracle will deliver these patches when requested.

The following guidelines describe how to initiate an on-request (OR) patch.

A request may be made:

• • • At any time. However, a patch for a specific quarterly release, such as CPUOct2012, cannot be requested. Depending on when the request is received and processed, either the patch for the current quarterly release or the next quarterly release will be provided. Your Service Request (SR) will provide you the planned availability date for the patch.
    • As long as the version is in either Premier Support or Extended Support and error correction support has not expired. For example, if a product release is under Extended Support through the release of CPUJan2013 on January 15, 2013, then you can file a request for the product release through January 29, 2013. For more information, see Oracle Lifetime Support Policies at 
      <a href="http://www.oracle.com/us/support/lifetime-support/index.html">http://www.oracle.com/us/support/lifetime-support/index.html</a>

      , and Note 209768.1, Database, FMW, Enterprise Manager, TimesTen In-Memory Database, and OCS Software Error Correction Support Policy.

    • For a platform-version combination when a major release or patch set is released on a platform after a quarterly release date. Oracle will provide the next patch for that platform-version combination, however you may request the current patch by following the on-request process. For example, if a patch is released for a platform on August 1, 2012, Oracle will provide the CPUOct2012 patch for that platform. You may request a CPUOct2012 patch for the platform, and Oracle will review the request and determine whether to provide CPUJul2012 or CPUOct2012.

A patch that is marked as on-request (OR) may already have been requested by another customer and be available on My Oracle Support. Before you file a Service Request (SR), check on My Oracle Support to see if the patch is already available for your platform.

1.4 CPU Program and My Oracle Support Patch Recommendations

My Oracle Support patch recommendation features are available on the Patches & Update tab. The patches announced in this document as part of the CPU program are classified as "Security" patch recommendations in My Oracle Support. If a new patch is being announced in this document, then the classification on any earlier patch is changed to "General", causing it to be removed from the My Oracle Support patch recommendations. If a patch has a "Security" classification, and a subsequent bundle, SPU, or PSU is released with a recommendation classification, then it will be classified as a "Security" recommendation in My Oracle Support.

Once a product release is no longer in error correction, its CPU patch information is removed from this document, but the last patch recommendation continues to be available in My Oracle Support. Ensure to select each of the products installed in your environment to obtain all patches.

1.5 My Oracle Support (MOS) Conflict Checker Tool

The My Oracle Support (MOS) Conflict Checker tool is available as of July 21, 2014.

You can access MOS Conflict Checker at https://support.oracle.com/epmos/faces/PatchConflictCheck. This tool is also accessible from the Patch Search results screen ("Analyze with OPatch" button).

The MOS Conflict Checker Tool allows you to upload an OPatch inventory to check for conflicts with patches to apply to your environment. If no conflicts are found, you can download the patches. If conflicts are found, the tool finds an existing resolution to download. If no resolution is found, you can request a solution, and monitor your request in the Plans region.

For more information and a demonstration video, see Knowledge Document Note 1091294.1, How to Use the My Oracle Support Conflict Checker Tool for Patches Installed with OPatch [Video].

2.1 Final CPU Information (Error Correction Policies)

The final CPU is the last quarter that a product is supported in the CPU program as per the Premier Support and Extended Support policies. Final CPUs for upcoming releases, as well as newly scheduled final CPUs, are listed in the following sections.

Final CPUs scheduled for Oct 2020

• Oracle Coherence 12.1.3.0.0
• Oracle Enterprise Data Quality for Product Data 11.1.1.6.0
• Weblogic Server 12.1.3.0.0

2.2 Post Release Patches

Oracle strives to complete preparations and testing of each Quarterly Security Patch for each platform by the quarterly release date. Occasionally, circumstances beyond our control dictate that a particular patch be delayed and be released a few days after the quarterly release date. The following table lists any current patch delays and the estimated date of availability.

3 Patch Availability for Oracle Products

This section contains the following:

• Section 3.1 "Oracle Database"
• Section 3.2 "Oracle Enterprise Manager"
• Section 3.3 "Oracle Fusion Middleware"
• Section 3.4 "Oracle Sun Middleware"
• Section 3.5 "Tools"

3.1 Oracle Database

This section contains the following:

• Section 3.1.1 "Oracle REST Data Services (formally called Oracle APEX Listener)"
• Section 3.1.2 "Oracle Application Express"
• Section 3.1.3 "Reserved for Future Use"
• Section 3.1.4 "Oracle Database"
• Section 3.1.5 "Oracle Database Mobile/Lite Server"
• Section 3.1.6 "Oracle GoldenGate"
• Section 3.1.7 "Oracle GoldenGate for Big Data (Formerly known as Oracle GoldenGate Application Adapters)"
• Section 3.1.8 "Oracle GoldenGate Veridata"
• Section 3.1.9 "Oracle Secure Backup"
• Section 3.1.10 "Oracle Spatial Studio"
• Section 3.1.11 "Oracle Stream Analytics"
• Section 3.1.12 "Oracle TimesTen In-Memory Database"

3.1.1 Oracle REST Data Services (formally called Oracle APEX Listener)

Error Correction information for Oracle REST Data Services 3.0

Minimum Product Requirements for Oracle REST Data Services

Critical Patch Update security vulnerabilities are fixed in the listed releases. For Oracle REST Data Services downloads and installation instructions, see http://www.oracle.com/technetwork/developer-tools/rest-data-services/overview/index.html.

3.1.2 Oracle Application Express

Minimum Product Requirements for Oracle Application Express

Critical Patch Update security vulnerabilities are fixed in the listed releases. For Oracle Application Express downloads and installation instructions, see http://www.oracle.com/technetwork/developer-tools/apex/downloads/index.html.

3.1.3 Reserved for Future Use

3.1.4 Oracle Database

This section contains the following:

• Section 3.1.4.1 "Patch Availability for Oracle Database"
• Section 3.1.4.2 "Oracle Database 19"
• Section 3.1.4.3 "Oracle Database 18"
• Section 3.1.4.4 "Oracle Database 12.2.0.1"
• Section 3.1.4.5 "Oracle Database 12.1.0.2"
• Section 3.1.4.6 "Oracle Database 11.2.0.4"

3.1.4.1 Patch Availability for Oracle DatabaseFor information regarding the different types of patches for Database, refer to Oracle Database - Overview of Database Patch Delivery Methods - 12.1.0.2 and older, Note 1962125.1 and Oracle Database - Overview of Database Patch Delivery Methods for 12.2.0.1 and greater, Note 2337415.1

3.1.4.2 Oracle Database 19

Patch Availability for Oracle Database 19

3.1.4.3 Oracle Database 18

Patch Availability for Oracle Database 18

3.1.4.4 Oracle Database 12.2.0.1

Patch Availability for Oracle Database 12.2.0.1

3.1.4.5 Oracle Database 12.1.0.2

Error Correction information for Oracle Database 12.1.0.2

Patch Availability for Oracle Database 12.1.0.2

If the Combo patches that are listed in the first row are applied, then the patches listed in Rows 2 and 3 do not need to be applied.

3.1.4.6 Oracle Database 11.2.0.4

Error Correction information for Oracle Database 11.2.0.4

Patch Availability for Oracle Database 11.2.0.4

If the Combo patches that are listed in the first row are applied, then the patches listed in Rows 2 and 3 do not need to be applied.

3.1.5 Oracle Database Mobile/Lite Server

Error Correction Information for Oracle Database Mobile Server

Patch Availability for Oracle Database Mobile Server 12.1.x

Patch Availability for Oracle Database Mobile Server 11.3.x

3.1.6 Oracle GoldenGate

Error Correction information for Oracle GoldenGate

Patch Availability for Oracle GoldenGate

3.1.7 Oracle GoldenGate for Big Data (Formerly known as Oracle GoldenGate Application Adapters)

Error Correction information for Oracle GoldenGate for Big Data

Patch Availability for Oracle GoldenGate for Big Data

3.1.8 Oracle GoldenGate Veridata

Error Correction information for Oracle GoldenGate Veridata

Patch Availability for Oracle GoldenGate Veridata

3.1.9 Oracle Secure Backup

Error Correction information for Oracle Secure Backup

Minimum Product Requirements for Oracle Secure Backup

Critical Patch Update security vulnerabilities are fixed in the listed releases. The Oracle Secure Backup downloads and installation instructions can be found at http://www.oracle.com/technetwork/database/database-technologies/secure-backup/overview/index.html

3.1.10 Oracle Spatial Studio

Minimum Product Requirements for Oracle Spatial Studio

Critical Patch Update security vulnerabilities are fixed in the listed releases. The Oracle Spatial Studio downloads and installation instructions can be found at
https://www.oracle.com/database/technologies/spatial-studio/oracle-spatial-studio-downloads.html

3.1.11 Oracle Stream Analytics

Minimum Product Requirements for Oracle Stream Analytics

Critical Patch Update security vulnerabilities are fixed in the listed releases. The Oracle Stream Analytics downloads and installation instructions can be found at
https://www.oracle.com/middleware/technologies/stream-analytics/downloads.html

3.1.12 Oracle TimesTen In-Memory Database

Error Correction information for Oracle TimesTen In-Memory Database

Describes Error Correction information for Oracle TimesTen In-Memory Database.