Apply Oracle Critical Patch Update
Oracle releases information (and patches) for security issues for most products through quarterly, bundled, integrated Critical Patch Updates (CPU). JD Edwards EnterpriseOne Tools security patches are also released with the quarterly Oracle CPU; these patches are normal tools one-off service packs.
Patches can include fixes for the operating system, database, web application server, as well as any EnterpriseOne server. Refer to the Certifications tab on My Oracle Support and search for the EnterpriseOne components:
CPUs include fixes for the most critical security issues, fixes to avoid patch conflict, or prerequisites for security fixes. The release dates for CPUs are announced a year in advance and are selected based on most customers' financial calendars. Oracle tries to avoid the blackout dates during which customers generally do not touch their financial systems.
Refer to the Oracle Critical Patch Updates and Security Alert website for more information: