Oracle Database Appliance Monthly Updates

FAQs on monthly updates for Oracle Database Appliance.

How is the content for an Oracle Database Appliance monthly update different from the content for a quarterly update release?

Content for Oracle Database Appliance quarterly releases includes updates to Oracle Linux, firmware, and the Oracle Database Appliance software stack such as the Oracle Appliance Kit (OAK) and Deployment Coordination Service (DCS). Oracle Database Appliance software stack updates include bug fixes and may include new features. In addition, the latest Release Update (RU) for Oracle Database 19c and Oracle AI Database 26ai and Oracle Grid Infrastructure are also included in Oracle Database Appliance quarterly releases. Oracle Database Appliance monthly updates include only security fixes for critical CVEs in Oracle Linux and any Oracle or third-party dependencies of the Oracle Database Appliance software stack. They do not include new clones for Oracle Database and Oracle Grid Infrastructure, and work with those shipped with the base release.

Is a list of all CVEs fixed in an Oracle Database Appliance monthly update published?

No.

What update paths are supported with monthly releases?

From a base release, you can update only to a monthly release for that base release. From a monthly release, you can update to any later monthly release for the same base release or to the next base, that is, quarterly release.

Is it mandatory to apply a monthly update?

No. You may choose to skip one more monthly updates and then update to the next quarterly release. However, it is recommended to apply monthly updates to keep your system up to-date from a security compliance perspective.

Can I provision a new system using the monthly update?

No.

Is node local patching supported with monthly updates?

Yes. See the next FAQ for more details.

What is the impact on system availability when applying a monthly update?

The options --local,-l and --node-name,-nn options can be used with the odacli update-servercomponents command in both quarterly and monthly updates and function the same way, where only the node specified in the command is updated. In addition, monthly updates support an option called --no-reboot,-nr. When this option is used with the odacli update-servercomponents command, Oracle Grid Infrastructure is not shut down on the node being updated, nor is the node restarted. Hence, when this option is used, there is no downtime for databases running on the bare metal system or inside DB systems on the node being updated.

What is the difference in system behavior when using the --no-reboot,-nr option and when not using it?

When the --no-reboot,-nr option is not used with the odacli update-servercomponents command, the behavior is the same as in a quarterly update. The command applies all updates contained in the server zip and restarts the node. Oracle Clusterware is shut down when updates are applied. When the --no-reboot,-nr option is used with the odacli update-servercomponents command, it skips all updates that require a restart to take effect and applies the rest. Oracle Clusterware is not shut down and the node is not restarted. To apply the remaining updates, you can run the odacli update-servercomponents command without the --no-reboot,-nr option at a convenient time later.

What should I do if the prepatch report for a monthly update shows that some updates cannot be applied without a restart?

You can do one of the following:

• Run the odacli update-servercomponents command with the --no-reboot,-nr option. This applies all updates except those that require a restart. At a convenient time later, you can run the odacli update-servercomponents command without the --no-reboot,-nr option. This applies the remaining updates and restarts the system.
• Run the odacli update-servercomponents command without the --no-reboot,-nr option. This applies all the updates irrespective of their restart requirement and restarts the system.

Even after I applied the monthly update, why does my security scanner still show unremediated CVEs?

New CVEs are reported every day. Just as any quarterly update, each Oracle Database Appliance monthly update has a cut off time, after which changes are not included that release. This is required for stabilization and timely completion of all testing. Hence, after a monthly update is applied to a system, the scanner can still find CVEs reported between the release cut-off time and when the scan was run. These CVEs will be remediated in the next monthly release.

For more information about the new features in this release, see the following topics:

About Applying Monthly Updates on Oracle Database Appliance

Patching Oracle Database Appliance