Monthly Archives: October 2017

Scary Oracle security issues – patch now!

Larry Ellison announced the self-patching database at OpenWorld this year. Until we get to that point, professional DBAs and system administrators need to keep their Oracle environments secure.

Right now, that means at least installing the patches Oracle provides quarterly in the Critical Patch Updates (CPUs). The latest from October 2017 is one of the scariest I have seen for a while. Out of a total of 251 issues, 156 can be remotely exploited without authentication. Everyone who is or can get behind your firewall can use them against you.

If you are running any of the following, you urgently need to install the October CPU:

  • Oracle Database
  • WebLogic Server
  • SOA Suite
  • WebCenter Content
  • Oracle Access Manager
  • GlassFish
  • BI Publisher
  • Oracle BPM
  • MySQL
  • VirtualBox

To nobody’s surprise, there are also newly discovered bugs in Java SE – 22 this time, of which 20 can be remotely exploited without authentication.

Most of the Oracle applications also have serious issues, including Oracle E-Business Suite, Hyperion, JD Edwards, PeopleSoft, and Siebel.

Stay safe. Patch your systems.

 

Don’t miss out on important information you need as an IT professional working with Oracle products. Sign up for the Oracle Tool Watch newsletter and get the free whitepaper “What Oracle is Doing Wrong (and Right) in the Cloud”

Oracle Forms won’t run on Java 9 – now what?

Many of my customers are still running venerable Oracle Forms applications that they have no intention of retiring or replacing. So when Oracle announced in support note 2310266.1 that “Oracle has no current plans to certify or support Java 9 with any version of Oracle Forms,” they were understandably worried.

From Oracle’s standpoint, it makes sense not to spend resources certifying an end-of-life product like Oracle Forms with every Java version. Especially since Java 9 will run under the new release model with a new version every six months.

This should not be a problem for Forms customers. Oracle does promise to continue to make Java 8 updates available to customers with support contracts for Forms or products depending on Forms (like E-Business Suite). Our Forms applications will anyway have to be updated to Forms 12c now that browser support for Java applets is running out, and that allows us to run the Forms applet through Java Web Start. We should then be able to use the <j2se version=“XX”/> tag in our JNLP file to point to the right Java, even if the workstation also has Java 9.

Long term, I expect either that  Forms will be supported on the first Java 9 Long Term Support release in September 2018, or that the Forms applet will become a complete executable using the Java 9 jlink feature.

So don’t worry, you can still run Oracle Forms even if the rest of the world moves to Java 9.

 

This post originally appeared in the Oracle Tool Watch newsletter. If you sign up this week, you will receive a free copy of my whitepaper “What Oracle is Doing Wrong (and Right) in the Cloud” as well as more interesting tips to keep you up to date with what’s happening in the Oracle community.