Monday, July 27, 2020

July WLS Critical Patch Patch 31178492: WLS PATCH SET UPDATE 10.3.6.0.200714


Section 1: Preparing to Install WLS Patch Set Update 10.3.6.0.200714


- WebLogic Server Patch Set Update (PSU) can be applied on a per-domain basis (or on a more fine-grained basis), Oracle recommends that PSU
  be applied on an installation-wide basis. PSU applied to a WebLogic Server  installation using this recommended practice affect all domains and
  servers sharing that installation.

- Stop all WebLogic server processes

- Remove any previously applied WebLogic Server Patch Set Update and associated overlay patches

- Update Java SE (JDK/JRE):
  For users of Oracle JDKs and JVMs, we strongly recommend applying the latest Java 7 Critical Patch Updates (CPUs) as soon as they are released.

  Certain WebLogic Server fixes for deserialization vulnerabilities that are provided in WebLogic Server Patch Set Updates (PSUs) depend on
  JEP 290 filtering and JEP 290 global scope filtering features provided in July 2018 JDK Updates and later JDK updates.
  These WebLogic Server fixes for deserialization vulnerabilities are not effective without these JDK updates, or later JDK updates.
  Oracle strongly recommends that you ensure WebLogic Server is running with a supported JDK version, and the following JDK update level at a minimum:

  JDK 7 Update 191 (JDK 7u191) or later (for WebLogic Server versions that are supported on JDK 7)

  Refer to the following for further information: Doc ID 1506916.1 Obtaining Java SE (JDK/JRE) for Oracle Fusion Middleware Products

- If you are running with a security manager and experience java.io.SerializablePermission "serialFilter" permission exceptions, then you will need to
  update the weblogic policy file to include the following line:

  permission java.io.SerializablePermission "serialFilter";
 
  in the coherence.jar section of the weblogic policy file:
 
  grant codeBase "file:@WL_HOME/../coherence/lib/coherence.jar" {

Section 2: Installing WLS Patch Set Update 10.3.6.0.200714

- Unzip p31178492_1036_Generic.zip to {MW_HOME}/utils/bsu/cache_dir or any local directory  

  Where, MW_HOME is path of the Oracle Middleware Home.
 
  Note: You must make sure that the target directory for unzip has required write and executable permissions
           for "user" with which the component being patched is installed.
 
- Navigate to the {MW_HOME}/utils/bsu directory.

- Apply WLS BSU (Smart Update) fix for quicker patch application. This step can be skipped if the fix is already applied.
  https://support.oracle.com/epmos/faces/DocumentDisplay?id=2271366.1 
 
- Configuring Memory options
 
   For Microsoft Windows systems
   Edit the bsu.cmd script and change memory options as follows:
   set MEM_ARGS=-Xms1024m -Xmx4096m
 
   For UNIX Systems
   Edit the bsu.sh script and change memory options as follows:
   MEM_ARGS="-Xms1024m -Xmx4096m"
 
- Execute bsu.sh -install -patch_download_dir={MW_HOME}/utils/bsu/cache_dir -patchlist={PATCH_ID} -prod_dir={MW_HOME}/{WL_HOME}
 
  Where, WL_HOME is the path of the WebLogic home,
             PATCH_ID is I37G (Unique identifier for WLS Patch Set Update 10.3.6.0.200714).
 
Reference:
How to Apply WebLogic Server (WLS) Patches Using Smart Update
https://support.oracle.com/epmos/faces/DocumentDisplay?id=876004.1
 
BSU Command line interface
http://docs.oracle.com/cd/E14759_01/doc.32/e14143/commands.htm

Section 3: Troubleshooting Patching Failures

WebLogic Server PSU - Popular Known Issues (Doc ID 2458832.1)
https://support.oracle.com/epmos/faces/DocumentDisplay?id=2458832.1
 
WLS BSU (Smart Update) Takes a Very Long Time to Apply Patches - Especially When Checking for Patch Conflicts
https://support.oracle.com/epmos/faces/DocumentDisplay?id=2271366.1
 
Diagnosing "Encountered unrecognized patch ID" Failures When Trying to Patch WLS Using BSU
https://support.oracle.com/epmos/faces/DocumentDisplay?id=1186923.1
 
Conflict Detected - New PSU for WLS 10.3.6 is "mutually exclusive and cannot coexist with patch(es)"
https://support.oracle.com/epmos/faces/DocumentDisplay?id=2267696.1
 
Native Windows Zip/Unzip Tools Fail to Extract Patch Zip Files - "Path Too Long" or "is Invalid" Errors
https://support.oracle.com/epmos/faces/DocumentDisplay?id=2259579.1

Section 4: Post-Installation Instructions

1. Restart all WebLogic servers.
2. The following command is a simple way to verify the successful installation of WebLogic Server PSU patch 10.3.6.0.200714.

            $ . $WL_HOME/server/bin/setWLSEnv.sh
            $ java weblogic.version

    In the following example output, 10.3.6.0.200714 is the installed WebLogic Server PSU.
    WebLogic Server 10.3.6.0.200714 PSU Patch for BUG31178492

3. A note about the weblogic.policy file *

   If you are using a Java security manager (for example, you use -Djava.security.manager to start up WebLogic Server),
   you must ensure that the codeBase in your policy file points to the location where the patches are installed.
   The policy file is specified by -Djava.security.policy during server startup.
   By default, this is weblogic.policy file and resides in WL_HOME/server/lib, where WL_HOME is the WebLogic Server installation directory.
 
   This is an example of what should be added to the weblogic.policy file for the installed patches:
 
   grant codeBase "file:<path-to-WLS-patch-jars>/patch_wls1036/patch_jars/-" {
        permission java.security.AllPermission;
   };
 
  The default weblogic.policy file is a sample. If you use it, you must modify it. Refer to the following URL for additional information:
 
  http://download.oracle.com/docs/cd/E17904_01/web.1111/e13711/server_prot.htm  
 
4. A note about FMW 11g installations using PSU patch 10.3.6.0.200714 or later versions.

   You may see this error after starting the Admin Server :

   "Unable to Read Logging Configuration from File 'logging.xml' exception: oracle.core.ojdl.logging.LoggingConfigurationException:     ODL-52050"
    or
   <BEA-149231> <Unable to set the activation state to true for the application 'SHAREDSERVICES [Version=11.1.2.0]'.

   Please consult this KM Note to evaluate your situation:
   https://support.oracle.com/rs?type=doc&id=2604499.1   

5. If your deployed application uses Java deserialization you may need to customize the WebLogic JEP 290 Default Filter.

   For further information, refer to the "Restrict incoming serialized Java objects." line in the Securing Network Connections table at
   https://docs.oracle.com/middleware/11119/wls/LOCKD/GUID-E5E57EA2-90AC-49E5-AF35-E217B8980BDC.htm#GUID-9A5D9EE1-BE59-475C-BF61-19D4EFC6EDFF   

    Section 5: Uninstalling WLS Patch Set Update 10.3.6.0.200714

     - Stop all WebLogic Servers
     - Navigate to the {MW_HOME}/utils/bsu directory.
     - Execute bsu.sh -remove -patchlist={PATCH_ID} -prod_dir={MW_HOME}/{WL_HOME}

    Section 6: Post-Uninstallation Instructions

    - Restart all WebLogic Servers

    Posted by at No comments:
    Subscribe to: Posts (Atom)