July | 2014 | Robert Gideon's BI/EPM Blog

On Wednesday, July 16, Oracle released EPM version 11.1.2.2.500. It appears as if this patch is very much the same as Oracle did with the 11.1.2.3.500 patch, where multiple products are patched in one large EPM bundle patch.

This PSU may be applied to all 11.1.2.2.x releases where .x is less than .500.

Products included in this patch:

Oracle Hyperion Planning
Oracle Hyperion Financial Data Quality Management ERP Integration Adapter for Oracle Applications
Oracle Hyperion EPM Architect
Oracle Hyperion Enterprise Performance Management Workspace
Oracle Hyperion Financial Reporting
Oracle Hyperion Reporting and Analysis Framework
Oracle Crystal Ball
Oracle Hyperion Strategic Finance
Oracle Hyperion Profitability and Cost Management
Oracle Hyperion Web Analysis
Oracle Hyperion Interactive Reporting
Oracle Hyperion Financial Management
Oracle Hyperion Shared Services
Oracle Hyperion Calculation Manager
Oracle Hyperion Financial Close Management

DRM, Performance Scorecard, Disclosure Management, and Smart View are not patched in this version.

New Features in this release:

Windows 8 support

Office 2013 support

Internet Explorer 10 compatibility

Firefox 24.x ESR compatibility

HPCM – This patch introduces a new Web Service to support multi-POV calculations for Standard Profitability applications.

Shared Services – You can now select and delete all taskflows listed on the Taskflows screen.

Planning – Response time has improved for Hyperion Planning 11.1.2.2.500 functionality in a browser. The Hyperion Planning response time for functionality within a browser is faster in the 11.1.2.2.500 release. For example, the 11.1.2.2.500 end-to-end response times through the browser averaged 41% faster than 11.1.2.2.300, with up to 200 users on the system. Some actions, such as scrolling forms, completed 70% faster in 11.1.2.2.500.

Patches required:

EPM Bundle Patch (search under Shared Services) – 18659116

11.1.2.2.500 Client Installers – 18856417

To see the full updated EPM Platform compatibility matrix, click here.

Today Oracle released a list of vulnerabilities to the EPM and related BI software along with a host of other products. See the full announcement here: http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

This one was interesting as my beloved Hyperion products were mentioned. Seven vulnerabilities were identified with Hyperion products. It was interesting that most of the patches for these vulnerabilities have been out for a little while, so hopefully you have already mitigated some of these. Here is list of defects for Hyperion:

If you clicked the link from the announcement to My Oracle Support note number 1666884.1, the Patch Set Update and Critical Patch Update July 2014 Availability Document, will give you the patches to fix each vulnerability.

Patch Availability for Oracle Hyperion Analytic Provider Services

Product Home	Patch	Advisory Number	Comments
11.1.2.3	SPU Patch 17767293	CVE-2014-4246	11.1.2.3.500 PSU
11.1.2.2	SPU Patch 18148649	CVE-2014-4246	11.1.2.2.106 PSU

Patch Availability for Oracle Hyperion BI+

Product Home	Patch	Advisory Number	Comments
11.1.2.3	SPU Patch 17529887 and SPU Patch 18383790	CVE-2014-0436	11.1.2.3.500 PSU (included in 17767293) and 11.1.2.3.500 Client Installers PSE
11.1.2.2	SPU Patch 18659116 and SPU Patch 18856417	CVE-2014-0436	I could not find these patches. The links do not show the patch.

Patch Availability for Oracle Hyperion Common Admin

Product Home	Patch	Advisory Number	Comments
11.1.2.3	CPU Patch 18672071	CVE-2014-4269, CVE-2014-4270	11.1.2.3.501 PSU for Shared Services
11.1.2.2	CPU Patch 18659116	CVE-2014-4269, CVE-2014-4270	I could not find this patch either.

Patch Availability for Oracle Hyperion EAS

Product Home	Patch	Advisory Number	Comments
11.1.2.3	Admin Server Patch 17417347Admin Console Patch 17417344	Released January 2014	11.1.2.3.002 PSU, should also be included in 11.1.2.3.501 PSU
11.1.2.2	Admin Server Patch 17277761Admin Console Patch 17277764	Released January 2014	11.1.2.2.104 PSU
11.1.2.1	Admin Server Patch 17545122Admin Console Patch 17545124	Released January 2014	11.1.2.1.107 PSU

Patch Availability for Oracle Hyperion Enterprise Performance Management Architect

Product Home	Patch	Advisory Number	Comments
11.1.2.3	SPU Patch 17529887 and SPU Patch 18383790	CVE-2014-4203, CVE-2014-4206	11.1.2.3.500 PSU and 11.1.2.3.500 Client Installers PSE
11.1.2.2	SPU Patch 18659116 and SPU Patch 18856417	CVE-2014-4203, CVE-2014-4206	I could not find this patch either.

Patch Availability for Oracle Hyperion Essbase

Product Home	Patch	Advisory Number	Comments
11.1.2.3	SPU Patch 18505489	CVE-2014-4271	11.1.2.3.501 PSU
11.1.2.2	SPU Patch 18520684	CVE-2014-4271	11.1.2.2.000 Patch Set Update Exception (PSE): 11.1.2.2.106 (18520684)

Patch Availability for Oracle Hyperion Strategic Finance

Product Home	Patch	Advisory Number	Comments
11.1.2.2	CPU Patch 14593946	Released April 2014	11.1.2.2.301 PSU
11.1.2.1	CPU Patch 17636270	Released April 2014	11.1.2.1.103 PSU

In addition to the application patches, we also find that WebLogic Server 10.3.6.0 is listed. This is important because it is part of our installation of EPM 11.1.2.x and most of us take it for granted.

Patch Set Update Availability for Oracle WebLogic Server

Product Home	Patch	Advisory Number	Comments
Oracle Java SE home	JDK/JRE 6 Update 81: Patch 9553040		See Note 1492980.1, How to Maintain the Java SE Installed or Used with FMW 11g Products
Oracle JRockit 28.x home	R28.3.3- Patch 18763693
WebLogic Server 10.3.6.0.0 home	PSU 10.3.6.0.8 Patch 18040640	CVE-2014-2480, CVE-2014-2481, CVE-2014-4256, CVE-2014-4242, CVE-2014-4253, CVE-2014-4267, CVE-2014-4255, CVE-2014-4254, CVE-2014-2479, CVE-2014-4210, CVE-2014-4241, CVE-2014-4217, CVE-2014-4201, CVE-2014-4202	See Note 1306505.1, Announcing Oracle WebLogic Server PSUs (Patch Set Updates)For CVE-2014-4256, see Note 1903763.1, Download Request for Security Configuration

Product Home

Patch

Advisory Number

Comments

Oracle Java SE home

JDK/JRE 6 Update 81:

Patch 9553040

See Note 1492980.1, How to Maintain the Java SE Installed or Used with FMW 11g Products

Oracle JRockit 28.x home

R28.3.3- Patch 18763693

WebLogic Server 10.3.6.0.0 home

PSU 10.3.6.0.8 Patch 18040640

CVE-2014-2480, CVE-2014-2481, CVE-2014-4256, CVE-2014-4242, CVE-2014-4253, CVE-2014-4267, CVE-2014-4255, CVE-2014-4254, CVE-2014-2479, CVE-2014-4210, CVE-2014-4241, CVE-2014-4217, CVE-2014-4201, CVE-2014-4202

See Note 1306505.1, Announcing Oracle WebLogic Server PSUs (Patch Set Updates)For CVE-2014-4256, see Note 1903763.1, Download Request for Security Configuration

Also note in the announcement that there is a patch for OBIEE’s Mobile App Designer.

Patch Availability for Oracle Business Intelligence App Mobile Designer

Product Home	Patch	Advisory Number	Comments
11.1.1.7.0	SPU Patch 18794832	CVE-2014-4249	Must delete existing MAD deployment and install this one. Check the readme.

This appears to be a replacement for the entire MAD install. Going forward, I will use the Oracle BI Mobile App Designer patch 18794832 instead of the older 17220994 patch. This patch came out on 6/3, so they aren’t very good about announcing these patches. I guess that’s why we should be reading these quarterly announcements to find out what has been fixed.

Robert Gideon's BI/EPM Blog

Oracle BI/EPM musings from a consultant in the field.

Month: July 2014

EPM 11.1.2.2.500 – IE10, Windows 8, Office 2013 compatibility

July 2014 Oracle Quarterly Critical Patch Availability