Author: Robert Gideon

EPM/BI Consultant specializing in Infrastructure and support.

CDF Series Part 2: Prebuilt CDFs

Oracle has given Essbase administrators several different prebuilt CDFs that can be used anytime they are needed. There are three main locations for prebuilt CDFs: Oracle’s Sample Code site, Calculation Manager, and Hyperion Planning.

Oracle Sample Code

Located at (, Oracle’s Sample Code site offers eight different downloads containing several CDFs.  These downloads contain precompiled JAR files, the necessary MaxL statements to register the CDFs, and usually a sample calculation to show how to use the CDFs.  The eight downloads are:

  • Financial Functions: Calculates loan maturity, principal and interest payments, and interest rates
  • Export Functions: The main function used in this CDF was replaced by the DATAEXPORT Essbase calculator function
  • Email Functions: Sends emails during calculations to alert administrators or users
  • Date Functions: Includes various functions to work with dates, some are epoch date format and some are YYYYMMDD format
  • Data Functions: Allows retrieval of external data from files or the Internet
  • Counter Functions: Counts the number of passes through an outline during a calculation for tuning purposes
  • Logging Functions: Logs messages to a specified file, replaced by @CalcMgrLog and @CalcMgrLogText functions
  • String Functions: Manipulates text fields, many of these functions are also available in @CalcMgr* text functions

Calculation Manager CDFs

Beginning with Calculation Manager and up, many prebuilt Custom Defined Functions are automatically deployed to the Essbase server and ready for use. Version of Calculation Manager includes 67 prebuilt functions.  Many of these functions are for text and date manipulation.  The date functions are primarily for use in Capital Expenditure and Workforce Planning applications using the YYYYMMDD date format, but can be used in any application that stores dates using that format.

In addition to the text and date functions, there are six miscellaneous functions that can be useful in a variety of situations.  The six miscellaneous functions are:

  • @CalcMgrExecuteEncryptMaxLFile – allows the execution of an encrypted MaxL file.
  • @CalcMgrExecuteMaxLScript – streams MaxL code to the Essbase kernel for immediate execution
  • @CalcMgrLog – writes messages to a specified text file, can include data from Essbase for validations
  • @CalcMgrLogText – writes text-only messages to a specified text file
  • @CalcMgrMDXDataCopy – using MDX queries, this function can select a range of data blocks in one application and copy the data to a target application
  • @CalcMgrMDXExport – using MDX queries, this function exports data to a file quickly without the ugly formatting of a traditional MDX export

Some of these functions are not properly registered after applying the patch.  The errors can be fixed by editing the essfunc.xml file in the %EPM_ORACLE_HOME%\EssbaseServer\essbaseserver1\java directory. The following edits need to be made to have all of the CDFs registered properly:

  • @CalcMgrGetCurrentDate
    • Change getCurrentDate(int) to getCurrentDate()
  • @CalcMgrIndexOf
    • Change indexOf(String,int) to indexOf(String,String,int)
    • Change @CalcMgrIndexOf(text, beginIndex) to @CalcMgrIndexOf(text, searchString, beginIndex)
  • @CalcMgrLastIndexOf
    • Change lastIndexOf(String,int) to indexOf(String,String,int)
    • Change @CalcMgrLastIndexOf(text, beginIndex) to @CalcMgrLastIndexOf(text, searchString, beginIndex)
  • @CalcMgrSubstring
    • Change substring2(String,int,int) to substring(String,int,int)
    • Change @CalcMgrSubstring2(text, startIndex, endIndex) to @CalcMgrSubstring(text, startIndex, endIndex)
  • @CalcMgrMDXExport
    • Change hyperion.calcmgr.common.cdf to com.hyperion.calcmgr.common.cdf.MDXExport

Hyperion Planning CDFs

Hyperion Planning also comes with several prebuilt CDFs.  In version, Planning contains 23 CDFs available for use in both Calculation Manager rules and in Essbase calculation scripts. When attempting to use these rules in Calculation Manager, the parameter definitions are not descriptive, as shown in the picture below:

CalcMgr Functions

To get a better feel for the parameters for each @Hsp* function, view their definitions in Essbase Administration services as shown below:

EAS Function

Next time we will cover creating our own CDFs from scratch.

Introduction to CDFs

I attended a Matt Milella presentation several years ago about CDFs and always wanted to use one.  A couple of years ago, I was in a bind at a client who needed very specific to an Essbase extract for integration with SAP, and I actually had a chance to write one from scratch.  It’s not very often that you are faced with such a problem, but it’s great to know that Oracle has given us the tools to handle almost any situation.

Introduction to Custom Defined Functions

The Essbase calculator engine is use in Block Storage Option (BSO) and hybrid aggregation applications. There are 160 built-in calculator functions. BSO databases are known for their superior calculation ability due to these functions; however, occasionally there is a need for additional functionality not covered by the calculator engine or built-in functions. In these instances, Custom Defined Functions can be used to extend the calculator engine.

Custom Defined Functions (CDFs) are Java classes written to interact with the Essbase calculator. CDFs allow data, metadata, or both to be passed from the calculator engine into Java.  Data or metadata can then be returned to the calculator engine. CDFs harness the power of Java, so they are able to call any outside process.

CDFs open a world of possibilities through the use of Java.  They can be used to: submit MaxL commands dynamically from within a calculation, interact with the server operating system, do complex calculations not available with the existing calculator functions, or even fetch data from the Internet. These functions may be deployed at the server-level and available for use by all applications, or at the individual application level.

Java code is compiled into a Class file. Classes must then be packaged into a Java Archive file, also known as a JAR. The JAR file is then placed on the Essbase server in the %EPM_ORACLE_HOME%\products\Essbase\EssbaseServer\java\udf directory for global or server-wide functions or they can be placed in the %EPM_ORACLE_INSTANCE%\EssbaseServer\essbaseserver1\app\ApplicationName directory for an application-level CDF.  When using global CDFs, the udf.policy in the %EPM_ORACLE_HOME%\products\Essbase\EssbaseServer\java directory must be updated to allow Essbase access to the custom code.  A line can be added to the end of the udf.policy file as follows:

grant codeBase "file:${}/../java/udf/yourCDF.jar" {   

Next, the CDF must be registered with Essbase.  This can be done in Essbase Administration Services (EAS) by selecting Edit >> Functions on your Essbase server, or within MaxL. To register the @JsendMail function, the MaxL code would look like:

create or replace function '@JechoString' as 
spec '@JechoString(strArray)' 
comment 'Echoes back all arguments passed to the function.  To pass an array of arguments use @List(comma delimited list)'

Essbase picks up new Custom Defined Functions on startup.  When creating new global CDFs, the Essbase service must be stopped and restarted to recognize the new function.  When creating application specific CDFs, restarting the application is sufficient. When developing new CDFs, it is recommended to begin with application level functions during the initial testing as it is easier to stop and restart at the application level than restart the Essbase service.

As the application starts, messages are written to the application’s Essbase log about the functions. When creating new functions, check the Essbase application log to verify that the function is registered successfully. Any messages other than a successful registration indicate changes are needed to the CDFs registration in EAS. When a function is registered properly the following message is displayed in the log:

[Wed May 20 10:14:34 2015]Local/Sample///10636/Info(1200445) 
External [GLOBAL] function [@JechoString] registered OK

Once defined properly and registered with Essbase, Custom Defined Functions may typically be run in two ways.  The first method of running a CDF is similar to a typical Essbase calculator function.  When running a CDF using this method, it must be placed inside a calculation member block.  This option calls the Java methods directly from inside the Class file. If the CDF definition was setup “with property runtime” in MaxL, or with the “Runtime” box checked in EAS, the CDF will execute for all members of the calculation.  The amount of blocks impacted by the CDF can be limited with a FIX statement. A typical calculation script using the first option for running a CDF is:

FIX ("New York", "Sales", "Budget",@RELATIVE("Product",0))

The second option to run a CDF is using the RUNJAVA command.  This method of running a CDF executes only once and calls the “main” method of a Java class.  The Custom Defined Function must be written properly to accept this method of calling it. Using the RUNJAVA command does not require that a CDF be registered in EAS or by MaxL. A typical RUNJAVA command is:

RUNJAVA com.hyperion.calcmgr.common.cdf.MaxLFunctions
  true -D C:\\Scripts\\BatchCalc.mxl

That’s all for this week, next time we will talk about prebuilt CDFs from Oracle that we can use right away. Later, we will cover how to write your own CDF (assuming some level of Java coding experience)/

WebLogic vulnerability in Oracle EPM and BI: Security Alert CVE-2015-4852

Oracle customers are beginning to get a rare vulnerability notification outside of the quarterly Critical Patch Update.  This update refers to a security vulnerability for Oracle WebLogic, IBM WebSphere and other Java web servers, which affects EPM and BI products as well as many other applications built on Oracle’s Fusion Middleware.

The vulnerability allows remote execution of code on the web server without a login ID or password.  Basically, a Java application can be written to exploit this vulnerability allowing a hacker to force WebLogic to run a command on the server. Obviously, this could be very bad for your WebLogic server.

Due to the high Common Vulnerability Scoring System (CVSS) score of 7.5, Oracle is informing its customers of mitigation instructions while patches for this vulnerability are being worked on.  My Oracle Support document 2076338.1 lists mitigation options for WebLogic.  Oracle has another MOS article (2075927.1) that lists the patches and minimum releases that will be fixed by those patches.  It’s very important to note that we will likely need to first patch our WebLogic to the minimum release and then apply the security patch to fix this vulnerability.

At this time, the options are limited to either blocking all T3 traffic from reaching your WebLogic server (like RMI through an HTTP server (like Oracle HTTP Server or Apache) or by blocking undesirable T3 traffic on WebLogic using Network Connection Filters to refuse any connections from undesirable IPs.

While this vulnerability is a little scary, most EPM and BI environments are internal applications and are not facing the internet where the possibility of malicious attack is much more likely.  For those environments that are internet-facing, your security team is likely already on top of this vulnerability once it was confirmed last Friday by FoxGlove Security.  The sad part is that the vulnerability was brought to the public in January at AppSecCali and hadn’t been addressed at all.  If you really want to geek out, check out the links for full details.

I don’t pretend to be cool enough to understand exactly how the vulnerability works in Java, but I do know that some malicious code could really ruin your day.  Stay tuned to the My Oracle Support documents listed above as more details come and patches for WebLogic are eventually released.

Running Essbase 11.1.2.x in the foreground

For many years, the conventional wisdom was that if your Essbase server was failing to start, you should run it in the foreground to see any messages that might be displayed to the console, but not logged into the Essbase.log file. With the pre-11.1.2.x versions, this was usually quite simple. In fact, if you had your environment variables set right, all you needed to do is type in ‘essbase’ at a command prompt regardless of what directory and your Essbase server would start before your eyes.

According to the Essbase Database Administrator’s Guide (dbag), it states that the ability to run Essbase in the foreground is no longer supported as of version With the 11.1.2.x versions and their more complicated directory structure (some static files stored in …Oracle/Middleware/EPMSystem11R1/products…. and some files stored in …Oracle/Middleware/user_projects/epmsystem1/…); starting Essbase in the foreground can be challenging if you don’t use this simple hack.

If we open a command prompt and navigate to the …/Oracle/Middleware/EPMSystem11R1/products/Essbase/EssbaseServer/bin directory and type in ‘essbase’, you will likely see a message about an improper ESSBASEPATH, or maybe a message about the Locale.

In later versions, Essbase needs to reference files from different folders.  We have two options, we can either set up the proper environment variables or we can do what Oracle has done with their ESSCMD and ESSMSH executables.  I like to hijack the “startEsscmd.cmd” script that is installed with the Essbase Client in …/Oracle/Middleware/EPMSystem11R1/products/Essbase/EssbaseClient/bin directory.

Simply save a copy of the “startEsscmd.cmd” script as “startEssbase.cmd”.  Edit the new “startEssbase.cmd” script and change the “%ARBORPATH%\bin\ESSCMD.exe %*” line to “%ARBORPATH%\bin\ESSBASE.exe %*”. Then, save the startEssbase.cmd file and when you double-click it in Windows, Essbase will run in that window. Now you can use those old school Essbase commands in the foreground and rebuild the Essbase.sec file if absolutely necessary.

Of course, this is unsupported and with the advances in Essbase, it’s probably not even necessary since Essbase runs much better now than it did in the 9.3.x and early 11.1.1.x days.  The only time I have had to do this is when the Essbase.sec is corrupted beyond repair, but starting in version, I believe, Essbase tries to create a new Essbase.sec file automatically if it’s missing. It’s not very often that these steps are needed, but I wanted to document them just in case anyone is running on an old version out there. If you are on EPM version or older, please consider an upgrade. I know a guy that can help with that.

Oracle Critical Patch Update – July 2015

Last week on July 14, Oracle released it’s quarterly Critical Patch Update.  The following Hyperion and BI products are affected by security vulnerabilities:

  • Hyperion Essbase
  • Hyperion Shared Services
  • Hyperion EPMA

Hyperion Essbase

There are patches available to fix the vulnerabilities in Essbase for the and versions. The patch for version are the Patch Set Update (PSU) for the Essbase Server and Essbase Client (patch numbers 20184072 and 20184082, respectively).  The vulnerability fix for Essbase version is “Upgrade to Hyperion Essbase, then apply the patches listed above”.  If you are on an older version of Essbase than, it is time to upgrade.

Hyperion Shared Services

The CPU document calls this “Hyperion Common Security,” but they are talking about Shared Services. The vulnerability is listed as affecting versions,, and  The patch for version is listed as patch number 20876722. This one is interesting because if you search, that patch doesn’t bring anything up on the My Oracle Support site. I also searched for Shared Services patches under, but there isn’t even an version available to choose yet.  Edit 7/22/15 – The Shared Services patch (number 20876722) came out on 7/21 and is available on My Oracle Support. The patch is the Shared Services PSU (number 20675028). That PSU requires patching nearly every EPM product in your environment but gives the ability to run Internet Explorer 11 in its native mode – no more Enterprise Mode needed for  The patch is listed as number 21052487, but this is a bad patch number as well with no results when using their link.

Hyperion Enterprise Performance Management Architect

The EPMA vulnerabilities affect both versions and  In version, you have two different options to fix the vulnerabilities: EPMA PSU (patch number 19466859) or EPMA PSU (patch number 20929659).  If you are on version, a patch set update is available on request from Oracle.  I assume that you would need to submit an SR to get a PSU from Oracle Support for


For version of OBIEE, only a patch to Third Party BI software (patch number 21235195) is listed as a critical patch.

The following patches are listed to fix vulnerabilities in version

Essbase fragmentation head-scratcher

With the release of Essbase, there was an interesting entry in the readme that caused some chatter on Network54.  The readme states:

The INPLACEDATAWRITE setting in essbase.cfg enables or disables in-place data writing.

Prior to this release, each time a data block was updated, it was written to a new disk location. With this release, for Exalytics, Essbase enables in-place data writing.

In-place data writing means that when updates occur, the data block can be written to the same location, as long as the compressed size of the data block fits in its original location on the disk.

In-place data writing can help reduce data fragmentation and lower the need for frequent restructuring of database. It also reduces the need for frequent index updates, resulting in improved performance.

Merely updating a single value of a cell in a single block causes that block to be written to the end of the page file? This made long-time developers scratch their heads because many of us believed that updating values in a block did not cause fragmentation. If submitting data causes fragmentation, imagine how bloated our Planning databases must be. No wonder we hear recommendations to restructure nightly during a planning cycle.

Glenn Schwartzberg said that yes, that’s how he understood it to work.  Edward Roske said there was no way submitting data cause fragmentation.  Cameron Lackpour didn’t believe it either until he did some testing and found that the ESSCMD GETDBSTATS command reported fragmentation after updating a single cell of Sample.Basic. Dan Pressman commented that he had seen the same behavior with compression turned off – BSO writes to the end of the .pag file when blocks are updated.

Test 1:

I tested this out on an, non-Exalytics sandbox. In Excel, I retrieved a single block of one of our sample cubes (not Sample.Basic, this was a larger demo cube). The page dimensions of my worksheet listed a single level-0 member from each Sparse dimension of the cube. Accounts were on my rows and January was my column dimension (both were level-0 Dense members).

With that sheet, I wrote a macro to do the following:

  • Update each data cell of the grid to a randomly generated number
  • Submit the data for the block back to Essbase
  • Call a MaxL script to stop and restart the Essbase application to flush the cache
  • Loop back to the top, iterating 250 times

While I ran the macro, I (im)patiently watched the database directory to see if the database’s essn.ind or essn.pag files would grow.  As we all know, if there is fragmentation that happens each time the block is submitted back to Essbase, the .pag file should see some growth – especially over 250 iterations. For complete transparency, this database is using the bitmap compression type that is the default for BSO applications.

After 250 iterations of changing the same block and stopping/restarting the application there was no essn.pag file growth. The GETDBSTATS results show the following:

  • Average Clustering Ratio: 0.4431846
  • Average Fragmentation Quotient: 0.8091218

That leads me to believe there is a little bit of fragmentation, so I cleared the cube and loaded in a level-0 extract of the data and ran a calculation.  After that, I ran GETDBSTATS again and found the following:

  • Average Clustering Ratio: 0.5117247
  • Average Fragmentation Quotient: 0.6745301

Test 2:

My next test was to do the same loop except I added in a quick aggregation step after the data was submitted. This time, as the macro ran, I could plainly see the essn.pag file growing every 5-6 loops of the code. The Average Clustering Ratio and Average Fragmentation Quotient also grew as the calculations ran.

What does all of this mean?


My conclusion is that the documentation on INPLACEDATAWRITE is a little misleading. Essbase without the INPLACEDATAWRITE does NOT write a block to the end of the .pag file if a block is updated. Blocks may be updated all day long by submitting data to them without expanding your .pag files. Fragmentation is caused when a data block is brought into the calculator engine. This is where INPLACEDATAWRITE does its magic on Exalytics machines and allows those blocks to be compressed and returned to their original location in the .pag file, thus preventing fragmentation.

What about the Fragmentation Quotient? Well, in the DBAG, it mentions that the Fragmentation quotient can be high and not indicate a need to defragment since free space in the .pag is created in 8MB chunks. I observed this to be true during Test 2 where excess free space was added to the .pag file and the file would only grow after 5-6 loops of the submit data/calc/stop/start routine. My thought is that an Average Fragmentation Quotient less than 1 (<1%) is essentially no fragmentation at all. After a single calculation script I began to see that Average Fragmentation Quotient above 1 (1.884844). By nature Essbase has some degree of fragmentation all of the time as it’s .pag file is always a little bit bigger than the actual size of the data contained therein. As long as the .pag file isn’t growing and the Average Fragmentation Quotient is less than 1%, I’m counting that as no fragmentation by submitting data to a block.

Calculation Manager

As I posted the other day, Caclulation Manager was released.  Not only did it include the fixes to the CDF declarations, it also contained some new CDFs we haven’t seen before.  Well, Calculation Manager was released on Monday (patch number 20830325) and contains the same fixes as

This version of Calculation Manager contains the new CDFs as well as fixes the issues with the CDF registration.  I think it’s great that the Calculation Manager team continues to crank out new CDFs for us to use.  Beyond that, I am very impressed that they have caught up the Calc Manager to the version.  It would be very simple for them to say that the new CDFs will only be added to the latest release, but they have kept the version up-to-date.  Kudos to Oracle and the Calculation Manager product team!

Calculation Manager

On Tuesday, 6/9, Calculation Manager patch set update was released. I have previously written about the errors in the CDF registration and how to fix those. I am very happy to report that all of the CDFs are now registered properly in Not only that, but there are some new CDFs to report with this version of Calculation Manager as well. Calculation Manager is a patch set update now available on My Oracle Support as patch number 20968612.

New Functions in Calc Manager

@CalcMgrPadText (text,length,padText,append) – Fills the text with a padding text before or after the text to make up the length.

  • @CalcMgrPadText(“01″,5,”0”,@_true) = 01000
  • @CalcMgrPadText(“01″,5,”0”,@_false) = 00001

@CalcMgrMatches(text, regExpr, ignoreCase) – Returns true, if the first substring of this string that matches the given regular expression. For regular expression, please refer to java docs for java.util.regex.Pattern.

  • @CalcMgrMatches(“AsSeT”, “(Asset|Liability|Income|Expense|Equity)”, @_false) = true
  • @CalcMgrMatches(“CAT”, “c*”, @_true) = true

@CalcMgrFindFirst(text, regExpr, ignoreCase) – Find the first substring of this string that matches the given regular expression. For regular expression, please refer to java docs for java.util.regex.Pattern.

  • @CalcMgrFindFirst(“We are searching for a string in this sentence.”, “string”, @_false) = “string”
  • @CalcMgrFindFirst(“Can’t find this STRING anywhere”, “string”, @_true) = “Can’t find this STRING anywhere”

@CalcMgrFindLast(text, regExpr, ignoreCase) – Find the last substring of this string that matches the given regular expression. For regular expression, please refer to java docs for java.util.regex.Pattern.

  • @CalcMgrFindFirst(“acatamaranbatarang”, “ran?”, @_false) = “rang”

@CalcMgrDoubleFromString(text) – Returns a double.

  • @CalcMgrDoubleFromString(“12.54”) = 12.54(Double)
  • @CalcMgrDoubleFromString(“test”) = 0.0(Double)

@CalcMgrGetCurrentDateTime() – Returns the current date and time in the YYYYMMDDHHMMSS format.

  • @CalcMgrGetCurrentDateTime() = 20140101143001

@CalcMgrGetCustomDateTime(year,month,day,hour,min,sec) – Returns the custom date and time in the YYYYMMDDHHMMSS format.

  • @CalcMgrGetCustomDateTime(2015,06,11,21,27,01) = 20150611212701

@CalcMgrGetDateTimePart(date,date_part_ex) – Returns the Year/Month/Week/Day/DayOfYear/Weekday/Hour/Minute/Second as a number from date.

  • Options for the date_part_ex parameter are: Year, Month, DayofMonth, WeekOfYear, WeekOfMonth, DayOfYear, Hour, Minute, or Second.  These are Strings passed and the capitalization does not matter.
  • @CalcMgrGetDatePart (20141230052736, Hour) = 05
  • @CalcMgrGetDatePart (20141230125430, mInUtE) = 54

@CalcMgrMesssageFormat(text,parameters) – Creates a String with the given pattern and uses it to format the given arguments.

  • This one is interesting, it accepts the parameters to basically create a dynamic string that can be used in messages. You might pass those messages to a custom log file or even into an email for your administrators.

EPM Compact Deployment issue in

A compact deployment in EPM is when there are multiple Java Web Applications deployed to a single WebLogic Managed Server called EPMServer0.  A compact deployment is part of Oracle’s standard deployment documentation for EPM; however, I do not recommend it for production systems.  The compact deployment is an option for development or sandbox environments as it reduces the memory (RAM) requirements for the EPM system.  That means that you can size a development environment smaller than your production environment if you use the compact deployment.  There are some trade-offs in going this route, so do your homework to make an educated decision before using compact deployment.

This is a fairly minor issue with a quick fix.  I found on my laptop installation of EPM that my icons were not displaying in Shared Services when attempting to assign filter access to a user.  My colleague, Kenneth Staudt, pointed me to a Knowledge Base article on Oracle’s support site that described the issue exactly.  The instructions on KB article 1612768.1 are for and later; however, the folders are a little different in

If you run into this issue, copy the “ui_themes” folder from …\Oracle\Middleware\user_projects\domains\EPMSystem\servers\EPMServer0\tmp\servers\EPMServer0\tmp\_WL_user\SHAREDSERVICES_11.1.2.0\nth7gv\war to …\Oracle\Middleware\user_projects\domains\EPMSystem\servers\EPMServer0\tmp\servers\EPMServer0\tmp\_WL_user\WORKSPACE_11.1.2.0\rj8acj\war.  After that, restart your EPMServer0 Managed Server and you should now have the icons in the Access Control screen.

Oracle Critical Patch Update – April 2015

Oracle’s quarterly Critical Patch Update came out last week on April 14, 2015. There were two Hyperion products listed this quarter that require patches to fix the security vulnerabilities: Hyperion BI+ (Reporting and Analysis) and Smart View.

Hyperion BI+

There are patches available for Hyperion BI+ in the and code lines, which is consistent with Oracle’s Lifetime Support policy. The patch for the code line is the Patch Set Update (PSU) for the Reporting and Analysis Framework (patch number 20029854). The patch for the code line is the PSU for the RA Framework (patch number 18659116). Interesting enough, is that the PSU has been available for 9+ months and fixes the vulnerabilities just uncovered this quarter. Hopefully if you are on, you have already patched to for BI+.

Smart View

The Smart View vulnerability is patched in Smart View (patch number 20327649).  This goes along with the theory that you should keep up with the Smart View releases. We need to get in the habit of thinking of Smart View like the apps on an iPhone; they often update automatically and you always have the most recent version. Why? By keeping up with the technology, you get the latest bug fixes and security updates as well as any new features.