Oracle Fusion Middleware 
Oracle OSB Bundle Patch 12.2.1.4.250611 Readme


Bundle Patch for Bug : 38059281 
 
Platform Patch for : Generic Platform 
 
Product Patched : Oracle Service Bus
 
Product Version : 12.2.1.4.0
 
This document includes the following sections:


Section 1: Known Issues


Section 2: Zero Downtime Patching


Section 3: Prerequisites


Section 4: Pre-Installation Instructions


Section 5: Installation Instructions


Section 6: Post installation Instructions


Section 7: Deinstallation Instructions


Section 8: Post Deinstallation Instructions


Section 9: Bugs Fixed by This Patch 


Section 1: Known Issues
-----------------------------------
 
For issues documented after the release of this OSB Bundle Patch 12.2.1.4.250611, see My Oracle Support Document 2602696.1, Oracle Fusion Middleware 12.2.1.4.0 Known Issues (Doc ID 2602696.1) 


Section 2: Zero Downtime Patching
------------------------------------------
 
This patch has been marked as eligible for Zero Downtime Patching. 
 The type of Zero Downtime Patching supported by this patch is FMW_ROLLING_ORACLE_HOME. 

 With Zero Downtime Patching, a Patch can be applied to a system in a manner that does not incur any downtime. This ensures that the system can remain available and functioning during the patching process. 

 Certain pre-requisites, however, must be met before the patch can be applied. 

 For more information, consult the My Oracle Support MOS Note: Doc ID 1942159.1 


Section 3: Prerequisites
------------------------------------
 
Ensure that you meet the following requirements before you install or deinstall the patch:
 
1. Before applying the non-mandatory patches, ensure that you have the exact symptoms described in the bug.
 
2. Oracle Fusion Middleware 12.2.1 products are installed with OPatch NextGen 13.3 to apply interim patches.
 
The OPatch utility may be updated over time to resolve known issues.
 
You can check your version using the following command:
 
ORACLE_HOME/OPatch/opatch version
 
Versions 12.2.1.0-12.2.1.2 do not require an update. For version 12.2.1.4, OPatch 13.9.15 is required.
 
OPatch 13.9.15 is available as Patch 28186730: https://support.oracle.com/rs?type=patch&id=28186730 
 
Review the following for more OPatch information: 
 
Doc ID 1587524.1 Using OUI NextGen OPatch 13 for Oracle Fusion Middleware 12c https://support.oracle.com/rs?type=doc&id=1587524.1 
 
3. Verify the OUI Inventory.
 
OPatch needs access to a valid OUI inventory to apply patches.
 
Note: This needs the ORACLE_HOME to be set(refer section "2. Pre-Installation Instructions") prior to run the below commands:
 
Validate the OUI inventory with the following commands:
 
$ opatch lsinventory -jre $ORACLE_HOME/oracle_common/jdk/jre
 
Note:
 
Make sure the JDK version you use is the certified version for your product.
 
If the command errors out, contact Oracle Support and work to validate
 
and verify the inventory setup before proceeding.
 
4. Create a location for storing the unzipped patch: 
 
This location will be referred to later in the document as PATCH_TOP.
 
NOTE: On WINDOWS, the preferred location is the drive root directory.
 
For example, "C:\PATCH_TOP" and avoid choosing locations like,
 
"C:\Documents and Settings\username\PATCH_TOP".
 
This is necessary due to the 256 characters limitation on windows


Section 4: Pre-Installation Instructions
------------------------------------------------
 
 Set the ORACLE_HOME environment variable to the directory where you have installed Oracle Service Bus


Section 5: Installation Instructions
---------------------------------------------
 
1. Unzip the patch zip file into the PATCH_TOP.
 
$ unzip -d PATCH_TOP p38059281_122140_Generic.zip 
 
NOTE: On WINDOWS, the unzip command has a limitation of 256 characters in the path name.
 
If you encounter this, please use an alternate ZIP utility like 7-Zip to unzip the patch.
 
For example: To unzip using 7-zip, run the command:
 
"c:\Program Files\7-Zip\7z.exe" x p38059281_122140_Generic.zip
 
2. Set your current directory to the directory where the patch is located.
 
$ cd PATCH_TOP /38059281/
 
3. Run OPatch to apply the patch.
 
$ opatch apply
 
Note:
 
When OPatch starts, it validates the patch and makes sure that there are no
 
conflicts with the software already installed in the ORACLE_HOME.
 
In case of opatch conflict, you will see a warning message similar to the one mentioned below:
 
Interim Patch XXXX has Conflict with patch(es) [ YYYY ] in OH ...
 
Conflict patches: YYYY
 
Patch(es) YYYY conflict with the patch currently being installed (XXXX).
 
If you continue, patch(es) YYYY will be rolled back and the new patch (XXXX) will be installed.
 
If a merge of the new patch (XXXX) and the conflicting patch(es) ( YYYY) is required,contact Oracle Support Services and request a Merged patch.
 
Do you want to proceed? [y|n] n 
 
You must stop the patch installation and contact oracle support on how to proceed.


Section 6: Post-Installation Instructions
------------------------------------------------


Note on Bug 30584890:


Please apply SOA-UI MLR Patch 31531514 which has both the fixes(bug 30960874, bug 31222412) 
 
Note on Bug 31857456:
 
 Patch added new System property 'oracle.sb.tracking.resiliency.MemoryMetricEnabled" to disable memory resiliency in OSB
 
 1. User needs to pass System property to like "-Doracle.sb.tracking.resiliency.MemoryMetricEnabled=false" to disable memory resiliency. Once memory resiliency is disabled via system property, it would remain disabled during life-cycle of server node.
 
 2. Also, if user does not disable memory resiliency from via system property , then memory resiliency behavior would be driven by EM->Global Properties -> Memory Resiliency (checkbox)
 
Note of Bug 25434715:
 
 (Doc.ID 880489.0) Open setDomainEnv.cmd and search for the line "set JAVA_OPTIONS=%JAVA_OPTIONS%" and append -Dcom.bea.wli.sb.kernel.charsetRequired=false to make it look like "set JAVA_OPTIONS=%JAVA_OPTIONS% -Dcom.bea.wli.sb.kernel.charsetRequired=false". 
 
Note of Bug 30544745:
 
 New JVM property SYSTEM_ENTITY_EXTERNAL_REFERENCE_ALLOWED(Default=false): When it is false or absent and in the case of SYSTEM entity with external reference, OSB is to cause XMLBeans to throw security exception right away. 


Section 7: Deinstallation Instructions
----------------------------------------------
 
If you experience any problems after installing this patch, remove the patch as follows:
 
1. Make sure to follow the same Prerequisites or pre-install steps (if any) when deinstalling a patch.
 
This includes setting up any environment variables like ORACLE_HOME and verifying the OUI inventory before deinstalling.
 
2. Change to the directory where the patch was unzipped.
 
$ cd PATCH_TOP/38059281/
 
3. Run OPatch to deinstall the patch.
 
$ opatch rollback -id 38059281
 
4. Run opatch lspatches in the end to confirm that the patch is removed


Section 8: Post Deinstallation Instructions
--------------------------------------------------
 
Restart all servers (AdminServer and all Managed server(s)).
 
This is necessary to redeploy the original applications and bring the environment back to it's original state.


Section 9: Bugs Fixed by this Patch
--------------------------------------------


Bug fixes in this patch are shown in the following list:
 
 Issues Resolved in OSB Bundle Patch 12.2.1.4.250611
    38012392 : CVE-2025-48734

 Issues Resolved in OSB Bundle Patch 12.2.1.4.250124
    37498944 : CVE-2024-47554
    36817585 : OSB Error Code OSB-382000 and OSB-380002 thrown different for the same invocation
    32462818 : NXSD not working for space preserve

 Issues Resolved in OSB Bundle Patch 12.2.1.4.240805
    36879464 : CVE-2021-29425
    36802114 : CVE-2024-21246
    36599452 : OSB memory leak BS soap 1.1 with OWSM response Envelope without namespace
    36301467 : CVE-2024-21205
    36189102 : The given value is not of a supported type: java.math.BigDecimal
    36002201 : SLA Alerting Does Not Work As Expected - ASM enabled case
    32455874 : Reset OSB project statistics without deletion of sessions folder
    31725254 : OSB deploy creates repeated MDBs
    31132917 : HTTP custom header empty with custom policy
    30741510 : Stuck thread issue with REST Callback to fail method superseding 26753230
    30544745 : SYSTEM entity with external reference to fail quickly
    30360672 : Master Bug  Having PATCH as one of Option for REST Transport
    27220108 : OSB doesn't enforce content-type validation for SOAP 1.1 if policy not activated

 Issues Resolved in OSB Bundle Patch 12.2.1.4.240515
    36620930 : CVE-2021-29425
    36620616 : CVE-2019-10086
    36589793 : CVE-2023-24998
    36468590 : CVE-2016-1182
    36216409 : INTERNAL: To use OCI NAS in build scripts for production releases
    36215331 : Fix for Bug 36215331
    35916917 : org.apache.xmlbeans.XmlException Error after OSB bundle patch 35347020
    35534846 : SOAP based proxy service doesn't propogate OAM_REMOTE_USER where as REST based does - p2
    34907407 : SOAP based proxy service doesn't propogate OAM_REMOTE_USER where as REST based does
    34457027 : OSB Managed servers stuck threads
    33337289 : Rest Adapter call to google GeoCode API is throwing Signature Not Accepted error on OSB 12.2.1.4
    33329632 : OSB stuck at com.bea.wli.sb.pipeline.RouterContext$TXSyncReplyState.waitForCompl
    25434715 : osb always adds charset=utf-* to content-type in its response-FWD 18729796

 Issues Resolved in OSB Bundle Patch 12.2.1.4.231026
    35942999 : Failure while dispatching request to wli/sb/services/dispatcher/DispatchContext Post Oct OSB BP 35815693
    35919146 : CVE-2023-5072

 Issues Resolved in OSB Bundle Patch 12.2.1.4.230915
    35806319 : INTERNAL: To switch setup_env.pl to use OCI Artifactory even on non-OCI machines
    35798019 : INTERNAL: To switch repo-bootstrap to use OCI Artifactory
    35720109 : Rest tests having PUT operation fails with Internal Server Error on OSB 12.2.1.4.230501 bundle-Revert Bug 30584890 Bug 31511103 Bug 31581418
    35463772 : CVE-2022-45688
    34415405 : Not able to send repeating parameters to a REST service in OSB 12.2.1.4.0
    32710497 : OSB Servers going into warning state with STUCK Thread with Service callout

 Issues Resolved in OSB Bundle Patch 12.2.1.4.230501
    35345361 : [OSB]Error in Server logs as jdom-2.0.6.jar is nullified
    34534016 : INTERNAL: XBUS build files to not use ADC machine
    33123228 : INTERNAL: Local build to use OCI repo
    32918602 : PREFLIGHT OSB MATS-Maven Build Failed for OSB MATS due to Could not find artifact org.easytesting:fest-assert-core:jar:2.0 in snapshots
    32737875 : Oracle Maven Sync Plugin config misses out on OSB 12c Resource Diagnostic Classes
    32556974 : OSB server is getting  java.lang.OutOfMemoryError: GC overhead limit exceeded.
    31979957 : Rest Proxy's Set-Cookie Response Header with CRLF characters Is Not Allowed
    31857456 : OSB 12.2.1.4: disabling memory resiliency by default for OSB in Kubernetes env
    31581418 : Call to proxy service created using WADL with overloaded / duplicate method fails from SOAPUI / Postman
    31540010 : CVE-2021-4104
    31511103 : PUT operation to proxy service results in 500 internal server error
    31219421 : PARSING VALID XML CAUSES STUCK THREAD OR java.lang.OutOfMemoryError: Java heap space
    30929705 : CVE-2021-33813
    30878598 : Maven deployment issues in 12.2.1.4 with OSB (SOA bug 30778089) - version change
    30741105 : Not able to add users in Transport Policy even after 12.2.1.4.0 patch 22526026
    30584890 : Rest Project with duplicated method name
    30346234 : OSB Test console fails to open with error weblogic.socket.NIOSocketMuxer$2 incompatible with javax.net.ssl.SSLSocket
    30297844 : OSB Polling Stopped in MQ Proxy Listener after Java Null Pointer Exception
    22526026 : TPatch: User and group cannot be added in SBconsole after created in WLS Console

 Issues Resolved in OSB Bundle Patch 12.2.1.4.201105
    32054847 : CVE-2019-10086
    31845825 : SOA/OSB/B2B template changes to introduce conflicts in Refconfig and non-Refconfig templates
    30943899 : Stuck Threads in OSBClientRequestTransport and LoadBalanceFailover
    30857087 : Throttling state cannot be enabled in EM console when BS is not in a throttling group

 Issues Resolved in OSB Bundle Patch 12.2.1.4.200731
    31339546 : REST adapter not working with empty value in build 12.2.1.4
    31029249 : REST EMPTY FIELDS ARE PARSED AS NULL INSTEAD OF EMPTY STRINGS
    30761484 : Unable to deploy .SBAR file using maven with CustomizationPlan having Service Operational Settings inside after installing 12.2.1.4
    30689477 : STUCK THREAD FROM OSB BUSINESSSERVICE CALLING TUXEDO transport-p2
    30680769 : Maven : Exception while using mvn package command for the osb 12.2.1.4.0 project
    30570408 : STUCK THREAD FROM OSB BUSINESSSERVICE CALLING TUXEDO transport.
    30549478 : OSB import/creation of project on 12.2.1.4 is creating multiple copies of the artifacts due to bug 29827492
    30466905 : Restarting OSB managed, namespaces in response are changed v2
    30400152 : No response when BS is disabled after patch 29134366
    30292758 : OSB 12c admin console is slow when opening a project or switching between designer and admin modes v2
    30241191 : INTERNAL: To fix up XBUS build files so that it can submit FARM job to OCI FARM
    30188571 : rest adapter fault response mapping failure results in stuck thread v2
    26628960 : Remove charset=utf-8 in Content-Type for Outbound

 


38059281 - Oracle OSB Bundle Patch 12.2.1.4.250611
 
-----------------------------------------------------------------------------
 
DISCLAIMER:
 
 This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable: U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs. No other rights are granted to the U.S. Government. This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group. This software or hardware and documentation may provide access to or information about content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services unless otherwise set forth in an applicable agreement between you and Oracle. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services, except as set forth in an applicable agreement between you and Oracle. 
 
Copyright 2024, Oracle and/or its affiliates. All rights reserved.
 
-----------------------------------------------------------------------------
