Oracle® OSB Bundle Patch 12.2.1.4.250611 Readme
Bundle Patch for Bug : 38059281
Platform Patch for : Generic Platform
Product Patched : Oracle Service Bus
Product Version : 12.2.1.4.0
This document includes the following sections:
For issues documented after the release of this OSB Bundle Patch 12.2.1.4.250611, see My Oracle Support Document 2602696.1, Oracle Fusion Middleware 12.2.1.4.0 Known Issues (Doc ID 2602696.1)
This patch has been marked as eligible for Zero Downtime Patching.
The type of Zero Downtime Patching supported by this patch is FMW_ROLLING_ORACLE_HOME. With Zero Downtime Patching, a Patch can be applied to a system in a manner that does not incur any downtime. This ensures that the system can remain available and functioning during the patching process. Certain pre-requisites, however, must be met before the patch can be applied. For more information, consult the My Oracle Support MOS Note: Doc ID 1942159.1Ensure that you meet the following requirements before you install or deinstall the patch:
1. Before applying the non-mandatory patches, ensure that you have the exact symptoms described in the bug.
2. Oracle Fusion Middleware 12.2.1 products are installed with OPatch NextGen 13.3 to apply interim patches.
The OPatch utility may be updated over time to resolve known issues.
You can check your version using the following command:
ORACLE_HOME/OPatch/opatch version
Versions 12.2.1.0-12.2.1.2 do not require an update. For version 12.2.1.4, OPatch 13.9.15 is required.
OPatch 13.9.15 is available as Patch 28186730: https://support.oracle.com/rs?type=patch&id=28186730
Review the following for more OPatch information:
Doc ID 1587524.1 Using OUI NextGen OPatch 13 for Oracle Fusion Middleware 12c https://support.oracle.com/rs?type=doc&id=1587524.1
3. Verify the OUI Inventory.
OPatch needs access to a valid OUI inventory to apply patches.
Note: This needs the ORACLE_HOME to be set(refer section "2. Pre-Installation Instructions") prior to run the below commands:
Validate the OUI inventory with the following commands:
$ opatch lsinventory -jre $ORACLE_HOME/oracle_common/jdk/jre
Note:
Make sure the JDK version you use is the certified version for your product.
If the command errors out, contact Oracle Support and work to validate
and verify the inventory setup before proceeding.
4. Create a location for storing the unzipped patch:
This location will be referred to later in the document as PATCH_TOP.
NOTE: On WINDOWS, the preferred location is the drive root directory.
For example, "C:\PATCH_TOP" and avoid choosing locations like,
"C:\Documents and Settings\username\PATCH_TOP".
This is necessary due to the 256 characters limitation on windows
Set the ORACLE_HOME environment variable to the directory where you have installed Oracle Service Bus
1. Unzip the patch zip file into the PATCH_TOP.
$ unzip -d PATCH_TOP p38059281_122140_Generic.zip
NOTE: On WINDOWS, the unzip command has a limitation of 256 characters in the path name.
If you encounter this, please use an alternate ZIP utility like 7-Zip to unzip the patch.
For example: To unzip using 7-zip, run the command:
"c:\Program Files\7-Zip\7z.exe" x p38059281_122140_Generic.zip
2. Set your current directory to the directory where the patch is located.
$ cd PATCH_TOP /38059281/
3. Run OPatch to apply the patch.
$ opatch apply
Note:
When OPatch starts, it validates the patch and makes sure that there are no
conflicts with the software already installed in the ORACLE_HOME.
In case of opatch conflict, you will see a warning message similar to the one mentioned below:
Interim Patch XXXX has Conflict with patch(es) [ YYYY ] in OH ...
Conflict patches: YYYY
Patch(es) YYYY conflict with the patch currently being installed (XXXX).
If you continue, patch(es) YYYY will be rolled back and the new patch (XXXX) will be installed.
If a merge of the new patch (XXXX) and the conflicting patch(es) ( YYYY) is required,contact Oracle Support Services and request a Merged patch.
Do you want to proceed? [y|n] n
You must stop the patch installation and contact oracle support on how to proceed.
Note on Bug
30584890:
Please apply SOA-UI MLR Patch 31531514 which has both the fixes(bug 30960874, bug 31222412)
Note on Bug 31857456:
Patch added new System property 'oracle.sb.tracking.resiliency.MemoryMetricEnabled" to disable memory resiliency in OSB
1. User needs to pass System property to like "-Doracle.sb.tracking.resiliency.MemoryMetricEnabled=false" to disable memory resiliency. Once memory resiliency is disabled via system property, it would remain disabled during life-cycle of server node.
2. Also, if user does not disable memory resiliency from via system property , then memory resiliency behavior would be driven by EM->Global Properties -> Memory Resiliency (checkbox)
Note of Bug 25434715:
(Doc.ID 880489.0) Open setDomainEnv.cmd and search for the line "set JAVA_OPTIONS=%JAVA_OPTIONS%" and append -Dcom.bea.wli.sb.kernel.charsetRequired=false to make it look like "set JAVA_OPTIONS=%JAVA_OPTIONS% -Dcom.bea.wli.sb.kernel.charsetRequired=false".
Note of Bug 30544745:
New JVM property SYSTEM_ENTITY_EXTERNAL_REFERENCE_ALLOWED(Default=false): When it is false or absent and in the case of SYSTEM entity with external reference, OSB is to cause XMLBeans to throw security exception right away.
If you experience any problems after installing this patch, remove the patch as follows:
1. Make sure to follow the same Prerequisites or pre-install steps (if any) when deinstalling a patch.
This includes setting up any environment variables like ORACLE_HOME and verifying the OUI inventory before deinstalling.
2. Change to the directory where the patch was unzipped.
$ cd PATCH_TOP/38059281/
3. Run OPatch to deinstall the patch.
$ opatch rollback -id 38059281
4. Run opatch
lspatches in the end to confirm that the patch is
removed
Restart all servers (AdminServer and all Managed server(s)).
This is necessary to redeploy the original applications and bring the environment back to it's original state.
Bug fixes in this patch are shown in the following list:
Applying this bundle patch resolves the issues listed in the following table:
| Base Bug Number | Description of the Problem |
|---|---|
38012392 |
CVE-2025-48734 |
Applying this bundle patch resolves the issues listed in the following table:
| Base Bug Number | Description of the Problem |
|---|---|
37498944 |
CVE-2024-47554 |
36817585 |
OSB Error Code OSB-382000 and OSB-380002 thrown different for the same invocation |
32462818 |
NXSD not working for space preserve |
Applying this bundle patch resolves the issues listed in the following table:
| Base Bug Number | Description of the Problem |
|---|---|
36879464 |
CVE-2021-29425 |
36802114 |
CVE-2024-21246 |
36599452 |
OSB memory leak BS soap 1.1 with OWSM response Envelope without namespace |
36301467 |
CVE-2024-21205 |
36189102 |
The given value is not of a supported type: java.math.BigDecimal |
36002201 |
SLA Alerting Does Not Work As Expected - ASM enabled case |
32455874 |
Reset OSB project statistics without deletion of sessions folder |
31725254 |
OSB deploy creates repeated MDBs |
31132917 |
HTTP custom header empty with custom policy |
30741510 |
Stuck thread issue with REST Callback to fail method superseding 26753230 |
30544745 |
SYSTEM entity with external reference to fail quickly |
30360672 |
Master Bug Having PATCH as one of Option for REST Transport |
27220108 |
OSB doesn't enforce content-type validation for SOAP 1.1 if policy not activated |
Applying this bundle patch resolves the issues listed in the following table:
| Base Bug Number | Description of the Problem |
|---|---|
36620930 |
CVE-2021-29425 |
36620616 |
CVE-2019-10086 |
36589793 |
CVE-2023-24998 |
36468590 |
CVE-2016-1182 |
36216409 |
INTERNAL: To use OCI NAS in build scripts for production releases |
36215331 |
Fix for Bug 36215331 |
35916917 |
org.apache.xmlbeans.XmlException Error after OSB bundle patch 35347020 |
35534846 |
SOAP based proxy service doesn't propogate OAM_REMOTE_USER where as REST based does - p2 |
34907407 |
SOAP based proxy service doesn't propogate OAM_REMOTE_USER where as REST based does |
34457027 |
OSB Managed servers stuck threads |
33337289 |
Rest Adapter call to google GeoCode API is throwing Signature Not Accepted error on OSB 12.2.1.4 |
33329632 |
OSB stuck at com.bea.wli.sb.pipeline.RouterContext$TXSyncReplyState.waitForCompl |
25434715 |
osb always adds charset=utf-* to content-type in its response-FWD 18729796 |
Applying this bundle patch resolves the issues listed in the following table:
| Base Bug Number | Description of the Problem |
|---|---|
35942999 |
Failure while dispatching request to wli/sb/services/dispatcher/DispatchContext Post Oct OSB BP 35815693 |
35919146 |
CVE-2023-5072 |
Applying this bundle patch resolves the issues listed in the following table:
| Base Bug Number | Description of the Problem |
|---|---|
35806319 |
INTERNAL: To switch setup_env.pl to use OCI Artifactory even on non-OCI machines |
35798019 |
INTERNAL: To switch repo-bootstrap to use OCI Artifactory |
35720109 |
Rest tests having PUT operation fails with Internal Server Error on OSB 12.2.1.4.230501 bundle-Revert Bug 30584890 Bug 31511103 Bug 31581418 |
35463772 |
CVE-2022-45688 |
34415405 |
Not able to send repeating parameters to a REST service in OSB 12.2.1.4.0 |
32710497 |
OSB Servers going into warning state with STUCK Thread with Service callout |
Applying this bundle patch resolves the issues listed in the following table:
| Base Bug Number | Description of the Problem |
|---|---|
35345361 |
[OSB]Error in Server logs as jdom-2.0.6.jar is nullified |
34534016 |
INTERNAL: XBUS build files to not use ADC machine |
33123228 |
INTERNAL: Local build to use OCI repo |
32918602 |
PREFLIGHT OSB MATS-Maven Build Failed for OSB MATS due to Could not find artifact org.easytesting:fest-assert-core:jar:2.0 in snapshots |
32737875 |
Oracle Maven Sync Plugin config misses out on OSB 12c Resource Diagnostic Classes |
32556974 |
OSB server is getting java.lang.OutOfMemoryError: GC overhead limit exceeded. |
31979957 |
Rest Proxy's Set-Cookie Response Header with CRLF characters Is Not Allowed |
31857456 |
OSB 12.2.1.4: disabling memory resiliency by default for OSB in Kubernetes env |
31581418 |
Call to proxy service created using WADL with overloaded / duplicate method fails from SOAPUI / Postman |
31540010 |
CVE-2021-4104 |
31511103 |
PUT operation to proxy service results in 500 internal server error |
31219421 |
PARSING VALID XML CAUSES STUCK THREAD OR java.lang.OutOfMemoryError: Java heap space |
30929705 |
CVE-2021-33813 |
30878598 |
Maven deployment issues in 12.2.1.4 with OSB (SOA bug 30778089) - version change |
30741105 |
Not able to add users in Transport Policy even after 12.2.1.4.0 patch 22526026 |
30584890 |
Rest Project with duplicated method name |
30346234 |
OSB Test console fails to open with error weblogic.socket.NIOSocketMuxer$2 incompatible with javax.net.ssl.SSLSocket |
30297844 |
OSB Polling Stopped in MQ Proxy Listener after Java Null Pointer Exception |
22526026 |
TPatch: User and group cannot be added in SBconsole after created in WLS Console |
Applying this bundle patch resolves the issues listed in the following table:
| Base Bug Number | Description of the Problem |
|---|---|
32054847 |
CVE-2019-10086 |
31845825 |
SOA/OSB/B2B template changes to introduce conflicts in Refconfig and non-Refconfig templates |
30943899 |
Stuck Threads in OSBClientRequestTransport and LoadBalanceFailover |
30857087 |
Throttling state cannot be enabled in EM console when BS is not in a throttling group |
Applying this bundle patch resolves the issues listed in the following table:
| Base Bug Number | Description of the Problem |
|---|---|
31339546 |
REST adapter not working with empty value in build 12.2.1.4 |
31029249 |
REST EMPTY FIELDS ARE PARSED AS NULL INSTEAD OF EMPTY STRINGS |
30761484 |
Unable to deploy .SBAR file using maven with CustomizationPlan having Service Operational Settings inside after installing 12.2.1.4 |
30689477 |
STUCK THREAD FROM OSB BUSINESSSERVICE CALLING TUXEDO transport-p2 |
30680769 |
Maven : Exception while using mvn package command for the osb 12.2.1.4.0 project |
30570408 |
STUCK THREAD FROM OSB BUSINESSSERVICE CALLING TUXEDO transport. |
30549478 |
OSB import/creation of project on 12.2.1.4 is creating multiple copies of the artifacts due to bug 29827492 |
30466905 |
Restarting OSB managed, namespaces in response are changed v2 |
30400152 |
No response when BS is disabled after patch 29134366 |
30292758 |
OSB 12c admin console is slow when opening a project or switching between designer and admin modes v2 |
30241191 |
INTERNAL: To fix up XBUS build files so that it can submit FARM job to OCI FARM |
30188571 |
rest adapter fault response mapping failure results in stuck thread v2 |
26628960 |
Remove charset=utf-8 in Content-Type for Outbound |
38059281 - Oracle® OSB Bundle Patch 12.2.1.4.250611
-----------------------------------------------------------------------------
DISCLAIMER:
This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable: U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs. No other rights are granted to the U.S. Government. This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group. This software or hardware and documentation may provide access to or information about content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services unless otherwise set forth in an applicable agreement between you and Oracle. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services, except as set forth in an applicable agreement between you and Oracle.
Copyright 2024, Oracle and/or its affiliates. All rights reserved.
-----------------------------------------------------------------------------