OJVM patch: Standby-First patching, yes or no?

I have blogged in the past more than once about the “wonderful” topic of OJVM patching.

Anyhow,  I’d like to summarize a few typical questions sent to me in the past months regarding OJVM patching.

Do I need to apply the OJVM patch every time I apply a PSU or BP?

Unfortunately this is not a one-time-and-then-you-are-set operation. You’ll have to do it every time.

How do I find out if OJVM is used in my database?

I tried to nail this down in this blog post here:

But the best solution would be to not install OJVM from the beginning if you have no intention of using it. It’s far more simple to install it later on than to remove it.

Can OJVM patch being rolling installable or standby-first applicable?

No, unfortunately the OJVM patch is neither rolling installable in a RAC database nor can it be applied in the Standby-First patching method.
Please see: MOS Note:1929745.1: Oracle Recommended Patches — OJVM PSU Patches

Is the Mitigation Patch a valid workaround to OJVM patching downtime?

Well, I leave this up to you. But if you have never heard of the OJVM Mitigation patch before please see again MOS Note:1929745.1 – Oracle Recommended Patches — OJVM PSU Patches:

For situations where the latest OJVM PSU cannot be installed immediately there is a “Mitigation Patch” that can be used. The “Mitigation Patch” is an interim solution to protect against all currently known (Jul 2015) Oracle JavaVM security vulnerabilities in the database until such time as the OJVM PSU can be installed. It can also be used to protect database versions no longer covered by error correction support.

The “Mitigation Patch”:

  • is applicable only to database homes, not client nor Grid homes
  • is only applicable to databases that have JavaVM installed
  • has no dependency on the DB PSU (or equivalent) level
  • can be installed in a RAC Rolling manner
  • is a SQL only patch that needs to be installed and activated in each database
    • hence it can be installed standby first but it requires SQL steps to be executed to be effective, which cannot be done on a read only standby
  • affects use of Java and Java development in the database
  • has been reviewed for January 2015, April 2015, July
    2015, October 2015, January 2016, April 2016 and July 2016 and provides
    mitigation against all currently known OJVM vulnerabilities
  • can be downloaded here: Patch:19721304

Does OJVM Patching affect the Grid Infrastructure Rolling Patching?

No, it doesn’t. Oracle Grid Infrastructure patching is always rolling and does not get affected by the OJVM patch.

I’m pretty sure this does not answer all your questions but please don’t hesitate to open SRs with Oracle Support. I will update this FAQ from time to time.


Share this: