11i: ATG RUP5 and CPU Impact
Oracle has released the latest ATG rollup RUP5 (official name is 11i.ATG_PF.H.delta.5). From a security perspective, RUP5 is important in three regards -
- The ATG rollups contain a number of security enhancements
- RUP5 incorporates ATG CPU patches from January 2005 to January 2007
- Starting with the July 2007 CPU, only RUP(n) and RUP(n-1) will be supported
RUP5 Security Enhancements
The recent ATG rollup patches have included a number of security enhancements. The following are some of the security enhancements in RUP5 -
- WebADI Parameter Security
- Improved delegation of Workflow monitoring privileges
- Improved delegation of access to Workflow notifications
Included CPU Patches
The RUP patches include previous CPU patches and RUP5 includes almost all ATG CPU patches from January 2005 to January 2007. THIS IS ONLY ATG PATCHES and not functional module patches. "The following core ATG products are included in 11i.ATG_PF.H.delta.5: FND, OAM, OWF, FWK, JTT, JTA, TXK, XDO, ECX, EC, AK, ALR, UMX, BNE, and FRM." For AutoConfig enabled customers, the only missing ATG CPU patch is 5658489, which is the cumulative TechStack patch for January 2007.
RUP5 Security Enhancements
"Beginning with the July 2007 Critical Patch Update (CPUJul2007), Oracle Applications Technology will support only the current and previous production rollups (RUP N and RUP N-1) as patching baselines for all 11i releases." Based on Oracle's policy and prior CPU support history, we anticipate only RUP4 and RUP5 will be supported for the July 2007 CPU. This includes all Oracle Applications 11i versions from 11.5.7 through 11.5.10.2, where April 2007 CPU and prior only included 11.5.10.x.
With RUP4 being released in August 2006 and RUP3 in January 2006, we believe there is a 50% probability that Oracle will support RUP3 in the July 2007 CPU. Although, we believe there is no likelihood that RUP3 will be supported for the October 2007 CPU. Oracle's decision on RUP3 support will be based on customer feedback, rather than any technical issues or significant regression testing effort to certify the CPU patches for RUP3.