we have an OBIEE 12.2.1.3.0 server in Linux that currently only has this OBI bundle patch applied:
29112070;OBI BUNDLE PATCH 12.2.1.3.190416
Since then, there have been 6 more bundle patches that have been released. I was wondering if each one has to be installed in the order they were released as they are considered cumulative, however on Oracles support site they show that they are all superseded by the latest, because well, they are all older than the latest bundle patch.
The latest patch is #32294042, and I was wondering if just that could be installed as it has these patches listed in the 'Bugs Fixed By This Patch" section:
OBI Bundle Patch 12.2.1.3.201216
24566569: DRILL-DOWN ERROR: SPECIFIED DRILL-DOWN SELECTION DOES NOT EXIST
27124002: PROCESSES USING BISERVER SSL STACK HANG AT 100% CPU WAITING FOR CLIENT DATA
31448057: Fix for Bug 31448057
30023519: Fix for Bug 30023519
26631503: EMAIL BODY IS RENDERING IN ONE LINE, WHEN SETTING EMAIL AS DESTINATION
31583579: Fix for Bug 31583579
30909437: Fix for Bug 30909437
31752569: Fix for Bug 31752569
31055308: Fix for Bug 31055308
31689614: Fix for Bug 31689614
31752589: Fix for Bug 31752589
31974393: Fix for Bug 31974393
31752601: Fix for Bug 31752601
30501937: Fix for Bug 30501937
31316014: "FILE SYSTEM ERROR WITH OBJECT: /SYSTEM/MKTGJOB/JOB52330" ERROR UPON JOB EXECUT
32283083: QA[REG]-ADMIN USER NOT ABLE TO DELETE CUSTOM FONTS UPLOADED
OBI Bundle Patch 12.2.1.3.201020
29899754: REL13: CHROME: QA:COULD NOT REANME AGENTS IN CATALOG IN CHROME BROWSER
30029029: CVE-2020-14766
31312661: CVE-2020-14815
27733354: REPORT JOB HISTORY DATE FIELD DROPDOWN HAS YEAR 3000 AS DEFAULT.
27641918: NULL VALUES IN TABLE CAUSE ERROR TO PDF OUTPUT
27800712: INCOMPATIBLE SORT ORDER ISSUE WITH UNION REPORT IF SET NULL_VALUES_SORT_FIRST=ON
28047277: OBIEE12C: NON-ADMIN USER GETS "YOU DO NOT HAVE ACCESS PRIVILEGE FOR THIS SA"
31360445: CVE-2020-11022
31448181: CVE-2020-14842
30690685: CVE-2020-14780
28535009: CHART PROPERTY TREAT NULLS AS ZERO FALSE IS NOT WORKING FOR LINE CHART
31712733: TRACKING BUG TO INCLUDE BUG 30690685 FOR BIMAD
31637106: CVE-2020-14864
30865195: CVE-2020-14784
31448244: CVE-2020-14843
28996803: BISERVER_MAIN_WINDOWS LABEL BUILD FAILURE
31087358: CVE-2019-11358
31747467: CVE-2020-14879
31752545: CVE-2020-14880
31858931: 12214[REG][-BIMAD-MOBILE APP CREATION FAILING IN LATEST OCTIBER BUNDLE PATCH
30763883: Fix for Bug 30763883
30763870: CVE-2019-1547
OBI Bundle Patch 12.2.1.3.200714
31024106: CVE-2020-14609
26556686: SFTP TEST CONNECTION FAILS FOR PRIVATE KEY AUTHENTICATION
27658023: R13 UNABLE TO FORMAT FILENAME WHILE SETTING UP REPORT JOB - UCM/SFTP DESTINATION
27137133: BIP REPORT REQUEST FAILS FOR THE FIRST TIME VIA /ANALYTICS THROUGH LOAD BALANCER
27539559: ERROR - STRING INDEX OUT OF RANGE : -31 WHEN REPORT IS CREATED WITH SUBJECT AREA
27501735: 12C SYSDATE STILL BEING SHOWN AS {$SYSDATE()$} IN JOB HISTORY
27545920: GUEST REPORT ACCESS ERROR
30971776: CREATE AGENT => ANALYTICS HANG & ERROR : [LDAP: ERROR CODE 11 - ADMINISTRATIVE LIMIT EXCEEDED]" AFTER 12.2.1.4.200114 + DIAGNOSTIC PATCH FROM BUG 30903799
30865185: CVE-2020-14585
30865177: CVE-2020-14584
30690694: CVE-2020-14571
31418768: CVE-2020-14696
29631418: CVE-2020-14548
29873706: CVE-2019-14862
29820321: BEFORE REPORT TRIGGER EXECUTES AFTER BURSTING SQL
28885154: BI PUBLISHER REMOVES RANDOM SPACES FROM RTF LAYOUT AFTER UPLOAD
26492182: PRIVATE KEY AUTHENTICATION WORKING ON ONE POD AND NOT ON 3 OTHERS FOR SAME CUST.
30690687: CVE-2020-14570
31405776: FIX 26556686 - SFTP PRIVATEKEY ISSUES - 12.2.1.3.200714
30579384: OBIEE 12.2.1.4: EXPORT TO EXCEL AND PDF PROPERTIES ARE NOT WORKING AS EXPECTED
27035568: 17.4.5-1164 : REPORT WITH LAYOUT TEMPLATE GETS CORRUPTED WHEN JUST OPEN AND SAVE
25896614: PDF FILES NOT WORKING AS TEMPLATES WHEN SAVED AS ADOBE ACROBAT DC 11 PRO FILES
27693385: INSECURE STRUTS 1.3 JARS STILL BE SHIPPED BY BITHIRDPARTY
31212299: Fix for Bug 31212299
31374057: CVE-2020-14690
31358667: CVE-2020-14626
OBI Bundle Patch 12.2.1.3.200414
22119433: BISERVER_MAIN:CRASH IN NQSSERVER
26832490: AFTER APPLYING PATCH 23299204 OK BUTTON DISABLED IN PARENT-CHILD HIERARCHY
30693647: 2.5 Authorization Bypass (Vertical Escalation)
25359947: MOUSE DISAPPEARS AFTER MOVING COLUMNS AROUND ON A DASHBOARD 6-10 TIMES
27960353: Fix for Bug 27960353
27365263: NEED TO ALLOW OBIS STARTUP TO CONTINUE EVEN THERE IS A CYCLE IN ROLE HIERARCHY
30961988: CVE-2020-2950
OBI Bundle Patch 12.2.1.3.200114
28747707: CVE-2020-2531
25826028: UNABLE TO QUERY RECIPIENT NAMES BY DISPLAY NAME ATTRIBUTE
27472788: OBIEE 12C: ROLES GRANTED ON "VIEW DELIVERS FULL UX" LOST AFTER RESTART
27443959: LINE IN GRAPH LINE IS NOT DISPLAYED IN IE11 IN HTML5 MODE
27345574: SAWLOG FILLS UP WITH: A TYPE MISMATCH OCCURRED WHILE EVALUATING AN EXPRESSION
26355617: CAN'T SELECT TABLE PROMPTS DROPDOWN LIST VALUE ON IE11
23211224: BICS PROMPT BASED ON TIMESTAMP DATATYPE COLUMN ERRORS WITH INVALID PROMPT VALUE
30374407: CVE-2020-2537
29879085: CVE-2016-1000031
27097220: HUGE NUMBER OF NOTIFICATION LOG ENTRIES FOR CONNECTION POOL EVENTS
27311972: IMPLEMENT RUNTIME EVALUATION OF DYNAMIC REPOSITORY VARIABLES
OBI Bundle Patch 12.2.1.3.191015
24415058: CVE-2015-7940
29780273: CBIL:11.13.19.01.0:CRM: REMOVE MESSAGE: COPY LINK REQUIRES ADOBE FLASH PLAYER
28709953: CVE-2019-2898
29506719: CVE-2019-1559
29953527: DISABLE ADOBE FLASH IMAGE SUPPORT IN ANSWERS
28627478: CVE-2019-2905
29488979: CVE-2019-1559
29506769: CVE-2019-1559
28722735: CVE-2019-2900
28831894: CVE-2019-2897
29827791: CVE-2016-7103
29750683: CVE-2020-2535
28565865: CVE-2019-3012
30380250: QA: CI BUG 30054026 IS NOT FIXED IN 9.191015
26382244: DISABLE FLASH TEMPLATE IN OAC
26551071: QA:UPLOAD TEMPLATE TEXT NEED TO BE MODIFIED AS FLASH TEMPLATE IS DISABLED
27440571: FLASH CONFIGURATION SHOULD BE REMOVED FROM OAC RUNTIME PROPERTIES
OBI Bundle Patch 12.2.1.3.190716
28900868: CVE-2019-2771
28886045: CVE-2019-2768
28885772: CVE-2019-2767
27839392: Fix for Bug 27839392
27580645: JNDI DATASOURCE ISSUE WITH PRE-PROCESS FUNCTION
29509993: CVE-2019-2906
27788081: CVE-2019-2742
OBI Bundle Patch 12.2.1.3.190416
25248099: NEED TO CHECK THE RETURN CODE OF BUILDROLEHIERARCHY
28797734: CVE-2019-2605
28885971: CVE-2019-2616
28722734: CVE-2019-2595
28627487: CVE-2019-2588
28747876: CVE-2019-2601
28077156: CVE-2015-9251
OBI Bundle Patch 12.2.1.3.181016
27747746: Fix for Bug 27747746
26560302: Fix for Bug 26560302
27826864: Fix for Bug 27826864
27826858: Fix for Bug 27826858
27826869: Fix for Bug 27826869
27747600: Fix for Bug 27747600
28143150: CVE-2018-8013
26957199: CVE-2017-5645
28095823: CVE-2018-3204
OBI Bundle Patch 12.2.1.3.180717
27019889: DYNAMIC REPOSITORY VARIABLES NOT WORKING IN 12.2.1.3.0
24623887: CVE-2017-10060
21216069: GRAPH CANNOT BE DISPLAYED IF DISPLAY VARIABLE IS SET
27155012: OBIS SESSION SWITCH DOES NOT CARRY OVER DEFAULT SUBJECT AREA
25071445: CRITICAL JOBS SHOULD NOT BE SHOWN WITH RED BACKGROUND ON JOB HISTORY PAGE
25484519: MAINTENANCE FLAG NEEDS TO BE CHECKED WHEN BIEE CONNETION FAILS
21309457: SSBEN ACCESSIBILITY: BIP REGION HAVING FORM AND STRUCTURE INSPECTOR ISSUE
26798068: HCMANALYTICS DEPLOYMENT ON 12CIWS FAILED WITH UNRESOLVED APPLICATION LIBRARY REF
27529288: 12C SMC PILLAR ESS APPS DEPLOYMENT UNKNOWNHOSTEXCEPTION: SLC01HJK.US.ORACLE.COM
26909225: CVE-2018-2925
27679984: CVE-2018-2958
OBI Bundle Patch 12.2.1.3.180116
24691274: CONFIG.XML FOR BI-ADF BROKER JDEV EXTENSION HAS AN ILLEGAL SPECIFICATION-VERSION
26266824: OBIEE 12.2.1.2.0 AN HTTP OPERATION TO XXXX.EMEA.XXX.LOC:80 TIMED OUT AFTER 1SEC
26486161: PS: PDFDOCMERGERV2/PDFMERGER ERRORS AND FAILS TO MERGE SOME PDF-CREATED BY LATEX
26171147: CALENDAR IS NOT UPDATED IN SEEDED REPORTS
26760055: PSR:PERF:BICS CLUSTER CONTROLLER SHOULD WAIT/ LOG/ RETRY BEFORE TAKING OBIS OFFL
26578260: SESSIONS IN OBIEE12C DO NOT FAIL-OVER GRACEFULLY WHEN ONE NODE IS KILLED
26975548: ADMINTOOL COMPARE NOT PULLING IN ALL DIFFERENCES IN RPDS
21766173: CVE-2016-3473
21766306: CVE-2016-0470
26535378: EL 12 UPGRADE A? LINKED ANALYSES NOT WORKING FROM HUMAN RESOURCES DASHBOARD
26944921: EEAR-TEST:CANCEL QUERY DOES NOT WORK
26017396: OBIEE 12C: CUSTOM SKIN / STYLE SET IN RPD VARIABLES IS NOT APPLIED TO DASHBOARDS
26541044: CVE-2018-2715
26775946: INCREASE THE DEFAULT VALUE OF OBIS_MAX_PERIODICTASKS_EXECUTOR_THREADS
25061256: CVE-2017-10068
26553225: CVE-2017-5662
26787841: Fix for Bug 26787841
26923935: 12C DEPLOYMENT - BIADMINESSBASERULEGENERATOR LIBRARY MISSING
26787682: Fix for Bug 26787682
26612444: HIDDEN DASHBOARD PAGE IS ADVERSELY AFFECTING DASHBOARD NAVIGATION.
27214490: SEVERE: EMBEDDED EXPORT SPECIFICATION JAR:BIADMINESSBASERULEGENERATOR.JAR
26632162: Fix for Bug 26632162
Bundle Patches are always cumulative. You can install the last one.
Generally you should try to stay up-to-date. it's not just application bugs which are fixed but also security bugs. The closer you stay to the current patch level the more secure you are.