Today, 18th January 2022, The Database patch bundles were released.
All the details on MOS in Doc ID 19202201.9 and Doc ID 21202201.9 are recommended to be installed on production systems.

 

In 19c or higher, it is no longer necessary to enable ‘Shared Servers’ on the catalog database, so Oracle recommends that (if you are using Oracle Native Encryption with sharding) you disable Shared Servers on the catalog database. This can be done by setting the database parameter shared_servers to “0” and restarting Oracle. Note that this is a global parameter set in the Container Database.

Starting with the Oracle Database 21c release, an application can change its database passwords without an administrator having to schedule downtime. To accomplish this, a database administrator can associate a profile having a non-zero limit for the PASSWORD_ROLLOVER_TIME password profile parameter, new with this release, with an application schema. This allows the database password of the application used to be altered while allowing the older password to remain valid for the time specified by the PASSWORD_ROLLOVER_TIME limit. During the rollover period of time, the application instance can use either the old password or the new password to connect to the database server. When the rollover time expires, only the new password is allowed. It is an Oracle 21c feature backported to Oracle 19.12 RU.

Check out:

https://docs.oracle.com/en/database/oracle/oracle-database/21/dbseg/configuring-authentication.html#GUID-ACBA8DAE-C5B4-4811-A31D-53B97C50249B

Oracle has released its Critical Patch Update for July 2021 to address 327 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Oracle July 2021 Critical Patch Update and apply the necessary updates.
https://lnkd.in/d7fVVQQ

You now can control the size of the batch of heartbeats that use Oracle Key Vault or OCI KMS (OCI Vault) for centralized key management. The HEARTBEAT_BATCH_SIZE initialization parameter, new with this release, enables you to set the heartbeat batch size. The duration of the heartbeat period defaults to 3 seconds.

This enhancement benefits the situation where you have a very large deployment of PDBs (for example, 1000) that use Oracle Key Vault. By setting the heartbeat batch size, you can stagger the heartbeats across batches of PDBs to ensure that for each batch a heartbeat can be completed for each PDB within the batch during the heartbeat period, and also ensure that PDB keys can be reliably fetched from an Oracle Key Vault server and cached in the persistent state.

For more information see:

https://docs.oracle.com/en/database/oracle/oracle-database/21/asoag/configuring-united-mode2.html#GUID-B4B3CCD1-B10B-4CA8-AA54-57A27AAB58D0

Since Oracle Database 12.2, due to designing change, it becomes no limitation of max entries of the password file, and the “entries” argument of ‘orapwd’ command is deprecated, and password file is made auto-extensible, and prior to 12.2.0.1, password file is made auto-extensible ORA-01996 will happen when the number entries in Password file exceeds the “entries” value prior to 12.2.0.1. Even though the “entries” argument is deprecated, no error happens if the user specifies it explicitly on ‘orapwd’ command.

According to the description of the online documentation prior to Oracle Database 12.2, the actual number of allowable entries can be higher than the number of specified entries, because the ‘orapwd’ utility continues to assign password entries until an operating system block is filled. For example, if your operating system block size is 512 bytes, it holds four password entries. The number of password entries allocated is always a multiple of four. When you exceed the allocated number of password entries, you must create a new password file. To avoid this necessity, allocate more entries than you think you will ever need.