Oracle Adopts Monthly Security Patch Updates for Critical Fixes
Oracle is transitioning to a monthly schedule for critical security patch updates, offering smaller, more focused releases to expedite the patching process.
Oracle has announced a shift in its security update strategy, introducing monthly Critical Security Patch Updates (CSPUs) starting in May 2026. These monthly updates will be smaller and more focused, allowing customers to apply critical fixes more rapidly to their deployments. The existing quarterly Critical Patch Updates (CPUs) will continue, incorporating all fixes released in the preceding CSPUs.
This change aims to improve the agility of security patching for Oracle products, enabling organizations to address urgent vulnerabilities more efficiently. For customer-managed deployments, the monthly CSPUs offer a streamlined approach to maintaining security. Oracle also noted that protections and updates are applied automatically and continuously in their cloud environments.
The move towards monthly patches reflects a growing industry trend towards more frequent and granular security updates to combat the rapidly evolving threat landscape. Organizations using Oracle products should prepare for the new monthly cadence and ensure their processes are adapted to incorporate these updates promptly.