Oracle Shifts to Monthly Critical Security Patch Updates

Oracle is introducing a monthly “critical patch” release cadence targeting only the highest-severity vulnerabilities, layered on top of its existing quarterly CPU schedule. The new monthly rollouts will focus on critical-severity issues that warrant faster remediation than the quarterly cycle allows. For organizations running Oracle databases, middleware, or applications in production environments, this means patching workflows need to account for more frequent security releases. The change reflects growing industry pressure to close the gap between vulnerability disclosure and patch availability for the most dangerous flaws.