.png)
The April 2026 (26.04) Oracle EPM update looks calm on the surface — but behind the scenes, two technical changes can impact almost every EPM technical team if they’re not spotted early.
This
blog focuses on only two changes, but both are high‑risk if ignored:
- EPM Automate – Windows
installation path change
- Groovy rules – HTTP
(insecure) authentication now disallowed
Both
are documented by Oracle, but neither will show up as a shiny UI banner. If you
rely on automation, scripts, or Groovy‑based integrations, this blog is
for you.
EPM
Automate on Windows: Installation Path Has Changed
What
Changed
Starting
with EPM 26.04, Oracle changed where EPM Automate installs on Windows
machines.
|
Before 26.04 |
From 26.04 onwards |
|
Custom
or legacy folders (for example, C:\Oracle\EPM Automate) |
C:\Program
Files\Oracle\EPM Automate |
Along
with the executable:
- Runtime files
- Logs
- Password wallets
are
now stored under the Program Files directory.
- This change applies only
to Windows environments
- Linux installations are not impacted
.png)
Why This Matters
This
change does not break EPM Automate itself — but it breaks assumptions
your scripts may be making.
Common
real‑world examples:
- Scheduled jobs referencing
hard‑coded paths
- CI/CD agents invoking epmautomate.bat
from old locations
- Service accounts that
don’t have permissions under Program Files
|
Area |
Impact |
|
Batch
/ PowerShell scripts |
Path
not found |
|
Windows
Task Scheduler |
Job
failures after patch |
|
CI/CD
pipelines |
Automation
failures |
|
Service
accounts |
Permission
issues |
Action required:
Review every Windows‑based automation and remove hard‑coded paths.
Groovy Rules: Insecure HTTP Authentication Is
No Longer Allowed
What
Changed
Oracle
now disallows authentication using insecure HTTP endpoints inside Groovy
rules.
If
your Groovy rules:
- Use of insecure HTTP addresses (for example, http://localhost and its equivalent http://127.0.0.1) to login using Groovy rules.
- those calls are now blocked.
Only HTTPS endpoints are allowed
HTTP is no longer permitted for
authentication
HTTP
vs HTTPS
Think
of HTTP and HTTPS as two ways information travels from your
system to another system.
HTTP (Not Secure)
- Data travels in plain
text
- Anyone watching the
network can read usernames and passwords
- Like sending a postcard
— anyone can read it on the way
- This is why Oracle now blocks
HTTP in Groovy rules
HTTPS (Secure)
- Data is encrypted
before it travels
- Usernames, passwords, and
data are protected
- Like sending a locked
envelope
- This is now mandatory
for Groovy authentication in EPM
This
is a deliberate security hardening step, not a bug.
Oracle
is enforcing:
- Encrypted communication
- Safer credential handling
- Alignment with modern
security standards
This
change is silent but strict.
Action required:
Audit all Groovy rules with external calls, not just the ones currently
failing.
Side‑by‑Side Impact Summary
|
Area |
EPM Automate Path Change |
Groovy HTTP Block |
|
Impacts
automation |
Yes |
Yes |
|
Impacts
end users |
Indirect |
Indirect |
|
Requires
testing |
Mandatory |
Mandatory |
|
Fix
effort |
Low |
Medium
(depends on design) |
Recommended Admin Checklist (Before Production
Patch)
- Verify EPM Automate installation path
- Update all scripts to remove hard‑coded paths
- Check Windows permissions for service accounts
- Review Groovy rules calling external services
- Replace HTTP endpoints with HTTPS
- Re‑test integrations in non‑production
These two changes won’t announce themselves. They won’t show up in dashboards. They won’t break users immediately.
But
they will surface during:
- Month‑end
- Close cycles
- Automation windows
- CI/CD runs
If you
manage EPM automation, April 2026 is a release you must actively prepare for
— not just patch and forget.
No comments:
Post a Comment