The following WARN log was reported in an Alfresco 5.2.4 bootstrap with a clean schema installation
The WARN refers to 41 missing sequences in the target schema. In fact all the sequences are created in the schema. The problem is the validation check made by Alfresco has been blocked in the ojdbc7.jar driver when this driver is version 126.96.36.199. Reverting the ojdbc7.jar to the previous version 188.8.131.52 avoids the problem.
The customer reports the problem could be related to security change CVE-2016-3506 which is applied to ojdbc7.jar v 184.108.40.206. They downloaded ojdbc7.jar from this Oracle location:
In their analysis the schema validation fails because of the way the sequences are requested by Alfresco.
A similar case is reported when Jira uses ojdbc7.jar v 220.127.116.11 - reference: https://jira.atlassian.com/browse/JRASERVER-61007
Snipped from this JRASERVER-61007:
"the existing implementation invokes DatabaseMetaData#getTables to retrieve the sequences in oracle with the types parameter being set as "SEQUENCE". However, due to a security patch - CVE-2016-3506, the "SEQUENCE" is not treated as legal input anymore."
It looks like Alfresco is using the same getTables() method in the validation class
org.alfresco.util.schemacomp.ExportDb to retrieve information about the schema sequences:
If the sequences are not returned here, because of a change in driver version 18.104.22.168, then Alfresco will log the missing sequences warning.