Patches and updates
Portal for ArcGIS Security 2023 Update 1 Patch
Summary
EsriĀ® announces the Portal for ArcGIS Security 2023 Update 1 Patch. Esri recommends that all customers using ArcGIS Enterprise 11.0, 10.9.1, 10.8.1 and 10.7.1 apply this patch. This patch deals specifically with the issues listed below under Issues Addressed with this Patch.
This security patch is cumulative and includes several security and non-security related fixes from earlier patches that are also listed below under Issues Addressed with this Patch.
Esri has registered CVEs (Common Vulnerabilities and Exposures) and provided base and temporally adjusted Common Vulnerability Scoring System v3.1 (CVSS) scores for these issues to allow our customers to better assess risk of these vulnerabilities to their operations. Both base and modified temporal scores are provided to reflect the availability of a patch. These vulnerability details are provided in the patch advisory found here.
Important Note May 16, 2023: The 10.9.1 version of the Portal for ArcGIS 10.9.1 Security 2023 Update 1 Patch has been updated to address BUG-000157748. Please download and install the new setup. It is not necessary to uninstall the original patch, the new setup will install and replace the original patch. BUG-000157748 only affects version 10.9.1 of the Portal for ArcGIS Security 2023 Update 1 Patch.
BUG-000157748 After installing the Portal for ArcGIS 10.9.1 Security 2023 Update 1 Patch, Map Viewer's Styles panel fails to load and other panels (Filter, Clustering) subsequently fail to load.
Important Note May 17, 2023: The 10.8.1 and 10.7.1 Portal for ArcGIS Security 2023 Update 1 Patch setups have been updated to allow installation using a Chef Cookbooks or PowerShell DSC automation script. Please download and install the new setup. It is not necessary to uninstall the original patch, the new setup will install and replace the original patch.
Issues addressed with this patch
- BUG-000155004 - HTML injection issue in Portal for ArcGIS
- BUG-000155001 - Unvalidated redirect in Portal for ArcGIS (11.0 and 10.9.1 only)
- BUG-000154662 - Reflected XSS vulnerability in Portal for ArcGIS (10.9.1, 10.8.1 and 10.7.1 only)
- BUG-000154238 - After installing Portal for ArcGIS Security 2022 Update 2, ArcGIS Business Analyst Web App becomes inaccessible (11.0 and 10.9.1 only)
- BUG-000154236 - Reflected XSS vulnerability in Portal for ArcGIS (10.9.1, 10.8.1 and 10.7.1 only)
- BUG-000154028 - Group managers are unable to share items from the content page to groups configured to only allow group owners and managers to contribute. (10.9.1 and 10.8.1 only)
- BUG-000153997 - After installing the Portal for ArcGIS 2022 Update 2 Patch, some ArcGIS Instant Apps become inaccessible (10.9.1 only)
- BUG-000148346 - Cross-Site Request Forgery (CSRF) vulnerability in Portal for ArcGIS
- BUG-000147353 - Administrators are unable to share private items owned by another member to a group that they both are members of (10.9.1 only)
- BUG-000142922 - Incomplete permission changes in specific cases (10.9.1, 10.8.1 and 10.7.1 only)
- BUG-000141240 - ArcGIS Web AppBuilder in ArcGIS Enterprise 10.9 is blocking hosted custom 3D widgets (10.9.1 only)
To avoid conflicts the 11.0 patch also addresses:
- BUG-000154157 - After installing the Portal for ArcGIS 11.0 Security 2022 Update 2 Patch, Portal for ArcGIS may become inaccessible or certain operations may fail.
- BUG-000153523 - The Living Atlas subscriber content prompts for Portal for ArcGIS credentials after thirty minutes.
- BUG-000152888 - Error, "Upgrade failed. Failed to update configuration settings" upon upgrading the Portal for ArcGIS to 11.0.
Note: BUG-000152888 addresses a failure when upgrading to version 11.0. To realize the benefit of the resolution for BUG-000152888, you must apply this patch after the installation of Portal for ArcGIS 11.0 is complete but before running the Continue Portal Upgrade process.
- BUG-000152437 - Reflected XSS vulnerability in Portal for ArcGIS.
- BUG-000152035 - Unvalidated redirect in Portal for ArcGIS.
- BUG-000151231 - Within the Workflow Manager Web App- Run Pro GP Tool- Parameters are not saved
- BUG-000151230 - Within the Workflow manager Web App- Update ext prop in Job Panel Triggers re-loading and doesn't complete refreshing
To avoid conflicts the 10.9.1 patch also addresses:
- BUG-000157748 - installing the Portal for ArcGIS 10.9.1 Security 2023 Update 1 Patch, Map Viewer's Styles panel fails to load and other panels (Filter, Clustering) subsequently fail to load.
- BUG-000153799 - After installing the Portal for ArcGIS 10.9.1 Security 2022 Update 2 Patch, Map Viewer's Styles panel fails to load and other panels (Filter, Clustering) subsequently fail to load.
- BUG-000152437 - Reflected XSS vulnerability in Portal for ArcGIS.
- BUG-000152422 - ArcGIS Experience Builder containing a secured service is unable to be saved when Portal for ArcGIS and a federated ArcGIS Server site are configured with matching WebContextURLs.
- BUG-000152035 - Unvalidated redirect in Portal for ArcGIS.
- BUG-000151892 - Reflected XSS vulnerability in Portal for ArcGIS.
- BUG-000149597 - Stored XSS vulnerability in Portal for ArcGIS.
- BUG-000149111 - The Portal for ArcGIS certificate keystore is not preserved when a standby machine is joining back to the site during a webgisdr restore in 10.9.1.
- BUG-000148810 - Portal for ArcGIS has a directory traversal vulnerability.
- BUG-000148416 - Portal for ArcGIS service fails to restart after the Portal for ArcGIS Log4j patch installation in an Azure High Availability (HA) environment.
- BUG-000148008 - HTML injection in Portal for ArcGIS.
- BUG-000147750 - In ArcGIS Dashboards in Portal for ArcGIS, after filtering the features in a map based on a category, the pop-up for filtering out the overlapping features is still displayed.
- BUG-000146967 - Unable to edit polygon geometry with z-values as a feature layer in MapViewer for Portal for ArcGIS published from ArcGIS Pro.
- BUG-000146846 - In ArcGIS Enterprise, the ArcGIS Online geometry service is used, although a custom one is configured.
- BUG-000146790 - Distributed Collaboration is not working in Enterprise 10.9.1 if access to the ArcGIS Server (hosting server) Services Directory is disabled.
- BUG-000146217 - The Category Gallery application has stopped responding, and returned the following message, "Uncaught: The item containing the living atlas categories could not be determined" in the Debug Tool (F12) under 'Console'.
- BUG-000145799 - When the Enterprise portal display language is set to any non-English language, text is missing for the 'Application extension (AppBuilder)' option on the Content page within the New Item > Application dialog.
- BUG-000145347 - Update log4j to address security vulnerabilities.
- BUG-000145201 - When upgrading Portal for ArcGIS to version 10.9.1, the self-signed certificates are reverted to default.
- BUG-000143573 - Server Side Request Forgery (SSRF) vulnerability in Portal for ArcGIS.
- BUG-000138713 - Features published through the local time enabled referenced feature service are filtered incorrectly through UTC when used in the Filter widget in ArcGIS Web AppBuilder.
- BUG-000133406 - The relationship field value does not auto-populate after adding the first related record using the ArcGIS Web AppBuilder Edit widget.)
To avoid conflicts the 10.8.1 patch also addresses:
- BUG-000152437 - Reflected XSS vulnerability in Portal for ArcGIS.
- BUG-000152035 - Unvalidated redirect in Portal for ArcGIS.
- BUG-000151892 - Reflected XSS vulnerability in Portal for ArcGIS.
- BUG-000151621 - Setting virtualDirsSecurityEnabled to 'true' prevents the token or authentication from passing to a new tab in a web browser logged in to a federated ArcGIS Server site when printing from ArcGIS Web AppBuilder.
- BUG-000151158 - After installing the Portal for ArcGIS Security 2022 Update 1 Patch, the font within pop-ups changes and spacing is reduced between the field name and attribute.
- BUG-000150937 - Features published through the local time enabled referenced feature service are filtered incorrectly through UTC when used in the Filter widget in ArcGIS Web AppBuilder.
- BUG-000149597 - Stored XSS vulnerability in Portal for ArcGIS.
- BUG-000149149 - Setting virtualDirsSecurityEnabled to 'true' prevents the token or authentication from passing to a new tab in a web browser logged in to a federated ArcGIS Server site.
- BUG-000148810 - Portal for ArcGIS has a directory traversal vulnerability.
- BUG-000148416 - Portal for ArcGIS service fails to restart after the Portal for ArcGIS Log4j patch installation in an Azure High Availability (HA) environment.
- BUG-000148411 - Portal for ArcGIS Log4j Patch causes the Portal for ArcGIS 10.8.1 to Portal for ArcGIS 10.9.1 upgrade on Linux to fail and returns the error message, "Message: The requested resource [/arcgis/home/] is not available."
- BUG-000148008 - HTML injection in Portal for ArcGIS.
- BUG-000147837 - After installing the Portal for ArcGIS 10.8.1 Log4j Patch, there may be changes to the web map pop-up font.
- BUG-000147016 - Portal for ArcGIS is not accessible after uninstalling the Portal for ArcGIS Log4j Patch.
- BUG-000145347 - Update log4j to address security vulnerabilities.
- BUG-000144180 - The web app cut tool found in the Edit widget updated the last_edited_date value for features not impacted by the cut tool when the editor tracking is enabled for the service.
- BUG-000143643 - Stored XSS vulnerability in ArcGIS Configurable Apps.
- BUG-000143642 - Reflected XSS vulnerability in Portal for ArcGIS.
- BUG-000143641 - The allowedProxyHosts property is not fully honored in ArcGIS Enterprise.
- BUG-000143641 - There is a misconfiguration in allowedProxyHosts.
- BUG-000143640 - Prevent access to sharing/rest/content/features/generate to unauthorized users.
- BUG-000143638 - Prevent access to sharing/rest/content/features/analyze to unauthorized users.
- BUG-000143573 - Server Side Request Forgery (SSRF) vulnerability in Portal for ArcGIS.
- BUG-000141886 - Reflected XSS vulnerability in Portal for ArcGIS.
- BUG-000140748 - In ArcGIS Web AppBuilder, the Analysis widget containing the Find Nearest analysis tool returns an error that the tool is not configured.
- BUG-000140596 - The full bar chart legend is not displayed in the Map Viewer for 10.8.1 map services.
- BUG-000139417 - Uploading item to Portal for ArcGIS fails when the item size requires multipart upload and content directory is in Azure Blob storage.
- BUG-000139382 - Embedded Portal configurable apps fail to load on a browser with 'Block third-party cookies' enabled.
- BUG-000139216 - Privilege escalation vulnerability in Portal for ArcGIS.
- BUG-000139021 - In a web application created using Web AppBuilder, unable to query related table from Query Widget.
- BUG-000138825 - The Web Scene Viewer in ArcGIS Enterprise 10.8.1 does not honor the default values for the vertex count of an IntegratedMesh I3S 1.7 layer and fails to load the content.
- BUG-000138525 - Reflected XSS vulnerability in Portal for ArcGIS.
- BUG-000138486 - HTML injection vulnerability in Portal for ArcGIS.
- BUG-000137735 - The allowedProxyHosts property is not fully honored in ArcGIS Enterprise.
- BUG-000137733 - Reflected XSS vulnerability in Portal for ArcGIS.
- BUG-000137142 - When creating a new StoryMap app, an unnecessary HTTP 404 response is returned that can cause issues in some fire-walled environments.
- BUG-000136544 - Reflected XSS vulnerability in Portal for ArcGIS.
- BUG-000136493 - Stored cross-site scripting issue in Portal for ArcGIS.
- BUG-000136356 - The Filter widget in ArcGIS Web AppBuilder resets the 'Ask for Value' check box when two or more expressions are added.
- BUG-000136352 - Legend info in the Portal for ArcGIS 10.8.1 Map Viewer misses the histogram chart for a published map service with a bar chart symbol.
- BUG-000136210 - Reflected XSS vulnerability in Portal for ArcGIS.
- BUG-000136090 - Group membership not updated when two portal groups are linked to the same SAML enterprise group.
- BUG-000136041 - ArcGIS Enterprise portal members with custom roles should be able to delete their own services when the role includes administrative privileges such as 'View all members' and publisher privileges.
- BUG-000136016 - Unable to select Existing surveys using the Survey Widget in Experience Builder on Portal for ArcGIS.
- BUG-000135726 - Code injection issue in Portal for ArcGIS.
- BUG-000135044 - Block custom roles with the admin update privilege from updating the password of default.
- BUG-000134926 - Unvalidated redirect issue in the ArcGIS Enterprise portal sign in page.
- BUG-000134458 - In some environments, the standby portal does not rejoin successfully.
- BUG-000134077 - The OAuth Authorization code granted with Proof Key for Code Exchange (PKCE) fails in ArcGIS Enterprise 10.8.1
- BUG-000134014 - XSS filter encodes valid HTML tags that were supported in earlier releases.
- BUG-000133257 - There is a stored cross-site scripting (XSS) vulnerability in ArcGIS API for JavaScript.
- BUG-000133255 - Portal for ArcGIS system properties are not properly encrypted.
- BUG-000133143 - Unable to configure email settings for ArcGIS Enterprise if fromEmailAddress parameter contains a hyphen in the domain section of the address (e.g. test@esri-1.com).
- BUG-000133077 - Firefly, Government, Public Safety symbol sets owned by esri_en are not shared with Esri Symbols Group.
- BUG-000131991 - Reflected cross-site scripting (XSS) in the home application.
- BUG-000131701 - Configurable parameters are not saved in ArcGIS Online and ArcGIS Enterprise.
- BUG-000131521 - Only 10 layers downloaded using Screening widget 'Download' function in Chrome and Edge.
- BUG-000130954 - When attribute filters are applied to the Attribute Table widget in the Web AppBuilder for ArcGIS Enterprise Portal, and a large number of records are in the filtered results, the CSV export does not honor the filters.
- BUG-000130783 - Server Side Request Forgery (SSRF) vulnerability in Portal for ArcGIS.
- BUG-000129529 - When members login to the ArcGIS Enterprise portal, their last login date reported on the Members tab of the Organization page is not consistently updated.
- BUG-000128134 - Exporting a CSV file from the Query widget in Portal for ArcGIS exports coded values rather than the descriptions.
To avoid conflicts the 10.7.1 patch also addresses:
- BUG-000151158 - After installing the Portal for ArcGIS Security 2022 Update 1 Patch, the font within pop-ups changes and spacing is reduced between the field name and attribute.
- BUG-000149597 - Stored XSS vulnerability in Portal for ArcGIS.
- BUG-000148416 - Portal for ArcGIS service fails to restart after the Portal for ArcGIS Log4j patch installation in an Azure High Availability (HA) environment.
- BUG-000145347 - Update log4j to address security vulnerabilities.
- BUG-000143643 - Stored XSS vulnerability in ArcGIS Configurable Apps.
- BUG-000143642 - Reflected XSS vulnerability in Portal for ArcGIS.
- BUG-000143641 - There is a misconfiguration in allowedProxyHosts.
- BUG-000143640 - Prevent access to sharing/rest/content/features/generate to unauthorized users.
- BUG-000143638 - Prevent access to sharing/rest/content/features/analyze to unauthorized users.
- BUG-000139216 - Privilege escalation vulnerability in Portal for ArcGIS.
- BUG-000139021 - In a web application created using Web AppBuilder, unable to query related table from Query Widget.
- BUG-000138525 - Reflected XSS vulnerability in Portal for ArcGIS.
- BUG-000138486 - HTML injection vulnerability in Portal for ArcGIS.
- BUG-000137735 - The allowedProxyHosts property is not fully honored in ArcGIS Enterprise.
- BUG-000137733 - Reflected XSS vulnerability in Portal for ArcGIS.
- BUG-000136544 - Reflected XSS vulnerability in Portal for ArcGIS.
- BUG-000136493 - Stored cross-site scripting issue in Portal for ArcGIS.
- BUG-000135726 - Code injection issue in Portal for ArcGIS.
- BUG-000134926 - Unvalidated redirect issue in the ArcGIS Enterprise portal sign in page.
- BUG-000133257 - There is a stored cross-site scripting (XSS) vulnerability in ArcGIS API for JavaScript.
- BUG-000133255 - Portal for ArcGIS system properties are not properly encrypted.
- BUG-000132449 - Portal proxy does not fully honor allowedProxyHosts parameter.
- BUG-000132379 - The image display settings configured for an imagery layer in ArcGIS Enterprise are not saved.
- BUG-000132362 - The webgisdr utility should be updated to expect the response from Portal for ArcGIS's exportSite operation when items are missing from the items directory.
- BUG-000132361 - When the Portal for ArcGIS service is shutting down, there's a chance that internal processes can become orphaned.
- BUG-000132359 - Unable to make proxy requests to an external url after applying the PFA Security 2020 Update 1 Patch.
- BUG-000132357 - Reflected XSS vulnerability in Portal for ArcGIS.
- BUG-000132356 - Reflected XSS vulnerability in Portal for ArcGIS.
- BUG-000132353 - XXE and SSRF vulnerability in Portal for ArcGIS.
- BUG-000132351 - Uncontrolled resource exhaustion issue in Portal for ArcGIS.
- BUG-000132292 - When Portal for ArcGIS is highly available, if the original portal machine that was installed first is shutdown, index operations will fail.
- BUG-000131521 - Only 10 layers downloaded using Screening widget 'Download' function in Chrome and Edge.
- BUG-000129924 - Portal for ArcGIS 10.7.1 High Availability Licensing Patch is preventing the Edit widget from editing the related tables
- BUG-000129821 - After installing the Portal for ArcGIS 10.7.1 High Availability Licensing Patch, the Portal Home Application, or components of it such as the App Switcher, may hang or fail to load after simultaneous requests are made for Integrated Windows Authentication (IWA) users.
- BUG-000129710 - Portal for ArcGIS has an XML external entity (XXE) vulnerability.
- BUG-000128938 - Analysis Derive New Locations fails to run in the Analysis widget.
- BUG-000128634 - Unable to create a backup of the portal if an item is missing from the content directory
- BUG-000128486 - After sharing a map from ArcGIS Pro with two layers as referenced and editable, users are unable to open the Smart Editor widget from the pop-up because the Options button is disabled.
- BUG-000128438 - Unable to save the query widget results from Web AppBuilder for ArcGIS when Portal for ArcGIS is configured with Public Key Infrastructure (PKI) or Integrated Windows Authentication (IWA).
- BUG-000128193 - Cross-site request forgery (CSRF) vulnerability in Portal for ArcGIS.
- BUG-000128134 - Exporting a CSV file from the Query widget in Portal for ArcGIS exports coded values rather than the descriptions.
- BUG-000128058 - Portal for ArcGIS has a Server Side Request Forgery (SSRF) security vulnerability.
- BUG-000128038 - Delay in Portal for ArcGIS permitting access to secured content within a group for new Enterprise members who login using Integrated Windows Authentication (IWA).
- BUG-000127934 - Attributes are not shown completely in pop-up window when an image service with a raster function template to symbolize the data is published to ArcGIS Server, and added to Portal Scene Viewer.
- BUG-000127472 - Stored XSS in Web AppBuilder.
- BUG-000126709 - When an image service with raster function template to symbolize data is published to ArcGIS Server and added to Portal Map Viewer, attributes are not shown completely in pop-up window.
- BUG-000126332 - Token is removed from cookie when Integrated Windows Authenticated users click the Scene tab in a Portal that has disabled anonymous access.
- BUG-000126259 - Feature server layers do not consistently appear in the drop-down list of possible layers to perform analysis in Portal for ArcGIS.
- BUG-000126198 - Primary & Standby Portals are no longer accessible after pg_hba.conf entries get commented out.
- BUG-000126166 - Failover in a highly available portal will result in "Failed to get current license information. This connection has been closed" errors in the logs.
- BUG-000126009 - When using the Attribute Table widget in the Web AppBuilder for ArcGIS to select many attributes in the table, only 150 attributes are selectable.
- BUG-000125961 - In Portal for ArcGIS 10.7.1, if a layer has related records and a copy is created, the related records do not appear in pop-ups for the copied layer.
- BUG-000125434 - A geoprocessing service with the GPDataFile input type does not provide the option to upload a file in the Web AppBuilder for ArcGIS geoprocessing widget in Portal for ArcGIS 10.7.1.
- BUG-000125332 - Unable to set the role of ArcGIS Server to federated server with restricted publishing in ArcGIS Enterprise deployment.
- BUG-000125033 - Users signed in through Integrated Windows Authentication (IWA) cannot search for layers under My Organization in Map Viewer.
- BUG-000124953 - Portal for ArcGIS application information exposure.
- BUG-000124785 - After failover, if an incremental backup is requested but a full hasn't been run, run a full backup instead of incremental
- BUG-000124739 - The Smart Editor option is unavailable in the Web AppBuilder for ArcGIS pop-up, if the layer is shared from ArcGIS Pro as a reference and is editable in the web map.
- BUG-000124317 - Improper server side validation of uploaded file types.
- BUG-000124011 - Web AppBuilder for ArcGIS in Portal for ArcGIS does not display results when clicking 'Show more results' in the Search widget.
- BUG-000123692 - Stored XSS in Portal for ArcGIS Map Viewer.
- BUG-000123690 - Reflected cross-site scripting (XSS) in the Portal for ArcGIS home application. CVSS 3.0 Base Score: 5.4 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
- BUG-000123331 - The Attribute Table widget does not show related records consistently.
- BUG-000123137 - Database transaction logs are retained on standby when running the DR tool.
- BUG-000122662 - Include the userinfo folder during a backup .
- BUG-000122011 - Unable to disable the My Location widget in ArcGIS Online Web AppBuilder for ArcGIS if the 'Watch for location changes' option is checked.
- BUG-000121820 - Multiple Query widgets in the same Web AppBuilder for ArcGIS app do not work.
- BUG-000119150 - When a field contains a Range Domain, values do not appear in the Attribute Table widget in Web App Builder
- BUG-000117333 - The promote.dat file in the primary and standby portals causes constant creation of db snapshots in the standby arcgisportal folder.
- BUG-000116557 - The selected features do not honor the Attribute Table widget filter in Portal for ArcGIS 10.7.1 Web AppBuilder.
- BUG-000116405 - Portal for ArcGIS export site operation fails if the content directory path syntax utilizes forward slashes instead of back slashes.
- BUG-000116343 - In Web AppBuilder for ArcGIS, the Group Filter widget pane is cut off when the German-Deutsch language is set in the ArcGIS Online account.
- BUG-000116089 - The Web AppBuilder for ArcGIS Query widget filter expression is configured to only show 'Values filtered by previous expressions' lists all unique values instead of a filtered set when the previous expression is configured from the Group Filter widget.
- ENH-000123305 - Include relationship name along with table name to better distinguish different relationships on the same table.
Installing this patch on Windows
The ArcGIS product listed in the table must be installed on your system before you can install a patch. Each patch setup is specific to the ArcGIS product in the list. To determine which products are installed on your system, please see the How to identify which ArcGIS products are installed section. Esri recommends that you install the patch for each product that is on your system.
Step 1: Download the appropriate file to a location other than your ArcGIS installation location.
ArcGIS Enterprise Version | Portal for ArcGIS | Checksum (SHA256) |
---|---|---|
11.0 | ArcGIS-110-PFA-SEC2023U1-Patch.msp | D7929BC5DC517B7F4DB51A7990FA180DEDC48D5F683346A60B0C91B860BDF5AE |
10.9.1 | ArcGIS-1091-PFA-SEC2023U1-PatchB.msp | EC3F97526793F05370232941EAD2853FA321655F96A4425FDC89C14F4F5B6BBF |
10.8.1 | ArcGIS-1081-PFA-SEC2023U1-PatchB.msp | 9707EDBAD3AAED0D7C1BECDDBE63FF085B8958EAADC79B3E6AB4DF9E5E13F0A1 |
10.7.1 | ArcGIS-1071-PFA-SEC2023U1-PatchB.msp | 802DB22382EAED489DCB5705B68F192833E5DD7D37BC839F16D46A8AEFE1917F |
Step 2: Make sure you have write access to your ArcGIS installation location.
Step 3: Double-click
ArcGIS-<Version>-PFA-SEC2023U1-Patch(B).msp
to start the setup process.
NOTE: If double clicking on the msp file does not start the setup installation, you can start the setup installation manually by using the following command:
msiexec.exe /p [location of Patch]\ArcGIS-<Version>-PFA-SEC2023U1-Patch(B).msp
Installing this patch on Linux
Complete the following install steps as the ArcGIS Install owner. The Install owner is the owner of the arcgis folder.
The ArcGIS product listed in the table must be installed on your system before you can install a patch. Each patch setup is specific to the ArcGIS product in the list. To determine which products are installed on your system, please see the How to identify which ArcGIS products are installed section. Esri recommends that you install the patch for each product that is on your system.
Step 1: Download the appropriate file to a location other than your ArcGIS installation location.
ArcGIS Enterprise Version | Portal for ArcGIS | Checksum (SHA256) |
---|---|---|
11.0 | ArcGIS-110-PFA-SEC2023U1-Patch-linux.tar | 598F9A376B622D508CA18BA9C04D46B9049435BE91C1759547FFBCE117E60E57 |
10.9.1 | ArcGIS-1091-PFA-SEC2023U1-PatchB-linux.tar | 08285A812070C1D8A0091AD595220B3A702BE59F4EDB4CE8F2452E85F1CCE461 |
10.8.1 | ArcGIS-1081-PFA-SEC2023U1-PatchB-linux.tar | C99B682F68D20D8AFBFD701BB7D1DC0DF04D5A66A0FD8865BEA7478B4C8C4C42 |
10.7.1 | ArcGIS-1071-PFA-SEC2023U1-PatchB-linux.tar | 4B2F72CC63B5BE1198874C037167651980B10857B23C7A1059FC37AA37F354E1 |
Step 2: Make sure have write access to your ArcGIS installation location, and that no one is using ArcGIS.
Step 3: Extract the specified tar file by typing:
% tar -xvf ArcGIS-<Version>-PFA-SEC2023U1-Patch(B)-linux.tar
Step 4: Start the installation by typing:
% ./applypatch
This will start the dialog for the menu-driven installation procedure. Default selections are noted in parentheses ( ). To quit the installation procedure, type 'q' at any time.
Uninstalling this patch on Windows
To uninstall this patch on Windows, open the Windows Control Panel and navigate to installed programs. Make sure that "View installed updates" (upper left side of the Programs and Features dialog) is active. Select the patch name from the programs list and click Uninstall to remove the patch.
Uninstalling this patch on Linux
To remove this patch on versions 10.7 and higher, navigate to the <Product Installation Directory>/.Setup/qfe directory and run the following script as the ArcGIS Install owner:
./removepatch.sh
The removepatch.sh script allows you to uninstall previously installed patches or hot fixes. Use the -s status flag to get the list of installed patches or hot fixes ordered by date. Use the -q flag to remove patches or hot fixes in reverse chronological order by date they were installed. Type removepatch -h for usage help.
Restart your ArcGIS services.
How to identify which ArcGIS products are installed
To determine which ArcGIS products are installed, choose the appropriate version of the PatchFinder utility for your environment and run it from your local machine. PatchFinder will list all products, hot fixes, and patches installed on your local machine.
Get help from ArcGIS experts
Download the Esri Support App