Patches and updates
Portal for ArcGIS Security 2024 Update 2 Patch
Summary
Esri announces the Portal for ArcGIS Security 2024 Update 2 Patch. Esri recommends that all customers using Portal for ArcGIS 11.2, 11.1, 10.9.1 and 10.8.1 apply this patch. Before installing this patch on ArcGIS Enterprise 11.1, 10.9.1, and 10.8.1 on Windows, first run the Portal for ArcGIS Validation and Repair tool to validate that your ArcGIS Enterprise Windows deployment is ready to have Portal for ArcGIS patches applied. This patch deals specifically with the issues listed below under Issues Addressed with this Patch.
As a best practice, clear the browser cache and re-launch the browser after installing the patch.
This patch can be uninstalled as outlined in the Uninstalling this patch on Windows and Uninstalling this patch on Linux sections below. Additionally, Esri recommends developing a rollback plan before installing patches. This may be taking a snapshot of machines and related file servers or using the WebGIS DR tool as a software backup. See Back up and restore best practices for more information. For those utilizing a highly available environment, refer to the help topic on how to apply patches in a highly available environment for guidance.
Note: As noted in the ArcGIS Enterprise Life Cycle, version 10.8.1 ended Extended support as of July 31, 2024 and is no longer eligible for software patches. This Portal for ArcGIS Security 2024 Update 2 Patch is the last patch for version 10.8.1.
Issues addressed with this patch
- BUG-000168637 - Reflected cross-site-scripting (XSS) attacks in Portal for ArcGIS. (11.1 and 11.2 only)
- BUG-000168624 - Unvalidated redirect in Portal for ArcGIS. (11.2, 11.1, 10.9.1. and 10.8.1)
- BUG-000167984 - Portal for ArcGIS has a Local file inclusion (LFI) vulnerability (11.2, 11.1 and 10.9.1 only)
- BUG-000167983 - Unvalidated redirect in Portal for ArcGIS (11.1 and 10.9.1 only)
- BUG-000165732 - Reflected XSS in Portal for ArcGIS (11.1 and 10.9.1 only)
- BUG-000165286 - Reflected XSS in Portal for ArcGIS (11.1, 10.9.1 and 10.8.1 only)
- BUG-000163019 - Stored XSS in Portal for ArcGIS (10.9.1 and 10.8.1 only)
- BUG-000162883 - Unable to log in to some endpoints in Portal for ArcGIS through SAML or OpenID Connect when using an external identity provider (11.1 and 10.9.1 only)
- BUG-000161683 - HTML injection vulnerability in Portal for ArcGIS (11.1 and 10.9.1 only)
- BUG-000160765 - Stored XSS in ArcGIS Experience Builder (11.1 , 10.9.1 and 10.8.1 only)
- BUG-000160599 - Stored XSS in Portal for ArcGIS Web App Builder (11.1, 10.9.1 and 10.8.1 only)
- BUG-000160241 - Reflected XSS in Portal for ArcGIS (11.1, 10.9.1 and 10.8.1 only)
- BUG-000154827 - Reflected XSS in ArcGIS Experience Builder (10.9.1 and 10.8.1 only)
- BUG-000152181 - When the Show option is clicked in a related attribute table in Portal for ArcGIS Map Viewer Classic, the attributes of the related layer are not displayed if the relationship class is created using long integer, short integer, and float data types. (10.9.1 only)
To avoid conflicts the 11.2 version also addresses:
- BUG-000167597 - The navigation bars included in the Instant Apps gallery and configuration pages in Portal for ArcGIS do not display correctly after updating the browser to Chrome 127 or Edge 127.
- BUG-000167596 - The ArcGIS Solutions navigation bar in Portal for ArcGIS does not display correctly after updating the browser to Chrome 127 or Edge 127.
- BUG-000167545 - The Map Viewer navigation bar in Portal for ArcGIS does not display correctly after updating the browser to Google Chrome 127 or Microsoft Edge 127.
- BUG-000167544 - The home page navigation bar in Portal for ArcGIS does not display correctly after updating the browser to Chrome 127 or Edge 127.
- BUG-000163032 - FeatureLayer.applyEdits() with useGlobalIds = true generates lowercase GlobalIDs on insert
- BUG-000162920 - Error when trying to delete or update a newly added 3D Feature in Scene Viewer
- BUG-000162733 - Portal for ArcGIS has an invalid authentication vulnerability.
- BUG-000162623 - Portal for ArcGIS has a directory traversal vulnerability.
- BUG-000161781 - Unable to open a hosted tile layer's item details page 10 days after creation.
To avoid conflicts the 11.1 version also addresses:
- BUG-000167837 - When using the Calcite theme in ArcGIS Experience Builder 11.1, the following error message is returned when clicking the Layers or Measure button in the Map widget: "Cannot read properties of undefined (reading 'underline')".
- BUG-000167597 - The navigation bars included in the Instant Apps gallery and configuration pages in Portal for ArcGIS do not display correctly after updating the browser to Chrome 127 or Edge 127.
- BUG-000167596 - The ArcGIS Solutions navigation bar in Portal for ArcGIS does not display correctly after updating the browser to Chrome 127 or Edge 127.
- BUG-000167545 - The Map Viewer navigation bar in Portal for ArcGIS does not display correctly after updating the browser to Google Chrome 127 or Microsoft Edge 127.
- BUG-000167544 - The home page navigation bar in Portal for ArcGIS does not display correctly after updating the browser to Chrome 127 or Edge 127.
- BUG-000166350 - Installing Portal for ArcGIS 11.1 Sharing Patch removes the directory and files used by 3D Object style items, resulting in advanced 3D symbols not displaying properly in Scene Viewer.
- BUG-000165473 - The Portal for ArcGIS 11.1 Sharing patch adds sample widgets to ArcGIS Experience Builder.
- BUG-000165473 - The Portal for ArcGIS 11.1 Sharing patch adds sample widgets to ArcGIS Experience Builder.
- BUG-000164118 - Members are not able to share to groups through the Map Viewer app when they own or manage more than 30 groups that are configured to only allow owner and managers to contribute content.
- BUG-000163309 - Reflected XSS in Portal for ArcGIS.
- BUG-000162733 - Portal for ArcGIS has an invalid authentication vulnerability.
- BUG-000162671 - Unable to view the legacy home page until users are authenticated within Portal for ArcGIS.
- BUG-000162623 - Portal for ArcGIS has a directory traversal vulnerability.
- BUG-000161781 - Unable to open a hosted tile layer's item details page 10 days after creation.
- BUG-000160803 - Unable to access secured services with saved credentials when using a forward proxy that requires authentication.
- BUG-000160633 - When selecting features from the map using the Query widget with a buffer, ArcGIS Experience Builder fails to include the query results from the buffered area in a linked Table widget.
- BUG-000159271 - Warnings are erroneously logged for ArcGIS Notebooks and ArcGIS Mission while trying to refresh a webhooks configuration.
- BUG-000158984 - Stored Cross Site Scripting (XSS) in Portal for ArcGIS.
- BUG-000158980 - Trying to add a service to the Map Viewer or as an item is resulting in an infinite loop of checkURL-requests when the allowedProxyHosts-parameter does not contain the domain of the service.
- BUG-000158910 - WebGISDR tool backups fail if backup of portal indicates items were missing.
- BUG-000158688 - There is a cross-site scripting vulnerability in ArcGIS Experience Builder.
- BUG-000158430 - In ArcGIS Web AppBuilder, the Geoprocessing widget returns an incorrect output for the selected feature if the 'Set as input for Geoprocessing' option is not selected in the Select widget.
- BUG-000158430 - In Web AppBuilder, the Geoprocessing widget gives an incorrect output for the selected feature if the option 'Set as input for Geoprocessing' is not selected within the Select widget.
- BUG-000158232 - In Portal for ArcGIS, sharing items with groups does not work when an organization member owns more than 29 groups with the 'isViewOnly' property set to True.
- BUG-000158210 - HTML injection in ArcGIS Web AppBuilder.
- BUG-000158161 - HTML code to embed a web map in a website does not work in Portal for ArcGIS.
- BUG-000157727 - The 'Administrative contacts' section fails to load in ArcGIS Enterprise.
- BUG-000157485 - Unable to create an offline area for a large data size in Portal for ArcGIS due to a size limit.
- BUG-000153928 - Measure tools do not work if a cursor is moved to find a second point and the map is double-clicked to complete the area measured.
- BUG-000153884 - Reflected Cross-Site Scripting (XSS) in Portal for ArcGIS Map Viewer.
To avoid conflicts the 10.9.1 version also addresses:
- BUG-000167597 - The navigation bars included in the Instant Apps gallery and configuration pages in Portal for ArcGIS do not display correctly after updating the browser to Chrome 127 or Edge 127.
- BUG-000167545 - The Map Viewer navigation bar in Portal for ArcGIS does not display correctly after updating the browser to Google Chrome 127 or Microsoft Edge 127.
- BUG-000167544 - The home page navigation bar in Portal for ArcGIS does not display correctly after updating the browser to Chrome 127 or Edge 127.
- BUG-000164611 - In ArcGIS Web AppBuilder, when using the Filter widget, a custom filter on a date field fails to return any results.
- BUG-000162806 - ArcGIS Enterprise web apps do not prompt for an enterprise login from certain ArcGIS Enterprise services.
- BUG-000162733 - Portal for ArcGIS has an invalid authentication vulnerability.
- BUG-000162623 - Portal for ArcGIS has a directory traversal vulnerability.
- BUG-000160000 - When attempting to restore a Portal for ArcGIS backup to a new machine, the importSite operation may fail with the error message, "This connection has been closed. Code: 500" returned.
- BUG-000159204 - Accessing and logging in to the ArcGIS Experience Builder web app via ArcGIS Enterprise Sites causes the ArcGIS Experience Builder web app to be always logged in even after logging out on other tabs.
- BUG-000158984 - There is a cross-site scripting issue in Portal for ArcGIS.
- BUG-000158981 - There is a cross-site scripting issue in Portal for ArcGIS.
- BUG-000158688 - There is a cross-site scripting vulnerability in ArcGIS Experience Builder.
- BUG-000158210 - The web map ID needs to be validated in the ArcGIS Web AppBuilder view.
- BUG-000158030 - In Portal for ArcGIS, there is a security vulnerability in the /shared/origin app.
- BUG-000157748 - After installing the Portal for ArcGIS 10.9.1 Security 2023 Update 1 Patch, Map Viewer's Styles panel fails to load and other panels (Filter, Clustering) subsequently fail to load.
- BUG-000157597 - Portal for ArcGIS Security 2023 Update 1 Patch for Portal for ArcGIS 10.9.1 causes issues in the Portfolio app in ArcGIS Instant Apps.
- BUG-000157485 - Unable to create an offline area for a large data size in Portal for ArcGIS due to a size limit.
- BUG-000156964 - Join site fails if the primary is using a non-default Web Server certificate.
- BUG-000156913 - In Portal for ArcGIS 10.9.1, opening Map Viewer on a browser in a mobile view displays a blank map for a new map.
- BUG-000155004 - HTML injection issue in Portal for ArcGIS.
- BUG-000155001 - Unvalidated redirect in Portal for ArcGIS.
- BUG-000154722 - There is a Cross-Site Request Forgery (CSRF) issue in Portal for ArcGIS.
- BUG-000154662 - The user experience is inconsistent when opening ArcGIS Instant Apps without an app ID.
- BUG-000154238 - After installing Portal for ArcGIS Security 2022 Update 2, ArcGIS Business Analyst Web App becomes inaccessible.
- BUG-000154236 - ArcGIS Online has a security vulnerability (reflected XSS).
- BUG-000154028 - If a group is configured for only owners or managers to contribute content, the managers cannot share items to the group in Portal for ArcGIS 10.8.1 and 10.9.1.
- BUG-000153997 - After installing the Portal for ArcGIS 2022 Update 2 Patch, ArcGIS Instant Apps cannot be started.
- BUG-000153884 - Input into the directions interface in Map Viewer Classic is not properly validated.
- BUG-000153799 - After installing the Portal for ArcGIS 10.9.1 Security 2022 Update 2 Patch, Map Viewer's Styles panel fails to load and other panels (Filter, Clustering) subsequently fail to load.
- BUG-000152437 - Reflected XSS vulnerability in Portal for ArcGIS.
- BUG-000152422 - ArcGIS Experience Builder containing a secured service is unable to be saved when Portal for ArcGIS and a federated ArcGIS Server site are configured with matching WebContextURLs.
- BUG-000152035 - Unvalidated redirect in Portal for ArcGIS.
- BUG-000151892 - Reflected XSS vulnerability in Portal for ArcGIS.
- BUG-000149597 - Stored XSS vulnerability in Portal for ArcGIS.
- BUG-000149111 - The Portal for ArcGIS certificate keystore is not preserved when a standby machine is joining back to the site during a webgisdr restore in 10.9.1.
- BUG-000148810 - Portal for ArcGIS has a directory traversal vulnerability.
- BUG-000148416 - Portal for ArcGIS service fails to restart after the Portal for ArcGIS Log4j patch installation in an Azure High Availability (HA) environment.
- BUG-000148346 - There is a Cross Site Reference Forgery issue in the ArcGIS Enterprise portal.
- BUG-000148008 - HTML injection in Portal for ArcGIS.
- BUG-000147750 - In ArcGIS Dashboards in Portal for ArcGIS, after filtering the features in a map based on a category, the pop-up for filtering out the overlapping features is still displayed.
- BUG-000147353 - Administrators are unable to share private items owned by another member to a group that they both are members of.
- BUG-000146967 - Unable to edit polygon geometry with z-values as a feature layer in MapViewer for Portal for ArcGIS published from ArcGIS Pro.
- BUG-000146846 - In ArcGIS Enterprise, the ArcGIS Online geometry service is used, although a custom one is configured.
- BUG-000146790 - Distributed Collaboration is not working in Enterprise 10.9.1 if access to the ArcGIS Server (hosting server) Services Directory is disabled.
- BUG-000146217 - The Category Gallery application has stopped responding, and returned the following message, "Uncaught: The item containing the living atlas categories could not be determined" in the Debug Tool (F12) under 'Console'.
- BUG-000145799 - When the Enterprise portal display language is set to any non-English language, text is missing for the 'Application extension (AppBuilder)' option on the Content page within the New Item > Application dialog.
- BUG-000145792 - When creating a dashboard in Portal for ArcGIS 10.9.1, the dashboard URL adds two dots after the web adaptor's name.
- BUG-000145347 - Update log4j to address security vulnerabilities.
- BUG-000145201 - When upgrading Portal for ArcGIS to version 10.9.1, the self-signed certificates are reverted to default.
- BUG-000143573 - Server Side Request Forgery (SSRF) vulnerability in Portal for ArcGIS.
- BUG-000142922 - Members are able to access the items in the My Favorites tab shared using a group even after leaving the group.
- BUG-000141240 - ArcGIS Web AppBuilder in ArcGIS Enterprise 10.9 is blocking hosted custom 3D widgets.
- BUG-000140656 - 'Allow Portal Access' does not prompt for enterprise logins when WebContextURLs match for Portal for ArcGIS and the server site that owns the content being accessed.
- BUG-000138713 - Features published through the local time enabled referenced feature service are filtered incorrectly through UTC when used in the Filter widget in ArcGIS Web AppBuilder.
- BUG-000137190 - Labels in a vector tile layer render irrespective of the layer's visibility range.
- BUG-000133406 - The relationship field value does not auto-populate after adding the first related record using the ArcGIS Web AppBuilder Edit widget.)
To avoid conflicts the 10.8.1 version also addresses:
- BUG-000167544 - The home page navigation bar in Portal for ArcGIS does not display correctly after updating the browser to Chrome 127 or Edge 127.
- BUG-000166702 - Retrieving a printed output file in ArcGIS Web AppBuilder fails when VirtualDirsSecurityEnabled is set to True and administrative access is disabled in ArcGIS Web Adaptor.
- BUG-000162623 - Portal for ArcGIS has a directory traversal vulnerability.
- BUG-000158984 - There is a cross-site scripting issue in Portal for ArcGIS.
- BUG-000158688 - There is a cross-site scripting vulnerability in ArcGIS Experience Builder.
- BUG-000158210 - The web map ID needs to be validated in the ArcGIS Web AppBuilder view.
- BUG-000155004 - HTML injection issue in Portal for ArcGIS.
- BUG-000154722 - There is a Cross-Site Request Forgery (CSRF) issue in Portal for ArcGIS.
- BUG-000154662 - Reflected XSS vulnerability in Portal for ArcGIS.
- BUG-000154236 - ArcGIS Online has a security vulnerability (reflected XSS).
- BUG-000154028 - If a group is configured for only owners or managers to contribute content, the managers cannot share items to the group in Portal for ArcGIS 10.8.1 and 10.9.1.
- BUG-000153884 - Input into the directions interface in Map Viewer Classic is not properly validated.
- BUG-000152437 - Reflected XSS vulnerability in Portal for ArcGIS.
- BUG-000152035 - Unvalidated redirect in Portal for ArcGIS.
- BUG-000151892 - Reflected XSS vulnerability in Portal for ArcGIS.
- BUG-000151621 - Setting virtualDirsSecurityEnabled to 'true' prevents the token or authentication from passing to a new tab in a web browser logged in to a federated ArcGIS Server site when printing from ArcGIS Web AppBuilder.
- BUG-000151158 - After installing the Portal for ArcGIS Security 2022 Update 1 Patch, the font within pop-ups changes and spacing is reduced between the field name and attribute.
- BUG-000150937 - Features published through the local time enabled referenced feature service are filtered incorrectly through UTC when used in the Filter widget in ArcGIS Web AppBuilder.
- BUG-000149597 - Stored XSS vulnerability in Portal for ArcGIS.
- BUG-000149149 - Setting virtualDirsSecurityEnabled to 'true' prevents the token or authentication from passing to a new tab in a web browser logged in to a federated ArcGIS Server site.
- BUG-000148810 - Portal for ArcGIS has a directory traversal vulnerability.
- BUG-000148416 - Portal for ArcGIS service fails to restart after the Portal for ArcGIS Log4j patch installation in an Azure High Availability (HA) environment.
- BUG-000148411 - Portal for ArcGIS Log4j Patch causes the Portal for ArcGIS 10.8.1 to Portal for ArcGIS 10.9.1 upgrade on Linux to fail and returns the error message, "Message: The requested resource [/arcgis/home/] is not available."
- BUG-000148346 - There is a Cross Site Reference Forgery issue in the ArcGIS Enterprise portal.
- BUG-000148008 - HTML injection in Portal for ArcGIS.
- BUG-000147837 - After installing the Portal for ArcGIS 10.8.1 Log4j Patch, there may be changes to the web map pop-up font.
- BUG-000147016 - Portal for ArcGIS is not accessible after uninstalling the Portal for ArcGIS Log4j Patch.
- BUG-000145347 - Update log4j to address security vulnerabilities.
- BUG-000144180 - The web app cut tool found in the Edit widget updated the last_edited_date value for features not impacted by the cut tool when the editor tracking is enabled for the service.
- BUG-000143643 - Stored XSS vulnerability in ArcGIS Configurable Apps.
- BUG-000143642 - Reflected XSS vulnerability in Portal for ArcGIS.
- BUG-000143641 - The allowedProxyHosts property is not fully honored in ArcGIS Enterprise.
- BUG-000143641 - There is a misconfiguration in allowedProxyHosts.
- BUG-000143640 - Prevent access to sharing/rest/content/features/generate to unauthorized users.
- BUG-000143638 - Prevent access to sharing/rest/content/features/analyze to unauthorized users.
- BUG-000143573 - Server Side Request Forgery (SSRF) vulnerability in Portal for ArcGIS.
- BUG-000142922 - Incomplete permission changes in specific cases.
- BUG-000141886 - Reflected XSS vulnerability in Portal for ArcGIS.
- BUG-000140748 - In ArcGIS Web AppBuilder, the Analysis widget containing the Find Nearest analysis tool returns an error that the tool is not configured.
- BUG-000140596 - The full bar chart legend is not displayed in the Map Viewer for 10.8.1 map services.
- BUG-000139417 - Uploading item to Portal for ArcGIS fails when the item size requires multipart upload and content directory is in Azure Blob storage.
- BUG-000139382 - Embedded Portal configurable apps fail to load on a browser with 'Block third-party cookies' enabled.
- BUG-000139216 - Privilege escalation vulnerability in Portal for ArcGIS.
- BUG-000139021 - In a web application created using Web AppBuilder, unable to query related table from Query Widget.
- BUG-000138825 - The Web Scene Viewer in ArcGIS Enterprise 10.8.1 does not honor the default values for the vertex count of an IntegratedMesh I3S 1.7 layer and fails to load the content.
- BUG-000138525 - Reflected XSS vulnerability in Portal for ArcGIS.
- BUG-000138486 - HTML injection vulnerability in Portal for ArcGIS.
- BUG-000137735 - The allowedProxyHosts property is not fully honored in ArcGIS Enterprise.
- BUG-000137733 - Reflected XSS vulnerability in Portal for ArcGIS.
- BUG-000137142 - When creating a new StoryMap app, an unnecessary HTTP 404 response is returned that can cause issues in some fire-walled environments.
- BUG-000136544 - Reflected XSS vulnerability in Portal for ArcGIS.
- BUG-000136493 - Stored cross-site scripting issue in Portal for ArcGIS.
- BUG-000136356 - The Filter widget in ArcGIS Web AppBuilder resets the 'Ask for Value' check box when two or more expressions are added.
- BUG-000136352 - Legend info in the Portal for ArcGIS 10.8.1 Map Viewer misses the histogram chart for a published map service with a bar chart symbol.
- BUG-000136210 - Reflected XSS vulnerability in Portal for ArcGIS.
- BUG-000136090 - Group membership not updated when two portal groups are linked to the same SAML enterprise group.
- BUG-000136041 - ArcGIS Enterprise portal members with custom roles should be able to delete their own services when the role includes administrative privileges such as 'View all members' and publisher privileges.
- BUG-000136016 - Unable to select Existing surveys using the Survey Widget in Experience Builder on Portal for ArcGIS.
- BUG-000135726 - Code injection issue in Portal for ArcGIS.
- BUG-000135044 - Block custom roles with the admin update privilege from updating the password of default.
- BUG-000134926 - Unvalidated redirect issue in the ArcGIS Enterprise portal sign in page.
- BUG-000134458 - In some environments, the standby portal does not rejoin successfully.
- BUG-000134077 - The OAuth Authorization code granted with Proof Key for Code Exchange (PKCE) fails in ArcGIS Enterprise 10.8.1
- BUG-000134014 - XSS filter encodes valid HTML tags that were supported in earlier releases.
- BUG-000133257 - There is a stored cross-site scripting (XSS) vulnerability in ArcGIS API for JavaScript.
- BUG-000133255 - Portal for ArcGIS system properties are not properly encrypted.
- BUG-000133143 - Unable to configure email settings for ArcGIS Enterprise if fromEmailAddress parameter contains a hyphen in the domain section of the address (e.g. test@esri-1.com).
- BUG-000133077 - Firefly, Government, Public Safety symbol sets owned by esri_en are not shared with Esri Symbols Group.
- BUG-000131991 - Reflected cross-site scripting (XSS) in the home application.
- BUG-000131701 - Configurable parameters are not saved in ArcGIS Online and ArcGIS Enterprise.
- BUG-000131521 - Only 10 layers downloaded using Screening widget 'Download' function in Chrome and Edge.
- BUG-000130954 - When attribute filters are applied to the Attribute Table widget in the Web AppBuilder for ArcGIS Enterprise Portal, and a large number of records are in the filtered results, the CSV export does not honor the filters.
- BUG-000130783 - Server Side Request Forgery (SSRF) vulnerability in Portal for ArcGIS.
- BUG-000129529 - When members login to the ArcGIS Enterprise portal, their last login date reported on the Members tab of the Organization page is not consistently updated.
- BUG-000128134 - Exporting a CSV file from the Query widget in Portal for ArcGIS exports coded values rather than the descriptions.
Installing this patch on Windows
On Windows, the release date order of the patches does not matter when installing multiple patches. If an older patch is installed after a newer patch, the newer patch takes precedence and the fixes from the newer patch will remain. The ArcGIS Enterprise Patch Notification tool, when the option to install all available patches is activated, installs multiple patches in order of release date starting with oldest to newest.
The ArcGIS product listed in the table must be installed on your system before you can install a patch. Each patch setup is specific to the ArcGIS product in the list. To determine which products are installed on your system, please see the How to identify which ArcGIS products are installed section. Esri recommends that you install the patch for each product that is on your system.
Step 1: Download the appropriate file to a location other than your ArcGIS installation location.
ArcGIS Enterprise 11.2 | |
Portal for ArcGIS | ArcGIS-112-PFA-SEC2024U2-Patch.msp |
Checksum (SHA256) |
61FC14C824540375D1776CFF36E2A3330F4EAB2BAD5A9558D729ADF8C27D2452 |
ArcGIS Enterprise 11.1 | |
Portal for ArcGIS | ArcGIS-111-PFA-SEC2024U2-Patch.msp |
Checksum (SHA256) |
E3D59301B5C5E8A11B2F498FD546AD9078D426A0625D16E797794FBD6E7BA57E |
ArcGIS Enterprise 10.9.1 | |
Portal for ArcGIS | ArcGIS-1091-PFA-SEC2024U2-Patch.msp |
Checksum (SHA256) |
93D269457476DDD0C2226BFB42A5B7B713C74B11CCB5A4124A2029DFB8623FA1 |
ArcGIS Enterprise 10.8.1 | |
Portal for ArcGIS | ArcGIS-1081-PFA-SEC2024U2-Patch.msp |
Checksum (SHA256) |
D288FD34C7682BF9DD00CD9D0813C4AC6AE69327A9EAC5BB3DCA50D611BA4BC9 |
Step 2: Make sure you have write access to your ArcGIS installation location.
Step 3: Double-click ArcGIS-<Version>-PFA-SEC2024U2-Patch. msp to start the setup process.
NOTE: If double clicking on the msp file does not start the setup installation, you can start the setup installation manually by using the following command:
msiexec.exe /p [location of Patch]\ArcGIS-<Version>-PFA-SEC2024U2-Patch. msp
Step 4: As a best practice, clear the browser cache and re-launch the browser after installing the patch.
Installing this patch on Linux
On Linux, the release date order of the patches matters when installing multiple patches. If an older patch is installed after a newer patch, the older patch will replace the newer patch and the fixes in the newer patch will be removed. The ArcGIS Enterprise Patch Notification tool, when the option to install all available patches is activated, installs multiple patches in order of release date starting with oldest to newest.
Complete the following install steps as the ArcGIS Install owner. The Install owner is the owner of the arcgis folder.
The ArcGIS product listed in the table must be installed on your system before you can install a patch. Each patch setup is specific to the ArcGIS product in the list. To determine which products are installed on your system, please see the How to identify which ArcGIS products are installed section. Esri recommends that you install the patch for each product that is on your system.
Step 1: Download the appropriate file to a location other than your ArcGIS installation location.
ArcGIS Enterprise 11.2 | |
Portal for ArcGIS | ArcGIS-112-PFA-SEC2024U2-Patch-linux.tar |
Checksum (SHA256) |
A189E2FC3F72930573F8127932917B787B7FEB1B592BBDAD375613916D281167 |
ArcGIS Enterprise 11.1 | |
Portal for ArcGIS | ArcGIS-111-PFA-SEC2024U2-Patch-linux.tar |
Checksum (SHA256) |
CCF67A3C6171921765A8FF3CB8586923CCB660511EBBC7BB3F47F6021D595E4F |
ArcGIS Enterprise 10.9.1 | |
Portal for ArcGIS | ArcGIS-1091-PFA-SEC2024U2-Patch-linux.tar |
Checksum (SHA256) |
CD49FADF0005AC27AD93A48A1191E78FC6DBC6278FFFBF1745CF6687DDD99984 |
ArcGIS Enterprise 10.8.1 | |
Portal for ArcGIS | ArcGIS-1081-PFA-SEC2024U2-Patch-linux.tar |
Checksum (SHA256) |
5ED94FE2FC3B3AB753C017DEA3CDF045B3867C18D29BB25AA936B9D6572B7189 |
Step 2: Make sure have write access to your ArcGIS installation location, and that no one is using ArcGIS.
Step 3: Extract the specified tar file by typing:
% tar -xvf ArcGIS-<Version>-PFA-SEC2024U2-Patch-linux.tar
Step 4: Start the installation by typing:
% ./applypatch
This will start the dialog for the menu-driven installation procedure. Default selections are noted in parentheses ( ). To quit the installation procedure, type 'q' at any time.
Step 5: As a best practice, clear the browser cache and re-launch the browser after installing the patch.
Uninstalling this patch on Windows
To uninstall this patch on Windows, open the Windows Control Panel and navigate to installed programs. Make sure that "View installed updates" (upper left side of the Programs and Features dialog) is active. Select the patch name from the programs list and click Uninstall to remove the patch.
Uninstalling this patch on Linux
To remove this patch, navigate to the <Product Installation Directory>/.Setup/qfe directory and run the following script as the ArcGIS Install owner:
./removepatch.sh
The removepatch.sh script allows you to uninstall previously installed patches or hot fixes. Use the -s status flag to get the list of installed patches or hot fixes ordered by date. Use the -q flag to remove patches or hot fixes in reverse chronological order by date they were installed. Type removepatch -h for usage help.
Restart your ArcGIS services.
How to identify which ArcGIS products are installed
To determine which ArcGIS products are installed, choose the appropriate version of the PatchFinder utility for your environment and run it from your local machine. PatchFinder will list all products, hot fixes, and patches installed on your local machine.
Get help from ArcGIS experts
Download the Esri Support App