ArcGIS Workflow Manager Security Update Patch


Esri® announces the ArcGIS Workflow Manager Server Security Update which addresses a security vulnerability where server information may be disclosed in certain error messages. Esri recommends customers using ArcGIS Workflow Manager Server 10.7, 10.6.1, 10.6, and 10.5.1 apply this patch.


This security patch is cumulative and includes security and non-security related fixes from earlier patches to ensure there are no conflicts. All issues addressed are listed below under Issues Addressed with this Patch.

Issues Addressed with this patch

To avoid conflicts, the 10.6.1 version also addresses:
  • BUG-000115160: Unable to Retrieve Portal users from Workflow Manager REST Endpoint When User is Logged In
To avoid conflicts, the 10.5.1 version also addresses:
  • BUG-000107567: Execute Step Option Disabled in Workflow Manager Server for a Step which Cannot be Skipped.
  • BUG- 000116384: The 'All Jobs' general query does not return any records.
  • BUG- 000115160: Unable to Retrieve Portal users from Workflow Manager REST Endpoint When User is Logged In.

Installing this patch on Windows

ArcGIS Server and ArcGIS Workflow Manager must be installed before installing this patch.

  1. Download the appropriate file to a location other than your ArcGIS installation location.
  2.   10.7 Checksum (Md5)
      WMXServer10.7_SecurityUpdate.msp 86bf01d88ffd19bf67d98805f78c159d
      10.6.1 Checksum (Md5)
      WMXServer10.6.1_SecurityUpdate.msp 9818a9e650d6a9cac3e69b64bb36c396
      10.6 Checksum (Md5)
      WMXServer10.6_SecurityUpdate.msp fad30fc42db2637e2b3570c1d9f9a515
      10.5.1 Checksum (Md5)
      WMXServer10.5.1_SecurityUpdate.msp 43cba051cfce555b61132977194c9500
  3. Make sure you have write access to your ArcGIS installation location.

  4. Double-click WMXServer<Version>_SecurityUpdate.msp to start the setup process.

    NOTE: If double clicking on the MSP file does not start the setup installation, you can start the setup installation manually by using the following command:

    msiexec.exe /p [location of Patch]\WMXServer<Version>_SecurityUpdate.msp

  5. Restart ArcGIS Server to apply the changes.

Patch Updates

Check the Patches and Service Packs page periodically for the availability of additional patches.

How to identify which ArcGIS products are installed

To determine which ArcGIS products are installed, choose the appropriate version of the PatchFinder utility for your environment and run it from your local machine. PatchFinder will list all products, hot fixes, and patches installed on your local machine.

Getting Help

Domestic sites, please contact Esri Technical Support at 1-888-377-4575, if you have any difficulty installing this patch. International sites, please contact your local Esri software distributor.