Español

ArcGIS Server Security 2020 Update 1 Patch

Resumen

This security patch addresses a security vulnerability found in ArcGIS Server. Esri recommends that all customers using ArcGIS Server 10.4 through 10.7.1 apply this patch.

Descripción

Esri® announces the ArcGIS Server Security 2020 Update 1 Patch. Esri recommends that all customers using ArcGIS Server 10.4 through 10.7.1 apply this patch. This patch deals specifically with the issue listed below under Issues Addressed with this patch.

Note: Each version of this security patch is only cumulative of fixes previously released for the version it addresses. This means that each patch includes several security and non-security related fixes from earlier patches that are also listed below under Issues Addressed with this Patch such that the 10.4 version is cumulative of previous 10.4 patches, the 10.4.1 version is cumulative of previous 10.4.1 patches, and so on. It is highly recommended that users of ArcGIS Server 10.4, 10.5, 10.6, and 10.7 upgrade to the latest minor release in order to get a full set of available fixes for that release series.



Issues Addressed with this patch


  • BUG-000128060 - ArcGIS Server has a Server Side Request Forgery (SSRF) security vulnerability.
      CVSS 3.0 Base Score: 9.8 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • BUG-000127526 - Export Web Map task fails for ArcGIS Online basemaps and any service accessed through HTTPS.
      Note: This bug fix only applies to ArcGIS Server 10.7.1 on Linux environments.
To avoid conflicts the 10.7.1 version also addresses:
  • BUG-000127113 - Unable to connect to identity store using Asp.net using ArcGIS Server 10.7. or later after restarting the ArcGIS Server Windows service.
  • BUG-000125331 - CreateReplica with registerExistingData needs to account for service URLs with different machine names for hosted FS
  • BUG-000125044 - Hosted feature service has a stored cross-site scripting (XSS) vulnerability. (10.7.1 and 10.6.1 only)
      CVSS 3.0 Base Score: 4.6 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
  • BUG-000124991 - ArcGIS Server fails to fully import root or intermediate certificates. (10.7.1 only)
  • BUG-000124867 - When attempting to download a managed map area in Collector for ArcGIS, the download fails due to an error that occurs between ArcGIS Server and the ArcGIS Web Adaptor replica access.
  • BUG-000124827 - On a multiple-machine ArcGIS Server site that has one or more cached map services that have been consumed through ArcMap or a SOAP client, publishing a service or stopping/starting a service causes all services on the machines to restart.
  • BUG-000124576 - Starting a map service with a Java SOAP server object extension (SOE) enabled fails with the error "javax/xml/bind/JAXBException".
  • BUG-000124287 - Publishing fails because enterprise database registration fails, even though it appears to work on the UI. This could happen on a machine configuration that has multiple Network cards.
  • BUG-000123103 - ArcGIS Server improperly handles an incorrect CORS origin.
      CVSS 3.0 Base Score: 4.2 - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
  • BUG-000122285 - Scalability of 3D Scene Service is impeded by frequent reads/writes to the config store and directories.
  • BUG-000120535 - In the Operations Dashboard for ArcGIS serial chart in Portal for ArcGIS, sorting data by statistics in the Data Options configuration returns the warning message, "Cannot Access Data."
To avoid conflicts, the 10.7 version also addresses:
  • BUG-000122285 - Scalability of 3D Scene Service is impeded by frequent reads/writes to the config store and directories.
To avoid conflicts, the 10.6.1 version also addresses:
  • BUG-000126701 - Hosted services fail to restore if their associated view is alphabetically listed after the hosted service.
  • BUG-000126173 - GeoAnalytics Server doesn't support connections to Hadoop with Kerberos authentication when Hadoop's hadoop.rpc.protection property is set to "privacy" or "integrity".
  • BUG-000125044 - Hosted feature service has a stored cross-site scripting (XSS) vulnerability.
  • BUG-000124827 - On a multiple-machine ArcGIS Server site that has one or more cached map services that have been consumed through ArcMap or a SOAP client, publishing a service or stopping/starting a service causes all services on the machines to restart.
  • BUG-000124386 - Correct the order of operations during importSite.
  • BUG-000124326 - Renaming an SDO_Geometry feature class fails on Oracle 19c.
  • BUG-000124325 - Create Spatial Type fails on Oracle 19c.
  • BUG-000124079 - Running block adjustment on imagery collection the second time may fail with missing default elevation value.
  • BUG-000123103 - ArcGIS Server improperly handles an incorrect CORS origin.
  • BUG-000122285 - ArcGIS Enterprise 3D scene services deliver poor throughput and do not scale well across multiple GIS nodes.
  • BUG-000121595 - Occasional/Intermittent site creation and create service/Delete service issue with Server.
  • BUG-000120805 - ArcGIS Server has an access control issue.
  • BUG-000120195 - Failed to restore hosted services containing associated views.
  • BUG-000119801 - Sample fails when more than one mosaic datasets are input as input rasters.
  • BUG-000119759 - Improve the quality and performance of the Sample tool.
  • BUG-000119534 - Path Allocation produces incorrect results when the source characteristics are specified.
  • BUG-000119493 - Sink tool creates two unique values for sink regions that are diagonally connected. This is incorrect as diagonally connected sinks should be identified with a single unique value.
  • BUG-000119425 - The SummarizeRasterWithin and ConvertRasterToFeature tasks in ArcGIS Image Server crashes when trying to directly read an input image service collocated on a cloud raster store.
  • BUG-000119424 - Zonal Geometry as Table and Zonal Geometry tools generate incorrect results when a field other than value was used. In this case, the logic for calculating zonal geometry properties is not correct, and the software may crash.
  • BUG-000119423 - Watershed tool hangs when processing extent is set to a single cell catchment.
  • BUG-000119422 - Flow distance tool in modelbuilder does not display 'FlowDistanceType' parameter.
  • BUG-000119421 - Flow Distance tool produces NoData for majority of cells when input surface raster is not hydro conditioned.
  • BUG-000119419 - Euclidean Direction using high resolution data produces incorrect output.
  • BUG-000119323 - RasterToPolygon with "Create multipart features" enabled, locks the output for editing.
  • BUG-000118421 - If there are non-English characters in a connection string, the Copy Raster tool will return this error when importing a raster in an enterprise geodatabase, "ERROR 999999: Error executing function. No raster store is configured. Not running inside a server process. Failed to execute (CopyRaster).''
  • BUG-000117983 - Access control issue in the ArcGIS Server tile handler.
  • BUG-000117954 - Scene service should ignore certificate errors while consuming scene caches in scene viewer.
  • BUG-000117633 - In 10.6.1 and prior, the message bus platform service may not be initialized correctly in all environments.
  • BUG-000117372 - Cross-site scripting (XSS) in Server Admin api.
  • BUG-000116972 - Collector for ArcGIS (iOS) fails to submit photo attachments to hosted feature layers in ArcGIS Enterprise 10.6.1.
  • BUG-000116589 - Cost Path and Cost Path as Polyline with flow direction input for backlink raster is slow.
  • BUG-000116047 - Cost Path produces incorrect output when Flow Direction raster is used as input for distance and backlink raster.
  • BUG-000115799 - Vector Tile Layers hosted in ArcGIS Enterprise 10.6.1 do not overzoom successfully when viewed in the Map Viewer.
  • BUG-000115147 - When calling ITopologicalOperator::Buffer on a polygon, if the polygon is degenerated to a point, the buffer call crashes.
  • BUG-000113368 - Euclidean allocation, distance and direction tools are much slower in current version verses previous version of ArcMap.
  • BUG-000111075 - A feature service consumed in a GeoEvent Service fails to re-establish communication with the database once the database connection comes back after a communication failure.
  • BUG-000111075 - Service recycling after a DB connection failure does not happen for Feature Server.
  • BUG-000098315 - Sample return Null data, when input raster is Mosaic.
  • BUG-000096996 - ExtractMultiValuestoPoints, ExtractValuestoPoints returns error when the input points feature is a XY Event Layer.
To avoid conflicts, the 10.6 version also addresses:
  • BUG-000121862 - ArcGIS Server becomes unresponsive and consumes more than 90 percentage of cpu when there are a large number(many thousands) of Hosted services running in 10.6.0. fails.
  • BUG-000113291 - There is an improper access control issue in ArcGIS Server.
  • BUG-000112254 - Donut polygons are represented with polygons instead of 'holes' in Web Feature Service (WFS) services in ArcGIS Server 10.5.1.
  • BUG-000112146 - WFS GetFeature request with a BBOX Filter and two layers does not work.
  • BUG-000111713 - addToDefnition should allow adding layers that do not include WKID or SDESRID.
  • BUG-000111711 - Spatial Analysis tools should work with data in WKT-only spatial reference.
  • BUG-000111446 - WFS-T services can only be altered with a transaction with POST using WFS 2.0.0 syntax, even when forcing the version in the request to 1.1.0.
  • BUG-000111075 - A feature service consumed in a GeoEvent Service fails to re-establish communication with the database once the database connection comes back after a communication failure.
  • BUG-000110938 - EsriFieldTypeSingle behaves as an INT in WFS service published to ArcGIS Server 10.5.1.
  • BUG-000110388 - The ObjectID and GlobalID fields are not exposed in Web Feature Service (WFS) services in ArcGIS server 10.5.x.
  • BUG-000109738 - A Web Feature Service (WFS) displays a zero instead of a null value for the field attributes when queried through a browser.
  • BUG-000109619 - WFS fails to yield data using DescribeFeatureType when accented characters (i.e. A) are used in layer Names.
  • BUG-000109441 - The GetFeature service shows "Shape xsi:nil="true"" for a Web Feature Service (WFS) when the service has fields in the properties tab under "Table of Content" as invisible.
  • BUG-000102408 - WFS-T Inserts indicate success yet there's no point added.
  • NIM100766 - The date filter does not work with the Web Feature Service (WFS) GetFeature capability.
To avoid conflicts, the 10.5.1 version also addresses:
  • BUG-000126607 - If the first request to a cached map service does not include a valid input for the map name parameter, the service returns the 404 errors for all requests until the service is restarted and the first request is made with a valid input for the map name parameter.
  • BUG-000123103 - ArcGIS Server improperly handles an incorrect CORS origin.
  • BUG-000120805 - ArcGIS Server has an access control issue.
  • BUG-000119921 - The GetFeature request to WFS version 1.0.0 shows a comma instead of a space between coordinate pair in gml:boundedby tag.
  • BUG-000117983 - Access control issue in the ArcGIS Server tile handler.
  • BUG-000117372 - Cross-site scripting (XSS) in Server Admin api.
  • BUG-000117350 - Recycling sco process takes longer than checkConnectionInterval time in case of stale database connections.
  • BUG-000117026 - Unable to consume Web Map Services (WMS) published from an ArcGIS Server 10.5.1 with Security 2018 Update 1 Patch B installed, in ArcMap, if any of the layer names contains special characters.
  • BUG-000116172 - When stopping the ArcGIS Server Windows Service on a machine with more than 256 GB of RAM and hundreds of services, the ArcSOC.exe processes takes a long time to completely shut down.
  • BUG-000115772 - When utilizing the GetFeature URL query on a Web Map Service (WFS) containing more than 300,000 features, the query fails after trying to run indefinitely.
  • BUG-000115738 - After applying ArcGIS Server 10.5.1 Security 2018 Update 1 Patch, spatiotemporal point data from the ArcGIS Data Store cannot be displayed.
  • BUG-000113853 - Web Feature Service (WFS) filter "within" does not return any objects when used.
  • BUG-000113847 - SynchronizeReplica output delta to JSON: inserted attachment fails to export.
  • BUG-000113846 - Sync: JSON synchronizeReplica response lists serverGen twice.
  • BUG-000113845 - CreateReplica to JSON format returnAttachmentsDataByUrl=true does not return attachments by URL.
  • BUG-000113291 - There is a broken access control vulnerability in ArcGIS Server.
  • BUG-000112254 - Donut polygons are represented with polygons instead of 'holes' in Web Feature Service (WFS) services in ArcGIS Server 10.5.1.
  • BUG-000112146 - WFS GetFeature request with a BBOX Filter and two layers does not work.
  • BUG-000112081 - Multi-column unique value renderer fails to start if the first column is a long int.
  • BUG-000112080 - Account for replica in data sender state when syncing with versioned data.
  • BUG-000112079 - Make the replicaServerGen parameter required in sycnhronizeReplica for syncModel perReplica.
  • BUG-000112077 - Should not filter uploaded or server generated input delta file at the end of a versioned sync.
  • BUG-000112075 - Add diff cursor logging and code to account for data inconsistencies during sync download.
  • BUG-000112060 - The feature service createReplica operation ignores the datum transformation set on the feature service in 10.5.1.
  • BUG-000111738 - An invalid geometry is not detected when using ST_GEOMETRY (or any other ST Function) to create a polygon from a well-known text (WKT) that contains some invalid and valid polygons. ST_ASTEXT returns "EMPTY" upon this polygon as well.
  • BUG-000111446 - WFS-T services can only be altered with a transaction with POST using WFS 2.0.0 syntax, even when forcing the version in the request to 1.1.0.
  • BUG-000111075 - A feature service consumed in a GeoEvent Service fails to re-establish communication with the database once the database connection comes back after a communication failure.
  • BUG-000110938 - EsriFieldTypeSingle behaves as an INT in WFS service published to ArcGIS Server 10.5.1.
  • BUG-000110801 - Syncing with dataFormat = json returns the error "Failed to serialize delta gdb to JSON."
  • BUG-000110480 - Updates to server directory locations are sometimes not be applied to all services.
  • BUG-000110388 - The ObjectID and GlobalID fields are not exposed in Web Feature Service (WFS) services in ArcGIS server 10.5.x.
  • BUG-000109803 - Unable to delete polygon and polyline features in a Spatiotemporal Big Data Store feature service created in ArcGIS GeoEvent Server.
  • BUG-000109738 - A Web Feature Service (WFS) displays a zero instead of a null value for the field attributes when queried through a browser.
  • BUG-000109686 - Disabling SSL in RabbitMQ causes instability issues for GeoEvent Server.
  • BUG-000109619 - WFS fails to yield data using DescribeFeatureType when accented characters (i.e. A) are used in layer Names.
  • BUG-000109577 - Add support for NOT LIKE on queries with spatiotemporal based hosted feature services.
  • BUG-000109576 - Add support for upper and lower SQL functions on query with spatiotemporal based hosted feature services.
  • BUG-000109544 - ArcGIS GIS Server 10.5.1 Standard Overlay Layers analysis Tool fails with input line features that are results from the Join Features task of GeoAnalytics Tools of ArcGIS GeoAnalytics Server 10.5.1.
  • BUG-000109441 - The GetFeature service shows "Shape xsi:nil="true"" for a Web Feature Service (WFS) when the service has fields in the properties tab under "Table of Content" as invisible.
  • BUG-000109142 - GetFeature Request to Web Feature Service shows a comma instead of a space between coordinate pair in gml:boundedby tag only when defining the WFS version as 1.0.0.
  • BUG-000108709 - Using the operator in the first layer of a query in a WFS:getFeature request causes an exception in the response.
  • BUG-000108365 - An XML POST request of a Web Feature Service (WFS) service is not accepted if PropertyName is used.
  • BUG-000108257 - The ArcGIS Enterprise Disaster Recovery and Replication workflow replaces the certificates in the standby environment with the certificates from the primary environment, which causes ArcGIS GeoEvent Server to fail to start.
  • BUG-000107477 - The GeoAnalytics Join Features tool fails on polygon to polygon joins with certain polygons.
  • BUG-000106500 - A feature class with hidden fields published to ArcGIS Server 10.5 as a Web Feature Service (WFS) shows incorrect values for the fields in the attribute table when added to ArcMap with a WFS server connection.
  • BUG-000106367 - Failure to correctly use Oracle based feature services
  • BUG-000106348 - Map and feature service published from the same geometric network returns different geometry when the query includes a transformation to a different coordinate system.
  • BUG-000106348 - Map and feature service published from the same geometric network returns different geometry when the query includes a transformation to a different coordinate system.
  • BUG-000106301 - Accessing secured map services through web-tier authentication with the ASP.NET identity store causes extended delays in response time on a regular basis.
  • BUG-000105936 - Set specific ports to use all machines for analysis in a GeoAnalytics Server behind a windows firewall.
  • BUG-000104739 - ArcGIS Server system tools are susceptible to cross-site scripting (XSS) attacks.
  • BUG-000104306 - When viewing data published from a federated ArcGIS Server in a Portal for ArcGIS 10.5 web map, the federated ArcGIS Server logs report the following severe-level messages even though the data is viewable and editable on the map: "Failed to return the service configuration 'Service_name.MapServer'. Server machine 'https://MACHINE_NAME.DOMAIN.COM:7443/arcgis/sharing/rest/content/items/' returned an error. 'Internal Server Error'"
  • BUG-000103341 - PrintingTools services do not display shapefiles during printing or when creating Portal thumbnails when Z-values are included.
  • BUG-000102408 - WFS-T Inserts indicate success yet there's no point added.
  • BUG-000102081 - A Web Feature Service (WFS) provided by ArcGIS GIS Server requires a flag to toggle between using field names rather than field aliases. Otherwise, the WFS To Geodatabase tool fails to complete correctly if field aliases are used.
  • BUG-000099496 - In ArcGIS Server Manager, map services hang at the 'Starting' state when there are many requests generated while the service is starting.
  • ENH-000117371 - Add an option to enforce encrypted communication between ArcGIS Server and Active Directory.
  • NIM100766 - The date filter does not work with the Web Feature Service (WFS) GetFeature capability.
To avoid conflicts, the 10.5 version also addresses:
  • BUG-000109345 - Stream services REST operations are not appending requesting user's token in a federated server.
  • BUG-000108436 - MapService loses timeExtent information on a mosaic layer when the data source is a PostgresSQL EGDB.
  • BUG-000107826 - In ArcGIS Server, updating the 'description' value of the iteminfo for a published service where the description contains hyperlinks will cause the hyperlinks to point to the REST endpoint of the service rather than the intended URL.
  • BUG-000107774 - The REST endpoint for image services incorrectly returns the same value for the Service Description and Description properties.
  • BUG-000106025 - In a multiple-machine ArcGIS Server site, hosted feature services created as a result of running analysis tools do not return correct information on every machine in the site.
  • BUG-000103115 - only address part of the problem. The upload problem to S3 is still not resolved until 10.5.1. The raster analysis workflow in AWS was not working on Linux at 10.5.
  • BUG-000102477 - When implementing a Server Object Interceptor (SOI) for a feature service, ServerUtilities.getServerUserInfo() returns empty values, but works as expected for a map service.
  • BUG-000102443 - Hosted feature layers created by GeoAnalytics tools will no longer be created with a maximum record limit of 10,000.
  • BUG-000102442 - ) - Alter hosted feature services that store data in spatiotemporal big data store to consume performance improvements from this issue: https://devtopia.esri.com/WebGIS/arcgis-online-java-mtsds/issues/500
  • BUG-000102441 - Hosted feature services with data hosted in a spatiotemporal big data store should return all IDs when a client requests IDs rather than returning only 10,000.
  • BUG-000102440 - "Database error" message is returned when paging queries the last page of a hosted feature service with data hosted in a spatiotemporal big data store. CR352391 /
  • BUG-000102437 - The Find Similar GeoAnalytics tool does not work with big data file shares as input.
  • BUG-000102436 - Join features tool fails on a multi-node GeoAnalytics Server when performing a join that uses temporal constraints.
  • BUG-000102285 - When editing a service in ArcGIS Server Manager, save the Item Description > Description value as part of the service configuration.
  • BUG-000102081 - A Web Feature Service (WFS) provided by ArcGIS GIS Server requires a flag to toggle between using field names rather than field aliases. Otherwise, the WFS To Geodatabase tool fails to complete correctly if field aliases are used.
  • BUG-000101256 - ArcGIS Enterprise analysis functions do not work if the hosting server's configuration store is stored in cloud storage.
  • BUG-000099496 - In ArcGIS Server Manager, map services hang at the 'Starting' state when there are many requests generated while the service is starting.
To avoid conflicts, the 10.4.1 version also addresses:
  • BUG-000123103 - ArcGIS Server improperly handles an incorrect CORS origin.
  • BUG-000120805 - ArcGIS Server has an access control issue.
  • BUG-000117983 - Access control issue in the ArcGIS Server tile handler.
  • BUG-000117372 - Cross-site scripting (XSS) in Server Admin api.
  • BUG-000113291 - There is an improper access control issue in ArcGIS Server.
  • BUG-000111987 - The hotfix, QFE-1041-S-363090, results in the Operations Dashboard bar chart widget displaying "no data" when viewed in the IE browser (version 11).
  • BUG-000110882 - Uploading SOE to Server causes Spatiotemporal Big Data Store hosted map service created in ArcGIS GeoEvent Server inaccessible.
  • BUG-000107200 - Executing the find operation on a spatiotemporal big data store map service at REST intermittently returns the error, "none.get".
  • BUG-000106939 - A map service published with a label expression using the Mid() function displays incorrect labels when viewed from ArcGIS Server's Rest JavaScript API.
  • BUG-000105602 - Query for date fields fail with an error, "Database error has occurred" for a Spatiotemporal Big Data Store feature service.
  • BUG-000105458 - ArcGIS Server does not honor the 'domainControllerAddress' setting in the security configuration.
  • BUG-000104739 - ArcGIS Server system tools are susceptible to cross-site scripting (XSS) attacks.
  • BUG-000103628 - The returnUpdates REST call does not return updated endTime to reflect data added after a service is published as a web feature layer from ArcGIS Pro.
  • BUG-000102477 - When implementing a Server Object Interceptor (SOI) for a feature service, ServerUtilities.getServerUserInfo() returns empty values, but works as expected for a map service.
  • BUG-000100536 - In ArcGIS for Server 10.4.1, the directional arrows of dimension feature classes published from ArcGIS for Desktop are rotated 180 degrees.
  • BUG-000099657 - Map service does not draw if shape length is used for labeling with standard label engine.
  • BUG-000099629 - Unable to upload files in ArcGIS Server Manager after updating the browser to Firefox 49 or Chrome 54.
  • BUG-000099496 - In ArcGIS Server Manager 10.4.1, map services hang at the 'Starting' state when there are many requests generated while the service is starting.
  • BUG-000099282 - Publishing a map document consisting of archived data from a registered database as a map service to ArcGIS for Server fails with the following error, "Error 001487: Failed to update the published service with the server-side data location."
  • BUG-000099099 - Updating the sharing option of a map service of a federated ArcGIS for Server to 'Everyone' from the ArcGIS Server Manager adds two map image layers to Portal for ArcGIS > My Content as items, if the map image layer has been moved to a subfolder in the Portal for ArcGIS My Content page.
  • BUG-000099098 - When a map image layer is moved to another folder in My Content on a federated portal, the sharing properties of the ArcGIS Server service is changed from Everyone to Private in ArcGIS Server Manager.
  • BUG-000099007 - When packaging a service definition, ArcGIS 10.4.1 Desktop mixes up feature classes with the same name from two different schema.
  • BUG-000098450 - Publishing a mosaic dataset stored in a shared location fails when ArcGIS for Server is a two-machine site accessing the configuration store and the directory at the shared location. The following warning message displays in the log, "The Layer: is invalid."
  • BUG-000098166 - When a layer has a join to a table in a custom workspace, attempting to publish as a map service fails and causes this warning in the ArcGIS Server logs: "The layer has an invalid join table."
  • BUG-000098119 - ArcGIS Server exposes internal information.
  • BUG-000097946 - Publishing a route event layer to ArcGIS 10.4.1 for Server fails when the source is a query layer based on an enterprise geodatabase table.
  • BUG-000096631 - When published as a map service, an enterprise database layer that contains nested joins is not accessible.
  • BUG-000096408 - Publishing a route event layer in ArcGIS for Server 10.4 fails with the error, "ERROR 001487: Failed to update the published service with the server-side data location."
  • BUG-000096292 - When the database view is joined to a definition query layer, the view fails to publish to ArcGIS Server and results in this error: "Failed to update the published service with the server-side data location."
  • BUG-000096129 - When publishing a map service containing a XY event layer that is created from an enterprise geodatabase table, the layer fails to publish and results in this error: "Error 001487: Failed to update the published service with the server-side data location."
  • BUG-000096129 - When publishing a map service containing a XY event layer that is created from an enterprise geodatabase table, the layer fails to publish and results in the following error, "Error 001487: Failed to update the published service with the server-side data location."
  • BUG-000096095 - The publishing process in version 10.4 and 10.4.1 of ArcGIS Server is much slower than in previous versions.
  • BUG-000095875 - When a layer has a join to a table in a file geodatabase or an enterprise geodatabase, attempting to publish as a map service fails and causes this warning in the ArcGIS Server logs: "The layer has an invalid join table."
  • BUG-000095194 - Feature service REST response periodically does not return full editing capabilities.
  • BUG-000094193 - When a server object interceptor (SOI) is enabled on an ArcGIS for Server feature service with the Sync capability, the Create Replica operation fails, which renders the feature service unusable for offline editing.
  • BUG-000093897 - Replicated data store displays incorrect data if the connection user has view access to multiple feature classes with the same name.
  • BUG-000093500 - After login, user is redirected to the Services Directory home page instead of URL from which login was attempted.
  • ENH-000117371 - Add an option to enforce encrypted communication between ArcGIS Server and Active Directory.
  • NIM089714 - When running two Server Object Extensions (SOEs) on the same server with the same property name, the value of the second SOE property is ignored.
To avoid conflicts, the 10.4 version also addresses:
  • BUG-000104306 - When viewing data published from a federated ArcGIS Server in a Portal for ArcGIS 10.5 web map, the federated ArcGIS Server logs report the following severe-level messages even though the data is viewable and editable on the map: "Failed to return the service configuration 'Service_name.MapServer'. Server machine 'https://MACHINE_NAME.DOMAIN.COM:7443/arcgis/sharing/rest/content/items/' returned an error. 'Internal Server Error'".
  • BUG-000098617 - Accessing hosted feature services from Portal for ArcGIS when it is federated generates ArcGIS Server log messages indicating that the credentials used are not adequate.
  • BUG-000098119 - ArcGIS Server exposes internal information.
  • BUG-000096631 - When published as a map service, an enterprise database layer that contains nested joins is not accessible.
  • BUG-000096292 - When the database view is joined to a definition query layer, the view fails to publish to ArcGIS Server and results in this error: "Failed to update the published service with the server-side data location."
  • BUG-000096129 - When publishing a map service containing a XY event layer that is created from an enterprise geodatabase table, the layer fails to publish and results in this error: "Error 001487: Failed to update the published service with the server-side data location."
  • BUG-000096129 - When publishing a map service containing a XY event layer that is created from an enterprise geodatabase table, the layer fails to publish and results in the following error, "Error 001487: Failed to update the published service with the server-side data location."
  • BUG-000096095 - The publishing process in version 10.4 and 10.4.1 of ArcGIS Server is much slower than in previous versions.
  • BUG-000095875 - When a layer has a join to a table in a file geodatabase or an enterprise geodatabase, attempting to publish as a map service fails and causes this warning in the ArcGIS Server logs: "The layer has an invalid join table."
  • BUG-000095679 - After creating an ArcGIS Server site with more than 250 service instances, a subsequent restart of ArcGIS Server windows service takes much longer than expected for all the service instances to come up correctly, which makes it difficult to guage when the services are ready for consumption.

Installing this patch on Windows


Installation Steps:


ArcGIS Server must be installed before installing this patch.

  1. Download the appropriate file to a location other than your ArcGIS installation location.

  2. ArcGIS 10.7.1   Checksum (Md5)
         
    ArcGIS Server ArcGIS-1071-S-SEC2020U1-Patch.msp 982C480061112E9BC7A3DAA299ECF5A2
         
    ArcGIS 10.7   Checksum (Md5)
         
    ArcGIS Server ArcGIS-107-S-SEC2020U1-Patch.msp 7938E635B73BC105CB603146825F291F
         
    ArcGIS 10.6.1   Checksum (Md5)
         
    ArcGIS Server ArcGIS-1061-S-SEC2020U1-Patch.msp 05C3D4F3F20485D1A487236598AEDA75
         
    ArcGIS 10.6   Checksum (Md5)
         
    ArcGIS Server ArcGIS-106-S-SEC2020U1-Patch.msp 91A125981C67334D716FF63C52092A24
         
    ArcGIS 10.5.1   Checksum (Md5)
         
    ArcGIS Server ArcGIS-1051-S-SEC2020U1-Patch.msp 6809EC48168AB5A2A76FE2C85E7B9F20
         
    ArcGIS 10.5   Checksum (Md5)
    The 10.5 version of the Server Security 2020 Update 1 Patch will not install using the patch notification tool. Please use the download link from this patch page to obtain the 10.5 version.      
    ArcGIS Server ArcGIS-105-S-SEC2020U1-Patch.exe 3BD0FB5974FF7DE6A21BE68736B26CC5
         
    ArcGIS 10.4.1   Checksum (Md5)
         
    ArcGIS Server ArcGIS-1041-S-SEC2020U1-Patch.msp 5F15EA660D76A6E5BAEB13D9E15D8DE8
         
    ArcGIS 10.4   Checksum (Md5)
         
    ArcGIS Server ArcGIS-104-S-SEC2020U1-Patch.msp 895348917F795C5EB11BB84357F39789
         

  3. Make sure you have write access to your ArcGIS installation location.

  4. Double-click ArcGIS-<Version>-S-SEC2020U1-Patch.msp to start the setup process.

    NOTE: If double clicking on the MSP file does not start the setup installation, you can start the setup installation manually by using the following command:

    msiexec.exe /p [location of Patch]\ArcGIS-<Version>-S-SEC2020U1-Patch.msp


Installing this patch on Linux


Installation Steps:


Complete the following install steps as the ArcGIS Install owner. The Install owner is the owner of the arcgis folder.

ArcGIS Server must be installed before installing this patch.

  1. Download the appropriate file to a location other than your ArcGIS installation location.


    ArcGIS 10.7.1   Checksum (Md5)
         
    ArcGIS Server ArcGIS-1071-S-SEC2020U1-Patch-linux.tar 094FE0140DDD76C586855857E950DA85
         
    ArcGIS 10.7   Checksum (Md5)
         
    ArcGIS Server ArcGIS-107-S-SEC2020U1-Patch-linux.tar CFBB26BD9E56869FCD614853AF42454D
         
    ArcGIS 10.6.1   Checksum (Md5)
         
    ArcGIS Server ArcGIS-1061-S-SEC2020U1-Patch-linux.tar 37748444FA4EF1925D33BD5715E719F7
         
    ArcGIS 10.6   Checksum (Md5)
         
    ArcGIS Server ArcGIS-106-S-SEC2020U1-Patch-linux.tar FA9FECCD07E3A8CB9CBC9997ACAA0F2E
         
    ArcGIS 10.5.1   Checksum (Md5)
         
    ArcGIS Server ArcGIS-1051-S-SEC2020U1-Patch-linux.tar 01366920282E4118004E2760B2D9EC56
         
    ArcGIS 10.5   Checksum (Md5)
         
    ArcGIS Server ArcGIS-105-S-SEC2020U1-Patch-linux.tar 3D305D5C4F7D3E572FB4DF56E8DE4173
         
    ArcGIS 10.4.1   Checksum (Md5)
         
    ArcGIS Server ArcGIS-1041-S-SEC2020U1-Patch-linux.tar B8003E98211CAC216086584B9A67EE4F
         
    ArcGIS 10.4   Checksum (Md5)
         
    ArcGIS Server ArcGIS-104-S-SEC2020U1-Patch-linux.tar 7C349E8C7AD54792DECF85AD4210CA08
         

  2. Make sure you have write access to your ArcGIS installation location, and that no one is using ArcGIS.

  3. Extract the specified tar file by typing:

    % tar -xvf ArcGIS-<Version>-S-SEC2020U1-Patch-linux.tar

  4. Start the installation by typing:

    % ./applypatch

    This will start the dialog for the menu-driven installation procedure. Default selections are noted in parentheses ( ). To quit the installation procedure, type 'q' at any time.

Uninstalling this patch on Windows


To uninstall this patch on Windows, open the Windows Control Panel and navigate to installed programs. Make sure that "View installed updates" (upper left side of the Programs and Features dialog) is active. Select the patch name from the programs list and click Uninstall to remove the patch.

Uninstalling this patch on Linux


Uninstalling this patch is only available on version 10.5.1 and higher.

To remove this patch on 10.5.1 through 10.6.1, navigate to the /tmp directory and run the following script as the ArcGIS Install owner:


./patchremove

Notes: You can only remove the patch that was installed most recently.

Restart your ArcGIS Server services


To remove this patch on versions 10.7 and higher, navigate to the /tmp directory and run the following script as the ArcGIS Install owner:



./removepatch.sh

The removepatch.sh script allows you to uninstall previously installed patches or hot fixes. Use the -s status flag to get the list of installed patches or hot fixes ordered by date. Use the -q flag to remove patches or hot fixes in reverse chronological order by date they were installed. Type removepatch -h for usage help.

Restart your ArcGIS services.


Patch Updates

Check the Patches and Service Packs page periodically for the availability of additional patches. New information about this patch will be posted here.

How to identify which ArcGIS products are installed

To determine which ArcGIS products are installed, choose the appropriate version of the PatchFinder utility for your environment and run it from your local machine. PatchFinder will list all products, hot fixes, and patches installed on your local machine.

Getting Help

Domestic sites, please contact Esri Technical Support at 1-888-377-4575, if you have any difficulty installing this patch. International sites, please contact your local Esri software distributor.