中文

Portal for ArcGIS Security 2021 Update 1 Patch

摘要

This security patch addresses multiple security vulnerabilities found in the Portal for ArcGIS component of ArcGIS Enterprise.

说明

Esri® announces the Portal for ArcGIS Security 2021 Update 1 Patch. Esri recommends that all customers using ArcGIS Enterprise 10.9, 10.8.1, 10.8, 10.7.1, 10.6.1, and 10.6 apply this patch to Portal for ArcGIS. This patch deals specifically with the issue listed below under Issues Addressed with this patch.

This security patch is cumulative and includes several security and non-security related fixes from earlier patches that are also listed below under Issues Addressed with this patch

Portal for ArcGIS Security 2021 Update 1 Patch is a required patch. All future patches will require that the Portal for ArcGIS Security 2021 Update 1 Patch be installed first. On Windows, Portal for ArcGIS Security 2021 Update 1 Patch cannot be uninstalled, the usual Uninstall in the Windows Control Panel is disabled. On Linux, the uninstall is not blocked but not advisable as the patch is a prerequisite for future patches.

Important Note about SAML changes: This patch introduces updates for SAML that may result in failures when attempting to log in. If you are utilizing SAML, please refer to this article for AD FS and this article for Shibboleth for guidance on what changes you may need to make to how SAML is configured. These changes to your SAML configuration can be made before or after installing this patch.

Issues Addressed with this patch


To avoid conflicts the 10.9 version of this patch also addresses:
  • BUG-000139095 - Scheduled updates for shared pages in ArcGIS Insights fail to run causing tasks to remain in a scheduled state and eventually fail.
To avoid conflicts the 10.8.1 version of this patch also addresses:
  • BUG-000139382 - Embedded Portal configurable apps fail to load on a browser with 'Block third-party cookies' enabled.
  • BUG-000138825 - The Web Scene Viewer in ArcGIS Enterprise 10.8.1 does not honor the default values for the vertex count of an IntegratedMesh I3S 1.7 layer and fails to load the content.
  • BUG-000137142 - When creating a new StoryMap app, an unnecessary HTTP 404 response is returned that can cause issues in some fire-walled environments.
  • BUG-000136356 - The Filter widget in ArcGIS Web AppBuilder resets the 'Ask for Value' check box when two or more expressions are added.
  • BUG-000136352 - Legend info in the Portal for ArcGIS 10.8.1 Map Viewer misses the histogram chart for a published map service with a bar chart symbol.
  • BUG-000136041 - ArcGIS Enterprise portal members with custom roles should be able to delete their own services when the role includes administrative privileges such as 'View all members' and publisher privileges.
  • BUG-000135044 - Block custom roles with the admin update privilege from updating the password of default.
  • BUG-000134926 - Unvalidated redirect issue in the ArcGIS Enterprise portal sign in page.
  • BUG-000134458 - In some environments, the standby portal does not rejoin successfully.
  • BUG-000134077 - The OAuth Authorization code granted with Proof Key for Code Exchange (PKCE) fails in ArcGIS Enterprise 10.8.1
  • BUG-000134014 - XSS filter encodes valid HTML tags that were supported in earlier releases.
  • BUG-000133143 - Unable to configure email settings for ArcGIS Enterprise if fromEmailAddress parameter contains a hyphen in the domain section of the address (e.g. test@esri-1.com).
  • BUG-000133077 - Firefly, Government, Public Safety symbol sets owned by esri_en are not shared with Esri Symbols Group.
  • BUG-000131991 - Reflected cross-site scripting (XSS) in the home application.
  • BUG-000131701 - Configurable parameters are not saved in ArcGIS Online and ArcGIS Enterprise.
To avoid conflicts the 10.8 version of this patch also addresses:
  • BUG-000132747 - Changing the symbology style for a map image layer through Portal for ArcGIS map viewer causes the date field to disappear from the fields list in the Filter option.
  • BUG-000128084 - A distributed collaboration participant is unable to import items created in ArcGIS Insights, such as workbooks, pages, and models, using ArcGIS Online or ArcGIS Enterprise 10.8.
To avoid conflicts the 10.7.1 version of this patch also addresses:
  • BUG-000139021 - In a web application created using Web AppBuilder, unable to query related table from Query Widget.
  • BUG-000134926 - Unvalidated redirect issue in the ArcGIS Enterprise portal sign in page.
  • BUG-000133255 - Portal for ArcGIS system properties are not properly encrypted.
  • BUG-000132449 - Portal proxy does not fully honor allowedProxyHosts parameter.
  • BUG-000132379 - The image display settings configured for an imagery layer in ArcGIS Enterprise are not saved.
  • BUG-000132362 - The webgisdr utility should be updated to expect the response from Portal for ArcGIS's exportSite operation when items are missing from the items directory.
  • BUG-000132361 - When the Portal for ArcGIS service is shutting down, there's a chance that internal processes can become orphaned.
  • BUG-000132359 - Unable to make proxy requests to an external url after applying the PFA Security 2020 Update 1 Patch.
  • BUG-000132357 - Reflected XSS vulnerability in Portal for ArcGIS.
  • BUG-000132356 - Reflected XSS vulnerability in Portal for ArcGIS.
  • BUG-000132353 - XXE and SSRF vulnerability in Portal for ArcGIS.
  • BUG-000132351 - Uncontrolled resource exhaustion issue in Portal for ArcGIS.
  • BUG-000132292 - When Portal for ArcGIS is highly available, if the original portal machine that was installed first is shutdown, index operations will fail.
  • BUG-000131521 - Only 10 layers downloaded using Screening widget 'Download' function in Chrome and Edge.
  • BUG-000129924 - Portal for ArcGIS 10.7.1 High Availability Licensing Patch is preventing the Edit widget from editing the related tables
  • BUG-000129821 - After installing the Portal for ArcGIS 10.7.1 High Availability Licensing Patch, the Portal Home Application, or components of it such as the App Switcher, may hang or fail to load after simultaneous requests are made for Integrated Windows Authentication (IWA) users.
  • BUG-000129710 - Portal for ArcGIS has an XML external entity (XXE) vulnerability.
  • BUG-000128938 - Analysis Derive New Locations fails to run in the Analysis widget.
  • BUG-000128634 - Unable to create a backup of the portal if an item is missing from the content directory
  • BUG-000128486 - After sharing a map from ArcGIS Pro with two layers as referenced and editable, users are unable to open the Smart Editor widget from the pop-up because the Options button is disabled.
  • BUG-000128438 - Unable to save the query widget results from Web AppBuilder for ArcGIS when Portal for ArcGIS is configured with Public Key Infrastructure (PKI) or Integrated Windows Authentication (IWA).
  • BUG-000128193 - Cross-site request forgery (CSRF) vulnerability in Portal for ArcGIS.
  • BUG-000128134 - Exporting a CSV file from the Query widget in Portal for ArcGIS exports coded values rather than the descriptions.
  • BUG-000128058 - Portal for ArcGIS has a Server Side Request Forgery (SSRF) security vulnerability.
  • BUG-000128038 - Delay in Portal for ArcGIS permitting access to secured content within a group for new Enterprise members who login using Integrated Windows Authentication (IWA).
  • BUG-000127934 - Attributes are not shown completely in pop-up window when an image service with a raster function template to symbolize the data is published to ArcGIS Server, and added to Portal Scene Viewer.
  • BUG-000127472 - Stored XSS in Web AppBuilder.
  • BUG-000126709 - When an image service with raster function template to symbolize data is published to ArcGIS Server and added to Portal Map Viewer, attributes are not shown completely in pop-up window.
  • BUG-000126332 - Token is removed from cookie when Integrated Windows Authenticated users click the Scene tab in a Portal that has disabled anonymous access.
  • BUG-000126259 - Feature server layers do not consistently appear in the drop-down list of possible layers to perform analysis in Portal for ArcGIS.
  • BUG-000126198 - Primary & Standby Portals are no longer accessible after pg_hba.conf entries get commented out.
  • BUG-000126166 - Failover in a highly available portal will result in "Failed to get current license information. This connection has been closed" errors in the logs.
  • BUG-000126009 - When using the Attribute Table widget in the Web AppBuilder for ArcGIS to select many attributes in the table, only 150 attributes are selectable.
  • BUG-000125961 - In Portal for ArcGIS 10.7.1, if a layer has related records and a copy is created, the related records do not appear in pop-ups for the copied layer.
  • BUG-000125434 - A geoprocessing service with the GPDataFile input type does not provide the option to upload a file in the Web AppBuilder for ArcGIS geoprocessing widget in Portal for ArcGIS 10.7.1.
  • BUG-000125332 - Unable to set the role of ArcGIS Server to federated server with restricted publishing in ArcGIS Enterprise deployment.
  • BUG-000125033 - Users signed in through Integrated Windows Authentication (IWA) cannot search for layers under My Organization in Map Viewer.
  • BUG-000124953 - Portal for ArcGIS application information exposure.
  • BUG-000124785 - After failover, if an incremental backup is requested but a full hasn't been run, run a full backup instead of incremental
  • BUG-000124739 - The Smart Editor option is unavailable in the Web AppBuilder for ArcGIS pop-up, if the layer is shared from ArcGIS Pro as a reference and is editable in the web map.
  • BUG-000124317 - Improper server side validation of uploaded file types.
  • BUG-000124011 - Web AppBuilder for ArcGIS in Portal for ArcGIS does not display results when clicking 'Show more results' in the Search widget.
  • BUG-000123692 - Stored XSS in Portal for ArcGIS Map Viewer.
  • BUG-000123690 - Reflected cross-site scripting (XSS) in the Portal for ArcGIS home application. CVSS 3.0 Base Score: 5.4 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
  • BUG-000123331 - The Attribute Table widget does not show related records consistently.
  • BUG-000123137 - Database transaction logs are retained on standby when running the DR tool.
  • BUG-000122662 - Include the userinfo folder during a backup .
  • BUG-000122011 - Unable to disable the My Location widget in ArcGIS Online Web AppBuilder for ArcGIS if the 'Watch for location changes' option is checked.
  • BUG-000121820 - Multiple Query widgets in the same Web AppBuilder for ArcGIS app do not work.
  • BUG-000119150 - When a field contains a Range Domain, values do not appear in the Attribute Table widget in Web App Builder
  • BUG-000117333 - The promote.dat file in the primary and standby portals causes constant creation of db snapshots in the standby arcgisportal folder.
  • BUG-000116557 - The selected features do not honor the Attribute Table widget filter in Portal for ArcGIS 10.7.1 Web AppBuilder.
  • BUG-000116405 - Portal for ArcGIS export site operation fails if the content directory path syntax utilizes forward slashes instead of back slashes.
  • BUG-000116343 - In Web AppBuilder for ArcGIS, the Group Filter widget pane is cut off when the German-Deutsch language is set in the ArcGIS Online account.
  • BUG-000116089 - The Web AppBuilder for ArcGIS Query widget filter expression is configured to only show 'Values filtered by previous expressions' lists all unique values instead of a filtered set when the previous expression is configured from the Group Filter widget.
  • ENH-000123305 - Include relationship name along with table name to better distinguish different relationships on the same table.
To avoid conflicts the 10.6.1 version of this patch also addresses:
  • BUG-000136840 - SSRF vulnerability in Portal for ArcGIS.
  • BUG-000133255 - Portal for ArcGIS system properties are not properly encrypted.
  • BUG-000132452 - Reflected XSS in Portal for ArcGIS Home app.
  • BUG-000132449 - Portal proxy does not fully honor allowedProxyHosts parameter.
  • BUG-000132362 - The webgisdr utility should be updated to expect the response from Portal for ArcGIS's exportSite operation when items are missing from the items directory.
  • BUG-000132359 - Unable to make proxy requests to an external url after applying the Portal for ArcGIS Security 2020 Update 1 Patch.
  • BUG-000132357 - Reflected XSS vulnerability in Portal for ArcGIS.
  • BUG-000132356 - Reflected XSS vulnerability in Portal for ArcGIS.
  • BUG-000132353 - XXE and SSRF vulnerability in Portal for ArcGIS.
  • BUG-000132351 - Uncontrolled resource exhaustion issue in Portal for ArcGIS.
  • BUG-000132292 - When Portal for ArcGIS is highly available, if the original portal machine that was installed first is shutdown, index operations will fail.
  • BUG-000129710 - Portal for ArcGIS has an XML external entity (XXE) vulnerability.
  • BUG-000128634 - Unable to create a backup of the portal if an item is missing from the content directory
  • BUG-000128193 - Cross-site request forgery (CSRF) vulnerability in Portal for ArcGIS.
  • BUG-000128058 - Portal for ArcGIS has a Server Side Request Forgery (SSRF) security vulnerability.
  • BUG-000127472 - Stored XSS in Web AppBuilder.
  • BUG-000127276 - When accessing a secured service from a federated Server through Map Viewer or Web AppBuilder in Portal for ArcGIS 10.6.1 using IWA, the service token fails to regenerate automatically and causes the service to become blank when the token expires.
  • BUG-000126198 - Primary & Standby Portals are no longer accessible after pg_hba.conf entries get commented out.
  • BUG-000124953 - Portal for ArcGIS application information exposure
  • BUG-000124785 - After failover, if an incremental backup is requested but a full hasn't been run, run a full backup instead of incremental
  • BUG-000124382 - After allowing Google Chrome to save your account details, the 'Add Item' > 'From the web' option displays the error 'The service type is not valid'.
  • BUG-000123692 - Stored XSS in Portal for ArcGIS Map Viewer.
  • BUG-000123690 - Reflected cross-site scripting (XSS) in the Portal for ArcGIS home application. CVSS 3.0 Base Score: 5.4 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
  • BUG-000123331 - The Attribute Table widget does not show related records consistently.
  • BUG-000123137 - Database transaction logs are retained on standby when running the DR tool.
  • BUG-000123043 - Decrease the number of JavaScript files loaded when printing in the Portal map viewer.
  • BUG-000122662 - Include the userinfo folder during a backup .
  • BUG-000121732 - The custom basemap does not appear in the Web AppBuilder for ArcGIS Basemap widget although the group is set as the default in the Edit settings under Organization.
  • BUG-000121145 - Portal proxy does not fully validate allowedProxyHosts parameter.
  • BUG-000120392 - Smart Editor Widget Fails to Set Attribute Action Expressions in Portal for ArcGIS 10.6.1.
  • BUG-000120333 - Reflected cross-site scripting (XSS) in the Portal for ArcGIS home application.
  • BUG-000120300 - A publicly shared scene view prompts for authentication after 10 minutes of inactivity when using a scene service published to ArcGIS Enterprise 10.7 portal prerelease.
  • BUG-000120061 - Related data points to the same feature in Web AppBuilder for ArcGIS for Portal for ArcGIS when there are multiple relationships to the same feature class.
  • BUG-000119891 - Portal for ArcGIS profiles allow HTML injection (Only in 10.6.1, 10.5.1 and 10.4.1). CVSS 3.0 Base Score: 3.5 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
  • BUG-000117926 - Unable to synchronize collaboration workspaces when the guest participant's content directory uses a Cloud Store.
  • BUG-000117564 - Privilege escalation vulnerability
  • BUG-000117369 - Reflected cross-site scripting (XSS) in item URL
  • BUG-000117367 - Un-validated redirect in Portal for ArcGIS
  • BUG-000117333 - The promote.dat file in the primary and standby portals causes constant creation of db snapshots in the standby arcgisportal folder.
  • BUG-000116870 - Unable to share Insights Workbooks, Pages and Model items to Everyone.
  • BUG-000116734 - The Attribute Table widget selections are not consistently honored by the Edit widget.
  • BUG-000116687 - Temporal filters created from tool parameters in Portal for ArcGIS Map Viewer are incorrectly formatted and cause tool failures.
  • BUG-000116405 - Portal for ArcGIS export site operation fails if the content directory path syntax utilizes forward slashes instead of back slashes.
  • BUG-000116195 - Panning and zooming in the web maps on a touch screen device does not work in Google Chrome 68.x.
  • BUG-000115964 - The App Launcher becomes unavailable after the external content is disabled.
  • BUG-000115859 - When selecting line or polygon features for layers with pop-ups enabled, the selection symbology does not match the actual feature geometry.
  • BUG-000114004 - The Show Related Records option in the Attribute Table widget returns no records in the related table.
  • BUG-000112707 - Reflected cross-site scripting (XSS) in Portal for ArcGIS Home application.
  • BUG-000112342 - The webgisdr incremental restore fails when Geo Analytics Server is federated and registered with Portal as the Geo Analytics Server.
  • ENH-000123305 - Include relationship name along with table name to better distinguish different relationships on the same table.
  • ENH-000116621 - Add the ability to modify the maximum token expiration time of tokens generated to login to Portal for ArcGIS when using IDP-initiated logins.
To avoid conflicts the 10.6 version of this patch also addresses:
  • BUG-000130954 - When attribute filters are applied to the Attribute Table widget in the Web AppBuilder for ArcGIS Enterprise Portal, and a large number of records are in the filtered results, the CSV export does not honor the filters.
  • BUG-000130067 - An infinite number of requests are generated when viewing the attribute of a service with around one million features in ArcGIS Web AppBuilder.
  • BUG-000128058 - Portal for ArcGIS has a Server Side Request Forgery (SSRF) security vulnerability.
  • BUG-000123523 - The Attribute Table widget in ArcGIS Online does not display the ongoing process of loading features when the 'Filter by map extent' option is deselected.
  • BUG-000121222 - The Attribute widget in Web AppBuilder for ArcGIS does not return consistent records when exporting attribute to CSV for a feature layer with large records (millions) in Portal for ArcGIS.
  • BUG-000121145 - Portal proxy does not fully validate allowedProxyHosts parameter.
  • BUG-000117564 - Privilege escalation vulnerability.
  • BUG-000114738 - Internet Explorer 11 does not properly encode spaces in certain Portal request URLs, which causes the request to fail in Portal Linux 10.6
  • BUG-000109526 - The 'Filter' widget in WebApp Builder for ArcGIS does not honor the layer's date format setting.
  • ENH-000116621 - Add the ability to modify the maximum token expiration time of tokens generated to login to Portal for ArcGIS when using IDP-initiated logins.

Installing this patch on Windows


Installation Steps:


This patch should be installed on all Portal for ArcGIS installations related to the Portal for ArcGIS site.

The ArcGIS product listed in the table must be installed on your system before you can install a patch. Each patch setup is specific to the ArcGIS product in the list. To determine which products are installed on your system, please see the How to identify which ArcGIS products are installed section. Esri recommends that you install the patch for each product that is on your system.

  1. Download the appropriate file to a location other than your ArcGIS installation location.

  2. ArcGIS 10.9  
       
        Portal for ArcGIS ArcGIS-109-PFA-SEC2021U1-Patch.msp
         Checksum
         (SHA256)
    18A9467BDB7C53B254A74342A0FD0BABB5FC0424CD692AFC48C07BAA175E0408
       
    ArcGIS 10.8.1  
       
        Portal for ArcGIS ArcGIS-1081-PFA-SEC2021U1-Patch.msp
         Checksum
         (SHA256)
    93E5401FB269B6E3AD2CEBDE4BFA56347D130D91AC6285AB1C8EFAC8F1E0E928
       
    ArcGIS 10.8  
       
        Portal for ArcGIS ArcGIS-108-PFA-SEC2021U1-Patch.msp
         Checksum
         (SHA256)
    1DA687B07C52CD9A4AD56C034D87B7E939256E9E2DD2EB055BEAA374464D24C3
       
    ArcGIS 10.7.1  
       
        Portal for ArcGIS ArcGIS-1071-PFA-SEC2021U1-Patch.msp
         Checksum
         (SHA256)
    BCB4FB053597065FAC29A585BF52B31141BE83DF00E76F24483BEE6454092A0E
       
    ArcGIS 10.6.1  
       
        Portal for ArcGIS ArcGIS-1061-PFA-SEC2021U1-Patch.msp
         Checksum
         (SHA256)
    81236431A0F07478BF49F94F8D83BB3CC1FAA6E0D8E5645E1E1579D4F9C53189
       
    ArcGIS 10.6  
       
        Portal for ArcGIS ArcGIS-106-PFA-SEC2021U1-Patch.msp
         Checksum
         (SHA256)
    058C8E940EA819B74C5A994AB46F571B6171FE212140E250C98A6C8622C53684
       

  3. Make sure you have write access to your ArcGIS installation location.

  4. Double-click ArcGIS-<Version>-PFA-SEC2021U1-Patch.msp to start the setup process.

    NOTE: If double clicking on the MSP file does not start the setup installation, you can start the setup installation manually by using the following command:

    msiexec.exe /p [location of Patch]\ArcGIS-<Version>-PFA-SEC2021U1-Patch.msp


Installing this patch on Linux


Installation Steps:


Complete the following install steps as the ArcGIS Install owner. The Install owner is the owner of the arcgis folder. This patch should be installed on all Portal for ArcGIS installations related to the Portal for ArcGIS site.

The ArcGIS product listed in the table must be installed on your system before you can install a patch. Each patch setup is specific to the ArcGIS product in the list. To determine which products are installed on your system, please see the How to identify which ArcGIS products are installed section. Esri recommends that you install the patch for each product that is on your system.

  1. Download the appropriate file to a location other than your ArcGIS installation location.


    ArcGIS 10.9  
       
        Portal for ArcGIS ArcGIS-109-PFA-SEC2021U1-Patch-linux.tar
         Checksum
         (SHA256)
    94CA5F91DF63D16A627C3544D8E795293A7FE5C98B20133D7D51AF5AF0EB3D6E
       
    ArcGIS 10.8.1  
       
        Portal for ArcGIS ArcGIS-1081-PFA-SEC2021U1-Patch-linux.tar
         Checksum
         (SHA256)
    7C6BC058B1FB25F152C9AAA20CBD7BA94DCD02F3CC81CF0B4FA406A99A44D7AA
       
    ArcGIS 10.8  
       
        Portal for ArcGIS ArcGIS-108-PFA-SEC2021U1-Patch-linux.tar
         Checksum
         (SHA256)
    440D5F80EC7D9011B3D11699A5466193AF6E8250D51C3B84482855BEB7DF1DB4
       
    ArcGIS 10.7.1  
       
        Portal for ArcGIS ArcGIS-1071-PFA-SEC2021U1-Patch-linux.tar
         Checksum
         (SHA256)
    B3259FE1F288C7C022F4DC33DB8C7AFA73257ACE4E71D8BB084D342EFD35DBCB
       
    ArcGIS 10.6.1  
       
        Portal for ArcGIS ArcGIS-1061-PFA-SEC2021U1-Patch-linux.tar
         Checksum
         (SHA256)
    742E2AB3B0AB78DC065276EDC2A2AE68293993D2637399726EFE53A87CBD18FE
       
    ArcGIS 10.6  
       
        Portal for ArcGIS ArcGIS-106-PFA-SEC2021U1-Patch-linux.tar
         Checksum
         (SHA256)
    D57D3DBC57A298532309FD80860881B36D3CD5E536A47FB582BFAC6F5E967139
       
  2. Make sure you have write access to your ArcGIS installation location, and that no one is using ArcGIS.

  3. Extract the specified tar file by typing:

    % tar -xvf ArcGIS-<Version>-PFA-SEC2021U-Patch-linux.tar

  4. Start the installation by typing:

    % ./applypatch

    This will start the dialog for the menu-driven installation procedure. Default selections are noted in parentheses ( ). To quit the installation procedure, type 'q' at any time.

Uninstalling this patch on Windows


Portal for ArcGIS Security 2021 Update 1 Patch is a required patch that cannot be uninstalled. All future patches will require that the Portal for ArcGIS Security 2021 Update 1 Patch be installed first.


Uninstalling this patch on Linux


Portal for ArcGIS Security 2021 Update 1 Patch is a required patch. All future patches will require that the Portal for ArcGIS Security 2021 Update 1 Patch be installed first.

To remove this patch on versions 10.7 and higher, navigate to the <Product Installation Directory>/.Setup/qfe directory and run the following script as the ArcGIS Install owner:



./removepatch.sh

The removepatch.sh script allows you to uninstall previously installed patches or hot fixes. Use the -s status flag to get the list of installed patches or hot fixes ordered by date. Use the -q <QFE_ID> flag to remove patches or hot fixes in reverse chronological order by date they were installed. Type removepatch -h for usage help.

To remove this patch on 10.5.1 through 10.6.1, navigate to the /tmp directory and run the following script as the ArcGIS Install owner:

./patchremove

Restart your ArcGIS Server services

Notes: You can only remove the patch that was installed most recently.


Patch Updates

Check the Esri Support Downloads page periodically for the availability of additional patches. New information about this patch will be posted here.

November 22, 2021 The windows setup(s) of this patch have been updated with new digital signatures. This change addresses the possible install error:

A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

How to identify which ArcGIS products are installed

To determine which ArcGIS products are installed, choose the appropriate version of the PatchFinder utility for your environment and run it from your local machine. PatchFinder will list all products, hot fixes, and patches installed on your local machine.

Getting Help

Domestic sites, please contact Esri Technical Support at 1-888-377-4575, if you have any difficulty installing this patch. International sites, please contact your local Esri software distributor.