https://community.esri.com/t5/arcmap-questions/log4j-in-arcgis-desktop/m-p/1126468#M3272 <DIV class="">Desktop does not have the Log4j 2 library installed so Desktop is not affected.</DIV><DIV class="">&nbsp;</DIV><DIV class="">Pro DOES have the Log4j 2 library installed, but Pro does not listen for incoming traffic so Pro is not affected either</DIV><DIV class="">&nbsp;</DIV><DIV class="">HOWEVER, lots of apps can use the Log4j 2 library, any user input type app for example. Thus, even if Desktop or Pro are safe, other applications on the client machine may use the Log4j 2 library and would be affected.&nbsp; Check with your IT for these possibilities.</DIV> Wed, 15 Dec 2021 22:04:44 GMT cc_esri 2021-12-15T22:04:44Z https://community.esri.com/t5/arcmap-questions/log4j-in-arcgis-desktop/m-p/1125828#M3268 <P>Is ArcGIS Desktop affected by the Log4j vulnerability? According to <A href="https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/" target="_self">the blog post from Randall Williams</A> (quoted below), ArcGIS Pro should be safe, so I assume ArcMap, etc. would be as well. Would like an official comment, please.</P><BLOCKQUOTE><P>Recent releases of ArcGIS Pro contain Log4j but are not known to be exploitable as the software does not listen for remote traffic.</P></BLOCKQUOTE> Tue, 14 Dec 2021 14:16:43 GMT https://community.esri.com/t5/arcmap-questions/log4j-in-arcgis-desktop/m-p/1125828#M3268 tempStephenRhea_NV5 2021-12-14T14:16:43Z https://community.esri.com/t5/arcmap-questions/log4j-in-arcgis-desktop/m-p/1126468#M3272 <DIV class="">Desktop does not have the Log4j 2 library installed so Desktop is not affected.</DIV><DIV class="">&nbsp;</DIV><DIV class="">Pro DOES have the Log4j 2 library installed, but Pro does not listen for incoming traffic so Pro is not affected either</DIV><DIV class="">&nbsp;</DIV><DIV class="">HOWEVER, lots of apps can use the Log4j 2 library, any user input type app for example. Thus, even if Desktop or Pro are safe, other applications on the client machine may use the Log4j 2 library and would be affected.&nbsp; Check with your IT for these possibilities.</DIV> Wed, 15 Dec 2021 22:04:44 GMT https://community.esri.com/t5/arcmap-questions/log4j-in-arcgis-desktop/m-p/1126468#M3272 cc_esri 2021-12-15T22:04:44Z https://community.esri.com/t5/arcmap-questions/log4j-in-arcgis-desktop/m-p/1127175#M3281 <P>Can Esri specify which releases of ArcPro specifically include the Log4j file?&nbsp;</P> Fri, 17 Dec 2021 15:47:08 GMT https://community.esri.com/t5/arcmap-questions/log4j-in-arcgis-desktop/m-p/1127175#M3281 LisaSingerman 2021-12-17T15:47:08Z