I'd applied Esri remedy scripts to mitigate Log4j Vulnerabilities in December 2021. Esri released Log4j Vulnerabilities patches for Portal, Server and Data Store in February 2022. I'm curious whether we have to reapply these Log4j patches since we had already applied Esri remedy scripts.
The python scripts from December where designed to help remove the initial threat, but the patches released in February go back and permanently fix the issue by updating the affected files to the latest secured version of Log4j. It's highly recommended to apply the patches, regardless of running the mitigation scripts.
The python scripts from December where designed to help remove the initial threat, but the patches released in February go back and permanently fix the issue by updating the affected files to the latest secured version of Log4j. It's highly recommended to apply the patches, regardless of running the mitigation scripts.
The machine does not need to be restarted, but the Enterprise site will be down for a moment while they install. It would be best to install them outside of business hours, to minimize disruption
I installed the log4jpatch on a server using AGS Enterprise Patch Notifiication some time ago and under Installed Patches it shows up as installed, yet the Log4j patch also appears under Available Updates.
As such has this patch been updated so it needs to be installed again?
If so, how can I tell the most recent patch has been applied as opposed to the original patch?
The updated Log4j patch corrects an issue with AWS ArcGIS Server deployments. You can install it again, it won't harm anything, but if you don't have an AWS deployment it's not critical. It will say Log4j Patch B, after it's installed
