Good afternoon, is there any patches in the works or potential mitigation steps for the latest java log4j vulnerability (CVE-2021-44228)? I know that GeoEvent server uses log4j and can assume some other enterprise server's or portal potentially do as well. Any help would be appreciated in resolving this zero-day.
Solved! Go to Solution.
A quick filesystem search on a stand-alone ArcGIS Server installation shows numerous components using log4j. This won't just be about patching a file, but lots of files involving multiple components of multiple products. A not-so-happy holidays for Esri dev teams.
I found it here on my Portal for ArcGIS server:
The file is located in a 10.5.1 backup folder. I am currently running 10.8.1. Does it matter?
Sorry for the delayed reply. I see what you're saying, we made a backup when you upgraded. That's a backup in case your upgrade failed and you needed to bail out. I'd maybe archive it on an offline drive and just delete that directory.