Hello Everyone,
We are currently using retired version of ArcGIS Server 10.2 and soon moving to 10.9.1
I have executed the mitigation script on the old version with the 'list' option and the scripts does not show me any results as attached. However, when run against latest 10.9.1 version, it gives me a list of files that would be modified.
I would like to know if someone using older version has observed the same behavior with the script ? Also, would like to know if the script will work for older version though it is not validated by Esri.
Thank you
Regards,
Naveen
The reason that the script won't list anything on your old (10.2.x) version is that it was released before Log4J 2.x.
Release date of ArcGIS 10.2.2 - April 15, 2014: Esri Support ArcGIS Server 10.2 (10.2.1, 10.2.2)
If you're upgrading to 10.9.1, then the old version will be effectively removed, and completely replaced by 10.9.1. Then there is only a need to run the scripts on the new version anyway.
I hope this helps.
Release date of log4j 2.x - July 2014: Log4j - Wikipedia
Thanks Scott. Any idea on the version of log4j is used in ArcGIS server 10.2.x versions?
Regards,
Naveen
It would have been the 1.x libraries, which were replaced because of a different security vulnerability altogether. I no longer have access to anything that is older than 10.6.1 as it's just too legacy, so I can't do anything to check sorry. I just strongly recommend you get away from 10.2.x as quickly as possible.