Community

Log4j in ArcGIS Desktop

1413
2
12-14-2021 06:16 AM
StephenRhea_NV5
by
Occasional Contributor
‎12-14-2021 06:16 AM

Is ArcGIS Desktop affected by the Log4j vulnerability? According to the blog post from Randall Williams (quoted below), ArcGIS Pro should be safe, so I assume ArcMap, etc. would be as well. Would like an official comment, please.

Recent releases of ArcGIS Pro contain Log4j but are not known to be exploitable as the software does not listen for remote traffic.

Tags (4)
2 Replies
cc_esri
by
New Contributor
‎12-15-2021 02:04 PM
Desktop does not have the Log4j 2 library installed so Desktop is not affected.
 
Pro DOES have the Log4j 2 library installed, but Pro does not listen for incoming traffic so Pro is not affected either
 
HOWEVER, lots of apps can use the Log4j 2 library, any user input type app for example. Thus, even if Desktop or Pro are safe, other applications on the client machine may use the Log4j 2 library and would be affected.  Check with your IT for these possibilities.
0 Kudos
LisaSingerman
by
New Contributor II
‎12-17-2021 07:47 AM

Can Esri specify which releases of ArcPro specifically include the Log4j file? 

0 Kudos