Is ArcGIS Desktop affected by the Log4j vulnerability? According to the blog post from Randall Williams (quoted below), ArcGIS Pro should be safe, so I assume ArcMap, etc. would be as well. Would like an official comment, please.
Recent releases of ArcGIS Pro contain Log4j but are not known to be exploitable as the software does not listen for remote traffic.
Can Esri specify which releases of ArcPro specifically include the Log4j file?