Log4j in ArcGIS Desktop

12-14-2021 06:16 AM
Labels (1)
Occasional Contributor

Is ArcGIS Desktop affected by the Log4j vulnerability? According to the blog post from Randall Williams (quoted below), ArcGIS Pro should be safe, so I assume ArcMap, etc. would be as well. Would like an official comment, please.

Recent releases of ArcGIS Pro contain Log4j but are not known to be exploitable as the software does not listen for remote traffic.

Tags (4)
2 Replies
New Contributor
Desktop does not have the Log4j 2 library installed so Desktop is not affected.
Pro DOES have the Log4j 2 library installed, but Pro does not listen for incoming traffic so Pro is not affected either
HOWEVER, lots of apps can use the Log4j 2 library, any user input type app for example. Thus, even if Desktop or Pro are safe, other applications on the client machine may use the Log4j 2 library and would be affected.  Check with your IT for these possibilities.
0 Kudos
New Contributor II

Can Esri specify which releases of ArcPro specifically include the Log4j file? 

0 Kudos