Log4Shell Vulnerability and ArcGIS Products
The Log4Shell vulnerabilities (CVE-2021-44228, CVE-2021-45046) are critical security vulnerabilities in version 2 of the Apache Log4j library. This library is widely used across many software products from many vendors, including Esri products. Esri is actively engaged on this evolving topic.
Esri has published a blog post on the ArcGIS Trust Center that reflects the currently available information for all ArcGIS products, including ArcGIS Online, ArcGIS Pro, and ArcGIS Enterprise. This blog is your go-to resource as Esri addresses the Log4Shell vulnerabilities, and it will be updated regularly as new information and guidelines are made available.
If you have additional questions after reviewing this guidance, please contact Esri China (HK) Technical Support via firstname.lastname@example.org or 37685909.