Skip to Content

Security Alert



Log4Shell Vulnerability and ArcGIS Products

Important Security Update


The Log4Shell vulnerabilities (CVE-2021-44228, CVE-2021-45046) are critical security vulnerabilities in version 2 of the Apache Log4j library. This library is widely used across many software products from many vendors, including Esri products. Esri is actively engaged on this evolving topic.


Esri has published a blog post on the ArcGIS Trust Center that reflects the currently available information for all ArcGIS products, including ArcGIS Online, ArcGIS Pro, and ArcGIS Enterprise. This blog is your go-to resource as Esri addresses the Log4Shell vulnerabilities, and it will be updated regularly as new information and guidelines are made available.


Esri recommends that all ArcGIS customers review the blog.


ArcGIS Enterprise Log4j Security Patches Available


If you have additional questions after reviewing this guidance, please contact Esri China (HK) Technical Support via or 37685909.