Security Alert
Information about Best Practices when using ArcGIS Online to Share Items and Survey Form to Public Access
We would like to draw your attention that if an organization has need to share ArcGIS Online Items or an ArcGIS Online Survey form to the public for collecting information from your target audience, it is recommended to make reference to the following best practices to design your processing workflow to impose more control on sharing ArcGIS Online items to the public.
Compliance Requirements on Embedded Content by Code in ArcGIS Experience Builder
A security patch that was recently applied to ArcGIS Experience Builder in ArcGIS Online, which will require your affected applications under subscription ID to be changed manually.
Your ArcGIS Developer subscription account can no longer access the embed by code feature as of now. After September 28, 2023, your applications that use the embed by code feature in ArcGIS Online will no longer work. Please make changes to your applications before the patch.
Log4Shell Vulnerability and ArcGIS Products
The Log4Shell vulnerabilities (CVE-2021-44228, CVE-2021-45046) are critical security vulnerabilities in version 2 of the Apache Log4j library. This library is widely used across many software products from many vendors, including Esri products. Esri is actively engaged on this evolving topic.
Esri has published a blog post on the ArcGIS Trust Center that reflects the currently available information for all ArcGIS products, including ArcGIS Online, ArcGIS Pro, and ArcGIS Enterprise. This blog is your go-to resource as Esri addresses the Log4Shell vulnerabilities, and it will be updated regularly as new information and guidelines are made available.
Esri recommends that all ArcGIS customers review the blog.
ArcGIS Enterprise Log4j Security Patches Available
If you have additional questions after reviewing this guidance, please contact Esri China (HK) Technical Support via support@esrichina.hk or 37685909.