4 June 2020
Esri has announced that they have detected a critical security vulnerability in the Portal for ArcGIS component of ArcGIS Enterprise when special steps are taken by persons with network access to the ArcGIS Enterprise portal to exploit Server-Side Request Forgery (SSRF), which can result in access to and control over other infrastructure resources by unauthenticated persons.
This can affect deployments running in Amazon Web Services (AWS) in particular which makes this issue particularly urgent for those deployments.
This security issue affects all supported versions prior to ArcGIS Enterprise 10.8 on both Windows and Linux operating systems.
What you need to do
Esri has released patches for versions of ArcGIS Enterprise from 10.5 through to 10.7.1.
Esri strongly recommends installing the Portal for ArcGIS Security 2020 Update 1 Patch at your earliest opportunity. ArcGIS Enterprise 10.8 already contains these fixes and is not affected.
Esri have published the following Blog and Knowledge Base article relating to this issue:
KB Article: Problem: Warning of security vulnerability in ArcGIS Enterprise
Blog: Critical Security Patch for ArcGIS Enterprise portal Released
If you have any questions or concerns, please contact your local Esri distributor’s support team (for Esri Australia clients, use My Esri, firstname.lastname@example.org, call 1800 447 111; or book a Consultation with a Technical specialist). For any email requests please add “Portal for ArcGIS Security Patch June 2020” to the subject line so that it can be addressed.
Esri has discovered a severe issue with an editing workflow in ArcGIS Pro 2.2 Patch 2 (2.2.2) that may incorrectly set feature attribute field values to ‘Null’ when using the Attributes pane.
This problem occurs when multiple features are selected in the tree view of the Attributes pane. If the Tab key is used to navigate between cells in the data grid, tabbing through a cell that displays “(Different values)” sets the field to ‘Null’.
Esri strongly recommends to uninstall the patch.
- On Windows, open the Control Panel.
- Search for View installed updates. Click this option.
- Right-click ‘ArcGIS Pro 2.2 Patch 2 (2.2.2)’ and select Uninstall.
If the previous patch—ArcGIS Pro 2.2 Patch 1 (2.2.1)—is not installed, it can be downloaded from My Esri.
How will Esri correct the issue?
ArcGIS Pro 2.2 Patch 3 (2.2.3) becomes available in early October 2018 and includes a fix for this issue, as well as the other software improvements included with Patches 1 and 2. ArcGIS Pro 2.2 Patch 2 (2.2.2) is no longer available for download.
For continued updates and information regarding this problem, refer to the ArcGIS Pro 2.2.2 announcement on GeoNet.
Esri have also published the following technical article relating to this issue: https://support.esri.com/en/technical-article/000019162
Update 05 Oct 2018: ArcGIS Pro 2.2 Patch 3 (2.2.3) is available for download from My Esri.
If you have any questions or concerns, please contact your local Esri distributors support team (for Esri Australia clients, use My Esri, email@example.com or 1800 447 111)
Australia’s Dial Before You Dig benefits from a high number of registered asset owners and a high level of awareness of the need to refer to DBYD before conducting any excavations.
However, lodging an enquiry means the enquirer becomes inundated with email responses from each asset owner, and ensuring that all information is accurately interpreted and taken into consideration is an error prone process.
To support you in dealing with these challenges, we’ve added a new product to the SmarterWX portfolio specifically for enquirers working with the Dial Before You Dig (1100.com.au) service.
Harris Geospatial has released their newest version of ENVI 5.4 and IDL 8.6. With every release Harris Geospatial is improving their platforms to ensure that ENVI and IDL remain at the forefront imagery Analysis. Here is an over view of all the NEW changes to the Harris Geospatial product suite.This post will provide an overview of the following; Licensing changes, new ENVI functionality and new IDL functionality. Continue reading
After installing ArcGIS Pro 1.3, you may notice a few changes. The scope of this blog will detail Conda – what it is? why this change occurred? and how conda has affected the usage of ArcGIS Desktop functionality when used by ArcGIS Pro? – specifically as at version 1.3 (and later releases).
For those reading, I am assuming your understanding of python is that when used in both ArcGIS 10.x and ArcGIS Pro, this is the primary language to automate, configure and consume your GIS ecosystem. One of the cornerstones within each ecosystem is knowing Continue reading
Since May of this year, when I demonstrated a very early version of the new Insights for ArcGIS product at the Directions LIVE events Esri Australia staged around the country, it has been the topic of many conversations I have had – both internally and with customers.
Everyone is keen to understand where Insights fits in to the ArcGIS platform, and where it sits in relation to other similar products in the broader market.
There’s a buzz about this that I haven’t witnessed for some time in Esri circles, and I’ve got to say – it’s infectious. For me personally, Insights, and the GeoAnalytics Server that is also in the pipeline for ArcGIS 10.5, stand to be highlights of my work over the next year or so.
I’d like to share my early thoughts on Insights, and I hope that leaves you curious enough to find out more. Continue reading