导语

Esri在2015年二月份发布了关于ArcGIS for Server的安全补丁,Esri建议ArcGIS10.1 SP1 QIP for Server和ArcGIS10.2的用户重点关注该补丁的动态。ArcGIS10.2的用户应该首先打上10.2.1或者10.2.2然后再打该补丁!

ArcGIS for Server Security (January 2015) Patch

ArcGIS10.2.2

ArcGIS 10.2.2 for Server

  • BUG-000080898 – Reflected cross-site scripting security (XSS) vulnerability.
  • BUG-000081239 – ArcGIS Server has an open redirect vulnerability.
  • BUG-000081401 – Multiple cross-site scripting (XSS) vulnerabilities in ArcGIS for Server.
  • BUG-000082665 – Disable SSLv3 on the internal tomcat to prevent “POODLE” vulnerability.
  • BUG-000083941 – Unable to return attachments larger than a certain size in ArcGIS for Server on Linux.

To avoid conflicts with existing patches, the 10.2.2 patch also addresses these issues:

  • BUG-000082423 – Under consistent load, the javaw.exe process at ArcGIS 10.2.2 for Server consumes25% of the server’s RAM, and any further request forces the process to use 100% of the machine’s CPU.
  • BUG-000083258 – Add support for CORS in Map/Image Services Tile Handler.
  • BUG-000081679 – When publishing to a federated GIS Server that has a config store on a DFS share, item information does not get copied to the portal item.
  • NIM103623 – After publishing services to a federated GIS Server, item information is missing for these specific data samples.
  • NIM103130 – Some of the tiles fail to generate on demand when the requests are sent through REST connection in ArcGIS for Server 10.2.2.
  • NIM102939 – Multiple stored cross-site scripting (XSS) vulnerabilities found. This occurs in ArcGIS Server 10.1, 10.1 SP1, 10.2, 10.2.1, and 10.2.2.
  • NIM102197 – Unauthorized access to some resources from secured services is possible in certain circumstances. This occurs in 10.2, 10.2.1, and 10.2.2.
  • NIM099582 – ArcGIS Server performance drops when switching the identity store configuration from Active Directory to Active Directory with nested group support.
  • NIM098130 – ExportTiles fails for Japanese iOS client due to mangled Japanese characters in JSON responses.
  • NIM097651 – Public map services become private and require authentication after a brief disconnect of the config-store when the server is under load.

ArcGIS 10.2.2 for (Desktop, Engine, Server) Geodatabase and Feature Service Sync Optimization Patch

  • NIM086295 – On Oracle ST_OrderingEquals is always returning the same value as ST_Equals.
  • NIM088321 – User defined spatial index grids are not honored by ArcGIS when using the Add SpatialIndex tool, even though the tool runs successfully.
  • NIM089682 – The following error message is returned when editing data that has been migrated from SDEBINARY to ST_GEOMETRY: “ORA-20085: Insert Spatial Reference SRID # does not match <schema.A###.SHAPE> registered Spatial Reference SRID 0″.

ArcGIS for Server Security (January 2015) Patch Issues addressed

  • NIM091900 – After applying SP5 for ArcSDE 10, adding a new partition on a ST_Geometry table that contains a spatial index returns the following error: “ORA-29855: error occurred in the execution of ODCIINDEXCREATE routine.”
  • NIM094929 – In ArcMap, panning on a feature class created with a partitioned keyword for the ST_Geometry table returns the error “ORA-01000″.
  • NIM097633 – The traveltime/distance returned by the OD Cost Matrix solver is occasionally excessively
    high when using a hierarchy compared to when not using a hierarchy.
  • NIM097983 – Optimize the opening of map documents by augmenting the geodatabase schema cache to
    include the properties of the sde metadata.
  • NIM098475 – Spatial indexes are not created when creating a feature class on an ArcSDE 10 database
    from an ArcGIS Desktop 10.2 Client.
  • NIM098917 – When the Network Dataset is allowed to build successfully, if a dirty area remains, an
    HRESULT must be returned so the user knows they are in this unique state.
  • NIM099080 – ArcCatalog does not return an error when the versioned view name has over 30
    characters, and fails to be created during Register As Versioned process in an Oracle geodatabase due to
    Oracle’s 30 character limitation.
  • NIM099085 – In ArcObjects 10.2, the CreateVersionedView method on the IVersionedView interface
    does not set the versioned view name to the string passed in. This works in ArcObjects 10.1.
  • NIM099098 – ST_ASTEXT Function is failing when the result set contains more than one record, and
    when the NUMPOINTS is ~2000 (or more).
  • NIM099162 – Use the schema cache when loading map services to improve map service start time
    performance.
  • NIM099198 – Use the schema cache when loading map documents in Engine applications to improve
    load performance.
  • NIM100049 – The OD Cost Matrix solver is slow when trying to solve from many orders to a single
    distribution center.
  • NIM100141 – Missing index on the SDE versions table results in full table scan.
  • NIM100273 – Views get overwritten during register as versioned if a view / versioned view of same
    name exists.
  • NIM100503 – Loading a very large shape (>15k points) followed by small shape results in ORA-28579:
    error.
  • NIM100692 – Filter out multi-versioned views from the list of objects returned by SE_table_list_tables().
  • NIM100697 – Change the “_VW” suffix to “_EVW” when versioned views are created, in order to be
    consistent the EVW naming convention when we create MV views.
  • NIM100941 – Improve the Performance and Scalability of Creating and Syncing replicas by more
    efficiently caching database information.
  • NIM100942 – Deadlocks can happen on SQL server when multiple processes are creating and syncing
    replicas.
  • NIM101191 – Create and Sync replica should only activate schema cache if the replica has 10 or more
    datasets
  • NIM101804 – Do not return feature datasets in which the connecting user has no access to feature
    classes within.
  • NIM101806 – Provide a mechanism to log what release a client is using when connecting to a
    geodatabase. ArcGIS for Server Security (January 2015) Patch Issues addressed
  • NIM102077 – ArcGIS reports that an Oracle SDELOB or WKB feature class created in a pre-10.1
    geodatabase does not have a spatial index when it does exist.
  • NIM102230 – Do not return the Documentation field on joined queries for Geodatabase internal
    metadata.
  • NIM102516 – Syncing where more than 1000 edits are downloaded with more than one client at the
    same time will cause one client to error.
  • NIM102517 – Decrease the size of the delta being downloaded to improve performance of download
    time on sync.
  • NIM102761 – When the Migrate Relationship Class gp tool is run on an attachment relationship class,
    attachments are no longer attached to the features.
  • NIM102762 – When the Migrate Relationship Class gp tool is run on an attributed composite relationship
    class, the composite relationship is not maintained when an origin feature is deleted.
  • NIM102848 – Creating a spatial index will pass values gathered from existing enterprise feature classes
    that may be invalid instead of passing correct values.
  • NIM102883 – When using a newer client (10.1+) against an older SQL server geodatabase (pre-10.1)
    through an application server connection, creation of a spatial index will fail on GEOMETRY or
    GEOGRAPHY feature classes with “This SDE server does not support this client or operation”.
  • NIM102996 – After dropping a spatial index on a binary feature class through an application server
    connection to a pre-10.1 geodatabase in SQL Server, ArcGIS is unable to determine the index is gone.
  • NIM103073 – Inserting a row into a table that has a column data type of VARCHAR (4001) will fail with
    “Invalid precision value”.

ArcGIS 10.2.1

ArcGIS 10.2.1 for Server

  • BUG-000080898 – Reflected cross-site scripting security (XSS) vulnerability.
  • BUG-000081239 – ArcGIS Server has an open redirect vulnerability.
  • BUG-000081401 – Multiple cross-site scripting (XSS) vulnerabilities in ArcGIS for Server.
  • BUG-000082665 – Disable SSLv3 on the internal tomcat to prevent “POODLE” vulnerability.

To avoid conflicts with existing patches, the 10.2.1 patch also addresses these issues:

  • NIM102197 – Unauthorized access to some resources from secured services is possible in certain circumstances. This occurs in 10.2, 10.2.1, and 10.2.2.
  • NIM102939 – Multiple stored cross-site scripting (XSS) vulnerabilities found. This occurs in ArcGIS Server 10.1, 10.1 SP1, 10.2, 10.2.1, and 10.2.2.
  • NIM100965 – Starting a service with 0 minimum instances causes the service locks not to release if service is consumed while it is starting.
  • NIM097651 – Public map services become private and require authentication after a brief disconnect of the config-store when the server is under load.
  • NIM100965 – Starting a service with 0 minimum instances causes the service locks not to release if service is consumed while it is starting.
  • NIM100306 – In ArcGIS for Server 10.2.1, when a service with the ‘Minimum Instances’ parameter set to zero gets published with errors on a non-default cluster.

ArcGIS for Server Security (January 2015) Patch Issues addressed

  • NIM100357 – Setting the code page in the registry does not properly change the code page used by a shapefile on creation.
  • NIM098820 – A shapefile created at 10.2, and then consumed and exported in 10.2.1, loses the attribute values in the last field.
  • NIM100355- Adding Japanese characters as field names for a shapefile is generating the error: “Failed to add the field to the table /Feature class. The field type is invalid or unsupported for the operation”

ArcGIS10.1

ArcGIS 10.1 SP 1 QIP for Server

  • BUG-000080898 – Reflected cross-site scripting security (XSS) vulnerability.
  • BUG-000081239 – ArcGIS Server has an open redirect vulnerability.
  • BUG-000081401 – Multiple cross-site scripting (XSS) vulnerabilities in ArcGIS for Server.
    Note: The fix for issue BUG-000082665(POODLE\SSLv3 vulnerability) is only available in the 10.2.1 and
    10.2.2 patches.

To avoid conflicts with existing patches, the 10.1 SP1 QIP patch also addresses these issues:

  • NIM102197 – Unauthorized access to some resources from secured services is possible in certain circumstances. This occurs in 10.2, 10.2.1, and 10.2.2.
  • NIM102939 – Multiple stored cross-site scripting (XSS) vulnerabilities found. This occurs in ArcGIS Server 10.1, 10.1 SP1, 10.2, 10.2.1, and 10.2.2.
  • NIM094659 – After resolving attribute level conflicts with the Reconcile Version tool, users continue to receive the following warning message when running the Synchronize Changes tool, “Warning: Replica synchronize was successful, but conflicts were detected while applying changes from the relative replica.”
  • NIM087257 – Users in a lot of groups cannot authenticate when using HTTPS, Active Directory, and web tier authentication together.

[Esri官方补丁]ArcGIS10.1、10.2.1、10.2.2 for Server安全补丁相关推荐

  1. Windows 7 SP1补丁包 (32位) V 2013.10 官方版

    [Windows7SP1补丁包 (32位)概括介绍] Win7补丁2013年9月份补丁汇总 [Windows7SP1补丁包 (32位)基本介绍] Windows7SP1补丁包(Win7补丁汇总)更新到 ...

  2. windows 7 SP1补丁包 (64位) V 2013.10 官方版

    [Windows7SP1补丁包 (64位)概括介绍] Win7补丁2013年9月份补丁汇总 [Windows7SP1补丁包 (64位)基本介绍] Windows7SP1补丁包(Win7补丁汇总)更新到 ...

  3. gitlab 迁移、升级打怪之路:8.8.5-- 8.10.8 -- 8.17.8 -- 9.5.9 -- 10.1.4 -- 10.2.5

    gitlab 迁移.升级打怪之路:8.8.5--> 8.10.8 --> 8.17.8 --> 9.5.9 --> 10.1.4 --> 10.2.5 gitlab 数据 ...

  4. Windows Server 2016补丁更新机制

    Windows Server 2016补丁更新机制 http://bbs.learnfuture.com/topic/8995 [摘要] Windows服务器补丁更新是确保服务器安全的一个重要措施,随 ...

  5. Windows server WSUS补丁服务器搭建(转)

    Windows server WSUS补丁服务器搭建 https://blog.csdn.net/ren6370/article/details/88944105 写在前面 关于微软Windows操作 ...

  6. 打补丁是什么意思?如何快速对云主机批量打补丁?用什么软件?

    [导读]很多刚入行的运维小伙伴都在问,打补丁是什么意思?如何快速对云主机批量打补丁?用什么软件?今天我们小编就给大家来详细回答一下这三个问题. 打补丁是什么意思? 打补丁简单的说就是修补系统漏洞,提升 ...

  7. Weblogic Server打补丁方法步骤

    Oracle官方会每季度发布最新补丁集, 有的版本有期限支持,三年五年十年的都有. 每次的补丁都是对之前补丁的集成. 之前的打补丁方法 psu,现在统一了,数据库和weblogic都用 Opatch ...

  8. 应用程序热补丁(一): 几行代码构造免重启修复补丁

    作者简介:王超,UCloud内核团队 前言 热补丁是一种在程序运行时动态修复内存中代码bug的技术.在UCloud,我们使用内核热补丁和应用程序热补丁(也就是进程热补丁)来在线修复核心业务的缺陷和安全 ...

  9. miui 10 android 9,基于安卓10的MIUI 10小米9开始内测!小米8没必要催

    原标题:基于安卓10的MIUI 10小米9开始内测!小米8没必要催 手机系统更新是用户非常关心的一个特性,主要是新系统不仅能解决BUG带来流畅度,而且还能带来一些新功能!然而,由于安卓手机型号众多,加 ...

最新文章

  1. python中numpy数组和字符串互转(互转后数据完全一致)
  2. Paddle 网络中的Tensor 数据结构
  3. python转csv_python – 如何将.tsv转换为.csv?
  4. [转] GloVe公式推导
  5. js中三元运算符的两种情况
  6. Spring 利用FactoryBean来配置Bean
  7. python3爬虫初探(六)之EXCEL
  8. SVN学习(二)——SVN 提交、更新、解决冲突等操作步骤
  9. python怎么爬虫理数据_Python神技能 | 使用爬虫获取汽车之家全车型数据
  10. ETL调度开发(5)——连接数据库运行数据库命令子程序
  11. PotPlayer中开启SVP4补帧效果
  12. 峰值信噪比(PSNR)和均方根误差(MSE)
  13. revit附加模块 sat_revit附加模块怎么弄?如何解决Revit附加模块加载失败问题
  14. django创建app的命令
  15. SIGMOD 2021 | 时间序列相关论文一览(附原文源码)
  16. 量子纠缠的超距作用,超光速是假象
  17. 数学专业英语 -- 组合分析和数值分析
  18. 世界排名第 3 的滴滴裁员,开春求职必知的独角兽排行榜
  19. 暴力字典密码破解之crypt
  20. Linux服务器开发,Posix API与网络协议栈

热门文章

  1. 小车故障灯亮显示大全_汽车指示灯大全!故障灯亮了再也不用慌
  2. 花样(花のように) 松隆子 歌词——待修改
  3. 我已经努力复习同等学力申硕英语考试,但成绩仍不理想
  4. mysql百度云_MySQL从入门到精通视频教程 (46集)
  5. android无线图传demo,WHDI方案无线图传产品使用经验谈
  6. 酸性食物 碱性食物2
  7. 分别输出0-100的合数和质数
  8. PHP字符串拼接/连接,PHP文字拼接/连接方法
  9. factorio 体验 以及自定义mod开发调试记录
  10. ubuntu下conda在bash和zsh终端下的自动补全设置