ArcGIS Blog

Administration

ArcGIS Trust Center

Open-source Geoportal Server Security Patch

By Michael Young

We recently patched a Cross-Site-Scripting (XSS) vulnerability within Geoportal Server and posted the patch to GitHub. Current 1.2.7 installations should just apply the patch, whereas installations before 1.2.7 will need to upgrade to 1.2.7 and then apply this patch.  The actual XSS vulnerability is only of moderate risk, however we expect that the details for exploiting the vulnerability will likely be made publically available, and therefore recommend ensuring this patch is deployed in a timely manner.

Note:

This patch is only for the open-source Geoportal Server and not a vulnerability or patch related to the Esri commercial offering of Portal for ArcGIS.

Reference:

Geoportal Server 1.2.7 Patch 1 – Available now

Share this article

Subscribe
Notify of
0 Comments
Oldest
Newest
Inline Feedbacks
View all comments