![[Esri官方补丁]ArcGIS10.1 10.2.1 10.2.2 for Server安全补丁](https://1200zi.500zi.com/uploadfile/img/15/481/485556d4d1552785eb1daf96f11fac5c.jpg)
导语
Esri在二月份发布了关于ArcGIS for Server的安全补丁,Esri建议ArcGIS10.1 SP1 QIP for Server和ArcGIS10.2的用户重点关注该补丁的动态。ArcGIS10.2的用户应该首先打上10.2.1或者10.2.2然后再打该补丁!
ArcGIS for Server Security (January ) Patch
ArcGIS10.2.2
ArcGIS 10.2.2 for Server
BUG-000080898 – Reflected cross-site scripting security (XSS) vulnerability.BUG-000081239 – ArcGIS Server has an open redirect vulnerability.BUG-000081401 – Multiple cross-site scripting (XSS) vulnerabilities in ArcGIS for Server.BUG-000082665 – Disable SSLv3 on the internal tomcat to prevent “POODLE” vulnerability.BUG-000083941 – Unable to return attachments larger than a certain size in ArcGIS for Server on Linux.To avoid conflicts with existing patches, the 10.2.2 patch also addresses these issues:
BUG-000082423 – Under consistent load, the javaw.exe process at ArcGIS 10.2.2 for Server consumes25% of the server’s RAM, and any further request forces the process to use 100% of the machine’s CPU.BUG-000083258 – Add support for CORS in Map/Image Services Tile Handler.BUG-000081679 – When publishing to a federated GIS Server that has a config store on a DFS share, iteminformation does not get copied to the portal item.NIM103623 – After publishing services to a federated GIS Server, item information is missing for thesespecific data samples.NIM103130 – Some of the tiles fail to generate on demand when the requests are sent through RESTconnection in ArcGIS for Server 10.2.2.NIM102939 – Multiple stored cross-site scripting (XSS) vulnerabilities found. This occurs in ArcGIS Server10.1, 10.1 SP1, 10.2, 10.2.1, and 10.2.2.NIM102197 – Unauthorized access to some resources from secured services is possible in certaincircumstances. This occurs in 10.2, 10.2.1, and 10.2.2.NIM099582 – ArcGIS Server performance drops when switching the identity store configuration fromActive Directory to Active Directory with nested group support.NIM098130 – ExportTiles fails for Japanese iOS client due to mangled Japanese characters in JSONresponses.NIM097651 – Public map services become private and require authentication after a brief disconnect ofthe config-store when the server is under load.ArcGIS 10.2.2 for (Desktop, Engine, Server) Geodatabase and Feature Service Sync Optimization Patch
NIM086295 – On Oracle ST_OrderingEquals is always returning the same value as ST_Equals.NIM088321 – User defined spatial index grids are not honored by ArcGIS when using the Add SpatialIndex tool, even though the tool runs successfully.NIM089682 – The following error message is returned when editing data that has been migrated fromSDEBINARY to ST_GEOMETRY: “ORA-5: Insert Spatial Reference SRID # does not match<schema.A###.SHAPE> registered Spatial Reference SRID 0″.ArcGIS for Server Security (January ) Patch Issues addressed
NIM091900 – After applying SP5 for ArcSDE 10, adding a new partition on a ST_Geometry table thatcontains a spatial index returns the following error: “ORA-29855: error occurred in the execution ofODCIINDEXCREATE routine.”NIM094929 – In ArcMap, panning on a feature class created with a partitioned keyword for theST_Geometry table returns the error “ORA-01000″.NIM097633 – The traveltime/distance returned by the OD Cost Matrix solver is occasionally excessivelyhigh when using a hierarchy compared to when not using a hierarchy.NIM097983 – Optimize the opening of map documents by augmenting the geodatabase schema cache to
include the properties of the sde metadata.NIM098475 – Spatial indexes are not created when creating a feature class on an ArcSDE 10 database
from an ArcGIS Desktop 10.2 Client.NIM098917 – When the Network Dataset is allowed to build successfully, if a dirty area remains, an
HRESULT must be returned so the user knows they are in this unique state.NIM099080 – ArcCatalog does not return an error when the versioned view name has over 30
characters, and fails to be created during Register As Versioned process in an Oracle geodatabase due to
Oracle’s 30 character limitation.NIM099085 – In ArcObjects 10.2, the CreateVersionedView method on the IVersionedView interface
does not set the versioned view name to the string passed in. This works in ArcObjects 10.1.NIM099098 – ST_ASTEXT Function is failing when the result set contains more than one record, and
when the NUMPOINTS is ~2000 (or more).NIM099162 – Use the schema cache when loading map services to improve map service start time
performance.NIM099198 – Use the schema cache when loading map documents in Engine applications to improve
load performance.NIM100049 – The OD Cost Matrix solver is slow when trying to solve from many orders to a single
distribution center.NIM100141 – Missing index on the SDE versions table results in full table scan.NIM100273 – Views get overwritten during register as versioned if a view / versioned view of same
name exists.NIM100503 – Loading a very large shape (>15k points) followed by small shape results in ORA-28579:
error.NIM100692 – Filter out multi-versioned views from the list of objects returned by SE_table_list_tables().NIM100697 – Change the “_VW” suffix to “_EVW” when versioned views are created, in order to be
consistent the EVW naming convention when we create MV views.NIM100941 – Improve the Performance and Scalability of Creating and Syncing replicas by more
efficiently caching database information.NIM100942 – Deadlocks can happen on SQL server when multiple processes are creating and syncing
replicas.NIM101191 – Create and Sync replica should only activate schema cache if the replica has 10 or more
datasetsNIM101804 – Do not return feature datasets in which the connecting user has no access to feature
classes within.NIM101806 – Provide a mechanism to log what release a client is using when connecting to a
geodatabase. ArcGIS for Server Security (January ) Patch Issues addressedNIM102077 – ArcGIS reports that an Oracle SDELOB or WKB feature class created in a pre-10.1
geodatabase does not have a spatial index when it does exist.NIM102230 – Do not return the Documentation field on joined queries for Geodatabase internal
metadata.NIM102516 – Syncing where more than 1000 edits are downloaded with more than one client at the
same time will cause one client to error.NIM102517 – Decrease the size of the delta being downloaded to improve performance of download
time on sync.NIM102761 – When the Migrate Relationship Class gp tool is run on an attachment relationship class,
attachments are no longer attached to the features.NIM102762 – When the Migrate Relationship Class gp tool is run on an attributed composite relationship
class, the composite relationship is not maintained when an origin feature is deleted.NIM102848 – Creating a spatial index will pass values gathered from existing enterprise feature classes
that may be invalid instead of passing correct values.NIM102883 – When using a newer client (10.1+) against an older SQL server geodatabase (pre-10.1)
through an application server connection, creation of a spatial index will fail on GEOMETRY or
GEOGRAPHY feature classes with “This SDE server does not support this client or operation”.NIM102996 – After dropping a spatial index on a binary feature class through an application server
connection to a pre-10.1 geodatabase in SQL Server, ArcGIS is unable to determine the index is gone.NIM103073 – Inserting a row into a table that has a column data type of VARCHAR (4001) will fail with
“Invalid precision value”.
ArcGIS 10.2.1
ArcGIS 10.2.1 for Server
BUG-000080898 – Reflected cross-site scripting security (XSS) vulnerability.BUG-000081239 – ArcGIS Server has an open redirect vulnerability.BUG-000081401 – Multiple cross-site scripting (XSS) vulnerabilities in ArcGIS for Server.BUG-000082665 – Disable SSLv3 on the internal tomcat to prevent “POODLE” vulnerability.To avoid conflicts with existing patches, the 10.2.1 patch also addresses these issues:
NIM102197 – Unauthorized access to some resources from secured services is possible in certaincircumstances. This occurs in 10.2, 10.2.1, and 10.2.2.NIM102939 – Multiple stored cross-site scripting (XSS) vulnerabilities found. This occurs in ArcGIS Server10.1, 10.1 SP1, 10.2, 10.2.1, and 10.2.2.NIM100965 – Starting a service with 0 minimum instances causes the service locks not to release ifservice is consumed while it is starting.NIM097651 – Public map services become private and require authentication after a brief disconnect ofthe config-store when the server is under load.NIM100965 – Starting a service with 0 minimum instances causes the service locks not to release ifservice is consumed while it is starting.NIM100306 – In ArcGIS for Server 10.2.1, when a service with the ‘Minimum Instances’ parameter set tozero gets published with errors on a non-default cluster.ArcGIS for Server Security (January ) Patch Issues addressed
NIM100357 – Setting the code page in the registry does not properly change the code page used by ashapefile on creation.NIM098820 – A shapefile created at 10.2, and then consumed and exported in 10.2.1, loses the attributevalues in the last field.NIM100355- Adding Japanese characters as field names for a shapefile is generating the error: “Failed toadd the field to the table /Feature class. The field type is invalid or unsupported for the operation”ArcGIS10.1
ArcGIS 10.1 SP 1 QIP for Server
BUG-000080898 – Reflected cross-site scripting security (XSS) vulnerability.BUG-000081239 – ArcGIS Server has an open redirect vulnerability.BUG-000081401 – Multiple cross-site scripting (XSS) vulnerabilities in ArcGIS for Server.Note: The fix for issue BUG-000082665(POODLE\SSLv3 vulnerability) is only available in the 10.2.1 and 10.2.2 patches.
