[Esri官方补丁]ArcGIS10.1、10.2.1、10.2.2 for Server安全补丁
来源:互联网 发布:森林资源二类调查数据 编辑:程序博客网 时间:2024/05/22 18:55
导语
Esri在2015年二月份发布了关于ArcGIS for Server的安全补丁,Esri建议ArcGIS10.1 SP1 QIP for Server和ArcGIS10.2的用户重点关注该补丁的动态。ArcGIS10.2的用户应该首先打上10.2.1或者10.2.2然后再打该补丁!
ArcGIS for Server Security (January 2015) PatchArcGIS10.2.2
ArcGIS 10.2.2 for Server
- BUG-000080898 – Reflected cross-site scripting security (XSS) vulnerability.
- BUG-000081239 – ArcGIS Server has an open redirect vulnerability.
- BUG-000081401 – Multiple cross-site scripting (XSS) vulnerabilities in ArcGIS for Server.
- BUG-000082665 – Disable SSLv3 on the internal tomcat to prevent “POODLE” vulnerability.
- BUG-000083941 – Unable to return attachments larger than a certain size in ArcGIS for Server on Linux.
To avoid conflicts with existing patches, the 10.2.2 patch also addresses these issues:
- BUG-000082423 – Under consistent load, the javaw.exe process at ArcGIS 10.2.2 for Server consumes25% of the server’s RAM, and any further request forces the process to use 100% of the machine’s CPU.
- BUG-000083258 – Add support for CORS in Map/Image Services Tile Handler.
- BUG-000081679 – When publishing to a federated GIS Server that has a config store on a DFS share, item information does not get copied to the portal item.
- NIM103623 – After publishing services to a federated GIS Server, item information is missing for these specific data samples.
- NIM103130 – Some of the tiles fail to generate on demand when the requests are sent through REST connection in ArcGIS for Server 10.2.2.
- NIM102939 – Multiple stored cross-site scripting (XSS) vulnerabilities found. This occurs in ArcGIS Server 10.1, 10.1 SP1, 10.2, 10.2.1, and 10.2.2.
- NIM102197 – Unauthorized access to some resources from secured services is possible in certain circumstances. This occurs in 10.2, 10.2.1, and 10.2.2.
- NIM099582 – ArcGIS Server performance drops when switching the identity store configuration from Active Directory to Active Directory with nested group support.
- NIM098130 – ExportTiles fails for Japanese iOS client due to mangled Japanese characters in JSON responses.
- NIM097651 – Public map services become private and require authentication after a brief disconnect of the config-store when the server is under load.
ArcGIS 10.2.2 for (Desktop, Engine, Server) Geodatabase and Feature Service Sync Optimization Patch
- NIM086295 – On Oracle ST_OrderingEquals is always returning the same value as ST_Equals.
- NIM088321 – User defined spatial index grids are not honored by ArcGIS when using the Add SpatialIndex tool, even though the tool runs successfully.
- NIM089682 – The following error message is returned when editing data that has been migrated from SDEBINARY to ST_GEOMETRY: “ORA-20085: Insert Spatial Reference SRID # does not match <schema.A###.SHAPE> registered Spatial Reference SRID 0″.
ArcGIS for Server Security (January 2015) Patch Issues addressed
- NIM091900 – After applying SP5 for ArcSDE 10, adding a new partition on a ST_Geometry table that contains a spatial index returns the following error: “ORA-29855: error occurred in the execution of ODCIINDEXCREATE routine.”
- NIM094929 – In ArcMap, panning on a feature class created with a partitioned keyword for the ST_Geometry table returns the error “ORA-01000″.
- NIM097633 – The traveltime/distance returned by the OD Cost Matrix solver is occasionally excessively
high when using a hierarchy compared to when not using a hierarchy. - NIM097983 – Optimize the opening of map documents by augmenting the geodatabase schema cache to
include the properties of the sde metadata. - NIM098475 – Spatial indexes are not created when creating a feature class on an ArcSDE 10 database
from an ArcGIS Desktop 10.2 Client. - NIM098917 – When the Network Dataset is allowed to build successfully, if a dirty area remains, an
HRESULT must be returned so the user knows they are in this unique state. - NIM099080 – ArcCatalog does not return an error when the versioned view name has over 30
characters, and fails to be created during Register As Versioned process in an Oracle geodatabase due to
Oracle’s 30 character limitation. - NIM099085 – In ArcObjects 10.2, the CreateVersionedView method on the IVersionedView interface
does not set the versioned view name to the string passed in. This works in ArcObjects 10.1. - NIM099098 – ST_ASTEXT Function is failing when the result set contains more than one record, and
when the NUMPOINTS is ~2000 (or more). - NIM099162 – Use the schema cache when loading map services to improve map service start time
performance. - NIM099198 – Use the schema cache when loading map documents in Engine applications to improve
load performance. - NIM100049 – The OD Cost Matrix solver is slow when trying to solve from many orders to a single
distribution center. - NIM100141 – Missing index on the SDE versions table results in full table scan.
- NIM100273 – Views get overwritten during register as versioned if a view / versioned view of same
name exists. - NIM100503 – Loading a very large shape (>15k points) followed by small shape results in ORA-28579:
error. - NIM100692 – Filter out multi-versioned views from the list of objects returned by SE_table_list_tables().
- NIM100697 – Change the “_VW” suffix to “_EVW” when versioned views are created, in order to be
consistent the EVW naming convention when we create MV views. - NIM100941 – Improve the Performance and Scalability of Creating and Syncing replicas by more
efficiently caching database information. - NIM100942 – Deadlocks can happen on SQL server when multiple processes are creating and syncing
replicas. - NIM101191 – Create and Sync replica should only activate schema cache if the replica has 10 or more
datasets - NIM101804 – Do not return feature datasets in which the connecting user has no access to feature
classes within. - NIM101806 – Provide a mechanism to log what release a client is using when connecting to a
geodatabase. ArcGIS for Server Security (January 2015) Patch Issues addressed - NIM102077 – ArcGIS reports that an Oracle SDELOB or WKB feature class created in a pre-10.1
geodatabase does not have a spatial index when it does exist. - NIM102230 – Do not return the Documentation field on joined queries for Geodatabase internal
metadata. - NIM102516 – Syncing where more than 1000 edits are downloaded with more than one client at the
same time will cause one client to error. - NIM102517 – Decrease the size of the delta being downloaded to improve performance of download
time on sync. - NIM102761 – When the Migrate Relationship Class gp tool is run on an attachment relationship class,
attachments are no longer attached to the features. - NIM102762 – When the Migrate Relationship Class gp tool is run on an attributed composite relationship
class, the composite relationship is not maintained when an origin feature is deleted. - NIM102848 – Creating a spatial index will pass values gathered from existing enterprise feature classes
that may be invalid instead of passing correct values. - NIM102883 – When using a newer client (10.1+) against an older SQL server geodatabase (pre-10.1)
through an application server connection, creation of a spatial index will fail on GEOMETRY or
GEOGRAPHY feature classes with “This SDE server does not support this client or operation”. - NIM102996 – After dropping a spatial index on a binary feature class through an application server
connection to a pre-10.1 geodatabase in SQL Server, ArcGIS is unable to determine the index is gone. - NIM103073 – Inserting a row into a table that has a column data type of VARCHAR (4001) will fail with
“Invalid precision value”.
ArcGIS 10.2.1
ArcGIS 10.2.1 for Server
- BUG-000080898 – Reflected cross-site scripting security (XSS) vulnerability.
- BUG-000081239 – ArcGIS Server has an open redirect vulnerability.
- BUG-000081401 – Multiple cross-site scripting (XSS) vulnerabilities in ArcGIS for Server.
- BUG-000082665 – Disable SSLv3 on the internal tomcat to prevent “POODLE” vulnerability.
To avoid conflicts with existing patches, the 10.2.1 patch also addresses these issues:
- NIM102197 – Unauthorized access to some resources from secured services is possible in certain circumstances. This occurs in 10.2, 10.2.1, and 10.2.2.
- NIM102939 – Multiple stored cross-site scripting (XSS) vulnerabilities found. This occurs in ArcGIS Server 10.1, 10.1 SP1, 10.2, 10.2.1, and 10.2.2.
- NIM100965 – Starting a service with 0 minimum instances causes the service locks not to release if service is consumed while it is starting.
- NIM097651 – Public map services become private and require authentication after a brief disconnect of the config-store when the server is under load.
- NIM100965 – Starting a service with 0 minimum instances causes the service locks not to release if service is consumed while it is starting.
- NIM100306 – In ArcGIS for Server 10.2.1, when a service with the ‘Minimum Instances’ parameter set to zero gets published with errors on a non-default cluster.
ArcGIS for Server Security (January 2015) Patch Issues addressed
- NIM100357 – Setting the code page in the registry does not properly change the code page used by a shapefile on creation.
- NIM098820 – A shapefile created at 10.2, and then consumed and exported in 10.2.1, loses the attribute values in the last field.
- NIM100355- Adding Japanese characters as field names for a shapefile is generating the error: “Failed to add the field to the table /Feature class. The field type is invalid or unsupported for the operation”
ArcGIS10.1
ArcGIS 10.1 SP 1 QIP for Server
- BUG-000080898 – Reflected cross-site scripting security (XSS) vulnerability.
- BUG-000081239 – ArcGIS Server has an open redirect vulnerability.
- BUG-000081401 – Multiple cross-site scripting (XSS) vulnerabilities in ArcGIS for Server.
Note: The fix for issue BUG-000082665(POODLE\SSLv3 vulnerability) is only available in the 10.2.1 and
10.2.2 patches.
To avoid conflicts with existing patches, the 10.1 SP1 QIP patch also addresses these issues:
- NIM102197 – Unauthorized access to some resources from secured services is possible in certain circumstances. This occurs in 10.2, 10.2.1, and 10.2.2.
- NIM102939 – Multiple stored cross-site scripting (XSS) vulnerabilities found. This occurs in ArcGIS Server 10.1, 10.1 SP1, 10.2, 10.2.1, and 10.2.2.
- NIM094659 – After resolving attribute level conflicts with the Reconcile Version tool, users continue to receive the following warning message when running the Synchronize Changes tool, “Warning: Replica synchronize was successful, but conflicts were detected while applying changes from the relative replica.”
- NIM087257 – Users in a lot of groups cannot authenticate when using HTTPS, Active Directory, and web tier authentication together.
0 0
- [Esri官方补丁]ArcGIS10.1、10.2.1、10.2.2 for Server安全补丁
- Arcgis10.1软件 esri中文版官方下载地址
- 如何找回ArcGIS10.1 for Server的管理员密码
- 如何找回ArcGIS10.1 for Server的管理员密码
- 如何找回ArcGIS10.1 for Server的管理员密码
- ESRI ArcGis10版本的优缺点
- 【2013Esri开发者大会精彩看点】ArcGIS 10.2 for Server支持新的验证方式—PKI
- 【2012Esri中国用户大会讲座】ArcGIS 10.1 for Server 安全机制(1)用户角色权限
- arcgis10.1安装 desktop server sde安装网址
- 【2012Esri中国用户大会讲座】ArcGIS 10.1 for Server 安全机制(2)使用Token
- arcgis10.2导入数据到postgresql9.1
- ArcGIS10.1地图发布
- arcgis10.1安装破解
- Arcgis10.1破解教程
- Arcgis10.1发布服务
- 解决ArcGIS9.2以前程序引用ESRI.ArcGIS.Utility在ArcGIS10找不到问题
- 【2013Esri全球用户大会精彩看点】ArcGIS10.2影像平台新特性
- 解决ArcGIS9.2以前程序引用ESRI.ArcGIS.Utility在ArcGIS10找不到问题
- stm32启动文件中heap与stack的区别
- i2c 开发笔记
- ios中的coredata的使用
- highchats小知识
- IReader打开书本,关闭书本动画的自定义控件
- [Esri官方补丁]ArcGIS10.1、10.2.1、10.2.2 for Server安全补丁
- ecplice 建立快捷方式
- CoreData多线程安全
- 《Opencv 2计算机视觉编程手册 》学习笔记 1
- SPOJ 220 PHRASES Relevant Phrases of Annihilation 后缀数组
- android实现开机自启动服务
- 春节最浪漫的事
- nineoldandroids动画开源框架的使用
- 弄懂SPI接口