ArcGIS Server Security Patch (2016 Update2)

Esri has released a significant security update for ArcGIS Server and we recommend our customers apply this patch in a timely manner.  Key security patch components are:

1.) Cumulative, containing fixes from the 2016 Update1 Linux security patch (there was no 2016 Update1 security patch release for Windows)

2) 2016 Update2 is applicable to Windows and Linux deployments

3) Includes several essential non-security related fixes, and

4) Limits the publishing of geoprocessing services (GP), SOE, and SOI to only administrators.

5) The security issues addressed in this security patch were incorporated into 10.4

- The Security Standards & Architecture Team

References:

ArcGIS Server Patch 2016 Update2 KBA - Patches available for 10.2.2 and 10.3.1

This entry was posted in Security and tagged , , . Bookmark the permalink.

Leave a Reply

5 Comments

  1. mquetel says:

    Does Esri have guidance or a best practice for applying this type of patch to a multi-machine site? In our case we have 4 servers participating in a site. It’s not clear if we should a) apply patch while servers are online and in the site b) remove all servers but one from the site, update the site then patch and rejoin each server c) some other technique? Thanks in advance.

  2. jeff_smith says:

    Our recommendation would be to apply the patch while servers are online and in the site. Since the update process will bring the server offline temporarily, it would be best to apply this patch on your servers one at a time. Beyond that, there is no need to remove any of the server from the site during this process.

  3. rastrauch says:

    Any ETA on the 10.2.2 patch? It still reads “coming soon”.