ArcGIS Blog

Open-source Geoportal Server Security Patch

We recently patched a Cross-Site-Scripting (XSS) vulnerability within Geoportal Server and posted the patch to GitHub. Current 1.2.7 installations should just apply the patch, whereas installations before 1.2.7 will need to upgrade to 1.2.7 and then apply this patch.  The actual XSS vulnerability is only of moderate risk, however we expect that the details for exploiting the vulnerability will likely be made publically available, and therefore recommend ensuring this patch is deployed in a timely manner.


This patch is only for the open-source Geoportal Server and not a vulnerability or patch related to the Esri commercial offering of Portal for ArcGIS.


Geoportal Server 1.2.7 Patch 1 – Available now

Leave a Reply

Please Login to comment

Next Article

What's new in ArcGIS Maps for Adobe Creative Cloud (July 2021)

Read this article