ArcGIS Trust Center

Open-source Geoportal Server Security Patch

We recently patched a Cross-Site-Scripting (XSS) vulnerability within Geoportal Server and posted the patch to GitHub. Current 1.2.7 installations should just apply the patch, whereas installations before 1.2.7 will need to upgrade to 1.2.7 and then apply this patch.  The actual XSS vulnerability is only of moderate risk, however we expect that the details for exploiting the vulnerability will likely be made publically available, and therefore recommend ensuring this patch is deployed in a timely manner.


This patch is only for the open-source Geoportal Server and not a vulnerability or patch related to the Esri commercial offering of Portal for ArcGIS.


Geoportal Server 1.2.7 Patch 1 – Available now

Notify of
Inline Feedbacks
View all comments

Next Article

Mind the map: a new design for the London Underground map

Read this article