Log4j - Java/Tomcat (new versions of log4j files released, 2.17.0)

SpaceIQ (Archibus software) has provided a response the recent log4j security concerns for Java and Apache Tomcat.  This issue has been updated three times as more information has become available.  Below is the most recent "fix" for the issue.  If and when additional updates are made available, they will be passed on to our clients.  We are available to assist with these fixes as needed.  

From SpaceIQ

Log4j 2.x affects Web Central 25.2 or newer. If you are using an older version of Archibus Web Central, this vulnerability is not of concern. While it's true that Log4j 1.x has it's own issues, it's not possible to simply swap the jars because the package name, classes and methods have changed between the two major versions: org.apache.log4j.Logger.getLogger (1.x) vs org.apache.logging.log4j.LogManager.getLogger (2.x). This means that, in order to patch older versions, one would need to modify 300+ java files (both core and application) and then test the whole product to see that it still works.

For versions 25.2 and newer, it is highly recommended to update the following jar files from under \archibus\WEB-INF\lib\: log4j-api-2.13.3.jar, log4j-core-2.13.3.jar, log4j-slf4j-impl-2.13.3.jar.
You can download the latest jar files from here:

About the Author

Fulton Hartzog

Sr FM Consultant

Follow on Linkedin More Content by Fulton Hartzog
Previous PDF
Insights into the Data Gap: BIM and Facilities Management Sectors 2021
Insights into the Data Gap: BIM and Facilities Management Sectors 2021

This report is designed to help you better understand the industry landscape and to provide the insights ne...

Next Video
Develop your Digital Twin with Reality Capture
Develop your Digital Twin with Reality Capture

Watch this on-demand webcast to learn how you can leverage various technology applications to create a robu...

Optimize Your Team's IWMS

Learn More