Log4j - Java/Tomcat (new versions of log4j files released, 2.17.0)

December 22, 2021 Fulton Hartzog

SpaceIQ (Archibus software) has provided a response the recent log4j security concerns for Java and Apache Tomcat.  This issue has been updated three times as more information has become available.  Below is the most recent "fix" for the issue.  If and when additional updates are made available, they will be passed on to our clients.  We are available to assist with these fixes as needed.  

From SpaceIQ

Log4j 2.x affects Web Central 25.2 or newer. If you are using an older version of Archibus Web Central, this vulnerability is not of concern. While it's true that Log4j 1.x has it's own issues, it's not possible to simply swap the jars because the package name, classes and methods have changed between the two major versions: org.apache.log4j.Logger.getLogger (1.x) vs org.apache.logging.log4j.LogManager.getLogger (2.x). This means that, in order to patch older versions, one would need to modify 300+ java files (both core and application) and then test the whole product to see that it still works.

For versions 25.2 and newer, it is highly recommended to update the following jar files from under \archibus\WEB-INF\lib\: log4j-api-2.13.3.jar, log4j-core-2.13.3.jar, log4j-slf4j-impl-2.13.3.jar.
You can download the latest jar files from here:

About the Author

Fulton Hartzog

Sr FM Consultant

Follow on Linkedin More Content by Fulton Hartzog
Previous Article
Selecting Preview in Vault Thin Client Error 404
Selecting Preview in Vault Thin Client Error 404

When selecting the preview option in the the Vault 2022 Thin Client, some users receive an Error 404 message.

Next Article
Civil 3D 2022 Custom Install missing Start Menu shortcuts
Civil 3D 2022 Custom Install missing Start Menu shortcuts

After installing Civil 3D 2022 using the Custom Install option, the Civil 3D Imperial and Civil 3D Metric s...

Need tech support? Let us help!

Learn More