...

We have verified that i2b2 does not use any of the Log4J code with security flaws, but we still recommend the following patch to remove all dangerous Log4J code.

Method 1: Replace WAR file (easy method)

1. Download this patched WAR file: i2b2.war with patched Log 4j 1.2.15
2. Copy it to your <wildfly>/standalone/deployments directory
3. Restart Wildfly

Method 2: Patch WAR file

1. Download the patched log4j 1.2.15.jar at https://github.com/i2b2/i2b2-core-server/raw/54e004abb7768054d7e00f6f121048d975a96e80/edu.harvard.i2b2.server-common/lib/axis2.war/WEB-INF/lib/log4j-1.2.15.jar
2. In your <wildfly>/standalone/deployments directory, unzip i2b2.war
3. In the extracted files, replace WEB-INF/lib/log4j-1.2.15 with the patched version
4. Zip the extracted contents into i2b2.war, and replace the old version
5. Restart Wildfly

i2b2 1.7.13

i2b2 1.7.13, to be released this spring, will be upgraded to the latest log4j version 2.

...