Over the last few days, our customers have reached out to us asking about the Log4j threat, the news of which have been a popular topic in the IT worlds these days.

You can learn more about the Log4j threat and related issues on the Apache.org blog.

We are making this announcement to ensure you that as an InterForm customer you are will not be affected if you have been following our recommendations for using and maintaining our software.

How to deal with it?

  1. Customer running InterForm400 & InterFormNG are not affected by this security vulnerability.
  2. Customer running InterFormNG2 should upgrade to the latest version.

Our own comprehensive investigation showed that we generally use log-back, but we can’t rule out that log4j is being used in InterFormNG2 by external libraries.

Even though we rate the risk for InterForm installations as rather low, we’ve still decided to address the issues in the quickest possible manner. We have created an adapted program version for InterFormNG2 that is immune to the potential threat.

We recommend all operators of InterFormNG2 installations a short-term update to the new version InterFormNG2. You can download it from here.

Newsletter

This information was already communicated to all our customers via our standard newsletter, in the previous days. Our newsletter is always the best way to stay informed about everything related to InterForm, our software, and output management. If you want to receive information through the newsletter, please make sure you’re registered.

Veljko Simovic