• Uniface and the Log4J vulnerability

    Rocket Uniface and the LOG4J security hazard


    As soon as we became aware of the LOG4J security risk, we have investigated how it affects the Rocket Uniface product itself and Uniface production environments.

    We found that Uniface itself is not in anyway affected. Uniface does not ship or use the LOG4J logging functionality.

    The out of support Flow and View products contained an obsolete version 1 of Log4J. How this version is affected is not known.

    The Uniface Anywhere product does not install or use Log4J 

    Log4J is a separate plugin that users can download from a third party location and that can be added to the Tomcat server in a Rocket Uniface runtime environment. It is the responsibility of these users to take appropriate action to remove the risk. Uniface will continue to work as before when the updated plugin is used.