May I know if backdrop vulnerable to the Log4shell/Log4j (CVE-2021-44228) in any stage or version or third party plugin found vulnerable to this ? Is there any official statement from backdrop on this ? I need a firm answer on this. Thanks.
Backdrop LIVE
April 3-4, 2025
An interactive online event for anyone interested in Backdrop CMS. Everyone is welcome.
Recent topics
Posted 4 days 3 hours ago by (Mike Kettle) in How-To and Troubleshooting
Posted 5 days 4 hours ago by (Geeklogger) in How-To and Troubleshooting
Posted 1 week 1 day ago by (DonM) in How-To and Troubleshooting
Posted 1 week 2 days ago by (DonM) in How-To and Troubleshooting
Posted 1 week 2 days ago by (izmeez) in How-To and Troubleshooting
Recent comments
Hi Mike, try user/login, that should work.
Admin login - help
I wrote a blog post a while back about how the color module works, in case that is helpful. https://www.triplo.co/blog/color-module-backdrop-cms
Color module aggressive search and replace custom css color values
You are asking this question at the right time. Work has been done on the Content Moderation module for Backdrop CMS, but it's still not working fully. We would welcome help getting this...
Workflow module or equivalent?
Hi, Olafski, Thanks for your reply. Thank goodness we have the resources of Drupal 7 to look at when these questions arise -- questions new to me (yet another unknown part of Drupal /...
Color module aggressive search and replace custom css color values
Hi DonM, I guess there isn't an option for the color module to behave in another way, but there are workarounds: Don't use the color module, maybe even disable it, and use only...
Comments
Backdrop is definitely not vulnerable because of Log4j. Log4j is a Java component; Backdrop doesn't directly use Java, it's written in PHP, HTML, and JavaScript, with a smattering of scripting languages and configurations.
Note: I don't speak officially for Backdrop, but I'm pretty confident about this.
I'm glad to hear this. Thanks for your affirmation.