May I know if backdrop vulnerable to the Log4shell/Log4j (CVE-2021-44228) in any stage or version or third party plugin found vulnerable to this ? Is there any official statement from backdrop on this ? I need a firm answer on this. Thanks.
Weekly office hours
Bring your questions to our weekly virtual office hours, every Wednesday. Everyone is welcome.
Recent topics
Posted 2 days 10 hours ago by (NormPlum) in Other
Posted 5 days 11 hours ago by (steveb510) in How-To and Troubleshooting
Posted 2 weeks 21 hours ago by (stpaultim) in How-To and Troubleshooting
Posted 2 weeks 2 days ago by (stpaultim) in Weekly Meetings
Posted 2 weeks 3 days ago by (NormPlum) in Other
Recent comments
Thanks! The site was on PHP 7.0. With assistance from my hosting provider, I updated to PHP 7.4 and now I have access to the site again. No database re-import required.
Locked out of site after updating modules
Thank you very much. I will follow your advice.
Locked out of site after updating modules
The best you can do is test and report. If you find a contrib that doesn't work in php 8.3, create an issue in its queue so it gets fixed. In my experience, I've found that 7.4 is safest...
Locked out of site after updating modules
Hi argiepiano, Some contrib will not work in php 7.2 or lower, and some will not on PHP 8.1 or higher. Is there a way to find out which is the optimal PHP version for a...
Locked out of site after updating modules
This sounds like a combination of a buggy module and the "wrong" version of PHP. The fact that you are being redirected to the maintenance page may be an indication that your site was put on...
Comments
Backdrop is definitely not vulnerable because of Log4j. Log4j is a Java component; Backdrop doesn't directly use Java, it's written in PHP, HTML, and JavaScript, with a smattering of scripting languages and configurations.
Note: I don't speak officially for Backdrop, but I'm pretty confident about this.
I'm glad to hear this. Thanks for your affirmation.