May I know if backdrop vulnerable to the Log4shell/Log4j (CVE-2021-44228) in any stage or version or third party plugin found vulnerable to this ? Is there any official statement from backdrop on this ? I need a firm answer on this. Thanks.
Recent topics
Posted 2 days 10 hours ago by (Z4N8r) in How-To and Troubleshooting
Posted 4 days 7 hours ago by (Bill_Lea) in How-To and Troubleshooting
Posted 5 days 13 hours ago by (trapeharde32) in How-To and Troubleshooting
Posted 1 week 20 hours ago by (leeksoup) in How-To and Troubleshooting
Posted 1 week 1 day ago by Martin Price | System Horizons Ltd (yorkshirepudding) in Weekly Meetings
Recent comments
In the meantime I also need something like https://www.drupal.org/project/entityreference_autofill in Backdrop. Has anyone made progress on the port, or are there interesting alternatives...
Porting of module "Entity reference autofill"
- In Backdrop CMS the update.php file located in the /core folder (mydomain.com/core/update.php). - For launch the update.php from address bar of the browser, without restrictions, you...
Update Problems
Using modules Internationalization > String translation, and Localization client > if you like to make a translation easier.
Quicktabs module: How to translate the tabs?
OK so I have tried several things among which are running Update.php as withe mysite,com/update.php Going to Home adn running update there coing to performance adn running ipdate there. I all...
Update failure
Thanks. I've now tested this on a localhost and what you say holds true: the user whose permission has been removed for the given content type no longer has creation and editing rights for that...
Comments
Backdrop is definitely not vulnerable because of Log4j. Log4j is a Java component; Backdrop doesn't directly use Java, it's written in PHP, HTML, and JavaScript, with a smattering of scripting languages and configurations.
Note: I don't speak officially for Backdrop, but I'm pretty confident about this.
I'm glad to hear this. Thanks for your affirmation.