May I know if backdrop vulnerable to the Log4shell/Log4j (CVE-2021-44228) in any stage or version or third party plugin found vulnerable to this ? Is there any official statement from backdrop on this ? I need a firm answer on this. Thanks.
Weekly office hours
Bring your questions to our weekly virtual office hours, every Wednesday. Everyone is welcome.
Recent topics
Posted 15 hours 58 min ago by (danryan) in How-To and Troubleshooting
Posted 21 hours 45 min ago by Martin Jones (nattyweb) in How-To and Troubleshooting
Posted 1 day 2 hours ago by (patch-works) in How-To and Troubleshooting
Posted 1 day 12 hours ago by (willowf) in Requests and Feedback
Posted 1 day 14 hours ago by (willowf) in Requests and Feedback
Recent comments
Hi Steve, you can add a site-wide language switcher for visitors as a block to your layout(s). To do so, go to your layout, click "Add block", e.g. in the Header region, search for "language",...
How to translate my site content
As some folks have mentioned, some work has gone into this. We actually added the ability to have "draft revisions" into core, BUT we never completed the front end user interface for this...
managing draft revisions while still having a version published
Hi danryan, just to be sure, can you check if the tabs aren't hidden in your layout? Go to the page where you miss the tabs. In the Admin bar at top of the page...
View/Edit tabs missing
The View/Edit tabs that normally appear at the top of any piece of content have disappeared. I'm not sure why you are not seeing the view and edit tabs, but it's worth...
View/Edit tabs missing
happy to do that to move things forward.
Comments
Backdrop is definitely not vulnerable because of Log4j. Log4j is a Java component; Backdrop doesn't directly use Java, it's written in PHP, HTML, and JavaScript, with a smattering of scripting languages and configurations.
Note: I don't speak officially for Backdrop, but I'm pretty confident about this.
I'm glad to hear this. Thanks for your affirmation.