Does Log4j Vulnerability Affect Backdrop ?

May I know if backdrop vulnerable to the Log4shell/Log4j (CVE-2021-44228) in any stage or version or third party plugin found vulnerable to this ? Is there any official statement from backdrop on this ? I need a firm answer on this. Thanks.

Comments

Backdrop is definitely not vulnerable because of Log4j. Log4j is a Java component; Backdrop doesn't directly use Java, it's written in PHP, HTML, and JavaScript, with a smattering of scripting languages and configurations.

Note: I don't speak officially for Backdrop, but I'm pretty confident about this.

I'm glad to hear this. Thanks for your affirmation.

Weekly office hours

Bring your questions to our weekly virtual office hours, every Wednesday. Everyone is welcome.

Does Log4j Vulnerability Affect Backdrop ?

Comments

Weekly office hours

Recent topics

missing "add block" in custom layout

Unable to run update - fails with Connection timed out

Write Permission Problems on files, ../private and /tmp on my Laptop

Disappearing administration bar. Is this a Leaflet or a Backdrop bug?

CKEditor Inline Images not saved as Permanent in Term descriptions

Recent comments

Error when trying to check for updates

Unable to run update - fails with Connection timed out

missing "add block" in custom layout

missing "add block" in custom layout

missing "add block" in custom layout