May I know if backdrop vulnerable to the Log4shell/Log4j (CVE-2021-44228) in any stage or version or third party plugin found vulnerable to this ? Is there any official statement from backdrop on this ? I need a firm answer on this. Thanks.
Backdrop is definitely not vulnerable because of Log4j. Log4j is a Java component; Backdrop doesn't directly use Java, it's written in PHP, HTML, and JavaScript, with a smattering of scripting languages and configurations.
Note: I don't speak officially for Backdrop, but I'm pretty confident about this.
Posted1 week 1 day ago by Martin Price | System Horizons Ltd (yorkshirepudding) in Weekly Meetings
Recent comments
I am guilty (in Drupal) of using PHP Filter in places just so I can use l() and url(), since my paths are very different between dev and prod servers.
For example, at the top of my Views,...
In the meantime I also need something like https://www.drupal.org/project/entityreference_autofill in Backdrop. Has anyone made progress on the port, or are there interesting alternatives...
Posted15 hours 29 min ago by Olaf Grabienski (Olafski) on:
- In Backdrop CMS the update.php file located in the /core folder (mydomain.com/core/update.php).
- For launch the update.php from address bar of the browser, without restrictions, you...
OK so I have tried several things among which are running Update.php as withe mysite,com/update.php Going to Home adn running update there coing to performance adn running ipdate there. I all...
Comments
Backdrop is definitely not vulnerable because of Log4j. Log4j is a Java component; Backdrop doesn't directly use Java, it's written in PHP, HTML, and JavaScript, with a smattering of scripting languages and configurations.
Note: I don't speak officially for Backdrop, but I'm pretty confident about this.
I'm glad to hear this. Thanks for your affirmation.