May I know if backdrop vulnerable to the Log4shell/Log4j (CVE-2021-44228) in any stage or version or third party plugin found vulnerable to this ? Is there any official statement from backdrop on this ? I need a firm answer on this. Thanks.
Backdrop LIVE
April 23rd-24th, 2026
An interactive online event for anyone interested in Backdrop CMS. Everyone is welcome.
Weekly office hours
Bring your questions to our weekly virtual office hours, every Wednesday. Everyone is welcome.
Recent topics
Posted 5 days 2 hours ago by (Mike Kettle) in How-To and Troubleshooting
Posted 1 week 2 days ago by Olaf Grabienski (Olafski) in How-To and Troubleshooting
Posted 4 weeks 23 min ago by (izmeez) in Weekly Meetings
Posted 1 month 13 hours ago by (Jochen_K) in Requests and Feedback
Posted 1 month 5 days ago by (spjsche) in Installation Questions
Recent comments
Hi Editing I see this: The CSS looks like this: /* Level 1: Standard Numbers */ .field-name-body ol { list-style-type: decimal; } /* Level 2: Lowercase Letters */ .field...
Numbered List format is different when editing
Done: https://github.com/backdrop/backdrop-issues/issues/7097 Feel free to edit it with better technical language. I'll have ago at vaccinating it but I'm only a user and the...
Numbered List format is different when editing
Hi Mike. That looks like a bug. The CKE ordered lists when editing have the correct CSS to format those lists correctly, but when Backdrop displays the body field in Basis, it doesn't...
Numbered List format is different when editing
Restore Newsletter Subscriptions from a Dev Website In my last comment, I described a way to restore newsletter subscriptions from a database backup. The method involved directly editing...
Re-enable Simplenews newsletter subscriptions that had been erroneously disabled
I am considering migrating my drupal 7 website to backdrop. Hi @seamus, I would like to offer my professional services for migration to BackdropCMS. Please connect If...
Comments
Backdrop is definitely not vulnerable because of Log4j. Log4j is a Java component; Backdrop doesn't directly use Java, it's written in PHP, HTML, and JavaScript, with a smattering of scripting languages and configurations.
Note: I don't speak officially for Backdrop, but I'm pretty confident about this.
I'm glad to hear this. Thanks for your affirmation.