May I know if backdrop vulnerable to the Log4shell/Log4j (CVE-2021-44228) in any stage or version or third party plugin found vulnerable to this ? Is there any official statement from backdrop on this ? I need a firm answer on this. Thanks.
Backdrop is definitely not vulnerable because of Log4j. Log4j is a Java component; Backdrop doesn't directly use Java, it's written in PHP, HTML, and JavaScript, with a smattering of scripting languages and configurations.
Note: I don't speak officially for Backdrop, but I'm pretty confident about this.
Heya @DrAlbany,
Yes, if you could add me as a contributor that would be great.
I'm doing a bunch of "triage" on my site these days, fixing stuff and (slowly)...
Posted9 hours 56 min ago by Graham Leach (Graham Leach) on:
Wow!
@bugfolder
What a fantastic response! I am so grateful for the effort you obviously put in.
I just wanted to give you some FF on the sheer size and depth of...
Posted10 hours 19 sec ago by Graham Leach (Graham Leach) on:
Hi...,
Our ubercart.dev site is a work in progress...
I'm happy to add you as a contributor etc...
UC is something I use and want to help the documentation live on...
Hi Graham,
I don't have answers to all your questions, but I do for some: answers inline below.
Thank you for your comments, especially the assurance(s) that UC Product Kit...
Comments
Backdrop is definitely not vulnerable because of Log4j. Log4j is a Java component; Backdrop doesn't directly use Java, it's written in PHP, HTML, and JavaScript, with a smattering of scripting languages and configurations. Note: I don't speak officially for Backdrop, but I'm pretty confident about this.
I'm glad to hear this. Thanks for your affirmation.