May I know if backdrop vulnerable to the Log4shell/Log4j (CVE-2021-44228) in any stage or version or third party plugin found vulnerable to this ? Is there any official statement from backdrop on this ? I need a firm answer on this. Thanks.
Backdrop is definitely not vulnerable because of Log4j. Log4j is a Java component; Backdrop doesn't directly use Java, it's written in PHP, HTML, and JavaScript, with a smattering of scripting languages and configurations.
Note: I don't speak officially for Backdrop, but I'm pretty confident about this.
Posted1 week 14 hours ago by (john@delinuxco.com) in Initiatives
Recent comments
Thank you for all your help.
In the meantime I just edited the export db-file and removed the top line with the sandbox comment. --> Still the same issue.
I exported also with the...
Another possibility: The RRSB module has a forward option. If you don't want all the social-media sharing links, you can uncheck them all, then enable RRSB on the node types of your choice.
Comments
Backdrop is definitely not vulnerable because of Log4j. Log4j is a Java component; Backdrop doesn't directly use Java, it's written in PHP, HTML, and JavaScript, with a smattering of scripting languages and configurations.
Note: I don't speak officially for Backdrop, but I'm pretty confident about this.
I'm glad to hear this. Thanks for your affirmation.