May I know if backdrop vulnerable to the Log4shell/Log4j (CVE-2021-44228) in any stage or version or third party plugin found vulnerable to this ? Is there any official statement from backdrop on this ? I need a firm answer on this. Thanks.
Backdrop is definitely not vulnerable because of Log4j. Log4j is a Java component; Backdrop doesn't directly use Java, it's written in PHP, HTML, and JavaScript, with a smattering of scripting languages and configurations.
Note: I don't speak officially for Backdrop, but I'm pretty confident about this.
OK so I have tried several things among which are running Update.php as withe mysite,com/update.php Going to Home adn running update there coing to performance adn running ipdate there. I all...
- In Backdrop CMS the update.php file located in the /core folder (mydomain.com/core/update.php).
- For launch the update.php from address bar of the browser, without restrictions, you...
Thanks. I've now tested this on a localhost and what you say holds true: the user whose permission has been removed for the given content type no longer has creation and editing rights for that...
I finally found the PHP controle in my CPANEL and Reset the PHP to vwersion 7.3. Using this version I was able to clear the update caches but I am still unable to run update instite of the...
Comments
Backdrop is definitely not vulnerable because of Log4j. Log4j is a Java component; Backdrop doesn't directly use Java, it's written in PHP, HTML, and JavaScript, with a smattering of scripting languages and configurations.
Note: I don't speak officially for Backdrop, but I'm pretty confident about this.
I'm glad to hear this. Thanks for your affirmation.