May I know if backdrop vulnerable to the Log4shell/Log4j (CVE-2021-44228) in any stage or version or third party plugin found vulnerable to this ? Is there any official statement from backdrop on this ? I need a firm answer on this. Thanks.
Backdrop is definitely not vulnerable because of Log4j. Log4j is a Java component; Backdrop doesn't directly use Java, it's written in PHP, HTML, and JavaScript, with a smattering of scripting languages and configurations.
Note: I don't speak officially for Backdrop, but I'm pretty confident about this.
The issue could be related to the Emojis in the body field. Can you check the Status report (admin/reports/status) for the item MySQL Database 4-byte UTF-8 support? To display Emojis, 4-byte UTF...
Posted1 day 52 min ago by Olaf Grabienski (Olafski) on:
Be sure the ID uses low hyphens, as in webform_client_form_7. And also test by logging out, since the captcha is shown to anonymous visitors by default.
Posted2 days 11 hours ago by Alejandro Cremaschi (argiepiano) on:
Comments
Backdrop is definitely not vulnerable because of Log4j. Log4j is a Java component; Backdrop doesn't directly use Java, it's written in PHP, HTML, and JavaScript, with a smattering of scripting languages and configurations.
Note: I don't speak officially for Backdrop, but I'm pretty confident about this.
I'm glad to hear this. Thanks for your affirmation.