May I know if backdrop vulnerable to the Log4shell/Log4j (CVE-2021-44228) in any stage or version or third party plugin found vulnerable to this ? Is there any official statement from backdrop on this ? I need a firm answer on this. Thanks.
Weekly office hours
Bring your questions to our weekly virtual office hours, every Wednesday. Everyone is welcome.
Recent topics
Posted 14 hours 11 min ago by (ian) in How-To and Troubleshooting
Posted 3 days 2 hours ago by (Chrys) in How-To and Troubleshooting
Posted 3 days 15 hours ago by (stpaultim) in Weekly Meetings
Posted 1 week 11 hours ago by (toda97) in How-To and Troubleshooting
Posted 1 week 1 day ago by (Enthusiast) in How-To and Troubleshooting
Recent comments
You can edit images and load them back to the same folder with the same name and extension, this will not create a problem. Replace directly in the file system, without the use of CMS, for CMS...
Image manipulation on server?
I was under the impression you could not do that - don't know where I got that idea from... thought it had to do with the way Backdrop manages image files.
Image manipulation on server?
I think given the warning on the source site: At this time, if your new project can afford to require PHP 5.5+, which it should, please use PHP's native password_hash() /...
July 31, 2025
I did a very quick test and if the Display format of the webform submission value is HTML then it appears but if plain text then it doesn't, so something is included regardless of if empty when...
"Hide rewriting if empty" has no effect
Just to clarify it appears that the item: Fix Search for "On the Web" module, is about the search on backdropcms.org at https://backdropcms.org/modules
Comments
Backdrop is definitely not vulnerable because of Log4j. Log4j is a Java component; Backdrop doesn't directly use Java, it's written in PHP, HTML, and JavaScript, with a smattering of scripting languages and configurations.
Note: I don't speak officially for Backdrop, but I'm pretty confident about this.
I'm glad to hear this. Thanks for your affirmation.