May I know if backdrop vulnerable to the Log4shell/Log4j (CVE-2021-44228) in any stage or version or third party plugin found vulnerable to this ? Is there any official statement from backdrop on this ? I need a firm answer on this. Thanks.
Backdrop is definitely not vulnerable because of Log4j. Log4j is a Java component; Backdrop doesn't directly use Java, it's written in PHP, HTML, and JavaScript, with a smattering of scripting languages and configurations.
Note: I don't speak officially for Backdrop, but I'm pretty confident about this.
// by appending ?debug_perms=1&user=5748 (5748 being the user's UID) to the url of a content type we can determine the privileges for that user at that screen
global $user;
global $debug;
$...
Ok, so I found the source of the issue, and it is the draft content from one of the other threads; the team member cannot get the draft content within views, the admin can.
I will continue in that...
$rend=views_embed_view('roles','openingsblock_tally', 148);
In the block TPL still results in 37.
And thanks, yes merely print works too.
I am trawling my template.php and custom module, but nothing...
Comments
Backdrop is definitely not vulnerable because of Log4j. Log4j is a Java component; Backdrop doesn't directly use Java, it's written in PHP, HTML, and JavaScript, with a smattering of scripting languages and configurations.
Note: I don't speak officially for Backdrop, but I'm pretty confident about this.
I'm glad to hear this. Thanks for your affirmation.