May I know if backdrop vulnerable to the Log4shell/Log4j (CVE-2021-44228) in any stage or version or third party plugin found vulnerable to this ? Is there any official statement from backdrop on this ? I need a firm answer on this. Thanks.
Weekly office hours
Bring your questions to our weekly virtual office hours, every Wednesday. Everyone is welcome.
Recent topics
Posted 1 day 5 hours ago by (Peter.B.Eriksen) in How-To and Troubleshooting
Posted 4 days 7 hours ago by (izmeez) in How-To and Troubleshooting
Posted 5 days 13 hours ago by Sudipto Kumar Mitra (sudipto68) in How-To and Troubleshooting
Posted 1 week 1 day ago by (jimboh) in How-To and Troubleshooting
Posted 1 week 2 days ago by (toda97) in How-To and Troubleshooting
Recent comments
Thanks! I tested PayPal WPS (since I also use it in my Drupal 7 Commerce shop). With the PayPal server SANDBOX mode (no real payment transaction, just simulated). And everything...
Commerce shop system from Drupal
Peter, I've done an initial port of Commerce PayPal. While I haven't tested it, I think it should work, as the module is not too complex. https://github.com/backdrop-contrib/...
Commerce shop system from Drupal
Glad you finally found it! Someone really needs to port commerce_paypal.
Commerce shop system from Drupal
Wow, THANK YOU! I’ve been searching for this for months, and it’s been there all along—just extremely well hidden... I immediately installed Commerce with the configuration of my...
Commerce shop system from Drupal
Here is a link to the Youtube User group meeting where this is discussed, https://youtu.be/bEd795FnlMw?t=1530
Comments
Backdrop is definitely not vulnerable because of Log4j. Log4j is a Java component; Backdrop doesn't directly use Java, it's written in PHP, HTML, and JavaScript, with a smattering of scripting languages and configurations.
Note: I don't speak officially for Backdrop, but I'm pretty confident about this.
I'm glad to hear this. Thanks for your affirmation.