simone960's picture

May I know if backdrop vulnerable to the Log4shell/Log4j (CVE-2021-44228) in any stage or version or third party plugin found vulnerable to this ? Is there any official statement from backdrop on this ? I need a firm answer on this. Thanks. 


cellear's picture

Backdrop is definitely not vulnerable because of Log4j.  Log4j is a Java component; Backdrop doesn't directly use Java, it's written in PHP, HTML, and JavaScript, with a smattering of scripting languages and configurations. Note: I don't speak officially for Backdrop, but I'm pretty confident about this.

simone960's picture

I'm glad to hear this. Thanks for your affirmation.