May I know if backdrop vulnerable to the Log4shell/Log4j (CVE-2021-44228) in any stage or version or third party plugin found vulnerable to this ? Is there any official statement from backdrop on this ? I need a firm answer on this. Thanks.
Weekly office hours
Bring your questions to our weekly virtual office hours, every Wednesday. Everyone is welcome.
Recent topics
Posted 1 week 1 day ago by (adamg) in How-To and Troubleshooting
Posted 1 week 4 days ago by (izmeez) in How-To and Troubleshooting
Posted 1 week 5 days ago by (suriyan2538) in How-To and Troubleshooting
Posted 1 week 5 days ago by (BKaernel) in How-To and Troubleshooting
Posted 1 week 5 days ago by (BKaernel) in How-To and Troubleshooting
Recent comments
Worth mentioning as it was in zulip chat by @yorkshirepudding I just tested and the two work together without issue as long as you don't use the "Exclude comments from Content...
Search does not include comments
There is also Node Comments Search - this searches the node and all comments (default search is node and first page of comments) as part of the content search. Izzy's module above is a separate...
Search does not include comments
I have created a new module comment_search
Search does not include comments
If there is no response, alternatively, you can use a View with a list of comments, with a filter based on the comment text. I haven't tried it myself, I just got an idea.
Search does not include comments
Backdrop CMS: 1.34.0 Installation profile: standard PHP version: 8.4.21 Drupal 7 compatibility: on Database server...
Comments
Backdrop is definitely not vulnerable because of Log4j. Log4j is a Java component; Backdrop doesn't directly use Java, it's written in PHP, HTML, and JavaScript, with a smattering of scripting languages and configurations.
Note: I don't speak officially for Backdrop, but I'm pretty confident about this.
I'm glad to hear this. Thanks for your affirmation.