May I know if backdrop vulnerable to the Log4shell/Log4j (CVE-2021-44228) in any stage or version or third party plugin found vulnerable to this ? Is there any official statement from backdrop on this ? I need a firm answer on this. Thanks.
Weekly office hours
Bring your questions to our weekly virtual office hours, every Wednesday. Everyone is welcome.
Recent topics
Posted 4 hours 11 min ago by (patch-works) in How-To and Troubleshooting
Posted 14 hours 47 min ago by (willowf) in Requests and Feedback
Posted 16 hours 4 min ago by (willowf) in Requests and Feedback
Posted 1 day 3 hours ago by (DorotheaED) in How-To and Troubleshooting
Posted 1 day 3 hours ago by (DorotheaED) in How-To and Troubleshooting
Recent comments
I didn't know that module existed.
How to Create Nodes via a Block-Embedded Form in Backdrop
Hi patch-works. This sounds like a configuration problem with a link field attached to the user entity. Can you post an image of the field configuration UI for that field? (it may take...
Issue - Cannot create new user - "You cannot enter a title without a link url."
There is a work in progress at https://github.com/backdrop-contrib/webformtonode but I don't its ready yet.
How to Create Nodes via a Block-Embedded Form in Backdrop
Hi willowf, the image library is built by a view, located at the path admin/structure/views/view/image_library. You can add a contextual filter called "File: User who uploaded" to the view, and...
How to Restrict User Access to Site-Wide Images in the Form Editor
Great, thanks a lot I will try it, there should be a webform module that covers this. Regards
Comments
Backdrop is definitely not vulnerable because of Log4j. Log4j is a Java component; Backdrop doesn't directly use Java, it's written in PHP, HTML, and JavaScript, with a smattering of scripting languages and configurations.
Note: I don't speak officially for Backdrop, but I'm pretty confident about this.
I'm glad to hear this. Thanks for your affirmation.