May I know if backdrop vulnerable to the Log4shell/Log4j (CVE-2021-44228) in any stage or version or third party plugin found vulnerable to this ? Is there any official statement from backdrop on this ? I need a firm answer on this. Thanks.
Backdrop is definitely not vulnerable because of Log4j. Log4j is a Java component; Backdrop doesn't directly use Java, it's written in PHP, HTML, and JavaScript, with a smattering of scripting languages and configurations.
Note: I don't speak officially for Backdrop, but I'm pretty confident about this.
With the help of the Backdrop office hours crew, I was able to figure out a solution that works for me.
I just added an explicit format setting to the long-text field before saving it,...
Yes, I mean something similar to Seven/Bartik/etc , but in another location. And yes, I've tried it, and it's not found. So I figured that there may have been a hook to load it or load it's...
Unfortunately the word" theme" is used in different ways. By "theme" do you mean the equivalent of Basis, Bartik, etc? (appearance themes). BTW, hook_theme has nothing to do with those...
Posted1 day 10 hours ago by Alejandro Cremaschi (argiepiano) on:
But ultimately I would like to do a cleaner solution and convert the old <br> tags over to <p> tags using code. I love regexps so it's no problem to massage the HTML to what I want;...
Comments
Backdrop is definitely not vulnerable because of Log4j. Log4j is a Java component; Backdrop doesn't directly use Java, it's written in PHP, HTML, and JavaScript, with a smattering of scripting languages and configurations.
Note: I don't speak officially for Backdrop, but I'm pretty confident about this.
I'm glad to hear this. Thanks for your affirmation.