May I know if backdrop vulnerable to the Log4shell/Log4j (CVE-2021-44228) in any stage or version or third party plugin found vulnerable to this ? Is there any official statement from backdrop on this ? I need a firm answer on this. Thanks.
Backdrop is definitely not vulnerable because of Log4j. Log4j is a Java component; Backdrop doesn't directly use Java, it's written in PHP, HTML, and JavaScript, with a smattering of scripting languages and configurations.
Note: I don't speak officially for Backdrop, but I'm pretty confident about this.
It sounds like a CSS/JS bug in the Layouts UI: when the "Add block" row is hidden with display:none, its help/description element isn’t being hidden together.
🔧 Things to try...
Thank you, Martin and Olaf! I had a feeling that there might be something out there already :)
I will check all three options (I will look at porting modules) and report back which one...
The Views Watchdog module for Backdrop "extends the Views module and allows to create custom lists of log entries". On Github, there is also a Wiki page with information about available fields,...
Posted1 week 16 hours ago by Olaf Grabienski (Olafski) on:
Hi Irina
I have often wondered this. I have had Log Filter on my list of possible migrations for a while; this uses a JS library to do the filtering. I notice on the project page of this...
Posted1 week 17 hours ago by Martin Price | System Horizons Ltd (yorkshirepudding) on:
Comments
Backdrop is definitely not vulnerable because of Log4j. Log4j is a Java component; Backdrop doesn't directly use Java, it's written in PHP, HTML, and JavaScript, with a smattering of scripting languages and configurations.
Note: I don't speak officially for Backdrop, but I'm pretty confident about this.
I'm glad to hear this. Thanks for your affirmation.