May I know if backdrop vulnerable to the Log4shell/Log4j (CVE-2021-44228) in any stage or version or third party plugin found vulnerable to this ? Is there any official statement from backdrop on this ? I need a firm answer on this. Thanks.
Weekly office hours
Bring your questions to our weekly virtual office hours, every Wednesday. Everyone is welcome.
Recent topics
Posted 1 day 9 hours ago by (opentype) in How-To and Troubleshooting
Posted 5 days 19 hours ago by (indigoxela) in Weekly Meetings
Posted 1 week 3 days ago by (NexViolentus) in How-To and Troubleshooting
Posted 1 week 4 days ago by (stpaultim) in How-To and Troubleshooting
Posted 2 weeks 5 days ago by Martin Price | System Horizons Ltd (yorkshirepudding) in How-To and Troubleshooting
Recent comments
Hi @opentype. Thanks for confirming it worked. It is helpful for others if you can also mark the answer using the "accept this answer" button as this will show that the question has an answer...
Page navigation also above the page content?
Thanks for the detailed instructions. It worked.
Page navigation also above the page content?
Hello opentype. Welcome to Backdrop CMS. This would either require a sub-theme (have a look at Thesis which is a starter sub-theme with nothing changed) or a custom module. Assuming...
Page navigation also above the page content?
Perhaps, these latest lines of random test failures can be considered in the meeting too?
December 18th, 2025 - Weekly Meetings
There are some test failures in the user module after merging in the latest commits. Randomly, only in one PHP version - and always a different one. See also this Zulip...
Comments
Backdrop is definitely not vulnerable because of Log4j. Log4j is a Java component; Backdrop doesn't directly use Java, it's written in PHP, HTML, and JavaScript, with a smattering of scripting languages and configurations.
Note: I don't speak officially for Backdrop, but I'm pretty confident about this.
I'm glad to hear this. Thanks for your affirmation.