May I know if backdrop vulnerable to the Log4shell/Log4j (CVE-2021-44228) in any stage or version or third party plugin found vulnerable to this ? Is there any official statement from backdrop on this ? I need a firm answer on this. Thanks.
Backdrop LIVE
April 3-4, 2025
An interactive online event for anyone interested in Backdrop CMS. Everyone is welcome.
Recent topics
Posted 5 days 15 hours ago by (Mike Kettle) in How-To and Troubleshooting
Posted 6 days 16 hours ago by (Geeklogger) in How-To and Troubleshooting
Posted 1 week 3 days ago by (DonM) in How-To and Troubleshooting
Posted 1 week 4 days ago by (DonM) in How-To and Troubleshooting
Posted 1 week 4 days ago by (izmeez) in How-To and Troubleshooting
Recent comments
The problem here is that the Rule itself is faulty. See explanations and an alternative here: https://github.com/backdrop-contrib/rules/issues/241
Rules and Registration: "Undefined method AnonymousUser::save()"
I believe you can accomplish at least some of that functionality using Rules module. You can Grant, Reset and Revoke permissions based on many trigger events such as Saving a Node or...
Workflow module or equivalent?
Hi Mike, try user/login, that should work.
Admin login - help
I wrote a blog post a while back about how the color module works, in case that is helpful. https://www.triplo.co/blog/color-module-backdrop-cms
Color module aggressive search and replace custom css color values
You are asking this question at the right time. Work has been done on the Content Moderation module for Backdrop CMS, but it's still not working fully. We would welcome help getting this...
Comments
Backdrop is definitely not vulnerable because of Log4j. Log4j is a Java component; Backdrop doesn't directly use Java, it's written in PHP, HTML, and JavaScript, with a smattering of scripting languages and configurations.
Note: I don't speak officially for Backdrop, but I'm pretty confident about this.
I'm glad to hear this. Thanks for your affirmation.