May I know if backdrop vulnerable to the Log4shell/Log4j (CVE-2021-44228) in any stage or version or third party plugin found vulnerable to this ? Is there any official statement from backdrop on this ? I need a firm answer on this. Thanks.
Backdrop is definitely not vulnerable because of Log4j. Log4j is a Java component; Backdrop doesn't directly use Java, it's written in PHP, HTML, and JavaScript, with a smattering of scripting languages and configurations.
Note: I don't speak officially for Backdrop, but I'm pretty confident about this.
The block system and API in Backdrop is very different from Drupal's. In Backdrop, as in Drupal, modules can define blocks in code (in fact some of the API at this level is the same, with...
Posted4 days 18 hours ago by Alejandro Cremaschi (argiepiano) on:
This was from examining line 2463- of the webform.module, where
// Attach necessary JavaScript and CSS.
$form['#attached'] = array(
'css' => array(backdrop_get_path('module', 'webform...
d'oh. Because of course it is reassigning. Don't mind me...
the correct syntax is
$form['#attached']['js'][] =
backdrop_get_path('module', 'mymodule') . '/mymodule.js';
Comments
Backdrop is definitely not vulnerable because of Log4j. Log4j is a Java component; Backdrop doesn't directly use Java, it's written in PHP, HTML, and JavaScript, with a smattering of scripting languages and configurations.
Note: I don't speak officially for Backdrop, but I'm pretty confident about this.
I'm glad to hear this. Thanks for your affirmation.