We have 9.9.1 LTS deployed using the zip. It has Tomcat 9.0.74 embedded. However this Tomcat version has a few vulnerability issues. Is there any plan to upgrade the embedded Tomcat with any future 9.9.x or 10.x releases? Thanks

9.9.1 LTS has Tomcat 9.0.74 embedded which has vulnerability issues

ganncamp (G Ann Campbell) October 26, 2023, 2:26pm 3

Hi,

I’ve unlisted your topic since you’re reporting a vulnerability. Our responsible disclosure policy asks that you email security@sonarsource.com rather than making public posts. But I’ll let them know about this thread.

Ann

Topic		Replies	Views
Embedded Tomcat SonarQube Server / Community Build sonarqube	2	1222	October 27, 2021
Tomcat vulnerability SonarQube Server / Community Build security	12	1513	November 18, 2020
Need to know about the Tomcat version for Sonarqube 9.9.4 SonarQube Server / Community Build	1	221	April 25, 2024
SonarQube 9.7.1 released Releases sonarqube	7	2890	December 20, 2022
What is the latest tomcat version in Sonar community edition? SonarQube Server / Community Build sonarqube	2	65	March 13, 2025

9.9.1 LTS has Tomcat 9.0.74 embedded which has vulnerability issues

Related topics