Hi All, Please find my comments inline and could you help to get solution for below scenario/possibility which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension) Version number: SonarQube 7.5 what are you trying to achieve Will we be able to delete log4j jars fr…

Can delete log4j jars from SonarQube 7.5 Version and can we proceed to run / use SonarQube

cba (Chris) January 28, 2022, 5:28am 4

You won’t be able to fix the log4j issue with the 7.5 version, but you can analyze Java 8 code with SonarQube versions 8 and 9 with no issues.

There are a few forum threads that explain this a bit (I’ve seen lots more):

And the documentation speaks to that as well:

Topic		Replies	Views
How to fix Log4J Vulnerabilities in Sonar 7.9.5 Version SonarQube Server / Community Build sonarqube	1	880	January 6, 2022
What is the impact of Log4j on the SonarQube version 9.1.0.47736 SonarQube Server / Community Build	3	1262	December 17, 2021
Is sonarqube 7.9.5 vulnerable to (CVE-2021-44228) log4j vulnerabilities SonarQube Server / Community Build sonarqube	20	4577	December 29, 2021
Sonarqube 8.6.x - Log4j vulnerability SonarQube Server / Community Build sonarqube , scanner , azuredevops-services	1	1402	December 16, 2021
Is there any log4j vulnerability for log4j-api-2.8.2.jar log4j-to-slf4j-2.8.2.jar in sonar qube Version: 8.9.1.44547 SonarQube Server / Community Build	3	456	January 27, 2022