Please find my comments inline and could you help to get solution for below scenario/possibility
which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
Version number: SonarQube 7.5
what are you trying to achieve
Will we be able to delete log4j jars from SonarQube 7.5 and proceed to run / use SonarQube?*
In the SonarQube 7.5 folder, log4j libraries available in the below mentioned paths
what have you tried so far to achieve this
We want to overcome log4j vulnerability
Welcome to the community! Your version of SonarQube is way out of date, and log4j is likely not the only vulnerability in there. Rather than butchering your SonarQube install by removing libraries I’d recommend updating to a supported version, where the log4j issue is fixed properly.
Your upgrade path is 7.5 → 7.9.6 LTS → 8.9.6 LTS → (optional) 9.2.4
@cba for your kind reply.
Our project have limitation of Java 8 version, could you please provide solution/suggest to overcome log4 vulnerability with current installed sonar version 7.5 (without upgrade)
You won’t be able to fix the log4j issue with the 7.5 version, but you can analyze Java 8 code with SonarQube versions 8 and 9 with no issues.
There are a few forum threads that explain this a bit (I’ve seen lots more):
We have Java code that compiles and runs well with Java 8.
We installed Sonarqube 8.1 server (which uses Java 11) with all the latest plugins (including SonarJava plugin version 6.0.1) and tried to run analysis for above code.
There seems to be a dependency on Java 11 when running the sonar maven profile.
*Caused by: java.lang.UnsupportedClassVersionError: com/github/_1c_syntax/bsl/sonar/BSLPlugin has been compiled by a more recent version of the Java Runtime (class file version 55.0), this v…
sonarQube9.1 CE（Java 11 ） + pgsql （docker install）
my project is maven Java 8
24136 [ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:184.108.40.2064:sonar (default-cli) on project dtop-codes: Execution default-cli of goal org.sonarsource.scanner.maven:sonar-maven-plugin:220.127.116.114:sonar failed: An API incompatibility was encountered while executing org.sonarsource.scanner.maven:sonar-maven-plugin:18.104.22.1684:sonar: java.lang.UnsupportedClassVersionError: org/sonar/ba…
And the documentation speaks to that as well: