Hello, Similar to this previous issue there’s a new vulnerability on the logback-core, this time affecting the version 9.9 LTS: CVE Website The logack-core version used by the LTS release is the 1.2.10 and the one that resolves the vulnerability is the 1.5.13. There’s any plan to resolve it on…

CVE-2021-42550 Vulnerable logback version 1.2.10 in SonarQube Community 9.9 LTS

Colin (Colin) December 27, 2024, 10:18am 2

Hey there,

I’ve unlisted your topic since you’re reporting a vulnerability. Our responsible disclosure policy asks that you email security@sonarsource.com rather than making public posts. Could you please re-send this to security@sonarsource.com?

Thanks!

Topic		Replies	Views
CVE-2021-42550 Vulnerable logback version 1.2.7 in SonarQube 8.9.6 SonarQube Server / Community Build sonarqube , security	6	1251	March 9, 2022
Is sonarqube 7.9.5 vulnerable to (CVE-2021-44228) log4j vulnerabilities SonarQube Server / Community Build sonarqube	20	4497	December 29, 2021
Is sonarqube 9.9 LTS is covered with CVE-2022-42889 vulnerability? SonarQube Server / Community Build sonarqube	1	542	June 8, 2023
SonarQube 8.9.4 LTS and 9.2.2 released Releases sonarqube	8	6190	December 15, 2021
Dependencies Vulnerabilities Sonarqube Community 9.9 SonarQube Server / Community Build sonarqube	1	308	February 16, 2024