SonarQube Version: 8.6
Post Log4j vulnerability we began looking at moving to a supported version of sonarqube. No changes were made as far as we know, only viewing of config files and a snapshot of the VM. However, now the SQ instance returns a 503, restarting the instance fails and we have restarted all the services.
The Bitnami diagnostic tool was used and they extracted the following from the logs:
SLF4J: Found binding in [jar:file:/opt/bitnami/apps/sonarqube/sonarqube/lib/common/logback-classic-1.2.3.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation.
Failed to instantiate SLF4J LoggerFactory
Reported exception:
java.lang.NoClassDefFoundError: org/apache/logging/log4j/spi/AbstractLoggerAdapter
at java.base/java.lang.ClassLoader.defineClass1(Native Method)
at java.base/java.lang.ClassLoader.defineClass(ClassLoader.java:1017)
at java.base/java.security.SecureClassLoader.defineClass(SecureClassLoader.java:174)
at java.base/jdk.internal.loader.BuiltinClassLoader.defineClass(BuiltinClassLoader.java:800)
at java.base/jdk.internal.loader.BuiltinClassLoader.findClassOnClassPathOrNull(BuiltinClassLoader.java:698)
It would appear that all other services are running but SonarQube cannot be restarted.