Hi, We have now the latest version of Sonaeqube 8.9.5 LTS but the log4j version is on 2.16. Is there any plan to upgrade log4j to 2.17. Is log4j version 2.16 are vulnerable?
Please have a look at these threads, version 8.9.6 has already been released and embeds log4j 2.17.
And for the consequences of the log4j vulnerabilities, the following thread will keep you up to date with what we do.