How to fix Log4J Vulnerabilities in Sonar 7.9.5 Version

Hi Team,

Qualys scan reported below High Security Vulnerabilities in our sonar system with below path.

/opt/sonarqube/elasticsearch/lib/log4j-core-2.11.1.jar

We running sonar version 7.9.5.

Could you please provide a solution for fixing log4j vulnerability.

Hi @ndubbala ,

as you are running a SonarQube 7.9 version, which is not supported anymore, you should upgrade at your earliest convenience on a supported version : 8.9.6 LTS or 9.2.3 latest release.
See more here : SonarQube, SonarCloud, and the Log4J vulnerability

Carine

1 Like