How to fix Log4J Vulnerabilities in Sonar 7.9.5 Version

Hi Team,

Qualys scan reported below High Security Vulnerabilities in our sonar system with below path.


We running sonar version 7.9.5.

Could you please provide a solution for fixing log4j vulnerability.

Hi @ndubbala ,

as you are running a SonarQube 7.9 version, which is not supported anymore, you should upgrade at your earliest convenience on a supported version : 8.9.6 LTS or 9.2.3 latest release.
See more here : SonarQube, SonarCloud, and the Log4J vulnerability


1 Like