Hi Tobias,
Thank You for your reply and providing us the details on upgrading sonarqube.
I have went through the link (SonarQube, SonarCloud, and the Log4J vulnerability) provided by you in your previous mail - the link only mentions SonarQube LTS 8.9.x and SonarQube 9.2.1.
Can you just confirm the solution provided by Ann is applicable for sonarqube 7.9.5 as well? will it mitigate log4shell vulnerability if i add below line in sonar.properties file for sonarqube 7.9.5?
sonar.search.javaAdditionalOpts=-Dlog4j2.formatMsgNoLookups=true
Thank You,
Saad.