Is there any log4j vulnerability for
please let me know if we need to updated the exiting sonar installation for the latest version in order to fix log4j vulnerabilities
can anyone can reply on this please because its security flaw
Hi,
Welcome to the community!
Our security researchers were unable to find a way to exploit the Log4J vulnerabilities in recent versions of SonarQube (earlier ones not tested). We nonetheless issued patches to quiet fears and alleviate confusion. If you have concerns, you should definitely upgrade to the latest patch version: 8.9.6.
HTH,
Ann
Can you please guide me how to apply patch version: 8.9.6 without affecting the old scan history and licensing
Thanks,
Akash M.
Hi Akash,
The Upgrade Guide should help. The only difference from a standard upgrade, is that since it’s just a patch version, there shouldn’t be any schema changes to make. So it should go really quickly.
HTH,
Ann