Java 17 vulnerability - self-hosted agents

afava · March 4, 2025, 4:47pm

Hi,

We are using a Windows self-hosted agent to run the run the scanner that performs analysis with Java 17 installed, as specified in the documentation. However, as Java 17 is vulnerable we couldn’t find any information about whether newer versions, such as Java 21 or 23, are supported. We are using SonarQube Cloud with Azure DevOps.

Could you please help us with this?
Thank you!

ganncamp · March 5, 2025, 4:12pm

Hi,

Welcome to the community!

Analysis still needs / uses Java 17. Could you provide some details on what you’re worried about here?

Thx,
Ann

Topic		Replies	Views
WARN: The version of Java (11.0.20) you have used to run this analysis is deprecated SonarQube Cloud	6	507	August 21, 2023
Microsoft hosted agents - sonar scanner SonarQube Cloud java , scanner	3	534	December 10, 2020
Run SonarQube Azure Devops Scanner using OpenJDK 17 SonarQube Server / Community Build	5	2355	June 15, 2023
Set java v17 during SonarScanner for .NET execution SonarQube Server / Community Build	2	888	December 15, 2022
Having set the JAVA_HOME in om-premise agent to point to jdk 17 but still getting error SonarQube Server / Community Build	4	906	December 12, 2023

Java 17 vulnerability - self-hosted agents

Related topics