Log4J vulnerability

SonarQube
1

Hi,

Currently we are running v8.9.0. in order to resolve log4J Vulnerability, we upgraded to 8.9.4. just checked now 8.9.6 is available.do we need to go for 8.9.6 or 8.9.4 is ok to mitigate log 4J vulnerability

2

Hi @kafeel ,

we created a specific post to address this Log4J vulnerability: SonarQube, SonarCloud, and the Log4J vulnerability

It’s recommended to update to 8.9.6 to really be certain there will be no more issue, even if 8.9.4 could be enough. A good practice in general is to always be on the last LTS version (8.9.X with the last X possible) or latest version (9.2/9.3…).

Carine

1 Like