Hey Sonar Community:
Would like to know if following steps to remove environment variables from Log4j on SQ version Community Edition * Version 7.9.1 (build 27448) has same effect - think the answer is yes but want to confirm removal of those will not adversely impact the app.
Would use the fixes noted here - Quick fix for log4j vulnerability using environment variables – iamroot.it.
Has anyone done same on any version of SQ & was it a good outcome?
Your version is past EOL. You should upgrade to either the latest version or the current LTS at your earliest convenience. Your upgrade path is:
7.9.1 → 8.9.6 → 9.3 (last step optional)
You may find the Upgrade Guide and the LTS-to-LTS Upgrade Notes helpful. If you have questions about upgrading, feel free to open a new thread for that here.
I’m parking the upgrade for now - immediate need is a response on log4j & if changes to env vars will bump into SQube