I need to know which version of tomcat running in sonarqube 9.9.4 version.
As we got to know from security the tomcat version 9.0.85 is vulnerable and outdated.
However this Sonarqube version 9.9.4 is LTS so we upgraded to this and now we get this security issue , please help us to understand can we stay on this version of sonarqube or we need to upgrade
Hello @Sumeet_Singh,
I can confirm that version 9.9.4 is using Tomcat 9.0.85.
Is it being signaled vulnerable to what?
We constantly assess our dependencies against vulnerabilities, and if a library is included in our Active editions, it means its vulnerabilities are not affecting our product.
The latest active version of SonarQube (10.5) is using Tomcat version 9.0.87.