Hi guys,
Currently seeing that SonarQube needs to be upgraded to the latest version, does the latest version contain an upgrade of OpenJDK? The documentation only says OpenJDK 17 but I need to ensure is 17.0.9. A scanning tool is flagging it as a vulnerability. Could we get confirmation of the full version of OpenJDK?
Thank you!
Hi,
Welcome to the community!
Java is not bundled with the server. You need to manage that yourself.
HTH,
Ann
I see. The documentation doesn’t specify the full version of OpenJDK Prerequisites and overview is there anyway we can find out the full version of it?
Hi,
You’re looking for a specific release number? All we care is that you’re using the correct major version (e.g. 17). After that, it’s up to you.
HTH,
Ann
Hi Ann, yes as the vulnerability scanner is flagging the latest OpenJDK version as a vulnerability. It would be very helpful to know the latest release number Sonar Recommends vs just the major version due to compliance and documentation reasons.
Hi,
Again, we don’t recommend a specific release. Use whatever release satisfies your own internal requirements.
HTH,
Ann