Sonar Qube community edition Log4j vulnerability

Hi Team,

We are facing Log4j vulnerability for the below instance of Sonar

  • Community Edition
  • Version 7.7 (build 23042)

Is there a way with out upgrade , can we eliminate this issue of Log4j

Like setting up some parameters with the supported servers?


Hi @Geeth

Community Edition 7.7 is really EOL and you should upgrade at your earliest convenience on a supported version( LTS 8.9 or latest version 9.2).
That being said, the upgrade will not only solve the Log4J Vulnerability issue but also bring you much more features and rules. You are running a version that was released in March 2019…


1 Like