Sonarcloud and log4j vulnerability

lukem · December 11, 2021, 9:30am

Given the log4j vulnerability and recommended configuration changes suggested here: SonarQube and the Log4J vulnerability

Can someone from SonarCloud confirm that these changes have been applied?

Thanks,
Luke.

Colin · December 11, 2021, 2:56pm

Hey there.

Thanks for asking. Our investigation leads us to believe SonarCloud is not vulnerable in its current state.

In any case, we take such reports seriously and we will update log4j on Monday to be extra sure.

Max_Kroll · December 13, 2021, 2:36pm

Wanted to check in to see if your team has updated log4j.

Thanks,
Max

Colin · December 13, 2021, 2:46pm

We have updated it – and it was deployed.

Max_Kroll · December 13, 2021, 2:57pm

That was quick! Thanks so much for the confirmation.

Max

Colin · December 13, 2021, 3:41pm

We’ll handle any further updates on this thread.

So I’ll close this one.