Sonarqube 10.1.0-enterprise vulnerabilities

cmuws8n · August 21, 2023, 2:28am

Hello,

Recently our devops team reported vulnerabilities detected by our CWP to security@sonarsource.com

There are about 15 Critical/High vulnerabilities, but we were advised that SonarQube 10.1 is not vulnerable , despite fixes available.
I’m curious if anyone else experienced the same and what further recourse is available.

Regards,
Wilson

Chris · September 14, 2023, 2:54pm

Hi Wilson,

We don’t release patches on SonarQube when the product is not vulnerable. However, dependencies are periodically updated to make sure that SonarQube benefits from the latest security improvements.

Chris

Topic		Replies	Views
Vulnerability in Confluence version SonarQube Server / Community Build documentation	2	738	April 19, 2019
SonarQube Developer Edition but scans are not showing any vulnerabilities SonarQube Server / Community Build rules	3	285	February 16, 2024
SonarQube 9.7.1 released Releases sonarqube	7	2854	December 20, 2022
Sonar Community Highlights, September 23 - September 29 Sonar Updates weekly-roundup	0	461	September 29, 2023
Community satisfaction survey, September 2023 Sonar Updates	5	4662	September 30, 2023

Sonarqube 10.1.0-enterprise vulnerabilities

Related topics