Hi Team, With regards to recent events with globally reported Log4j vulnerability (CVE-2021-45046 and CVE-2021-44228). We are currently using Sonarqube DE 8.6.1.40680. And it has the following two plugins with log4j. Elastic search sonarqube-developer-8.6.1.40680/sonarqube-8.6.1.40680/elastics…

Sonarqube 8.6.x - Log4j vulnerability

DefinitelyNotTobi (NotTobi) December 16, 2021, 9:36pm 2

Hi @Devendran and welcome to the community

you can follow this thread for more information about the current log4j CVE and SonarQube.
Your version is EOL tho. The current supported versions of SonarQube are 8.9.x and 9.2

hope that helps

1 Like

Topic		Replies	Views
SonarQube and CVE-2021-44228 SonarQube Server / Community Build sonarqube , security	3	4645	December 10, 2021
SonarQube, SonarCloud, and the Log4J vulnerability Sonar Updates	163	86401	October 11, 2022
Elstic Search Log4j SonarQube Server / Community Build sonarqube , scanner	1	838	July 15, 2022
SonarQube 8.9.6 LTS and 9.2.4 released Releases sonarqube	2	8484	December 21, 2021
Hi, We have now the latest version of Sonaeqube 8.9.5 LTS but the log4j version is on 2.16. Is there any plan to upgrade log4j to 2.17. Is log4j version 2.16 are vulnerable? SonarQube Server / Community Build 8-9-lts-upgrade	2	1324	December 22, 2021

Sonarqube 8.6.x - Log4j vulnerability

Related topics