[WEBINAR] Code Faster, Write Cleaner with AI Coding Assistants and Sonar - EMEA & APJ - April 23 Register Now

Sonar Community

SonarQube and CVE-2021-44228

security, sonarqube

ganncamp (G Ann Campbell) December 10, 2021, 8:03pm 2

Hi,

Here’s what you’re looking for:

SonarQube, SonarCloud, and the Log4J vulnerability Sonar Updates

Update 21 December 2021 Hi all, We’ve just released SonarQube 8.9.6 LTS and 9.2.4 (Latest) to eliminate confusion and avoid false-positive from vulnerability scanning tools in regards to: CVE-2021-45046, CVE-2021-44228 and CVE-2021-45105. In these new versions, the Elasticsearch component is updated to its latest bugfix version, 7.16.2, which updates the packaged Log4J dependency to 2.17. Note: Although our security researchers have not found the previous SonarQube LTS (8.9.3, 8.9.4 or 8.9.5…

Ann

show post in topic

Home
Categories
FAQ/Guidelines
Terms of Service
Privacy Policy

Powered by Discourse, best viewed with JavaScript enabled