I would like to inquire about the vulnerabilities identified in the SonarQube Docker image when used with the latest Docker version (2025.02). Are there any recommended steps or best practices to address these issues?
Should we wait for a future version upgrade to resolve the vulnerabilities, or is there a workaround or patch available in the meantime?
Additionally, could you please let us know when the 2025.03 release is expected to be available?
Hi,
The 25.3 result has been available for nearly a month, and the 25.4 release is imminent.
If you’d like to inquire about specific vulnerabilities, I’ll need to refer you to our responsible disclosure policy and ask that you email security@sonarsource.com
HTH,
Ann