SonarQube vulnerability regarding snakeyaml

Hello everybody,

our security and vulnerability software Wiz.io has found a vulnerability (at least) in the current SonarQube Docker version ( * Developer Edition * Version 10.3 (build 82913)):

How fast can that be fixed and an updated Docker image deployed so that we can give our cybersecurity department a heads up?

Thanks!

Best regards,

Chris

Hi,

I’ve unlisted your topic since you’re reporting a vulnerability. Our responsible disclosure policy asks that you email security@sonarsource.com rather than making public posts. Could you please re-send this to security@sonarsource.com!

 
Thx,