Hi guys sorry for my question
i uses sonarqube 8.4.2.36762 and we find for this version vulnerability CVE-2020-28002
but i can found any fix info in new version?
it fixed?
Hi
SonarQube 8.4.* is past EOL. You should upgrade to either the latest version or the current LTS at your earliest convenience. Your upgrade path is:
8.4.2-> 8.9.2 → 9.0.1 (last step optional)
You may find the Upgrade Guide helpful.
Regarding your actual question, that CVE was addressed in 8.6 with
SONAR-13992 - Upgrade Apache httpclient to 4.5.13
HTH,
Ann
Thanks
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.