Hi guys sorry for my question
i uses sonarqube 8.4.2.36762 and we find for this version vulnerability CVE-2020-28002
but i can found any fix info in new version?
it fixed?

Hi

SonarQube 8.4.* is past EOL. You should upgrade to either the latest version or the current LTS at your earliest convenience. Your upgrade path is:

8.4.2-> 8.9.2 → 9.0.1 (last step optional)

You may find the Upgrade Guide helpful.

Regarding your actual question, that CVE was addressed in 8.6 with

SONAR-13992 - Upgrade Apache httpclient to 4.5.13

 
HTH,
Ann

Thanks

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.