Vishnu61
(Vishnu)
March 31, 2022, 3:37pm
1
Hello,
We are using Sonarqube : 8.9.6-community edition.
Please let us know, whether Sonarqube is using spring boot war and whether Sonarqube is impacted any way by the reported spring 4 shell vulnerability.
Please suggest, whether we need to take any steps from our end for mitigating the same
Colin
(Colin)
March 31, 2022, 4:43pm
2
Hey there.
SonarQube is not affected.
umaurer
(Uwe Maurer)
April 1, 2022, 11:43am
3
Great to hear! Is there any other “official”, linkable statement from Sonarsource regarding this issue? This would help me tracking and reporting the mitigations internally.
umaurer
(Uwe Maurer)
April 1, 2022, 12:07pm
4
OK, I’ve found your announcement . That’s fine for me.