Vishnu61
March 31, 2022, 3:37pm
1
Hello,
We are using Sonarqube : 8.9.6-community edition.
Please let us know, whether Sonarqube is using spring boot war and whether Sonarqube is impacted any way by the reported spring 4 shell vulnerability.
Please suggest, whether we need to take any steps from our end for mitigating the same
Colin
March 31, 2022, 4:43pm
2
Hey there.
SonarQube is not affected.
umaurer
April 1, 2022, 11:43am
3
Great to hear! Is there any other “official”, linkable statement from Sonarsource regarding this issue? This would help me tracking and reporting the mitigations internally.
umaurer
April 1, 2022, 12:07pm
4
OK, I’ve found your announcement . That’s fine for me.