Hello, We are using Sonarqube : 8.9.6-community edition. Please let us know, whether Sonarqube is using spring boot war and whether Sonarqube is impacted any way by the reported spring 4 shell vulnerability. Please suggest, whether we need to take any steps from our end for mitigating the same

Spring4Shell ::Spring Framework Remote Code Execution Vulnerability

umaurer (Uwe Maurer) April 1, 2022, 12:07pm 4

OK, I’ve found your announcement. That’s fine for me.

Topic		Replies	Views
Vulnerability with springshell, is SonarQube impacted SonarQube Server / Community Build	2	485	March 31, 2022
SonarQube, SonarCloud, and Spring4Shell Sonar Updates	11	4053	June 23, 2022
IS Sonar Developer edition version 9.2.4 affected by Spring Framework Vulenrability CVE-2022-22963 SonarQube Server / Community Build sonarqube , scanner	3	849	April 4, 2022
Is sonarqube affected by Spring Framework Remote Code Execution Vulnerability SonarQube Server / Community Build java , sonarqube	2	1179	April 1, 2022
Is Crowd (sonar-crowd) plugin for Sonarqube affected by Spring4Shell vulnerability (CVE-2022-22965) SonarQube Server / Community Build	1	657	April 6, 2022