Spring4Shell ::Spring Framework Remote Code Execution Vulnerability


We are using Sonarqube : 8.9.6-community edition.

Please let us know, whether Sonarqube is using spring boot war and whether Sonarqube is impacted any way by the reported spring 4 shell vulnerability.

Please suggest, whether we need to take any steps from our end for mitigating the same

Hey there.

SonarQube is not affected.

Great to hear! Is there any other “official”, linkable statement from Sonarsource regarding this issue? This would help me tracking and reporting the mitigations internally.

OK, I’ve found your announcement. That’s fine for me.