I am running Sonarqube 7.9.3 LTS version. I got to know this is running tomcat embedded version 8.5.38. Since 14th of July there was an announcement of Tomcat:
“Affected versions of this package are vulnerable to Denial of Service (DoS). The payload length in a WebSocket frame was not correctly validated. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.”
They recommend to upgrade to version 8.5.57 or higher. Will there be a new patch released soon to fix this? If not can we just replace the current embedded tomcat version by 8.5.57 or will there be some consequences for my installation of Sonarqube?