Sonar Community

Using Sonarqube 9.2.4, which has log4j 2.17.0 and it's vulnerable to CVE-2021-44832 in below link

SonarQube Server / Community Build

Colin (Colin) January 5, 2022, 7:00pm 2

Hello there.

Without any official statement from SonarSource, you might comforted by this message from a fellow community user.

1 Like

Topic		Replies	Views	Activity
SonarQube and CVE-2021-44228 SonarQube Server / Community Build sonarqube , security	3	4653	December 10, 2021
Is sonarqube 7.9.5 vulnerable to (CVE-2021-44228) log4j vulnerabilities SonarQube Server / Community Build sonarqube	20	4534	December 29, 2021
SonarQube, SonarCloud, and the Log4J vulnerability Sonar Updates	163	86483	October 11, 2022
CVE-2021-42550 Vulnerable logback version 1.2.7 in SonarQube 8.9.6 SonarQube Server / Community Build sonarqube , security	6	1260	March 9, 2022
Hi, We have now the latest version of Sonaeqube 8.9.5 LTS but the log4j version is on 2.16. Is there any plan to upgrade log4j to 2.17. Is log4j version 2.16 are vulnerable? SonarQube Server / Community Build 8-9-lts-upgrade	2	1329	December 22, 2021