What is the impact of Log4j on the SonarQube version 9.1.0.47736

harshalkolhe · December 15, 2021, 2:19pm

Hello Team,

As we have the critical vulnerability reported for Log4j files, could you please confirm whether there is any impact on the version of SonarQube used by us.

We used version - 9.1.0.47736.

Please confirm on this.

ganncamp · December 15, 2021, 7:35pm

Hi,

Please see this thread:

Ann

harshalkolhe · December 17, 2021, 6:09am

Hi Ann,

This thread mentions about 9.2 and 8.9 versions we have 9.1, so 9.1 is also covered under this?
Kindly confirm.

Thanks,
Harshal

felipebz · December 17, 2021, 9:29am

Note that the LTS and the Latest are the only two supported versions. All other versions are past EOL. Please update to one of the two supported versions as soon as you can.

You’re already running an unsupported version that may contain many other vulnerabilities. You must update to SonarQube 9.2.3.

Topic		Replies	Views
SonarQube, SonarCloud, and the Log4J vulnerability Sonar Updates	163	86395	October 11, 2022
SonarQube 8.9.6 LTS and 9.2.4 released Releases sonarqube	2	8479	December 21, 2021
SonarQube 8.9.4 LTS and 9.2.2 released Releases sonarqube	8	6189	December 15, 2021
SonarQube and CVE-2021-44228 SonarQube Server / Community Build sonarqube , security	3	4644	December 10, 2021
Hi, We have now the latest version of Sonaeqube 8.9.5 LTS but the log4j version is on 2.16. Is there any plan to upgrade log4j to 2.17. Is log4j version 2.16 are vulnerable? SonarQube Server / Community Build 8-9-lts-upgrade	2	1324	December 22, 2021

What is the impact of Log4j on the SonarQube version 9.1.0.47736

Related topics