What is the impact of Log4j on the SonarQube version

Hello Team,

As we have the critical vulnerability reported for Log4j files, could you please confirm whether there is any impact on the version of SonarQube used by us.

We used version -

Please confirm on this.


Please see this thread:


Hi Ann,

This thread mentions about 9.2 and 8.9 versions we have 9.1, so 9.1 is also covered under this?
Kindly confirm.


Note that the LTS and the Latest are the only two supported versions. All other versions are past EOL. Please update to one of the two supported versions as soon as you can.

You’re already running an unsupported version that may contain many other vulnerabilities. You must update to SonarQube 9.2.3.

1 Like