[WEBINAR] Code Faster, Write Cleaner with AI Coding Assistants and Sonar - EMEA & APJ - April 23 Register Now

Sonar Community

What is the impact of Log4j on the SonarQube version 9.1.0.47736

ganncamp (G Ann Campbell) December 15, 2021, 7:35pm 2

Hi,

Please see this thread:

SonarQube, SonarCloud, and the Log4J vulnerability Sonar Updates

Update 21 December 2021 Hi all, We’ve just released SonarQube 8.9.6 LTS and 9.2.4 (Latest) to eliminate confusion and avoid false-positive from vulnerability scanning tools in regards to: CVE-2021-45046, CVE-2021-44228 and CVE-2021-45105. In these new versions, the Elasticsearch component is updated to its latest bugfix version, 7.16.2, which updates the packaged Log4J dependency to 2.17. Note: Although our security researchers have not found the previous SonarQube LTS (8.9.3, 8.9.4 or 8.9.5…

Ann

show post in topic

Home
Categories
FAQ/Guidelines
Terms of Service
Privacy Policy

Powered by Discourse, best viewed with JavaScript enabled