Hello Team, As we have the critical vulnerability reported for Log4j files, could you please confirm whether there is any impact on the version of SonarQube used by us. We used version - 9.1.0.47736. Please confirm on this.

Hi, Please see this thread: [image] SonarQube, SonarCloud, and the Log4J vulnerability Sonar Updates Update 21 December 2021 Hi all, We’ve just released SonarQube 8.9.6 LTS and 9.2.4 (Latest) to eliminate confusion and avoid false-positive from vulnerability scanning t…

Hi Ann, This thread mentions about 9.2 and 8.9 versions we have 9.1, so 9.1 is also covered under this? Kindly confirm. Thanks, Harshal

Note that the LTS and the Latest are the only two supported versions. All other versions are past EOL. Please update to one of the two supported versions as soon as you can. You’re already running an unsupported version that may contain many other vulnerabilities. You must update to SonarQube 9.…

What is the impact of Log4j on the SonarQube version 9.1.0.47736

SonarQube Server / Community Build

ganncamp (G Ann Campbell) December 15, 2021, 7:35pm 2

Hi,

Please see this thread:

Ann

Topic		Replies	Views
SonarQube 8.9.6 LTS and 9.2.4 released Releases sonarqube	2	8559	December 21, 2021
Hi, We have now the latest version of Sonaeqube 8.9.5 LTS but the log4j version is on 2.16. Is there any plan to upgrade log4j to 2.17. Is log4j version 2.16 are vulnerable? SonarQube Server / Community Build 8-9-lts-upgrade	2	1346	December 22, 2021
SonarQube 8.9.4 LTS and 9.2.2 released Releases sonarqube	8	6260	December 15, 2021
SonarQube, SonarCloud, and the Log4J vulnerability Sonar Updates	164	87561	February 12, 2026
SonarQube 8.9.5 LTS and 9.2.3 released Releases sonarqube	2	4060	December 16, 2021

What is the impact of Log4j on the SonarQube version 9.1.0.47736

Related topics