Closed js-timbirkett closed 2 years ago
@rjkernick is there any way you can take a look at this soon? Would be good to get these major CVEs cleared up.
Hey @rjkernick - looks like Sonarqube 8.9.6-community became available recently with updated elasticsearch and log4j test dependencies :) - https://github.com/SonarSource/sonarqube/releases/tag/8.9.6.50800
Updates to the latest 8.x community image to mitigate CVE-2021-45046 and CVE-2021-44228 as detailed here: https://community.sonarsource.com/t/sonarqube-sonarcloud-and-the-log4j-vulnerability/54721
Required a DB migration, but everything went without issue as it usually does :)