HomeFreeBSD

devel/sonarqube-community: update to 9.2.3

Description

devel/sonarqube-community: update to 9.2.3

This is a feel-good release for the log4j vulnerabilities.

Log4j is bundled in the included elasticsearch only. Elasticsearch
states, that for JDK9+ (the FreeBSD port uses 11+) is not susceptible
to either remote code execution or information leakage due to the
useage of the Java Security Manager.
The updated Elasticsearch in sonarqube has certain components of
log4j removed "out of an abundance of caution".

Reference: https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476

Details

Provenance
netchildAuthored on Dec 17 2021, 8:14 AM
Parents
R11:ba2296eba822: devel/py-pop-config: Update to 8.0.2
Branches
Unknown
Tags
Unknown