You seem to have opened two threads on very similar topics, which is very confusing. Next time, just use one thread.
This thread is asking about JDK versions that are much older than anything bundled with Elasticsearch, so you don't need to worry about this aspect. Your other thread is asking something different. The official answer about the Log4J vulnerabilities announced at the end of 2021 is here.
Yes I opened two ticket because I think the solution maybe diffrent since for some vulnerabilities affect the elasticsearch and logstash , but for the other it affect all the cluster including kibana servers.