The solution proposed by security team is to upgrade the OpenJDK version greater than 7u281 / 8u272 / 11.0.9 / 13.0.5 / 15.0.1 .
Is there any patch to use or we need to upgrade the ELK cluster .
But we have security vulnerabilities which need to upgrade the ELK version , but we dont know which version we have to migrate to in order to fix those vulnerabilities , 7.17 or 8.6 .
You seem to have opened two threads on very similar topics, which is very confusing. Next time, just use one thread.
This thread is asking about JDK versions that are much older than anything bundled with Elasticsearch, so you don't need to worry about this aspect. Your other thread is asking something different. The official answer about the Log4J vulnerabilities announced at the end of 2021 is here.
Yes I opened two ticket because I think the solution maybe diffrent since for some vulnerabilities affect the elasticsearch and logstash , but for the other it affect all the cluster including kibana servers.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.