You seem to have opened two threads on very similar topics, which is very confusing. Next time, just use one thread.
This thread is asking about JDK versions that are much older than anything bundled with Elasticsearch, so you don't need to worry about this aspect. Your other thread is asking something different. The official answer about the Log4J vulnerabilities announced at the end of 2021 is here.