Hello, I'm using Elasticsearch on Arch Linux, version 8.7.0, but this latest version use jre19 openjdk that reached its EOL ( Java/OpenJDK | endoflife.date) so, on Arch Linux it cannot be installed anymore because this dependency has been removed from Arch repositories. If I'm not wrong, Elasticsearch 8.7.1 should use JRE OpenJDK 20, but on GitHub project page it is not still released.
When the new Elasticsearch compatible with JRE OpenJDK 20 will be released?
The current version of Elasticsearch is compatible with JRE OpenJDK 8 or 11 or 17 (that have LTS)?
Each Elasticsearch distribution comes bundled with its own JDK, and that's the one we recommend to use. It should not depend on an external JDK so it should be unaffected by the fact that this version is now technically EOL.
If you insist on using a custom JDK then the support matrix indicates that you can use OpenJDK 17 with 8.7.0 too. But to repeat: the bundled one is the recommended one.
Thank you @DavidTurner I'm just concerned to use a dependency that reached EOL mostly for security concerns. This is the main reason I would prefer to avoid it. Your answer is efficient and thank you for the support matrix link. I hope the new version of Elasticsearch will be released asap with bundled Java 20.
That's the advantage of using the bundled version: it's not a dependency that you need to track separately. It's just part of the product, similarly to Lucene and Log4J and Jackson and all the other libraries on which Elasticsearch depends. Elastic looks after the security side of things, so a vulnerability(*) in the bundled JDK would be reported as an Elastic Security Advisory.
(*) NB not all vulnerabilities reported in a dependency are vulnerabilities in the dependent product. For instance most Elasticsearch releases were not vulnerable to the famous Log4J bug reported in CVE-2021-44228. Similarly, there have been a number of Jackson vulnerabilities that did not affect Elasticsearch because Elasticsearch did not use the vulnerable features in the library.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.