ELK upgrade to 7.17.10

Hi ,
We recentely upgraded the ELK cluster from the 7.15.1 to 7.17.10 in order to fix security vulnerabilities , however after upgrading we are still have the open JDK vulnerability on Elasticsearch servers :
OpenJDK 7 <= 7u281 / 8 <= 8u272 / 11.0.0 <= 11.0.9 / 13.0.0 <= 13.0.5 /
15.0.0 <= 15.0.1 Vulnerability (2021-01-19)

But for kibana and logstach server we don't have this vulnerability
Could you plase provide help on how to fix that , is it possible to upgrade the openjdk on those elastick search servers whithout upgrading the ELK cluster to a higher version ?
Or we need to upgrade the whole ELK to 8.6 version .


You can see JVM and Elasticsearch compatibility here - Support Matrix | Elastic. If yoou can upgrade to 8.X you will be in a better position, otherwise use OpenJDK 20.

And the docs about changing the JDK version are here: Installing Elasticsearch | Elasticsearch Guide [8.8] | Elastic

Note that we strongly recommend using the bundled JDK, since we treat it as a dependency of Elasticsearch. An apparent vulnerability in a dependency such as the JDK is often not a vulnerability in ES, perhaps because ES avoids the vulnerable feature or because it includes other protections which neutralise the problem. If you believe ES (including its bundled JDK) is genuinely vulnerable then please report the problem as per this page: Security issues | Elastic

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.