Hi, As part of the vulnerability assessment (VA) scan on our ELK servers, we identified that the bundled OpenJDK version is affected by multiple vulnerabilities. We are using a self-managed cluster. We did upgrade the ELK stack from version 8.13.2 to 8.15.2, but the OpenJDK vulnerabilities still re…

Issue with OpenJDK Vulnerabilities (CVE-2024) in Elasticsearch 8.15.2

stephenb (Stephen Brown) April 21, 2025, 1:47pm 2

Duplicate

Topic		Replies	Views
Elasticsearch 8.15.2: OpenJDK CVEs Elasticsearch elastic-stack-security	4	27	April 21, 2025
Issue with OpenJDK Vulnerabilities (CVE-2024) in Elasticsearch 8.15.2 Elasticsearch elastic-stack-security	8	119	April 23, 2025
151209 (4) - OpenJDK 7 <= 7u281 / 8 <= 8u272 / 11.0.0 <= 11.0.9 / 13.0.0 <= 13.0.5 / 15.0.0 <= 15.0.1 Vulnerability (2021-01-19) Elasticsearch	8	898	February 17, 2023
Vulnerabilities found in JDK 22.0.1, ELK 8.15.3 Elasticsearch	1	85	November 13, 2024
ELK upgrade to 7.17.10 Elasticsearch	3	190	July 19, 2023

Elasticsearch is a trademark of Elasticsearch BV, registered in the U.S. and in other countries
Trademarks
Terms
Privacy
Brand
Code of Conduct

Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.

Issue with OpenJDK Vulnerabilities (CVE-2024) in Elasticsearch 8.15.2

Related topics