ELK version 7.1.1... vulnerability scanning shows Java old version found on elasticsearch nodes path for ELK cluster and logstash
Java JDK installation on Elasticsearch nodes path /usr/share/elasticsearch/jdk/ version '1.12.0_1'. We do have java running on nodes 1.8.0_262.
Can you confirm the old version that Elasticsearch may have put them during the install and if it does actually get used or if it is there for API access or something else? If not required then we can remove them due to latest vulnerabilities list.
Elasticsearch ships with a JDK that is used by default.
If you are not using it then you can remove it but unless you have taken specific steps to configure Elasticsearch to use your own JDK, then you probably are using the bundled JDK and simply removing it will break Elasticsearch.
Note: Elasticsearch 7.1.1 was released almost 18 months ago. If you're worried about old JDK versions, then you should also be worried about old Elasticsearch versions. If you keep your Elasticsearch version up to date, it will automatically upgrade the bundled JDK to a recent release as well.
I don't understand why you are giving me that information.
You are running Elasticsearch 7.1.1 that ships with JDK 12
The most recent version of Elasticsearch is 7.9.3 and it ships with JDK 15.
If you upgrade your Elasticsearch version it will solve your JDK version issue.
Otherwise, you can switch your existing Elasticsearch version to use your own JDK instead by following the instructions I linked to in my previous reply. However, you need to perform those steps carefully, because you risk breaking Elasticsearch if you do the wrong thing.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.