Java JDK old version

ELK version 7.1.1... vulnerability scanning shows Java old version found on elasticsearch nodes path for ELK cluster and logstash

Java JDK installation on Elasticsearch nodes path /usr/share/elasticsearch/jdk/ version '1.12.0_1'. We do have java running on nodes 1.8.0_262.

Can you confirm the old version that Elasticsearch may have put them during the install and if it does actually get used or if it is there for API access or something else? If not required then we can remove them due to latest vulnerabilities list.

Elasticsearch ships with a JDK that is used by default.

If you are not using it then you can remove it but unless you have taken specific steps to configure Elasticsearch to use your own JDK, then you probably are using the bundled JDK and simply removing it will break Elasticsearch.

Note: Elasticsearch 7.1.1 was released almost 18 months ago. If you're worried about old JDK versions, then you should also be worried about old Elasticsearch versions. If you keep your Elasticsearch version up to date, it will automatically upgrade the bundled JDK to a recent release as well.

1 Like

Hi Tim,

ELK version is 7.1.1 and latest version on each node is 1.8.0_*

Plugin Output:

The following Java JRE installation is unsupported :

Path : /usr/share/elasticsearch/jdk/

Installed version : 1.12.0_1

Regards

Dave

I don't understand why you are giving me that information.

You are running Elasticsearch 7.1.1 that ships with JDK 12

The most recent version of Elasticsearch is 7.9.3 and it ships with JDK 15.
If you upgrade your Elasticsearch version it will solve your JDK version issue.

Otherwise, you can switch your existing Elasticsearch version to use your own JDK instead by following the instructions I linked to in my previous reply. However, you need to perform those steps carefully, because you risk breaking Elasticsearch if you do the wrong thing.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.