is there a way to upgrade embedded jdk from 15.x to 15.0.2/3 for ES v7.x?
Yes, according to the reference manual. Out of interest, why do you want to do that? The bundled one is recommended, and is the one that gets the most thorough testing.
We found security issues per Oracle Java vulnerability doc and recommended version is 15.0.2.
I did not see steps to install embedded jdk version to 15.0.2 and above.
I can't comment on the specific JDK vulnerabilities you are asking about, but as a general point Elasticsearch is often not subject to vulnerabilities in its dependencies, including the bundled JDK, because the vulnerability only applies when using features that Elasticsearch itself does not use. Are you sure that you really need to take mitigating action?
If you suspect that Elasticsearch (including the bundled JDK) is genuinely vulnerable then you should report this to security@elastic.co. If the vulnerability is confirmed then a new version, with upgraded JDK, will be released ASAP.
Did you click the link in my previous post? There are no steps spelled out, you just configure Elasticsearch to use the JDK you want.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.