The last open source version was 7.10.2
, after that all Elasticsearch versions need to use the Elastic license, the free one (basic) or one of the paid ones.
The log4j package in 7.10.2 was not updated to solve the log4j vulnerability, but if you want to use it you can use some mitigations described in this post.