Is Logstash 7.17 still maintained and is there a plan to upgrade the built-in JDK to 11.0.17? This fixes various CVEs for those of us unable to upgrade to logstash 8.4 at this time.
https://openjdk.org/groups/vulnerability/advisories/2022-10-18
Thanks.
My reading of the EOL policy is that 7.17.x (but nothing earlier) is supported until 9.0 is released. I cannot speak to Elastic's intent to upgrade the JDK, but can install your own JDK to get the fixes.
Would be great if anybody on the logstash team could have a look at this as the bundled JDK has started to show up on security scans, such as this nessus vulnerability.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.