Is Logstash 7.17 still maintained and is there a plan to upgrade the built-in JDK to 11.0.17? This fixes various CVEs for those of us unable to upgrade to logstash 8.4 at this time.
https://openjdk.org/groups/vulnerability/advisories/2022-10-18
Thanks.
My reading of the EOL policy is that 7.17.x (but nothing earlier) is supported until 9.0 is released. I cannot speak to Elastic's intent to upgrade the JDK, but can install your own JDK to get the fixes.
Would be great if anybody on the logstash team could have a look at this as the bundled JDK has started to show up on security scans, such as this nessus vulnerability.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.