Is Logstash 7.17 still maintained and is there a plan to upgrade the built-in JDK to 11.0.17? This fixes various CVEs for those of us unable to upgrade to logstash 8.4 at this time.
My reading of the EOL policy is that 7.17.x (but nothing earlier) is supported until 9.0 is released. I cannot speak to Elastic's intent to upgrade the JDK, but can install your own JDK to get the fixes.
Would be great if anybody on the logstash team could have a look at this as the bundled JDK has started to show up on security scans, such as this nessus vulnerability.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.