The latest logstash (7.14.0) is using a vulnerable jdk, and we've got number of security issues because of that. Below is the version of logstash and the jdk used by it.
Any update on when will this be resolved? and if any steps which can be used to upgrade the vulnerable jdk shipped with logstash.
Below are the CVE issues reported on this version of jdk. CVE-2021-2341,CVE-2021-2388,CVE-2021-2432,CVE-2021-2369
openjdk 11.0.11 2021-04-20
OpenJDK Runtime Environment AdoptOpenJDK-11.0.11+9 (build 11.0.11+9)
OpenJDK 64-Bit Server VM AdoptOpenJDK-11.0.11+9 (build 11.0.11+9, mixed mode)
** /usr/share/logstash/bin/logstash -V**
Using JAVA_HOME defined java: /usr/lib/jvm/java-11-openjdk-amd64
WARNING, using JAVA_HOME while Logstash distribution comes with a bundled JDK