There is a new pull request by classabbyamp against master on the void-packages repository

https://github.com/classabbyamp/void-packages elasticsearch-update
https://github.com/void-linux/void-packages/pull/36545

elasticsearch: remove package
- last updated in 2017
- contained vulnerable log4j
- licence is a mess


A patch file from https://github.com/void-linux/void-packages/pull/36545.patch is attached