Environment: DevTest 10.3.0 on all platforms. Answer: Yes. Even though the elasticsearch-1.5.2.jar is still delivered with DevTest 10.3.0, code changes resolve the vulnerability at runtime. A new jar will be replacing the outdated jar in a future release.