Adding CVE patch for package logstash-8 to fix CVE: GHSA-hxx2-7vcw-mqr3

<!--ci-cve-scan:must-fix: GHSA-hxx2-7vcw-mqr3-->

Author: octo-sts[bot]

logstash-8.yaml

@@ -17,7 +17,7 @@
 package:
   name: logstash-8
   version: 8.15.3
-  epoch: 100
+  epoch: 101 # GHSA-hxx2-7vcw-mqr3
   description: Logstash - transport and process your logs, events, or other data
   copyright:
     - license: Apache-2.0
@@ -28,8 +28,8 @@ package:
     runtime:
       - bash # some helper scripts use bash and busybox utilities
       - busybox
-      - openjdk-17-jre
       - openjdk-17-default-jvm
+      - openjdk-17-jre
 
 # Create a new major-version variable that contains only the major version
 # to use in the bitnami/compat pipeline to find out the correct folder for the image.
@@ -75,6 +75,10 @@ pipeline:
       tag: v${{package.version}}
       expected-commit: 8364c8e89cfb113e38ec3f966df7eb1e9abe9d33
 
+  - uses: patch
+    with:
+      patches: GHSA-hxx2-7vcw-mqr3.patch
+
   - name: Patch sources
     runs: |
       # Disable the logstash-integration-jdbc plugin download as we build and

logstash-8/GHSA-hxx2-7vcw-mqr3.patch

@@ -0,0 +1,4 @@
+--- Gemfile.template
++++ Gemfile.template
+@@ -26,0 +27 @@
++gem "sinatra", "~> 4.1.0"