To check what version of Java is used, go to Admin Console. It shows the version it uses on the first page.
To make it use other Java installed on the system, stop Openfire and delete the jre folder from the Openfire installation folder. Start Openfire.
To be fair, most of the Java vulnerabilities are in its browser add-on, which shouldn't affect Openfire. Some might.
Okay thank you, I am using the Java I installed it looks like. So I can get rid of the canned one. The point about Java is security scans
will flag vulnerable Java so I need to be able to install new versions to mitigate the vulnerability.