If you are using the official Docker Hub images of OpenJDK (open source implementation of the Java SE platform), your containers won’t receive any updates for the runtime environment anymore.
Problem: Docker Hub deprecated OpenJDK images
Since Java was released into the open source, it has been evolving within the OpenJDK project. Quarterly security updates help to keep the runtime free from security issues and are available to everyone for free. Some companies prefer using the “‘official” Docker Hub OpenJDK image. These are the “vanilla” builds based on Eclipse Temurin binaries and maintained by the Docker Community. But Docker Hub decided to stop updating this image in July 2022 and asked the users to find a suitable replacement as soon as possible.
If you continue using the OpenJDK image without updates, your applications are going to face a severe risk of attacks exploiting unpatched vulnerabilities.
Solution: Move to Liberica JDK image
The only solution is to migrate to another binary offered by an OpenJDK vendor. You can use the Docker Hub Liberica JDK image. Liberica JDK is
- TCK-verified Java runtime so you won’t have to change your code
- Supported by a major OpenJDK contributor BellSoft
- Recommended by Spring and chosen by VMware as the runtime for the VMware Cloud
- Included into the smallest Java containers on the market of only 42.72MB in size (Alpine Linux based images)
To move from the OpenJDK image to Liberica Runtime Container (Alpaquita Linux based images optimized for Java applications running Liberica JDK Lite), change the line in the Dockerfile
FROM openjdk:17
to
FROM bellsoft/liberica-runtime-container:jdk-17-musl
If you want another OS or Java version, head over to the BellSoft Docker Hub page to choose from a wide range of images.
