If you are using the official Docker Hub images of OpenJDK (open source implementation of the Java SE platform), your containers won’t receive any updates for the runtime environment anymore.
Problem: Docker Hub deprecated OpenJDK images
Since Java was released into the open source, it has been evolving within the OpenJDK project. Quarterly security updates help to keep the runtime free from security issues and are available to everyone for free. Some companies prefer using the “‘official” Docker Hub OpenJDK image. These are the “vanilla” builds based on Eclipse Temurin binaries and maintained by the Docker Community. But Docker Hub decided to stop updating this image in July 2022 and asked the users to find a suitable replacement as soon as possible.
If you continue using the OpenJDK image without updates, your applications are going to face a severe risk of attacks exploiting unpatched vulnerabilities.
Solution: Move to Liberica JDK image
The only solution is to migrate to another binary offered by an OpenJDK vendor. You can use the Docker Hub Liberica JDK image. Liberica JDK is
- TCK-verified Java runtime so you won’t have to change your code;
- Supported by a major OpenJDK contributor BellSoft;
- Recommended by Spring and chosen by VMware as the runtime for the VMware Cloud;
- Included into the smallest Java containers on the market of only 37.92MB in size (Alpaquita Linux based images with JRE).
To move from the OpenJDK image to Liberica Runtime Container (images with Alpaquita Linux optimized for Java applications and Liberica JDK Lite), change the line in the Dockerfile
FROM openjdk:17
to
FROM bellsoft/liberica-runtime-container:jdk-17-musl
Inspired by Alpine, Alpaquita Linux was created with top security and flexibility in mind. It boasts
- Additional security features,
- LTS versions and enterprise-grade support,
- Two libc implementations, optimized musl and glibc;
- Four mallocs in total for various Java workloads.
BellSoft also provides Liberica JDK/JRE images for other popular Linux distributions, including Alpine. Head over to the BellSoft Docker Hub page to choose your perfect image!
