shorts

Docker Hub OpenJDK images are officially deprecated

figure
Oct 4, 2022
Dmitry Chuyko

If you are using the official Docker Hub images of OpenJDK (open source implementation of the Java SE platform), your containers won’t receive any updates for the runtime environment anymore.

Problem: Docker Hub deprecated OpenJDK images

Since Java was released into the open source, it has been evolving within the OpenJDK project. Quarterly security updates help to keep the runtime free from security issues and are available to everyone for free. Some companies prefer using the “‘official” Docker Hub OpenJDK image. These are the “vanilla” builds based on Eclipse Temurin binaries and maintained by the Docker Community. But Docker Hub decided to stop updating this image in July 2022 and asked the users to find a suitable replacement as soon as possible. 

If you continue using the OpenJDK image without updates, your applications are going to face a severe risk of attacks exploiting unpatched vulnerabilities.

Solution: Move to Liberica JDK image

The only solution is to migrate to another binary offered by an OpenJDK vendor. You can use the Docker Hub Liberica JDK image. Liberica JDK is

  • TCK-verified Java runtime so you won’t have to change your code
  • Supported by a major OpenJDK contributor BellSoft
  • Recommended by Spring and chosen by VMware as the runtime for the VMware Cloud
  • Included into the smallest Java containers on the market of only 42.72MB in size (Alpine Linux based images)

To move from the OpenJDK image to Liberica Runtime Container (Alpaquita Linux based images optimized for Java applications running Liberica JDK Lite), change the line in the Dockerfile

FROM openjdk:17

to

FROM bellsoft/liberica-runtime-container:jdk-17-musl 

If you want another OS or Java version, head over to the BellSoft Docker Hub page to choose from a wide range of images.

posts
Alpaquita vs Alpine: a head-to-head comparison
figure
Nov 10, 2022
Dmitry Chuyko
shorts
Critical vulnerabilities in OpenSSL 3.0
Nov 11, 2022
Sergey Chernyshev

Find out about the newest CVEs discovered in OpenSSL 3.0 and how to eliminate the risk of exploits

Subcribe to our newsletter

figure

Read the industry news, receive solutions to your problems, and find the ways to save money.