Currently, the publisher Docker image build pulls a publisher JAR file from the URL specified in tools.json. This is an insecure way because this does not guarantee that we are getting the specified version. HL7 is using a central repository at Sonatype in order to curate all the previous and current releases of a publisher JAR file. Consider building a publisher Docker image, pulling the JAR file from this repository.
Currently, the publisher Docker image build pulls a publisher JAR file from the URL specified in tools.json. This is an insecure way because this does not guarantee that we are getting the specified version. HL7 is using a central repository at Sonatype in order to curate all the previous and current releases of a publisher JAR file. Consider building a publisher Docker image, pulling the JAR file from this repository.