This repository contains the Dockerfiles for the official Adoptium images of the Eclipse Temurin distribution (OpenJDK). These images are made available in Docker Hub.
If you are looking for the usage README then please head to the Official Docker Hub Documentation.
In general, we support Alpine, UBI, Ubuntu and Windows containers.
List of Supported Images By Tag
As these are official Docker Hub images, Docker Inc maintains the base image and so any critical CVEs in the base O/S layer gets updated by them in short order.
Note that the eclipse-temurin images include openssl
as a prerequisite of
the wget
and ca-certificates
packages but they are NOT included in the
Ubuntu base image so updates to openssl will not necessarily trigger an
rebuild to pick up fixes. In general, low severity vulnerabilities can wait
until the next rebuild. See
this comment
for some details and also the
docker-library FAQ.
The Debian and Ubuntu images are generally also built periodically (about once a month) and may also be triggered by dockerhub if another high security vulnerability is detected, such as in openssl. Adoptium has no mechanism - other than putting an update to the Dockerfiles - to explicitly trigger a rebuild at dockerhub.
For JDK version updates, we update the dockerfiles and release on a quarterly cadence Temurin releases a Patch Set Update (PSU).
This section is for maintainers of the containers repository.
A Updater GitHub Action runs every 30 mins which triggers the
./generate_dockerfiles.py
script to update the Dockerfiles by creating a Pull Request containing any changes.
./generate_dockerfiles.py
is a python script which uses the jinja templates defined in docker_templates to generate the docker updates. It uses the Adoptium API to fetch the latest artefacts for each release.
During a release you can also run ./generate_dockerfiles.py
manually by heading to The GitHub Action definition and clicking the Run Workflow button and making sure the main
(default) branch is selected, then click the next Run Workflow button.
Once the PR is created you can review that PR (which itself tests all of the Docker Images that we have generate configuration for).
Once you've merged the PR, you can update the official Docker Hub manifest. This is done by running the following command in the containers repo on your local machine:
# Get the latest changes
git fetch --all
# Checkout the main branch
git checkout main
./dockerhub_doc_config_update.sh
This script will create a file called eclipse-temurin by default.
Create a new PR to replace the Manifest on Docker Hub with the new contents of eclipse-temurin
In the next screen click on the Create Pull Request button.
Once that PR has been created it will be automatically tested and reviewed by Docker Hub staff and eventually released.
It can be useful to look at the "Diff for XXX:" output created by one of the Docker Hub GitHub Actions on the Pull Request. This output should not be read as a traditional PR (since Docker Hub bots do move things around, so you may see what looks like odd deletions) but as a sanity check to make sure you see the platforms/architectures that you expect.