openjdk:8 vulnerabilities

docker-library / openjdk

Docker Official Image packaging for EA builds of OpenJDK from Oracle

http://openjdk.java.net

MIT License

1.14k stars 471 forks source link

openjdk:8 vulnerabilities #517

Closed pawank0411 closed 1 year ago

pawank0411 commented 1 year ago

There are multiple open vulnerabilities reported for the application which uses the openjdk:8 docker image based on Debian.

A few of them are :

CVE-2018-25032
CVE-2019-20367
CVE-2020-24659
CVE-2020-35525
CVE-2020-35527
CVE-2020-8169
CVE-2020-8177
CVE-2020-8285
...

Can you please provide an alternative stable image for jdk8 that we can use in order to avoid these vulnerabilities or let us know if these are FP?

wglambert commented 1 year ago

See https://github.com/docker-library/docs/tree/master/openjdk

This image is officially deprecated and all users are recommended to find and use suitable replacements ASAP. Some examples of other Official Image alternatives (listed in alphabetical order with no intentional or implied preference):

amazoncorretto eclipse-temurin ibm-semeru-runtimes ibmjava sapmachine See https://github.com/docker-library/openjdk/issues/505 for more information.