Java-vulnerability: What is the security patch response workflow for official docker hub images?

How soon can we expect updated images when there’s a critical vulnerability?

Java currently has a serious vulnerability published april 19:

I have checked updates for the openjdk official images since yesterday morning.
Images were last pushed yesterday, but doesn’t seem to include the security fix.

For instance openjdk:18-jdk-slim:

When i run it and check java -version I get
“openjdk version “18” 2022-03-22”

I have read Docker Official Images | Docker Documentation

“Ensure that security updates are applied in a timely manner.” is a bit unclear.


Check this:

1 Like