Update openjdk8 image to alpine 3.7.1

[chetanmeh]

Recently there was a new release of alpine:3.7.1 was done which included a backport of RCE Vulnerability (see 3.8.1 release announcement)

It contains an important security update for apk-tools which fixes a potential remote execution. A CVE is pending.

Current build are based on alpine:3.7 so I believe should pick up 3.7.1 once new release is published. However current latest release of x86_64-alpine-jdk8u172-b11 tag is 6 day old (13-Sep-2018) and is on 3.7.0

$ docker run -t adoptopenjdk/openjdk8:x86_64-alpine-jdk8u172-b11 /bin/sh -c "cat /etc/alpine-release"
3.7.0

Latest alpine image release seems to be 7 days old (12-Sep-2018) and is 3.7.1 version

$ docker run -t alpine:3.7 /bin/sh -c "cat /etc/alpine-release"
3.7.1

Can a new image be pushed such that it pick alpine:3.7.1 ?

[chetanmeh]

Can a new release for "x86_64-alpine-jdk8u172-b11" tag be pushed such that it picks alpine:3.7.1? Let me know if it needs some changes via PR

[karianna]

@dinogun NOt sure what's required here?

[dinogun]

Hi @chetanmeh, thanks for letting us know about the security vulnerabilities. Have rebased to Alpine 3.8 (PR #61), hopefully that should resolve the vulnerability issues that you are referring to as well.

[chetanmeh]

@dinogun Moving to alpine:3.8 should certainly help. Thanks for fixing this!

Would this result in a new tag or just that next push of x86_64-alpine-jdk8u172-b11 would be based on alpine:3.8?

[dinogun]

Yes the newer build of the tag x86_64-alpine-jdk8u172-b11 will be based on 3.8

[chetanmeh]

Image looks updated now

$ docker run --rm -t adoptopenjdk/openjdk8:x86_64-alpine-jdk8u172-b11 /bin/sh -c "cat /etc/alpine-release"
3.8.1