Java 8 version vulnerability in nexus repository docker image

Hi team,

We are using nexus 3.29.0 docker image as docker image repository and maven repository.
One of our customers reported java version 1.8.0.272 vulnerability for nexus docker image.

We have tried to upgrade subversion of java-1.8 inside nexus from 1.8.0.272 to 1.8.0.312 following are the observation of the upgrade

1. It directly upgraded to 1.8.0.322.
2. We tried to manually upgrade the java-1.8.0.312 which resulted in downgrade of some OS components (libgif.so.4, libpng15.so.15, libpng15.so.15(PNG15_0)).
   Though 1.8.0.322 works well in our dev environment but we are not sure how it will work in prod environment.

So we would need your help in understanding nexus’s plan to support of latest versions of Java 8.

We don’t update the images for old releases, you’ll need to update to newer a newer version of Nexus.

Thanks Matthew for your reply . But we want to understand if nexus has any plans to support latest versions of Java ?

As a general rule, when we build the image it will have the latest JVM available unless a JVM bug prevents it.

Your version of Nexus is 3.29.0 which was released over a year ago. If you want a newer version of Java, use a docker image for a newer version of Nexus.

Thanks Matthew. Just one last confirmation , has your team tested the current version of nexus with latest version of Java ?

Repository Manager works with Java 8 but needs some changes before it will work with later versions. I’m not sure when that work has been scheduled to be done.