We are using nexus 3.29.0 docker image as docker image repository and maven repository.
One of our customers reported java version 1.8.0.272 vulnerability for nexus docker image.
We have tried to upgrade subversion of java-1.8 inside nexus from 1.8.0.272 to 1.8.0.312 following are the observation of the upgrade
It directly upgraded to 1.8.0.322.
We tried to manually upgrade the java-1.8.0.312 which resulted in downgrade of some OS components (libgif.so.4, libpng15.so.15, libpng15.so.15(PNG15_0)).
Though 1.8.0.322 works well in our dev environment but we are not sure how it will work in prod environment.
So we would need your help in understanding nexus’s plan to support of latest versions of Java 8.
As a general rule, when we build the image it will have the latest JVM available unless a JVM bug prevents it.
Your version of Nexus is 3.29.0 which was released over a year ago. If you want a newer version of Java, use a docker image for a newer version of Nexus.
Repository Manager works with Java 8 but needs some changes before it will work with later versions. I’m not sure when that work has been scheduled to be done.