From ac214ac776821dae6a76a7a1ace34eb3081026b3 Mon Sep 17 00:00:00 2001
From: paderlol <huangmnlove@163.com>
Date: Fri, 2 Jun 2023 09:46:16 +0800
Subject: [PATCH] fix security issue of the base image for slim. (#344)

---
 build/Dockerfile      | 16 +++++++---------
 build/Dockerfile.Slim |  4 ++--
 2 files changed, 9 insertions(+), 11 deletions(-)

diff --git a/build/Dockerfile b/build/Dockerfile
index 67c92d3..4c1177e 100644
--- a/build/Dockerfile
+++ b/build/Dockerfile
@@ -1,5 +1,5 @@
 FROM centos:7.9.2009
-MAINTAINER pader "huangmnlove@163.com"
+LABEL maintainer="pader <huangmnlove@163.com>"
 
 # set environment
 ENV MODE="cluster" \
@@ -27,13 +27,12 @@ WORKDIR $BASE_DIR
 
 RUN set -x \
     && yum update -y \
-    && yum install -y java-1.8.0-openjdk java-1.8.0-openjdk-devel wget iputils nc vim libcurl
-RUN wget --no-check-certificate https://github.com/alibaba/nacos/releases/download/${NACOS_VERSION}${HOT_FIX_FLAG}/nacos-server-${NACOS_VERSION}.tar.gz -P /home
-RUN tar -xzvf /home/nacos-server-${NACOS_VERSION}.tar.gz -C /home \
-    && rm -rf /home/nacos-server-${NACOS_VERSION}.tar.gz /home/nacos/bin/* /home/nacos/conf/*.properties /home/nacos/conf/*.example /home/nacos/conf/nacos-mysql.sql
-RUN yum autoremove -y wget \
-    && ln -snf /usr/share/zoneinfo/$TIME_ZONE /etc/localtime && echo $TIME_ZONE > /etc/timezone \
+    && yum install -y java-1.8.0-openjdk java-1.8.0-openjdk-devel iputils nc vim libcurl \
     && yum clean all
+RUN curl -SL https://github.com/alibaba/nacos/releases/download/${NACOS_VERSION}${HOT_FIX_FLAG}/nacos-server-${NACOS_VERSION}.tar.gz -o /home/nacos-server.tar.gz \
+    && tar -xzvf /home/nacos-server.tar.gz -C /home \
+    && rm -rf /home/nacos-server.tar.gz /home/nacos/bin/* /home/nacos/conf/*.properties /home/nacos/conf/*.example /home/nacos/conf/nacos-mysql.sql \
+    && ln -snf /usr/share/zoneinfo/$TIME_ZONE /etc/localtime && echo $TIME_ZONE > /etc/timezone
 
 
 
@@ -44,8 +43,7 @@ ADD conf/application.properties conf/application.properties
 
 # set startup log dir
 RUN mkdir -p logs \
-	&& cd logs \
-	&& touch start.out \
+	&& touch logs/start.out \
 	&& ln -sf /dev/stdout start.out \
 	&& ln -sf /dev/stderr start.out
 RUN chmod +x bin/docker-startup.sh
diff --git a/build/Dockerfile.Slim b/build/Dockerfile.Slim
index 887b0c3..f8d2741 100644
--- a/build/Dockerfile.Slim
+++ b/build/Dockerfile.Slim
@@ -8,7 +8,7 @@ RUN set -x \
     && tar -xzvf /var/tmp/nacos-server.tar.gz -C /home \
     && rm -rf /var/tmp/nacos-server.tar.gz /home/nacos/bin/* /home/nacos/conf/*.properties /home/nacos/conf/*.example /home/nacos/conf/nacos-mysql.sql
 
-FROM openjdk:8-jre-slim
+FROM adoptopenjdk/openjdk8:jre8u372-b07
 
 # set environment
 ENV MODE="cluster" \
@@ -18,7 +18,7 @@ ENV MODE="cluster" \
     CLUSTER_CONF="/home/nacos/conf/cluster.conf" \
     FUNCTION_MODE="all" \
     NACOS_USER="nacos" \
-    JAVA="/usr/local/openjdk-8/bin/java" \
+    JAVA="/opt/java/openjdk/bin/java" \
     JVM_XMS="1g" \
     JVM_XMX="1g" \
     JVM_XMN="512m" \