CVE-2021-28831 still present in openjdk14 images

[cernst72]

$ docker pull adoptopenjdk/openjdk14:alpine-jre
$ docker run --rm -it adoptopenjdk/openjdk14:alpine-jre apk info busybox
...busybox-1.31.1-r19 installed...

It seems as if the alpine images haven't been updated recently.
https://hub.docker.com/r/adoptopenjdk/openjdk14/tags?page=1&ordering=last_updated&name=alpine
shows last update on Apr 1, 2021 at 3:31 pm
The fix from #539 was not released to openjdk14.

[grzesuav]

hmm I am not sure if old release (i.e. not LTS and not actual - JDK16) are build, so they exists in repo but does not recieve updates, @karianna can probably confirm

[karianna]

OpenJDK14 images will no longer be updated I'm afraid, you'll need to move to 16.