Currently, we only rebuild earlier releases in an "on-demand" fashion. So if we became aware of a serious vulnerability in the JDK, or something of that ilk, we could easily re-spin the images, but it would require manual intervention.
Given our comprehensive CI setup, it would certainly be feasible to create a system of scheduled builds to refresh the images. It's a balancing act, since one of our goals, and a goal of Docker in general, is to present completely predictable, immutable software images. There's a tension between predictability and currency here. In fact, the main purpose of elasticsearch-alpine-base is to allow us to re-spin Elasticsearch images without accidently mutating the underlying operating system.