Cloud Native 7 min read

Why MinIO’s Recent Changes Threaten Your Cloud‑Native Storage Strategy

This article examines MinIO’s security vulnerability, open‑source license shift, feature reductions, and Docker image distribution changes, offering mitigation steps and alternative solutions for enterprises relying on cloud‑native object storage.

Java Architecture Diary

Oct 29, 2025

Why MinIO’s Recent Changes Threaten Your Cloud‑Native Storage Strategy

Background

As a key player in cloud‑native object storage, MinIO has recently adjusted its open‑source strategy, product distribution and feature set. This article, from a technical architect’s perspective, analyses the impact on enterprise IT infrastructure and offers mitigation measures.

What is MinIO?

MinIO is a high‑performance distributed object storage system compatible with the Amazon S3 API. Its main technical characteristics in the cloud‑native ecosystem are:

Cloud‑native architecture : Kubernetes‑native design, supports container deployment.

High performance : Written in Go, single‑node read/write throughput can reach several GB/s.

S3 compatibility : Fully compatible with AWS S3 API, facilitating application migration.

Distributed capabilities : Supports erasure coding and distributed locking.

Ecosystem influence : Over 1 billion downloads from Docker Hub.

Open‑source license controversy

From 2019 to 2021 MinIO migrated its license from Apache 2.0 to AGPL v3, adding a network‑use clause that requires offering source code to anyone who interacts with the service over a network.

第13条：远程网络交互；与修改版本一起使用

如果您修改了程序，您修改后的版本必须显著地向所有通过计算机网络与之远程交互的用户
提供一个机会，使其能够免费通过标准或习惯的软件复制方式接收到该程序的完整对应源代码。

Compliance cases such as Nutanix and Weka illustrate how MinIO enforces the license, and the company advises users to obtain legal counsel for commercial deployments.

Feature reduction

MinIO has removed several modules from the community edition, increasing engineering burden and potential security risks:

User management – removed.

Policy configuration – removed.

Bucket management – removed.

Site replication – removed.

Monitoring metrics – removed.

“Maintaining two separate UI implementations (community and enterprise) creates a huge engineering load and may introduce security vulnerabilities.”

Docker image distribution change

In October 2025 MinIO stopped publishing official images on Docker Hub; the last released version contains the CVE mentioned earlier.

Short‑term solution: use community‑maintained images, e.g.

# Docker Hub
docker pull beck8/minio:RELEASE.2025-10-15T17-29-55Z

Supported architectures include linux/amd64, linux/arm64, and linux/ppc64le.

Alternative solutions

JuiceFS is a high‑performance distributed file system designed for cloud‑native environments, released under Apache 2.0, offering POSIX compatibility and the ability to mount various object stores—including MinIO—as local disks.