English
中文
Deutsch
HomeArticle

Being "freely exploited" too much, an established open-source software with up to 1 billion downloads officially announced: It will stop providing free Docker images. If you want to use them, build your own.

CSDN2025-10-23 20:46
MinIO currently only provides source code distribution. If you want to use container images, you need to build them yourself.

Once regarded as the world's fastest-growing open-source object storage system with over 1 billion downloads,  MinIO has recently stirred up quite a storm in the open-source community. The incident started when MinIO released a CVE-compliant version for security vulnerabilities on October 15, 2025. However, some users couldn't find the official images on DockerHub and Quay.io and could only ask on GitHub, "Where are the new images?"

Subsequently, Harshavardhana, a core developer of MinIO, stepped forward and replied, "MinIO currently only distributes source code. If you want to use container images, you need to build them yourself."

Little did they know that this reply instantly sparked a heated discussion in the community. Many people exclaimed in disbelief, "How has this mainstream open-source project suddenly changed?" Amid the controversy, the related topic topped the Hacker News hot list.

What is MinIO?

Put simply, MinIO is a high-performance distributed object storage system released under the GNU AGPL v3.0 license. It is compatible with the Amazon S3 API and can be used to build a high-throughput, low-latency storage system in cloud or on-premises environments.

Thanks to its ease of use and performance, it is widely used by many companies in scenarios such as cloud-native architectures, artificial intelligence, and big data analysis. Meanwhile, MinIO is very active in the open-source community, with over 1,400 dependent packages, 56K Stars and 6.3K Forks on GitHub. As a result, it has been downloaded over 1 billion times on Docker Hub.

In the domestic market, previous statistics showed that MinIO has been adopted by over 9,000 enterprises, including Alibaba, Tencent, Baidu, China Unicom, Huawei, and China Mobile, especially for its advantages in building private cloud storage, hybrid cloud storage, and distributed storage.

Impacts of Stopping Binary Distribution of the Community Edition

In the past, developers could directly use the official Docker images to quickly deploy MinIO, which was also a core part of many enterprise CI/CD processes.

Now, this convenient channel has been closed by the official, meaning that users must build containers from source code themselves, which undoubtedly increases the difficulty of operation and maintenance and potential security risks.

For many enterprises and developers, Docker images are the core way of daily deployment. Without images, it means that the processes of automatic updates and vulnerability fixes will be interrupted. In addition, self-building requires additional configuration and testing, increasing the maintenance cost. This has a particularly significant impact on enterprises with high security and compliance requirements (especially those with CVE requirements).

Therefore, when MinIO announced that "it will no longer release images and will only provide source code," it triggered a lot of criticism in the community. More users pointed out the following issues with MinIO:

Lack of notice: Many developers said that the change was not announced in advance, which affected their existing deployment plans.

Security risks: Some users are worried that since CVE-compliant images are no longer provided, running instances will not be able to update automatically, potentially leaving security loopholes.

Enterprise trust issues: Paid enterprise users expressed their dissatisfaction. "We paid for the license, but the OIDC code in the open-source version was removed, and the Docker image distribution was also stopped. This seems like a lock-in strategy, which makes us lose trust."

Function removal: Some features in the MinIO console were removed, which also caused inconvenience to users.

Reasons for MinIO's Actions to Prevent "Free Riding"

There are reasons behind MinIO's decision. Ultimately, it's because there are too many "free riders." Over the years, MinIO has taken many measures and revised multiple policies to encourage reasonable use of the open-source project and reduce the cost of free maintenance of the open-source software. For example:

Originally, MinIO used the Apache 2.0 license, which allowed users to freely use, modify, and redistribute the software. As the project became more popular, some large companies might directly use MinIO for commercial SaaS or cloud services without contributing much back to the community, putting great pressure on MinIO's maintenance resources.

In 2021, MinIO decided to change the open-source license to APGLv3, requiring users to open-source the code when providing services to safeguard the project's interests and community contributions.

In May this year, the console management function was removed from the latest Minio CE version. There are two reasons behind this. On the one hand, it was to reduce the maintenance cost of the free version and promote the commercialization of the enterprise version, allowing the development team to focus more on core storage functions and performance optimization. Community edition users can still build the console from source code themselves or use third-party tools, but the official no longer provides a ready-made management interface.

Moreover, the latest decision is to stop binary distribution of the community edition, that is, to stop distributing free Docker images, as many people mentioned.

The official README link in the MinIO GitHub project also clearly states:

Source code distribution only

Important notice: The MinIO community edition is now only distributed in source code form. We will no longer provide pre-compiled binary versions of the community edition.

Install the latest MinIO community edition

There are two ways to use the MinIO community edition:

1. Install from source code (recommended): go install github.com/minio/minio@latest

2. Build a Docker image using the provided Dockerfile

Old binary releases

Historical pre-compiled binary versions can still be used as a reference, but they are no longer maintained:

GitHub Releases: https://github.com/minio/minio/releases

Direct download: https://dl.min.io/server/minio/release/

These old binaries will no longer receive updates. We strongly recommend using source code building to get the latest features, bug fixes, and security updates.

Community Reactions: Dissatisfaction, Concerns, and Calls for Forking

Actually, some netizens on Hacker News revealed that MinIO's move had been foreshadowed. "The documentation was deprecated weeks ago, and now the Docker images are no longer updated. The open-source project may be stagnating."

Netizen mattbee commented:

They stopped maintaining the documentation (of the open-source version) weeks ago - I think this is actually a more serious issue.

From their Slack message on October 10:

"This morning, we took down the documentation site at docs.min.io/community and will redirect to the corresponding AIStor documentation if possible." 

The minio/docs repository hasn't been updated for two weeks and doesn't seem likely to be updated again.

When I built a MinIO cluster in February this year, it was impressively simple overall but a bit tricky in some details. The most crucial installation tips - such as those about 100Gb networks, Linux kernel tuning, and troubleshooting - were hidden in GitHub comments at that time, pointing to files that had been deleted years ago.

The cluster I built for my client will expand to about 100PB this year. The support service price of MinIO is slightly lower than the cost of an equivalent amount of S3 storage (excluding hosting fees), but the value for the client isn't very high. Now we can only try to maintain the status quo and see if the community can continue to develop around the source code in the future.

I'm not one of those "free software purists." I really appreciate MinIO's past efforts and the fact that they made many businesses possible. But now it's obvious that they are stopping these contributions. I bet that the last open-source version may be released next year.

Although the MinIO team later explained that stopping the distribution of Docker images has nothing to do with CVE vulnerabilities and is just a long-planned adjustment. It just happened that the release coincided with a security update, leading to misunderstandings.

However, developers aren't convinced.

Some people said, "After the console functions were quietly removed, now the distribution of Docker images has also stopped. We have migrated to RustFS."

Some people in the community even called for forking the project or migrating to other S3-compatible solutions.

Some people criticized MinIO's management approach: "This is a typical case - a company creates excellent open-source software, distributes it for free but fails to make a profit, and then starts charging after angering users. It's like collecting 'protection fees.'"

Some netizens also questioned:

Wait... Are you really going to abandon the official MinIO Docker image that has been downloaded over 1 billion times?

I'm sure you have your reasons, but I really can't understand why anyone would think it's good for the company to abandon such a popular release channel.

Was there an official announcement before the release?

And the timing is so bad... You could have waited until a fixed or feature-updated version to do this, but you chose to suddenly take it offline during a serious security vulnerability fix. It's too harsh.

Anyway, thank you for your contributions all the way - I'll go fork it and build it myself.

However, there are also voices defending the developers:

"Providing official container images for free also requires time and resources. From a business perspective, cutting free support is reasonable."

"Developers also need to make a living. Without sufficient donations and support, they have to make choices. This is actually a conflict between idealism and reality."

"Although it's really inappropriate that they didn't give prior notice, if someone is actually using free open-source software to build a cluster of hundreds of PB, it's understandable that the company is turning to commercialization."

Actually, this is a collision between ideal and reality: On the one hand, MinIO provides high-performance, free, and open-source software; on the other hand, continuously maintaining images and documentation requires costs, and the company has to make a choice between open source and commercialization. There is always a delicate balance between the ideal of open-source software and commercial reality.

What's your take on this?

References:

https://news.ycombinator.com/item?id=45665452

https://github.com/minio/minio/issues/21647#issuecomment-3418675115

https://www.reddit.com/r/selfhosted/comments/1ocggb6/minio_moving_to_a_source_only_distribution/

https://gigazine.net/gsc_news/en/20251023-mineo-stops-distributing-free-docker-images

This article is from the WeChat official account "CSDN", compiled by Tu Min, and published by 36Kr with authorization.

该文观点仅代表作者本人,36氪平台仅提供信息存储空间服务。

For media inquiries, interview requests, business collaboration and Recruit global ecological partners, please contact mohaiying@36kr.com.
Partner:startuprad.io

36kr Europe (eu.36kr.com) delivers global business and markets news, data, analysis, and video to the world, dedicated to building value and providing business service for companies’ global expansion.

© 2024 36kr.com. All rights reserved.