A minimal Linux environment with MinIO for serving as S3-server
Getting Started
To pull the image:
docker pull registry.hardened.eu/library/minio:latest
Verifying Image Signatures
All Hardened B.V. images are signed using cosign. You can verify the signature using the following steps:
Save the public key:
cat >hardened.pub <<EOL
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEbxhUFlXkIIbDzdRAR9rc6kDPNb+k
J48lhqqlOMyiq3jkbKXNj2sEFMduFlNh63MrZA59PKf4TjS1AiCrvaFXNA==
-----END PUBLIC KEY-----
EOL
Verify the image signature:
cosign verify --key hardened.pub registry.hardened.eu/library/minio:latest
The verification will show the signature details and confirm the image’s authenticity.
To verify the SBOM, run the following command:
cosign verify-attestation --type spdxjson --key hardened.pub registry.hardened.eu/library/minio:latest
To download the SBOM, run the same command and decode it:
cosign verify-attestation --type spdxjson --key hardened.pub registry.hardened.eu/library/minio:latest | jq -r .payload | base64 -d | jq -r .predicate > minio-spdx.json
Trademarks
This software is packaged by Hardened B.V. All trademarks are property of their respective owners. Use of these images does not imply any affiliation or endorsement.
The latest tag is only public. Contact us for detailed information.
| Hash | Tag | Size (compressed) | Last updated | Actions |
|---|---|---|---|---|
| sha256:137b0512c35c7... |
latest
x86_64
|
48.90 MB | 13:53:42 24/10/2025 UTC (Calculating...) | |
| •••••••••••• | •••••••••••• | •••••••••••• | •••••••••••• | Contact Hardened |
Showing 273 packages
| Package | Version | License |
|---|---|---|
| aead.dev/mem | v0.2.0 | - |
| aead.dev/minisign | v0.3.0 | - |
| aead.dev/mtls | v0.2.1 | - |
| alpine-baselayout | 3.7.0-r0 | GPL-2.0-only |
| alpine-baselayout-data | 3.7.0-r0 | GPL-2.0-only |
| alpine-os-release | 3.22-r2 | MIT |
| busybox | 10.0.0-r0 | GPL-2.0-only |
| ca-certificates-bundle | 20250911-r0 | (MPL-2.0 AND MIT) |
| cel.dev/expr | v0.23.1 | - |
| cloud.google.com/go | v0.120.1 | - |
| cloud.google.com/go/auth | v0.16.0 | - |
| cloud.google.com/go/auth/oauth2adapt | v0.2.8 | - |
| cloud.google.com/go/compute/metadata | v0.6.0 | - |
| cloud.google.com/go/iam | v1.5.2 | - |
| cloud.google.com/go/monitoring | v1.24.2 | - |
| cloud.google.com/go/storage | v1.52.0 | - |
| dash | 0.5.12-r3 | (BSD-3-Clause AND GPL-2.0-or-later) |
| dash-binsh | 0.5.12-r3 | (BSD-3-Clause AND GPL-2.0-or-later) |
| filippo.io/edwards25519 | v1.1.0 | - |
| github.com/Azure/azure-sdk-for-go/sdk/azcore | v1.18.0 | - |
| github.com/Azure/azure-sdk-for-go/sdk/azidentity | v1.9.0 | - |
| github.com/Azure/azure-sdk-for-go/sdk/internal | v1.11.1 | - |
| github.com/Azure/azure-sdk-for-go/sdk/storage/azblob | v1.6.1 | - |
| github.com/Azure/go-ntlmssp | v0.0.0-20221128193559-754e69321358 | - |
| github.com/AzureAD/microsoft-authentication-library-for-go | v1.4.2 | - |
| github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp | v1.27.0 | - |
| github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric | v0.51.0 | - |
| github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping | v0.51.0 | - |
| github.com/IBM/sarama | v1.45.1 | - |
| github.com/VividCortex/ewma | v1.2.0 | - |
| github.com/acarl005/stripansi | v0.0.0-20180116102854-5a71ef0e047d | - |
| github.com/alecthomas/participle | v0.7.1 | - |
| github.com/apache/thrift | v0.21.0 | - |
| github.com/asaskevich/govalidator | v0.0.0-20230301143203-a9d515a09cc2 | - |
| github.com/aymanbagabas/go-osc52/v2 | v2.0.1 | - |
| github.com/beevik/ntp | v1.4.3 | - |
| github.com/beorn7/perks | v1.0.1 | - |
| github.com/buger/jsonparser | v1.1.1 | - |
| github.com/cespare/xxhash/v2 | v2.3.0 | - |
| github.com/charmbracelet/bubbles | v0.20.0 | - |
| github.com/charmbracelet/bubbletea | v1.3.4 | - |
| github.com/charmbracelet/lipgloss | v1.0.0 | - |
| github.com/charmbracelet/x/ansi | v0.8.0 | - |
| github.com/charmbracelet/x/term | v0.2.1 | - |
| github.com/cheggaaa/pb | v1.0.29 | - |
| github.com/cncf/xds/go | v0.0.0-20250326154945-ae57f3c0d45f | - |
| github.com/coreos/go-oidc/v3 | v3.14.1 | - |
| github.com/coreos/go-semver | v0.3.1 | - |
| github.com/coreos/go-systemd/v22 | v22.5.0 | - |
| github.com/cosnicolaou/pbzip2 | v1.0.5 | - |
| github.com/davecgh/go-spew | v1.1.2-0.20180830191138-d8f796af33cc | - |
| github.com/dchest/siphash | v1.2.3 | - |
| github.com/docker/go-units | v0.5.0 | - |
| github.com/dustin/go-humanize | v1.0.1 | - |
| github.com/eapache/go-resiliency | v1.7.0 | - |
| github.com/eapache/go-xerial-snappy | v0.0.0-20230731223053-c322873962e3 | - |
| github.com/eapache/queue | v1.1.0 | - |
| github.com/eclipse/paho.mqtt.golang | v1.5.0 | - |
| github.com/elastic/go-elasticsearch/v7 | v7.17.10 | - |
| github.com/envoyproxy/go-control-plane/envoy | v1.32.4 | - |
| github.com/envoyproxy/protoc-gen-validate | v1.2.1 | - |
| github.com/fatih/color | v1.18.0 | - |
| github.com/fatih/structs | v1.1.0 | - |
| github.com/felixge/fgprof | v0.9.5 | - |
| github.com/felixge/httpsnoop | v1.0.4 | - |
| github.com/fraugster/parquet-go | v0.12.0 | - |
| github.com/go-asn1-ber/asn1-ber | v1.5.8-0.20250403174932-29230038a667 | - |
| github.com/go-ini/ini | v1.67.0 | - |
| github.com/go-jose/go-jose/v4 | v4.1.0 | - |
| github.com/go-ldap/ldap/v3 | v3.4.11 | - |
| github.com/go-logr/logr | v1.4.2 | - |
| github.com/go-logr/stdr | v1.2.2 | - |
| github.com/go-openapi/analysis | v0.23.0 | - |
| github.com/go-openapi/errors | v0.22.1 | - |
| github.com/go-openapi/jsonpointer | v0.21.1 | - |
| github.com/go-openapi/jsonreference | v0.21.0 | - |
| github.com/go-openapi/loads | v0.22.0 | - |
| github.com/go-openapi/runtime | v0.28.0 | - |
| github.com/go-openapi/spec | v0.21.0 | - |
| github.com/go-openapi/strfmt | v0.23.0 | - |
| github.com/go-openapi/swag | v0.23.1 | - |
| github.com/go-openapi/validate | v0.24.0 | - |
| github.com/go-sql-driver/mysql | v1.9.2 | - |
| github.com/gobwas/httphead | v0.1.0 | - |
| github.com/gobwas/pool | v0.2.1 | - |
| github.com/gobwas/ws | v1.4.0 | - |
| github.com/goccy/go-json | v0.10.5 | - |
| github.com/gogo/protobuf | v1.3.2 | - |
| github.com/golang-jwt/jwt/v4 | v4.5.2 | - |
| github.com/golang-jwt/jwt/v5 | v5.2.2 | - |
| github.com/golang/protobuf | v1.5.4 | - |
| github.com/golang/snappy | v1.0.0 | - |
| github.com/gomodule/redigo | v1.9.2 | - |
| github.com/google/pprof | v0.0.0-20250422154841-e1f9c1950416 | - |
| github.com/google/s2a-go | v0.1.9 | - |
| github.com/google/shlex | v0.0.0-20191202100458-e7afc7fbc510 | - |
| github.com/google/uuid | v1.6.0 | - |
| github.com/googleapis/enterprise-certificate-proxy | v0.3.6 | - |
| github.com/googleapis/gax-go/v2 | v2.14.1 | - |
| github.com/gorilla/websocket | v1.5.3 | - |
| github.com/hashicorp/errwrap | v1.1.0 | - |
| github.com/hashicorp/go-multierror | v1.1.1 | - |
| github.com/hashicorp/go-uuid | v1.0.3 | - |
| github.com/inconshreveable/mousetrap | v1.1.0 | - |
| github.com/jcmturner/aescts/v2 | v2.0.0 | - |
| github.com/jcmturner/dnsutils/v2 | v2.0.0 | - |
| github.com/jcmturner/gofork | v1.7.6 | - |
| github.com/jcmturner/gokrb5/v8 | v8.4.4 | - |
| github.com/jcmturner/rpc/v2 | v2.0.3 | - |
| github.com/jedib0t/go-pretty/v6 | v6.6.7 | - |
| github.com/jessevdk/go-flags | v1.6.1 | - |
| github.com/josharian/intern | v1.0.0 | - |
| github.com/json-iterator/go | v1.1.12 | - |
| github.com/juju/ratelimit | v1.0.2 | - |
| github.com/klauspost/compress | v1.18.0 | - |
| github.com/klauspost/cpuid/v2 | v2.2.10 | - |
| github.com/klauspost/filepathx | v1.1.1 | - |
| github.com/klauspost/pgzip | v1.2.6 | - |
| github.com/klauspost/readahead | v1.4.0 | - |
| github.com/klauspost/reedsolomon | v1.12.4 | - |
| github.com/kr/fs | v0.1.0 | - |
| github.com/kylelemons/godebug | v1.1.0 | - |
| github.com/lestrrat-go/blackmagic | v1.0.2 | - |
| github.com/lestrrat-go/httpcc | v1.0.1 | - |
| github.com/lestrrat-go/httprc | v1.0.6 | - |
| github.com/lestrrat-go/iter | v1.0.2 | - |
| github.com/lestrrat-go/jwx/v2 | v2.1.4 | - |
| github.com/lestrrat-go/option | v1.0.1 | - |
| github.com/lib/pq | v1.10.9 | - |
| github.com/lithammer/shortuuid/v4 | v4.2.0 | - |
| github.com/lucasb-eyer/go-colorful | v1.2.0 | - |
| github.com/mailru/easyjson | v0.9.0 | - |
| github.com/mattn/go-colorable | v0.1.14 | - |
| github.com/mattn/go-ieproxy | v0.0.12 | - |
| github.com/mattn/go-isatty | v0.0.20 | - |
| github.com/mattn/go-runewidth | v0.0.16 | - |
| github.com/matttproud/golang_protobuf_extensions | v1.0.4 | - |
| github.com/miekg/dns | v1.1.65 | - |
| github.com/minio/cli | v1.24.2 | - |
| github.com/minio/colorjson | v1.0.8 | - |
| github.com/minio/console | v1.7.7-0.20250905210349-2017f33b26e1 | - |
| github.com/minio/crc64nvme | v1.0.1 | - |
| github.com/minio/csvparser | v1.0.0 | - |
| github.com/minio/dnscache | v0.1.1 | - |
| github.com/minio/dperf | v0.6.3 | - |
| github.com/minio/filepath | v1.0.0 | - |
| github.com/minio/highwayhash | v1.0.3 | - |
| github.com/minio/kms-go/kes | v0.3.1 | - |
| github.com/minio/kms-go/kms | v0.5.1-0.20250225090116-4e64ce8d0f35 | - |
| github.com/minio/madmin-go/v3 | v3.0.107-0.20250415152934-4b504b82db63 | - |
| github.com/minio/madmin-go/v3 | v3.0.109 | - |
| github.com/minio/mc | v0.0.0-20250313080218-cf909e1063a9 | - |
| github.com/minio/mc | v0.0.0-20250813083541-7394ce0dd2a8+dirty | - |
| github.com/minio/md5-simd | v1.1.2 | - |
| github.com/minio/minio | v0.0.0-20251015172955-9e49d5e7a648+dirty | - |
| github.com/minio/minio-go/v7 | v7.0.90 | - |
| github.com/minio/minio-go/v7 | v7.0.91 | - |
| github.com/minio/mux | v1.9.2 | - |
| github.com/minio/pkg/v3 | v3.1.0 | - |
| github.com/minio/pkg/v3 | v3.1.3 | - |
| github.com/minio/selfupdate | v0.6.0 | - |
| github.com/minio/simdjson-go | v0.4.5 | - |
| github.com/minio/sio | v0.4.1 | - |
| github.com/minio/websocket | v1.6.0 | - |
| github.com/minio/xxml | v0.0.3 | - |
| github.com/minio/zipindex | v0.4.0 | - |
| github.com/mitchellh/go-homedir | v1.1.0 | - |
| github.com/mitchellh/mapstructure | v1.5.0 | - |
| github.com/modern-go/concurrent | v0.0.0-20180306012644-bacd9c7ef1dd | - |
| github.com/modern-go/reflect2 | v1.0.2 | - |
| github.com/muesli/ansi | v0.0.0-20230316100256-276c6243b2f6 | - |
| github.com/muesli/cancelreader | v0.2.2 | - |
| github.com/muesli/reflow | v0.3.0 | - |
| github.com/muesli/termenv | v0.16.0 | - |
| github.com/munnerz/goautoneg | v0.0.0-20191010083416-a7dc8b61c822 | - |
| github.com/nats-io/nats.go | v1.41.2 | - |
| github.com/nats-io/nkeys | v0.4.11 | - |
| github.com/nats-io/nuid | v1.0.1 | - |
| github.com/nats-io/stan.go | v0.10.4 | - |
| github.com/ncw/directio | v1.0.5 | - |
| github.com/nsqio/go-nsq | v1.1.0 | - |
| github.com/oklog/ulid | v1.3.1 | - |
| github.com/olekukonko/tablewriter | v0.0.5 | - |
| github.com/philhofer/fwd | v1.1.3-0.20240916144458-20a13a1f6b7c | - |
| github.com/philhofer/fwd | v1.2.0 | - |
| github.com/pierrec/lz4/v4 | v4.1.22 | - |
| github.com/pkg/browser | v0.0.0-20240102092130-5ac0b6a4141c | - |
| github.com/pkg/errors | v0.9.1 | - |
| github.com/pkg/sftp | v1.13.9 | - |
| github.com/pkg/xattr | v0.4.10 | - |
| github.com/posener/complete | v1.2.3 | - |
| github.com/prometheus/client_golang | v1.21.1 | - |
| github.com/prometheus/client_golang | v1.22.0 | - |
| github.com/prometheus/client_model | v0.6.2 | - |
| github.com/prometheus/common | v0.63.0 | - |
| github.com/prometheus/procfs | v0.16.0 | - |
| github.com/prometheus/procfs | v0.16.1 | - |
| github.com/prometheus/prom2json | v1.4.2 | - |
| github.com/prometheus/prometheus | v0.303.0 | - |
| github.com/puzpuzpuz/xsync/v3 | v3.5.1 | - |
| github.com/rabbitmq/amqp091-go | v1.10.0 | - |
| github.com/rcrowley/go-metrics | v0.0.0-20250401214520-65e299d6c5c9 | - |
| github.com/rivo/uniseg | v0.4.7 | - |
| github.com/rjeczalik/notify | v0.9.3 | - |
| github.com/rs/cors | v1.11.1 | - |
| github.com/rs/xid | v1.6.0 | - |
| github.com/safchain/ethtool | v0.5.10 | - |
| github.com/secure-io/sio-go | v0.3.1 | - |
| github.com/shirou/gopsutil/v3 | v3.24.5 | - |
| github.com/spiffe/go-spiffe/v2 | v2.5.0 | - |
| github.com/tidwall/gjson | v1.18.0 | - |
| github.com/tidwall/match | v1.1.1 | - |
| github.com/tidwall/pretty | v1.2.1 | - |
| github.com/tinylib/msgp | v1.2.5 | - |
| github.com/tinylib/msgp | v1.4.0 | - |
| github.com/tklauser/go-sysconf | v0.3.15 | - |
| github.com/tklauser/numcpus | v0.10.0 | - |
| github.com/unrolled/secure | v1.17.0 | - |
| github.com/valyala/bytebufferpool | v1.0.0 | - |
| github.com/vbauerster/mpb/v8 | v8.9.3 | - |
| github.com/xdg/scram | v1.0.5 | - |
| github.com/xdg/stringprep | v1.0.3 | - |
| github.com/zeebo/errs | v1.4.0 | - |
| github.com/zeebo/xxh3 | v1.0.2 | - |
| go.etcd.io/etcd/api/v3 | v3.5.19 | - |
| go.etcd.io/etcd/api/v3 | v3.5.21 | - |
| go.etcd.io/etcd/client/pkg/v3 | v3.5.19 | - |
| go.etcd.io/etcd/client/pkg/v3 | v3.5.21 | - |
| go.etcd.io/etcd/client/v3 | v3.5.19 | - |
| go.etcd.io/etcd/client/v3 | v3.5.21 | - |
| go.mongodb.org/mongo-driver | v1.17.3 | - |
| go.opentelemetry.io/auto/sdk | v1.1.0 | - |
| go.opentelemetry.io/contrib/detectors/gcp | v1.35.0 | - |
| go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc | v0.60.0 | - |
| go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp | v0.60.0 | - |
| go.opentelemetry.io/otel | v1.35.0 | - |
| go.opentelemetry.io/otel/metric | v1.35.0 | - |
| go.opentelemetry.io/otel/sdk | v1.35.0 | - |
| go.opentelemetry.io/otel/sdk/metric | v1.35.0 | - |
| go.opentelemetry.io/otel/trace | v1.35.0 | - |
| go.uber.org/atomic | v1.11.0 | - |
| go.uber.org/multierr | v1.11.0 | - |
| go.uber.org/zap | v1.27.0 | - |
| goftp.io/server/v2 | v2.0.1 | - |
| golang.org/x/crypto | v0.37.0 | - |
| golang.org/x/crypto | v0.40.0 | - |
| golang.org/x/net | v0.39.0 | - |
| golang.org/x/net | v0.42.0 | - |
| golang.org/x/oauth2 | v0.29.0 | - |
| golang.org/x/sync | v0.13.0 | - |
| golang.org/x/sync | v0.16.0 | - |
| golang.org/x/sys | v0.32.0 | - |
| golang.org/x/sys | v0.34.0 | - |
| golang.org/x/term | v0.31.0 | - |
| golang.org/x/term | v0.33.0 | - |
| golang.org/x/text | v0.24.0 | - |
| golang.org/x/text | v0.27.0 | - |
| golang.org/x/time | v0.11.0 | - |
| google.golang.org/api | v0.230.0 | - |
| google.golang.org/genproto | v0.0.0-20250422160041-2d3770c4ea7f | - |
| google.golang.org/genproto/googleapis/api | v0.0.0-20250311173030-29e43e6258d7 | - |
| google.golang.org/genproto/googleapis/api | v0.0.0-20250422160041-2d3770c4ea7f | - |
| google.golang.org/genproto/googleapis/rpc | v0.0.0-20250303144028-a0af3efb3deb | - |
| google.golang.org/genproto/googleapis/rpc | v0.0.0-20250422160041-2d3770c4ea7f | - |
| google.golang.org/grpc | v1.71.0 | - |
| google.golang.org/grpc | v1.72.0 | - |
| google.golang.org/protobuf | v1.36.6 | - |
| gopkg.in/yaml.v2 | v2.4.0 | - |
| gopkg.in/yaml.v3 | v3.0.1 | - |
| mc | 0.20250813.083541-r2 | AGPL-3.0-or-later |
| minio | 0.20251015.172955-r2 | AGPL-3.0-or-later |
| musl | 1.2.5-r10 | MIT |
| stdlib | go1.24.9 | BSD-3-Clause |
AGPL-3.0 (strong-copyleft)
The AGPL is a strong copyleft license that extends the GPL to cover software accessed over a network. It requires that a... Show more
BSD-3-CLAUSE (permissive)
The BSD 3-Clause License is another permissive license originating from the Berkeley Software Distribution (BSD). It all... Show more
GPL-2.0 (strong-copyleft)
The GNU General Public License version 2 (GPL-2.0) is a strict copyleft license. If you modify and distribute software l... Show more
MIT (permissive)
The MIT License is a highly permissive open-source license. It allows users to do almost anything with a project, includ... Show more
| CVE | Severity | Package | Version | Fixed In | |
|---|---|---|---|---|---|
| CVE-2025-62506 | High | minio | 0.20251015.172955-r2 | Not fixed | |
|
MinIO is a high-performance object storage system. In all versions prior to RELEASE.2025-10-15T17-29-55Z, a privilege escalation vulnerability allows service accounts and STS (Security Token Service) accounts with restricted session policies to bypass their inline policy restrictions when performing operations on their own account, specifically when creating new service accounts for the same user. The vulnerability exists in the IAM policy validation logic where the code incorrectly relied on the DenyOnly argument when validating session policies for restricted accounts. When a session policy is present, the system should validate that the action is allowed by the session policy, not just that it is not denied. An attacker with valid credentials for a restricted service or STS account can create a new service account for itself without policy restrictions, resulting in a new service account with full parent privileges instead of being restricted by the inline policy. This allows the attacker to access buckets and objects beyond their intended restrictions and modify, delete, or create objects outside their authorized scope. The vulnerability is fixed in version RELEASE.2025-10-15T17-29-55Z.
|
|||||
Compare Images
Image comparison functionality will be implemented in a future release.