pgsty/minio Fork
A community-maintained AGPL v3 fork of MinIO created after the upstream repository was archived in February 2026 and permanently re-archived on April 25, 2026. Lives at github.com/pgsty/minio, ships compiled binaries and admin console, and backports CVE patches that MinIO Inc. now ships only in proprietary AIStor.
Summary
A community-maintained AGPL v3 fork of MinIO created after the upstream repository was archived in February 2026 and permanently re-archived on April 25, 2026. Lives at github.com/pgsty/minio, ships compiled binaries and admin console, and backports CVE patches that MinIO Inc. now ships only in proprietary AIStor.
The immediate-term answer for organizations running existing MinIO Community Edition deployments who need CVE coverage without migrating to a different object store or paying for AIStor. Maintained as part of the Pigsty PostgreSQL distribution ecosystem.
- pgsty/minio is a CVE-coverage fork, not a license-change fork — it inherits the AGPL v3 burden of upstream MinIO. If AGPL is the migration driver, this fork does not help.
- Single-maintainer / single-project risk — no foundation backing. Longevity depends on continued Pigsty team commitment.
- CVE-2026-39414 is the canonical example: the upstream advisory explicitly lists only an AIStor-tagged RELEASE in
patched_versions, leaving the OSS line unpatched. pgsty backports that fix.
alternative_toMinIO — same binary footprint, restored admin console, backported security patchescompetes_withAIStor — same feature surface, AGPL instead of commercial licenseimplementsS3 API — full inherited compatibility from the MinIO codebaseconstrained_byAGPL Licensing Risk — same downstream-commercial copyleft burden as upstream MinIO
Definition
A community-maintained fork of **MinIO**, created after MinIO Inc. archived the upstream OSS repository in February 2026 and again, permanently, on April 25, 2026. The fork lives at [github.com/pgsty/minio](https://github.com/pgsty/minio) (1,520+ stars as of April 2026, AGPL-3.0) and applies CVE backports plus critical bug fixes that MinIO Inc. now ships only in proprietary **AIStor**. Maintained as part of the **Pigsty** PostgreSQL distribution ecosystem, the fork keeps the original AGPL v3 license intact while restoring the binary distribution pipeline and admin console that the upstream OSS line no longer ships.
When MinIO shifted all engineering to commercial AIStor, organizations running MinIO Community Edition were left with multiple unpatched advisories. The clearest example is **CVE-2026-39414** (DoS via unbounded memory in S3 Select CSV parsing), which the [GHSA-h749-fxx7-pwpg advisory](https://github.com/minio/minio/security/advisories/GHSA-h749-fxx7-pwpg) lists as patched **only** in `MinIO AIStor RELEASE.2025-12-20T04-58-37Z` — the OSS line gets no fix. The pgsty fork stepped in to backport the CVE patches and provide compiled binaries so existing MinIO deployments can stay in the supported security window without committing to a full migration.
Drop-in replacement for existing MinIO Community Edition deployments, CVE-patched S3-compatible storage where AIStor licensing is unacceptable, bridge storage while planning migration to RustFS / SeaweedFS / Garage.
Recent developments
- "MinIO is Dead, Long Live MinIO" — the fork is the founder's own narrative. Per the Vonng project page and the February 14, 2026 post "MinIO is Dead, Long Live MinIO" (Vonng's Chinese-language analysis), the pgsty fork's maintainer publicly documented the rationale: MinIO's main repo is officially archived and abandoned; the community fork restores the admin console and ships binaries via CI/CD pipelines for RPM, DEB, and Docker images. The fork's existence is anchored in a single maintainer's commitment, which is both its strength (decisive action while upstream stalls) and its risk (single-bus-factor longevity).
Connections 6
Outbound 6
scoped_to2implements1alternative_to1competes_with1constrained_by1Resources 3
Community-maintained AGPL-3.0 fork of MinIO. Ships compiled binaries and admin console plus CVE backports that the now-archived upstream OSS line no longer receives.
Parent Pigsty PostgreSQL distribution project — context for the team maintaining the MinIO fork and the broader open-source operational stack they ship.
Smoking-gun advisory for the OSS/AIStor patch split — `patched_versions` lists only `MinIO AIStor RELEASE.2025-12-20T04-58-37Z`, so the OSS line does not receive the CVE-2026-39414 fix. Drives the case for pgsty/minio (or migration entirely).