Apisix 3.11

hardened latest
Full version: 3.11.0 Analyzed: 2026-02-11
Size Reduction -40% 399.6 MB to 557.8 MB (-158.2 MB saved)
Component Reduction 50% 172 to 86 packages (86 removed)
Vulnerability Reduction 99% 91 to 1 vulnerabilities (90 eliminated)

Image Comparison

Propertyupstreamhardened
Imagedocker.io/apache/apisix:3.11.0-debianghcr.io/armorred/apisix:3.11.0-hardened
Size399.6 MB557.8 MB
Layers989
Components17286
Vulnerabilities911
Runtime Userapisix999

Vulnerability Analysis

upstream 91 total
11critical
30high
41medium
3low
hardened 1 total
1high
Upstream vulnerability details (91)
CVE IDSeverityPackageVersionFixed In
DEBIAN-CVE-2011-3374lowapt2.2.4unfixed
DEBIAN-CVE-2022-3715highbash5.1-2+deb11u15.2-1
DEBIAN-CVE-2016-2781mediumcoreutils8.32-4+b19.4-1
DEBIAN-CVE-2017-18018mediumcoreutils8.32-4+b1unfixed
DEBIAN-CVE-2024-0684mediumcoreutils8.32-4+b19.5-1
DEBIAN-CVE-2025-5278mediumcoreutils8.32-4+b1unfixed
DEBIAN-CVE-2022-1664criticaldpkg1.20.131.20.10
DEBIAN-CVE-2025-6297highdpkg1.20.131.22.21
DEBIAN-CVE-2022-1304highe2fsprogs1.46.2-2+deb11u11.46.2-2+deb11u1
DEBIAN-CVE-2022-1271highgzip1.10-4+deb11u11.10-4+deb11u1
DEBIAN-CVE-2018-6829highlibgcrypt201.8.7-6unfixed
DEBIAN-CVE-2021-33560highlibgcrypt201.8.7-61.9.4-2
DEBIAN-CVE-2024-2236mediumlibgcrypt201.8.7-6unfixed
DSA-5863-1mediumlibtasn1-64.16.0-2+deb11u14.19.0-2+deb12u1
DEBIAN-CVE-2021-46848criticallibtasn1-64.16.0-2+deb11u14.16.0-2+deb11u1
DEBIAN-CVE-2024-12133mediumlibtasn1-64.16.0-2+deb11u14.16.0-2+deb11u2
DEBIAN-CVE-2025-13151highlibtasn1-64.16.0-2+deb11u14.21.0-2
DLA-4061-1mediumlibtasn1-64.16.0-2+deb11u14.16.0-2+deb11u2
DLA-3942-2criticalopenssl1.1.1w-0+deb11u11.1.1w-0+deb11u2
DSA-6015-1highopenssl1.1.1w-0+deb11u13.0.17-1~deb12u3
DLA-4321-1highopenssl1.1.1w-0+deb11u11.1.1w-0+deb11u4
DSA-5532-1highopenssl1.1.1w-0+deb11u13.0.11-1~deb12u2
DSA-5764-1highopenssl1.1.1w-0+deb11u13.0.14-1~deb12u2
DEBIAN-CVE-2022-2068highopenssl1.1.1w-0+deb11u11.1.1n-0+deb11u3
DEBIAN-CVE-2022-2097mediumopenssl1.1.1w-0+deb11u11.1.1n-0+deb11u4
DEBIAN-CVE-2022-2274criticalopenssl1.1.1w-0+deb11u13.0.4-2
DEBIAN-CVE-2022-3358highopenssl1.1.1w-0+deb11u13.0.7-1
DEBIAN-CVE-2022-3602highopenssl1.1.1w-0+deb11u13.0.7-1
DEBIAN-CVE-2022-3786highopenssl1.1.1w-0+deb11u13.0.7-1
DEBIAN-CVE-2022-3996highopenssl1.1.1w-0+deb11u13.0.7-2
DEBIAN-CVE-2022-4203mediumopenssl1.1.1w-0+deb11u13.0.8-1
DEBIAN-CVE-2022-4304mediumopenssl1.1.1w-0+deb11u11.1.1n-0+deb11u4
DEBIAN-CVE-2022-4450highopenssl1.1.1w-0+deb11u11.1.1n-0+deb11u4
DEBIAN-CVE-2023-0215highopenssl1.1.1w-0+deb11u11.1.1n-0+deb11u4
DEBIAN-CVE-2023-0216highopenssl1.1.1w-0+deb11u13.0.8-1
DEBIAN-CVE-2023-0217highopenssl1.1.1w-0+deb11u13.0.8-1
DEBIAN-CVE-2023-0286highopenssl1.1.1w-0+deb11u11.1.1n-0+deb11u4
DEBIAN-CVE-2023-0401highopenssl1.1.1w-0+deb11u13.0.8-1
DEBIAN-CVE-2023-0464highopenssl1.1.1w-0+deb11u11.1.1n-0+deb11u5
DEBIAN-CVE-2023-0465mediumopenssl1.1.1w-0+deb11u11.1.1n-0+deb11u5
DEBIAN-CVE-2023-0466mediumopenssl1.1.1w-0+deb11u11.1.1n-0+deb11u5
DEBIAN-CVE-2023-1255mediumopenssl1.1.1w-0+deb11u13.0.9-1
DEBIAN-CVE-2023-2650mediumopenssl1.1.1w-0+deb11u11.1.1n-0+deb11u5
DEBIAN-CVE-2023-2975mediumopenssl1.1.1w-0+deb11u13.0.10-1~deb12u1
DEBIAN-CVE-2023-3446mediumopenssl1.1.1w-0+deb11u11.1.1v-0~deb11u1
DEBIAN-CVE-2023-3817mediumopenssl1.1.1w-0+deb11u11.1.1v-0~deb11u1
DEBIAN-CVE-2023-5363highopenssl1.1.1w-0+deb11u13.0.11-1~deb12u2
DEBIAN-CVE-2023-5678criticalopenssl1.1.1w-0+deb11u11.1.1w-0+deb11u2
DEBIAN-CVE-2023-6129mediumopenssl1.1.1w-0+deb11u13.0.13-1~deb12u1
DEBIAN-CVE-2023-6237mediumopenssl1.1.1w-0+deb11u13.0.13-1~deb12u1
DEBIAN-CVE-2024-0727criticalopenssl1.1.1w-0+deb11u11.1.1w-0+deb11u2
DEBIAN-CVE-2024-12797mediumopenssl1.1.1w-0+deb11u13.4.1-1
DEBIAN-CVE-2024-13176mediumopenssl1.1.1w-0+deb11u12025.02-8+deb13u1
DEBIAN-CVE-2024-2511criticalopenssl1.1.1w-0+deb11u11.1.1w-0+deb11u2
DEBIAN-CVE-2024-4603mediumopenssl1.1.1w-0+deb11u13.0.14-1~deb12u1
DEBIAN-CVE-2024-4741criticalopenssl1.1.1w-0+deb11u11.1.1w-0+deb11u2
DEBIAN-CVE-2024-5535criticalopenssl1.1.1w-0+deb11u11.1.1w-0+deb11u2
DEBIAN-CVE-2024-6119highopenssl1.1.1w-0+deb11u13.0.14-1~deb12u2
DEBIAN-CVE-2024-9143criticalopenssl1.1.1w-0+deb11u11.1.1w-0+deb11u2
DEBIAN-CVE-2025-11187mediumopenssl1.1.1w-0+deb11u13.5.4-1~deb13u2
DEBIAN-CVE-2025-15467criticalopenssl1.1.1w-0+deb11u13.0.18-1~deb12u2
DEBIAN-CVE-2025-15468mediumopenssl1.1.1w-0+deb11u13.5.4-1~deb13u2
DEBIAN-CVE-2025-15469mediumopenssl1.1.1w-0+deb11u13.5.4-1~deb13u2
DEBIAN-CVE-2025-27587mediumopenssl1.1.1w-0+deb11u13.5.0-1
DEBIAN-CVE-2025-4575mediumopenssl1.1.1w-0+deb11u13.5.0-2
DEBIAN-CVE-2025-66199mediumopenssl1.1.1w-0+deb11u13.5.4-1~deb13u2
DEBIAN-CVE-2025-68160mediumopenssl1.1.1w-0+deb11u13.0.18-1~deb12u2
DEBIAN-CVE-2025-69418mediumopenssl1.1.1w-0+deb11u13.0.18-1~deb12u2
DEBIAN-CVE-2025-69419highopenssl1.1.1w-0+deb11u13.0.18-1~deb12u2
DEBIAN-CVE-2025-69420highopenssl1.1.1w-0+deb11u13.0.18-1~deb12u2
DEBIAN-CVE-2025-69421highopenssl1.1.1w-0+deb11u13.0.18-1~deb12u2
DEBIAN-CVE-2025-9230highopenssl1.1.1w-0+deb11u11.1.1w-0+deb11u4
DEBIAN-CVE-2025-9231mediumopenssl1.1.1w-0+deb11u13.5.1-1+deb13u1
DEBIAN-CVE-2025-9232highopenssl1.1.1w-0+deb11u13.0.17-1~deb12u3
DEBIAN-CVE-2026-22795mediumopenssl1.1.1w-0+deb11u13.0.18-1~deb12u2
DEBIAN-CVE-2026-22796mediumopenssl1.1.1w-0+deb11u13.0.18-1~deb12u2
DLA-4176-1mediumopenssl1.1.1w-0+deb11u11.1.1w-0+deb11u3
DSA-6113-1unknownopenssl1.1.1w-0+deb11u13.0.18-1~deb12u2
DEBIAN-CVE-2005-2541unknowntar1.34+dfsg-1+deb11u1unfixed
DEBIAN-CVE-2022-48303mediumtar1.34+dfsg-1+deb11u11.34+dfsg-1+deb11u1
DEBIAN-CVE-2023-39804mediumtar1.34+dfsg-1+deb11u11.34+dfsg-1+deb11u1
DLA-3972-1unknowntzdata2024a-0+deb11u12024b-0+deb11u1
DLA-4085-1unknowntzdata2024a-0+deb11u12025a-0+deb11u1
DLA-4105-1unknowntzdata2024a-0+deb11u12025b-0+deb11u1
DLA-4403-1unknowntzdata2024a-0+deb11u12025b-0+deb11u2
DSA-5650-1lowutil-linux2.36.1-8+deb11u22.36.1-8+deb11u2
DEBIAN-CVE-2021-3995mediumutil-linux2.36.1-8+deb11u22.36.1-8+deb11u1
DEBIAN-CVE-2021-3996mediumutil-linux2.36.1-8+deb11u22.36.1-8+deb11u1
DEBIAN-CVE-2022-0563mediumutil-linux2.36.1-8+deb11u2unfixed
DEBIAN-CVE-2024-28085lowutil-linux2.36.1-8+deb11u22.36.1-8+deb11u2
DEBIAN-CVE-2025-14104mediumutil-linux2.36.1-8+deb11u22.41.3-1
Hardened vulnerability details (1)
CVE IDSeverityPackageVersionFixed In
OSV-2021-777highlibxml22.13.8unfixed

Software Bill of Materials

upstream components (172)
  • LPeg 1.1.0-2
  • LuaFileSystem 1.7.0-2
  • LuaSec 1.3.2-1
  • LuaSocket 3.1.0-1
  • adduser 3.118+deb11u1
  • api7-lua-resty-aws 2.0.1-1
  • api7-lua-resty-dns-client 7.0.1-0
  • api7-lua-resty-http 0.2.2-0
  • api7-lua-resty-jwt 0.2.5-0
  • apisix 3.11.0-0
  • apt 2.2.4
  • argparse 0.7.1-1
  • base-files 11.1+deb11u11
  • base-passwd 3.5.51
  • bash 5.1-2+deb11u1
  • binaryheap 0.4-1
  • bit32 5.3.5.1-1
  • brotli-ffi 0.3-1
  • bsdutils 1:2.36.1-8+deb11u2
  • ca-certificates 20210119
  • casbin 1.41.9-1
  • coreutils 8.32-4+b1
  • dash 0.5.11+git20200708+dd9ef66-5
  • debconf 1.5.77
  • debian-archive-keyring 2021.1.1+deb11u1
  • debianutils 4.11.2
  • diffutils 1:3.7-5
  • dpkg 1.20.13
  • e2fsprogs 1.46.2-2+deb11u1
  • ext-plugin-proto 0.6.1-0
  • findutils 4.8.0-1
  • gcc-10-base 10.2.1-6
  • gcc-9-base 9.3.0-22
  • gpgv 2.2.27-2+deb11u2
  • graphql 0.0.2-1
  • grep 3.6-1+deb11u1
  • gzip 1.10-4+deb11u1
  • hostname 3.23
  • init-system-helpers 1.60
  • inspect 3.1.1-0
  • jsonschema 0.9.8-0
  • libacl1 2.2.53-10
  • libapt-pkg6.0 2.2.4
  • libattr1 1:2.4.48-6
  • libaudit-common 1:3.0-2
  • libaudit1 1:3.0-2
  • libblkid1 2.36.1-8+deb11u2
  • libbz2-1.0 1.0.8-4
  • libc-bin 2.31-13+deb11u11
  • libc6 2.31-13+deb11u11
  • libcap-ng0 0.7.9-2.2+b1
  • libcom-err2 1.46.2-2+deb11u1
  • libcrypt1 1:4.4.18-4
  • libdb5.3 5.3.28+dfsg1-0.8
  • libdebconfclient0 0.260
  • libext2fs2 1.46.2-2+deb11u1
  • libffi7 3.3-6
  • libgcc-s1 10.2.1-6
  • libgcrypt20 1.8.7-6
  • libgmp10 2:6.2.1+dfsg-1+deb11u1
  • libgnutls30 3.7.1-5+deb11u6
  • libgpg-error0 1.38-2
  • libgssapi-krb5-2 1.18.3-6+deb11u5
  • libhogweed6 3.7.3-1
  • libidn2-0 2.3.0-5
  • libk5crypto3 1.18.3-6+deb11u5
  • libkeyutils1 1.6.1-2
  • libkrb5-3 1.18.3-6+deb11u5
  • libkrb5support0 1.18.3-6+deb11u5
  • libldap-2.4-2 2.4.57+dfsg-3+deb11u1
  • libldap2-dev 2.4.57+dfsg-3+deb11u1
  • liblz4-1 1.9.3-2
  • liblzma5 5.2.5-2.1~deb11u1
  • libmount1 2.36.1-8+deb11u2
  • libnettle8 3.7.3-1
  • libnsl2 1.3.0-2
  • libp11-kit0 0.23.22-1
  • libpam-modules 1.4.0-9+deb11u1
  • libpam-modules-bin 1.4.0-9+deb11u1
  • libpam-runtime 1.4.0-9+deb11u1
  • libpam0g 1.4.0-9+deb11u1
  • libpcre2-8-0 10.36-2+deb11u1
  • libpcre3 2:8.39-13
  • libsasl2-2 2.1.27+dfsg-2.1+deb11u1
  • libsasl2-modules-db 2.1.27+dfsg-2.1+deb11u1
  • libseccomp2 2.5.1-1+deb11u1
  • libselinux1 3.1-3
  • libsemanage-common 3.1-1
  • libsemanage1 3.1-1+b2
  • libsepol1 3.1-1
  • libsmartcols1 2.36.1-8+deb11u2
  • libss2 1.46.2-2+deb11u1
  • libssl1.1 1.1.1w-0+deb11u1
  • libstdc++6 10.2.1-6
  • libsystemd0 247.3-7+deb11u6
  • libtasn1-6 4.16.0-2+deb11u1
  • libtinfo6 6.2+20201114-2+deb11u2
  • libtirpc-common 1.3.1-1+deb11u1
  • libtirpc3 1.3.1-1+deb11u1
  • libudev1 247.3-7+deb11u6
  • libunistring2 0.9.10-4
  • libuuid1 2.36.1-8+deb11u2
  • libxxhash0 0.8.0-2
  • libyaml-0-2 0.2.2-1
  • libyaml-dev 0.2.2-1
  • libzstd1 1.4.8+dfsg-2.1
  • login 1:4.8.1-1
  • logsave 1.46.2-2+deb11u1
  • lrandom 20180729-1
  • lsb-base 11.1.0
  • lua-ffi-zlib 0.6-0
  • lua-protobuf 0.3.3-1
  • lua-protobuf 0.4.1-1
  • lua-protobuf 0.5.2-1
  • lua-resty-balancer 0.04-0
  • lua-resty-consul 0.3-2
  • lua-resty-cookie 0.2.0-1
  • lua-resty-ctxdump 0.1-0
  • lua-resty-etcd 1.10.5-0
  • lua-resty-expr 1.3.0-0
  • lua-resty-expr 1.3.2-0
  • lua-resty-healthcheck-api7 3.2.0-0
  • lua-resty-hmac-ffi 0.06-1
  • lua-resty-http 0.16.1-0
  • lua-resty-ipmatcher 0.6.1-0
  • lua-resty-jit-uuid 0.0.7-2
  • lua-resty-jwt 0.2.3-0
  • lua-resty-kafka 0.23-0
  • lua-resty-ldap 0.1.0-0
  • lua-resty-logger-socket 2.0.1-0
  • lua-resty-luasocket 1.1.2-1
  • lua-resty-mediador 0.1.2-1
  • lua-resty-ngxvar 0.5.2-0
  • lua-resty-openidc 1.7.6-3
  • lua-resty-openssl 1.5.1-1
  • lua-resty-radixtree 2.9.1-0
  • lua-resty-rocketmq 0.3.0-0
  • lua-resty-session 3.10-1
  • lua-resty-t1k 1.1.5-0
  • lua-resty-template 2.0-1
  • lua-resty-timer 1.1.0-1
  • lua-resty-worker-events 1.0.0-1
  • lua-typeof 0.1-0
  • lua_pack 2.0.0-0
  • lualdap 1.2.6-1
  • lualogging 1.8.2-1
  • luatz 0.4-1
  • luaxxhash 1.0.0-1
  • lyaml 6.2.8-1
  • manpages 5.10-1
  • mawk 1.3.4.20200120-2
  • mount 2.36.1-8+deb11u2
  • nanoid 0.1-1
  • ncurses-base 6.2+20201114-2+deb11u2
  • ncurses-bin 6.2+20201114-2+deb11u2
  • net-url 0.9-1
  • openssl 1.1.1w-0+deb11u1
  • opentelemetry-lua 0.2-3
  • opentracing-openresty 0.1-0
  • passwd 1:4.8.1-1
  • penlight 1.13.1-1
  • penlight 1.9.2-1
  • perl-base 5.32.1-4+deb11u3
  • resty-redis-cluster 1.05-1
  • sed 4.7-1
  • skywalking-nginx-lua 1.0.1-0
  • sysvinit-utils 2.96-7+deb11u1
  • tar 1.34+dfsg-1+deb11u1
  • tzdata 2024a-0+deb11u1
  • util-linux 2.36.1-8+deb11u2
  • xml2lua 1.5-2
  • zlib1g 1:1.2.11.dfsg-2+deb11u2
hardened components (86)
  • acl 2.3.2
  • attr 2.5.2
  • audit 4.0
  • bash 5.2p37
  • bison 3.8.2
  • coreutils 9.5
  • db 4.8.30
  • flex 2.6.4
  • gcc 13.3.0
  • gcc 13.3.0
  • gcc 13.3.0
  • glibc 2.40-66
  • glibc 2.40-66
  • glibc 2.40-66
  • gmp 6.3.0
  • gmp-with-cxx 6.3.0
  • gnugrep 3.11
  • gnum4 1.4.19
  • gnutar 1.35
  • icu4c 74.2
  • icu4c 74.2
  • isl 0.20
  • keyutils 1.6.3
  • krb5 1.21.3
  • krb5 1.21.3
  • krb5 1.21.3
  • libbsd 0.12.2
  • libcap 2.70
  • libcap-ng 0.8.5
  • libedit 20240808-3.1
  • libidn2 2.3.7
  • libmd 1.1.0
  • libmpc 1.3.1
  • libunistring 1.2
  • libxcrypt 4.4.36
  • libxml2 2.13.8
  • libxml2 2.13.8
  • libxml2 2.13.8
  • libxml2 2.13.8
  • libxml2 2.13.8
  • libxml2 2.13.8
  • libxslt 1.1.42
  • libxslt 1.1.42
  • libxslt 1.1.42
  • linux-headers 6.10
  • linux-pam 1.6.1
  • lz4 1.10.0
  • lz4 1.10.0
  • lz4 1.10.0
  • mpfr 4.2.1
  • ncurses 6.4.20221231
  • ncurses 6.4.20221231
  • ncurses 6.4.20221231
  • openresty 1.27.1.2
  • openssl 3.3.3
  • openssl 3.3.3
  • openssl 3.3.3
  • pcre2 10.44
  • pcre2 10.44
  • pcre2 10.44
  • perl 5.40.0
  • postgresql 16.9
  • postgresql 16.9
  • postgresql 16.9
  • postgresql 16.9
  • postgresql 16.9
  • readline 8.2p13
  • readline 8.2p13
  • shadow 4.16.0
  • systemd-minimal-libs 256.10
  • systemd-minimal-libs 256.10
  • tcb 1.2
  • tzdata 2025b
  • util-linux-minimal 2.39.4
  • util-linux-minimal 2.39.4
  • util-linux-minimal 2.39.4
  • util-linux-minimal 2.39.4
  • util-linux-minimal 2.39.4
  • util-linux-minimal 2.39.4
  • util-linux-minimal 2.39.4
  • xgcc 13.3.0
  • zlib 1.3.1
  • zlib 1.3.1
  • zstd 1.5.6
  • zstd 1.5.6
  • zstd 1.5.6

Download SBOMs

Upstream SBOM Hardened SBOM

Usage

$ podman pull ghcr.io/armorred/apisix:3.11

Verify Signature

$ cosign verify --key https://armorred.org/cosign.pub ghcr.io/armorred/apisix:3.11