Bugfix Release

What's Changed

• fix: unexpected credentials missing while passing (05/09/24)
• remove references for MINIO_SERVER_URL (05/09/24)
• add log-prefix name for specifying custom log-name (#19712) (05/09/24)
• Revert "Fix incorrect merging of slash-suffixed objects (#19699)" (05/09/24)
• fix: truncate Expiration to second when Add ServiceAccount (#19674) (05/10/24)
• Fix incorrect merging of slash-suffixed objects (#19699) (05/09/24)
• deprecate unexpected healing failed counters (#19705) (05/09/24)
• pass around correct endpoint while registering remote storage (#19710) (05/09/24)
• ldap-import: Add additional logs (#19691) (05/09/24)
• results must be a single channel to avoid overwriting healing.bin (#19702) (05/09/24)
• chore: use errors.New to replace fmt.Errorf with no parameters (#19568) (05/09/24)
• upgrade to go1.22.x (05/09/24)
• allow caller context during reloads() to cancel (#19687) (05/08/24)
• grid: Fix a window of a disconnected node not marked as offline (#19703) (05/09/24)
• Accept multipart checksums with part count (#19680) (05/08/24)
• kms: add support for MinKMS and remove some unused/broken code (#19368) (05/08/24)
• return appropriate error upon reaching maxClients() (#19669) (05/07/24)

New Contributors

• @ChengenH made their first contribution in #19568

Full Changelog: RELEASE.2024-05-07T06-41-25Z...RELEASE.2024-05-10T01-41-38Z

Bugfix Release

What's Changed

• Fix --stfp "mac-algos=..." overwrites cipher algorithms by @klauspost in #19643
• enhance ListSVCs() API to return more info to avoid InfoSvc() by @harshavardhana in #19642
• Wait one minute after startup to restart decommissioning by @klauspost in #19645
• add logrotate support for MinIO logs by @harshavardhana in #19641
• Return listing when exceeding min disk errors by @klauspost in #19644
• fix: Filter out cust. AssumeRole Token for audit by @donatello in #19646
• support compression after rotation of logs by @harshavardhana in #19647
• Add cluster IAM metrics in metrics-v3 by @balamurugana in #19595
• Use better gzip for log rotate by @klauspost in #19651
• Change endpoint format for per-bucket metrics by @anjalshireesh in #19655
• replication: Avoid proxying if requested object is a deletemarker by @poornas in #19656
• With retention, skip actions expiring all versions by @krisis in #19657
• extend server config.yaml to support per pool set drive count by @harshavardhana in #19663
• Fix Walk missing entries with opts.Marker set by @klauspost in #19661
• avoid using 10MiB EC buffers in maxAPI calculations by @harshavardhana in #19665
• turn-off coloring if we have std{err,out} dumb terminals by @harshavardhana in #19667
• add support for specific error response for InvalidRange by @harshavardhana in #19668
• support 'mc support perf object' with root login disabled by @harshavardhana in #19672
• fix: Ignore AWSAccessKeyId check for SignV2 policy condition by @jiuker in #19673
• Make WalkDir return errors by @klauspost in #19677
• support ETag value to be '*' by @harshavardhana in #19682
• Update Console version to v1.4.0 by @bexsoft in #19684
• Set Console Redirect URL env variable by @cesnietor in #19683
• fix: collect quorum errors for deletePrefix() by @harshavardhana in #19685
• Support user certificate based authentication on SFTP by @olljanat in #19650

New Contributors

• @olljanat made their first contribution in #19650

Full Changelog: RELEASE.2024-05-01T01-11-10Z...RELEASE.2024-05-07T06-41-25Z

Bugfix Release

What's Changed

• Always unfreeze when connection dies by @klauspost in #19634
• avoid data race for testing by @jiuker in #19635
• Suppress metrics with zero values by @shtripat in #19638
• Allow custom SFTP algorithm selection by @klauspost in #19636
• fix: a crash in RemoveReplication target by @harshavardhana in #19640
• ilm: Handle DeleteAllVersions action differently for DEL markers by @krisis in #19481

Full Changelog: RELEASE.2024-04-28T17-53-50Z...RELEASE.2024-05-01T01-11-10Z

Bugfix Release

Highlights

Further fixes for LDAP integration

• This release contains further fixes to the LDAP export/import-based migration of IAM data introduced in the previous release (see the release notes) https://github.com/minio/minio/releases/tag/RELEASE.2024-04-18T19-09-19Z
  • It handles replacing existing mappings with the normalized form and fixes many corner cases.
  • Users running into issues related to importing IAM data are advised to upgrade to this release
    and to do the IAM import on it.

What's Changed

• updating tests to use new mc --enc flags by @zveinn in #19508
• fix: get rid of large buffers by @harshavardhana in #19549
• cleanup: Simplify usage of MinIOSourceProxyRequest by @rluetzner in #19553
• optimize ftp/sftp upload() implementations to avoid CPU load by @harshavardhana in #19552
• add ILM + site-replication tests by @harshavardhana in #19554
• Store object EC in metadata header by @klauspost in #19534
• Reduce parallelReader allocs by @klauspost in #19558
• make LRU cache global for internode tokens by @harshavardhana in #19555
• fix: ignore signaturev2 for policy header check by @jiuker in #19551
• build(deps): bump golang.org/x/net from 0.19.0 to 0.23.0 in /docs/debugging/s3-verify by @dependabot in #19559
• Disable trailing header support for MinIO tiers by @krisis in #19561
• re-use transport and set stronger backwards compatible Ciphers by @harshavardhana in #19565
• do not panic on rebalance during server restarts by @harshavardhana in #19563
• Fix RenameData data race by @klauspost in #19579
• Remove leading zero strings in return value of (*xlMetaV2)getDataDirs() by @seiyab in #19567
• fix: can't get total disksize for decom status by @jiuker in #19585
• make renameData() more defensive during overwrites by @harshavardhana in #19548
• Add system CPU metrics to metrics-v3 by @anjalshireesh in #19560
• fix: avoid some IAM import errors if LDAP enabled by @donatello in #19591
• simplify listener implementation setup customizations in right place by @harshavardhana in #19589
• Add cluster notification metrics in metrics-v3 by @balamurugana in #19533
• Fix few wrongly defined metric types by @anjalshireesh in #19586
• fix: site-replication will reset group status when add user by @jiuker in #19594
• Validates PostgreSQL table name by @ramondeklein in #19602
• xl-meta: Allow combining multiple unversioned objects by @klauspost in #19604
• support preserving renameData() on inlined content during overwrites by @harshavardhana in #19609
• fix: IAM import for LDAP should replace mappings by @donatello in #19607
• fix: IAM LDAP access key import bug by @donatello in #19608
• Fixes an internal error while force-deleting a bucket by @ramondeklein in #19614
• Update Console UI to v1.3.0 by @cesnietor in #19617
• fix: LDAP init. issue when LDAP server is down by @donatello in #19619
• heal: Fix regression in healing a new fresh drive by @vadmeste in #19615
• add metrics ioerror counter for alerts on I/O errors by @harshavardhana in #19618
• Fix DeleteObject API for unversioned objects with insufficient read q… by @poornas in #19581
• deprecate usage of sha256-simd by @harshavardhana in #19621
• heal: Avoid marking a bucket as done when remote drives are offline by @vadmeste in #19587
• helm: fix port types in CiliumNetworkPolicy by @twelho in #19232
• Add process metrics in metrics-v3 by @anjalshireesh in #19612
• Handle failures in pool rebalancing by @Praveenrajmani in #19623
• heal/list: Fix rare incomplete listing with flaky internode connections by @vadmeste in #19625
• iam reload policy mapping of STS users properly by @poornas in #19626
• helm support loadBalancerSourceRanges and externalTrafficPolicy by @opencmit2 in #19245
• a bunch of fixes for error handling by @harshavardhana in #19627

New Contributors

• @rluetzner made their first contribution in #19553
• @seiyab made their first contribution in #19567
• @ramondeklein made their first contribution in #19602

Full Changelog: RELEASE.2024-04-18T19-09-19Z...RELEASE.2024-04-28T17-53-50Z

Bug fix Release

Upgrading for LDAP enabled setups

If you are not using the MinIO server's LDAP integration, please follow the usual upgrade instructions.

Release version RELEASE.2024-03-30T09-41-56Z brought a change to LDAP user and group policy mappings storage where the Distinguished Name (DN) of a user or group is stored in a normalized form. This normalization was necessary to ensure consistent handling of values with non-ASCII unicode characaters in a DN. However, this broke existing deployments with LDAP integration enabled, especially for existing mappings because older releases did not store them in a normalized form. The main way to restore mappings in that release and in release version RELEASE.2024-04-06T05-26-02Z was to recreate the mappings - however this was not sufficient to restore operation of access keys (aka service accounts) created by LDAP users.

This release provides a fix for this - however user action is required. Please follow these steps:

1. In your existing MinIO cluster export all IAM data as an administrator with:

   mc admin cluster iam export ALIAS

   This will output a zip file containing IAM data (credentials, policies and policy mappings) in JSON format.

2. Upgrade your cluster to the current release following the usual upgrade instructions.

3. Now import the IAM data with:

   mc admin cluster iam import ALIAS /path/to/zipfile

   providing the path to the zip file from step 1.

For most deployments this should be enough to migrate the IAM policy mappings on LDAP users into the right format.

In some setups there may be duplicate mappings for the same user or group DN but with casing/normalization differences. In these cases, step 3 will return an error describing the conflicting mapping as the server cannot determine the right mapping to use. To fix this error, unzip the exported zip file, open the appropriate mapping file (either iam-assets/stsuser_mappings.json or iam-assets/group_mappings.json). Both these files have a simple JSON structure - they are JSON objects with DN strings as keys and the values are JSON objects. Remove the conflicting DN keys from this file, zip it again and run step 3 once more.

What's Changed

• fix: add fallbackDisks for disk healing by @harshavardhana in #19425
• fix: increase the tiering part size to 128MiB by @harshavardhana in #19424
• heal: Add more per disk healing result in the audit by @vadmeste in #19427
• batch-repl: Do not allow both source/target to be remote by @vadmeste in #19434
• Allow setting readOnlyRootFilesystem in securityContext by @AlexanderThaller in #19437
• Add a warning when the total size of an object versions exceeds 1 TiB by @vadmeste in #19435
• make if-none-match PUT/POST RFC compliant by @harshavardhana in #19448
• fix: unknow contentType for ArchiveFileHandler by @jiuker in #19451
• fix: noHost for collectLocalMetric by @jiuker in #19457
• doc: add Content-Type to s3zip by @jiuker in #19455
• Allow specifying the local server with env variable _MINIO_SERVER_LOCAL by @allanrogerr in #19453
• handle missing LDAP normalization in SetPolicy() API by @harshavardhana in #19465
• avoid busy loops in bad path component by @harshavardhana in #19466
• allow protection from invalid config values by @harshavardhana in #19460
• fix CopyObject with replace overwriting inline status by @poornas in #19468
• Updated Console UI to v1.2.0 by @bexsoft in #19467
• update versioning tests to cover CopyObject() by @harshavardhana in #19472
• remove SetDiskLoc() rely on the endpoint values instead by @harshavardhana in #19475
• Add drive metrics in metrics-v3 by @anjalshireesh in #19452
• remove permission denied error for being drive error by @harshavardhana in #19478
• Inspect: Add error if no results by @klauspost in #19476
• simplify common functions in replication by @harshavardhana in #19480
• Fix some CI warnings by @donatello in #19482
• Correct sample for node scrape configuration by @shtripat in #19491
• fix: close sessionPolicyFile in the sts-assume-role example by @testwill in #19428
• fix: list operations resuming when hitting different node by @klauspost in #19494
• Keep an up-to-date copy of the KMS master key by @allanrogerr in #19492
• remove older deploymentID fix behavior to speed up startup by @harshavardhana in #19497
• code clean for dynamicSleeper by @jiuker in #19499
• ILM expiry replication status only if enabled by @shtripat in #19503
• convert multipart-cleanup from a blocking unlink() to a rename to trash by @harshavardhana in #19495
• removed hardcoded datasource uid by @mawatech in #19477
• fix: ListObjectVersions returning duplicates when resuming with null version id by @klauspost in #19518
• Use pkg helper to allow default MINIO_KMS_KEY_CACHE_INTERVAL as a time.Duration by @allanrogerr in #19512
• update all deps regular cadence by @harshavardhana in #19523
• At server init, use the correct context when creating the KMS Master Key by @allanrogerr in #19526
• ftp: Return current time for prefixes/directories by @klauspost in #19519
• Improve typos configuration by @szepeviktor in #19489
• allow detaching any non-normalized DN by @harshavardhana in #19525
• reload from drive tier-config when in-memory cache is not found by @harshavardhana in #19527
• Add system memory metrics in v3 by @anjalshireesh in #19486
• Add cluster audit metrics in metrics-v3 by @anjalshireesh in #19514
• list: Fix rare listing continuation freeze by @vadmeste in #19524
• ldap: Normalize DNs when importing by @donatello in #19528
• add ftp example for to helm's values.yaml extraArgs field by @jiuker in #19541
• fix: ldap: avoid unnecessary import errors by @donatello in #19547

New Contributors

• @mawatech made their first contribution in #19477
• @szepeviktor made their first contribution in #19489

Full Changelog: RELEASE.2024-04-06T05-26-02Z...RELEASE.2024-04-18T19-09-19Z

Bugfix Release

What's Changed

• Reduce big message RPC allocations by @klauspost in #19390
• Prioritize the bucket configs first during the decommissioning by @Praveenrajmani in #19393
• fix: missing metrics for healed objects by @harshavardhana in #19392
• Always return slice with cap by @klauspost in #19395
• Adding console targets back into systemtarget log slice by @zveinn in #19398
• feat: support EdDSA/Ed25519 for oss by @jiuker in #19397
• update to latest deps by @harshavardhana in #19399
• Avoid using a nil transport when the config is not initialized by @vadmeste in #19405
• use GenerateKey as more reliable KMS health-check by @aead in #19404
• Dont use deprecated angular by @shtripat in #19396
• Add env variable MINIO_IDENTITY_OPENID_REDIRECT_URI to statefulset by @AlexanderThaller in #18949
• Add more tests for ARN and its format by @harshavardhana in #19408
• logging: Add subsystem to log API by @vadmeste in #19002
• feat: add memlimit flags for setMaxResources by @jiuker in #19400
• fix: ldap: use validated base DNs by @donatello in #19406
• use new generics based LRU from hashicorp by @harshavardhana in #19409
• Set object's original modTime when being restored by @krisis in #19414
• remove frivolous log about abort-multipart failure in replication by @harshavardhana in #19413
• turn-off Nlink readdir() optimization for NFS/CIFS by @harshavardhana in #19420
• fix: a regression in IAM policy reload routine() by @harshavardhana in #19421
• fix: IAM import/export: remove sts group handling by @donatello in #19422
• Added new API errors for LDAP by @taran-p in #19415

New Contributors

• @AlexanderThaller made their first contribution in #18949

Full Changelog: RELEASE.2024-03-30T09-41-56Z...RELEASE.2024-04-06T05-26-02Z

Bugfix Release

Highlights

• Support for SSE-C encrypted objects with site and bucket replication.
• CPU issue addressed when you have 1000's of folder prefixes at bucket root.
• LDAP support normalization of DN names for consistent behavior.

Update

This release is broken if you use IAM users, as the policy reload function is broken. You are advised
to wait for the next release. If you plan an upgrade, please stick to RELEASE.2024-03-26T22-10-45Z
until we make a new release.

What's Changed

• fix: new staticheck and linter issues reported by @harshavardhana in #19340
• fix: Remove unnecessary loops for searchParent by @jiuker in #19353
• Render node graphs by node by @shtripat in #19356
• feat: add env to choose which node to decom by @jiuker in #19310
• set max versions to be IntMax to avoid premature failures by @harshavardhana in #19360
• fix: avoid fan-out DeletePrefix calls for batch-expire and ILM by @harshavardhana in #19365
• expire ILM all versions verify quorum on action by @harshavardhana in #19359
• use bigger partSize per part for tiering to MinIO by @harshavardhana in #19361
• ldap: improve normalization of DN values by @donatello in #19358
• fix: slice append lose the data for NSScanner by @jiuker in #19373
• Pre populate the server names using a query by @shtripat in #19367
• Remove empty replication stats when sending update by @klauspost in #19375
• Split the replication dashboard in cluster and node level by @shtripat in #19374
• Enable replication of SSE-C objects by @shtripat in #19107
• Suppress error log for force-deleting object in locked bucket by @kaankabalak in #19378
• Fix issue [#19314], resolve the absence of the sed command in ub… by @andibraeu in #19315
• fix: sts accounts map refresh and fewer list calls by @donatello in #19376
• fix: CI warnings by @donatello in #19380
• add auditing for healing objects by @harshavardhana in #19379
• update() inlineBlock settings properly in storageClass config by @harshavardhana in #19382
• add static curl to container by @harshavardhana in #19383
• Remove empty replication stats by @klauspost in #19385

New Contributors

• @andibraeu made their first contribution in #19315

Full Changelog: RELEASE.2024-03-26T22-10-45Z...RELEASE.2024-03-30T09-41-56Z

Bug fix Release

What's Changed

• Webhook targets refactor and bug fixes by @zveinn in #19275
• fix: convert multiple callers to use toStorageErr(err) correctly by @harshavardhana in #19339
• fix: should return when error happend by @jiuker in #19342
• bring back minor DNS cache for k8s setups by @harshavardhana in #19341
• Adding dashboard for MinIO node metrics by @shtripat in #19329
• Fix races in IAM cache lazy loading by @klauspost in #19346
• allow configuring inline shard size value by @harshavardhana in #19336
• replication:fix precondition check for multipart by @poornas in #19349

Full Changelog: RELEASE.2024-03-21T23-13-43Z...RELEASE.2024-03-26T22-10-45Z

Bugfix Release

What's Changed

• write anything beyond 4k to be written in 4k pages by @harshavardhana in #19269
• fix wrong time.Parse params order by @alingse in #19279
• implement a flag to specify custom crossdomain.xml by @harshavardhana in #19262
• fix: add a default requests deadline when deadline is 0 by @harshavardhana in #19287
• add deprecated expiry_workers to be ignored by @harshavardhana in #19289
• add additional logs for the decom during metadata save by @harshavardhana in #19288
• feat: add user to NOTIFY_REDIS by @jiuker in #19285
• change the notification queue full message by @harshavardhana in #19293
• list: Fix IsTruncated and NextMarker when encountering expired objects by @vadmeste in #19290
• xl: Purge instead of moving to trash with near filled disks by @vadmeste in #19294
• crypto: generate OEK using HMAC-SHA256 instead of SHA256 by @aead in #19297
• decom: Fix failed status after a failed decommission by @vadmeste in #19300
• Handle zero versions qualified for expiration by @krisis in #19301
• avoid triggering heals on metacache files if any by @harshavardhana in #19299
• add IAM policyDB lookup fallbacks to drives by @harshavardhana in #19302
• replication: enforce precondition for multipart by @poornas in #19306
• fix: peer addr returned as empty string by @anjalshireesh in #19308
• fix: Fix crash when logging events and anonymous is enabled by @vadmeste in #19313
• use retry during policy reload from drives by @harshavardhana in #19307
• Encode dir obj names before expiration by @krisis in #19305
• fix batch snowball to close channel after listing finishes by @poornas in #19316

New Contributors

• @alingse made their first contribution in #19279

Full Changelog: RELEASE.2024-03-15T01-07-19Z...RELEASE.2024-03-21T23-13-43Z

Bugfix Release

What's Changed

• feat: Add Metrics V3 API by @donatello in #19068
• fix some typos by @thirdkeyword in #19212
• Improve handling of compression inclusion for objects by @twelho in #19234
• xl-meta: Add inline data bitrot check by @klauspost in #19240
• update build constants by @poornas in #19243
• only look for valid buckets for metrics by @harshavardhana in #19244
• Fix quorum calculation with zero parity objects by @vadmeste in #19250
• cosmetic: Move request goroutines to methods by @klauspost in #19241
• feat: allow retaining parity SLA to be configurable by @harshavardhana in #19260
• fix: do not look for non-existent bucket in decom tests by @harshavardhana in #19261
• update all dependencies by @harshavardhana in #19235
• allow dynamically changing max_object_versions per object by @harshavardhana in #19265

New Contributors

• @thirdkeyword made their first contribution in #19212
• @twelho made their first contribution in #19234

Full Changelog: RELEASE.2024-03-10T02-53-48Z...RELEASE.2024-03-15T01-07-19Z