# MinIO AIStor KES RELEASE.2026-04-09T09-14-06Z Released: April 10, 2026 This release upgrades the AWS Secrets Manager backend to use the modern AWS SDK for Go v2, providing improved credential handling, native endpoint resolution, and better AWS ecosystem integration. It also fixes HTTP response body leaks in the Entrust KeyControl and Fortanix SDKMS keystore backends that could degrade connection reuse under sustained load. --- ## Downloads ### Binary Downloads | Platform | Architecture | Download | | -------- | ------------ | ------------------------------------------------------------------------------ | | Linux | amd64 | [kes](https://dl.min.io/aistor/kes/release/linux-amd64/kes) | | Linux | arm64 | [kes](https://dl.min.io/aistor/kes/release/linux-arm64/kes) | | macOS | arm64 | [kes](https://dl.min.io/aistor/kes/release/darwin-arm64/kes) | | macOS | amd64 | [kes](https://dl.min.io/aistor/kes/release/darwin-amd64/kes) | | Windows | amd64 | [kes.exe](https://dl.min.io/aistor/kes/release/windows-amd64/kes.exe) | ### FIPS Binaries | Platform | Architecture | Download | | -------- | ------------ | ------------------------------------------------------------------------------ | | Linux | amd64 | [kes.fips](https://dl.min.io/aistor/kes/release/linux-amd64/kes.fips) | ### Container Images ```bash # Standard docker pull quay.io/minio/aistor/kes:RELEASE.2026-04-09T09-14-06Z podman pull quay.io/minio/aistor/kes:RELEASE.2026-04-09T09-14-06Z # FIPS docker pull quay.io/minio/aistor/kes:RELEASE.2026-04-09T09-14-06Z.fips podman pull quay.io/minio/aistor/kes:RELEASE.2026-04-09T09-14-06Z.fips ``` --- ## Improvements - **AWS SDK for Go v2 migration**: The AWS Secrets Manager keystore backend now uses the modern AWS SDK for Go v2 (`aws-sdk-go-v2`), replacing the deprecated v1 SDK. This brings native endpoint resolution via the AWS SDK, improved credential provider chains (including better EC2 instance metadata and IAM role support), idiomatic error handling with `errors.As`, and built-in pagination support for key listing operations (#39) - **Go toolchain upgrade**: Updated to Go v1.26.2, along with gRPC v1.79.3 and updated `golang.org/x` standard library modules (#39) --- ## Bug Fixes - **HTTP response body leak in Entrust KeyControl and Fortanix SDKMS backends**: Fixed missing `defer xhttp.DrainBody(resp.Body)` calls across multiple operations (Create, Get, Delete, List, Connect) in the Fortanix SDKMS and Entrust KeyControl keystore backends. Undrained HTTP response bodies prevent TCP connection reuse, which could lead to connection exhaustion under sustained key management workloads (#37) --- ## Security & Compliance ### Software Bill of Materials (SBOM) This release includes comprehensive SBOM documentation in multiple formats: - [SPDX JSON](sbom-RELEASE.2026-04-09T09-14-06Z.spdx.json) - Standard SBOM format - [CycloneDX JSON](sbom-RELEASE.2026-04-09T09-14-06Z.cyclonedx.json) - Security scanner compatible - [Go Modules](go-modules-RELEASE.2026-04-09T09-14-06Z.txt) - Human-readable dependency list SBOM files document all direct and transitive dependencies for security auditing and compliance requirements. --- ## Upgrade Instructions For detailed upgrade instructions, please read: https://docs.min.io/enterprise/aistor-key-encryption-service/upgrade-aistor-kes/ Platform-specific upgrade guides: - **Linux/Bare Metal**: https://docs.min.io/enterprise/aistor-key-encryption-service/upgrade-aistor-kes/upgrade-aistor-linux/ - **Kubernetes with Helm**: https://docs.min.io/enterprise/aistor-key-encryption-service/upgrade-aistor-kes/upgrade-aistor-kubernetes-helm/ ### Support For enterprise support: - SUBNET Support: https://subnet.min.io - Documentation: https://docs.min.io