# MinIO AIStor RELEASE.2026-03-12T15-15-27Z Released: 2026-03-12 Two authentication vulnerabilities patched — unauthenticated log streaming and OpenID audience bypass — alongside Go 1.26.1 and a memory-safe eBPF rewrite. Broad correctness work covers IAM leader election, replication checksum handling, Delta Sharing deletion vectors, and object listing races. New capabilities include table encryption, multi-NIC internode networking, UpdateObjectEncryption, and cross-pool object healing. --- ## Downloads ### Binary Downloads | Platform | Architecture | Download | | -------- | ------------ | ------------------------------------------------------------------------------------- | | Linux | amd64 | [minio](https://dl.min.io/aistor/minio/release/linux-amd64/minio) | | Linux | arm64 | [minio](https://dl.min.io/aistor/minio/release/linux-arm64/minio) | | macOS | arm64 | [minio](https://dl.min.io/aistor/minio/release/darwin-arm64/minio) | | macOS | amd64 | [minio](https://dl.min.io/aistor/minio/release/darwin-amd64/minio) | | Windows | amd64 | [minio.exe](https://dl.min.io/aistor/minio/release/windows-amd64/minio.exe) | ### FIPS Binaries | Platform | Architecture | Download | | -------- | ------------ | ------------------------------------------------------------------------------------- | | Linux | amd64 | [minio.fips](https://dl.min.io/aistor/minio/release/linux-amd64/minio.fips) | | Linux | arm64 | [minio.fips](https://dl.min.io/aistor/minio/release/linux-arm64/minio.fips) | ### Package Downloads | Format | Architecture | Download | | ------ | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------ | | DEB | amd64 | [minio\_20260312151527.0.0\_amd64.deb](https://dl.min.io/aistor/minio/release/linux-amd64/minio_20260312151527.0.0_amd64.deb) | | DEB | arm64 | [minio\_20260312151527.0.0\_arm64.deb](https://dl.min.io/aistor/minio/release/linux-arm64/minio_20260312151527.0.0_arm64.deb) | | RPM | amd64 | [minio-20260312151527.0.0-1.x86\_64.rpm](https://dl.min.io/aistor/minio/release/linux-amd64/minio-20260312151527.0.0-1.x86_64.rpm) | | RPM | arm64 | [minio-20260312151527.0.0-1.aarch64.rpm](https://dl.min.io/aistor/minio/release/linux-arm64/minio-20260312151527.0.0-1.aarch64.rpm) | ### Container Images ```bash # Standard docker pull quay.io/minio/aistor/minio:RELEASE.2026-03-12T15-15-27Z podman pull quay.io/minio/aistor/minio:RELEASE.2026-03-12T15-15-27Z # FIPS docker pull quay.io/minio/aistor/minio:RELEASE.2026-03-12T15-15-27Z.fips podman pull quay.io/minio/aistor/minio:RELEASE.2026-03-12T15-15-27Z.fips ``` ### Homebrew (macOS) ```bash brew install minio/aistor/minio ``` --- ## Breaking Changes - **Tables: DROP TABLE now purges data by default** — `purgeRequested` defaults to `true` on `DROP TABLE`. Previously the table metadata was removed but underlying data files were left on-disk. Operators who relied on the old behavior to recover dropped tables must now pass `purgeRequested=false` explicitly (#2848) --- ## Security Updates - **Fixed unauthenticated log streaming** — `APILogsHandler`, `ErrorLogsHandler`, and `AuditLogsHandler` lacked authentication checks, allowing any client with network access to stream server logs containing bucket names, object keys, access keys, and full HTTP request/response details. All three endpoints now enforce authentication (#3065) - **Fixed OpenID audience check bypass** — when the audience check returned an error, execution continued and valid credentials were still issued (#3059) - **Rewrote eBPF loader from C to Go** using `cilium/ebpf` — eliminates the native C eBPF loader with a memory-safe Go implementation (#2534) - **Upgraded Go to 1.26.1** to resolve standard library vulnerabilities (#3289) - Updated `golang.org/x/net` to address GO-2026-4559 (20f14134) - Updated dependencies to resolve `govulncheck` findings (e3c83dd6) --- ## New Features - **Table and warehouse encryption** — warehouses and individual tables now support SSE-S3 and SSE-KMS encryption via `PUT/GET/DELETE /warehouses/{w}/encryption` and `PUT/GET/DELETE /{w}/namespaces/{ns}/tables/{t}/encryption`, consistent with S3 Tables encryption behavior (#2657) - **Multi-NIC internode networking** — aggregate internode bandwidth across multiple NICs via config v3 format. Existing v1/v2 configs auto-migrate on startup (#2968) - **UpdateObjectEncryption API** — S3-compatible in-place encryption type change; objects can transition between SSE-S3, SSE-KMS, and no encryption without re-uploading data (#3021) - **Cross-pool object healing** — detects and heals objects fragmented across multiple erasure pools. Pass `xpool=true` to any heal command to scan and consolidate cross-pool objects. Objects that cannot be unified immediately are queued in the MRF queue at medium priority for background retry (#3228) - **Cascade-delete Delta Sharing shares on table drop** — dropping an Iceberg table now automatically removes all Delta Sharing shares referencing it (#3248) - **Site replication peer name dynamic sync** — site name changes applied via config now propagate to the peer list without a server restart (#3144) - **Kubernetes OIDC token validation is now the default** — `MINIO_KUBERNETES_TOKEN_VALIDATION` defaults to `oidc` instead of `disabled`. Set explicitly to `tokenreview` to restore the previous Kubernetes TokenReview API behavior (#3261) - **MegaRAID SMART health monitoring** — SMART data collection for drives behind Broadcom/LSI MegaRAID controllers (HPE ProLiant, Dell PowerEdge, Cisco UCS) via `megaraid_sas` ioctl. Previously these systems reported `smartMetricStatusCollectionError = 4` for all drives (#3190) - **Self-service password change** — `POST /minio/admin/v3/change-my-password` lets users change their own password without requiring `admin:CreateUser` policy (#2835) - **`Prefer: return=full` header** — returns the complete object ignoring `Range`, responding with `Preference-Applied: return=full`. Enables cache/proxy layers to fetch whole objects in a single request (#2898) --- ## Performance Improvements - **Direct-write GetObject for plain objects** — eliminates the pipe and background goroutine from the read path for unencrypted, uncompressed objects, reducing latency and goroutine overhead on high-read workloads (#3072) - **Batch lock refresh RPCs** — coalesces per-object lock refresh calls into a single RPC per cycle, reducing N×M RPCs to M and cutting internode traffic on large multipart workloads (#3060) - **Coalesced write locks on same node** — write lock requests targeting the same node are batched, reducing RPC traffic on high-concurrency write workloads (#3197) - **Singleflight deduplication** — concurrent requests for data usage info, bucket metadata, multipart uploads, and `getObjectFileInfo` are deduplicated via singleflight, reducing redundant backend I/O (#3135, #3118) - **NSScanner per-bucket cache offloaded to peer nodes** — distributes bucket cache load/save operations across the cluster instead of every node independently scanning storage (#3030) - **Site replication status uses cached bucket metadata** — `SiteReplicationStatus` and `SiteReplicationMetaInfo` serve from cache by default, reducing latency for frequent status polling and diagnostics calls (#3328) - **Lock-free replication stats cache** — `ReplicationStats.Cache` replaced with `xsync.Map`, reducing lock contention on high-throughput replication workloads (#3115) --- ## Bug Fixes ### Replication - Fixed checksum errors during FULL_OBJECT multipart replication — `CRC64NVME` and other full-object checksum algorithms no longer cause 400 errors on `PutObjectPart` by stripping `X-Amz-Checksum-Algorithm` from `NewMultipartUpload` when FULL_OBJECT mode is detected (#3291) - Fixed replication config cleared in scanner when `ListBucketTargets` fails, causing ILM to expire objects with non-`COMPLETED` replication status (#3201) - Fixed replication tag filter using OR instead of AND semantics (#3112) - Fixed last-hour replication metrics merge silently dropping all receiver-side data (#3117) - Fixed `older-than` filter overflow in replication reset handler causing all objects to be resynced regardless of age (#3120) - Fixed site replication: indefinite blocking when peer clusters become unreachable, data races on shared removal state, and missing synchronization for concurrent removal (#2708) - Fixed incorrect `Partial` status when `RemoveAll=true` and a peer is unreachable (#3198) ### IAM / Authentication - Fixed IAM startup abort on a single invalid user — a single expired or JWT-invalid user no longer aborts the entire IAM cache load; invalid items are now skipped individually (#3317) - Fixed IAM broadcast leader never elected and IAM state hash never reflecting mutations — `globalLocalNodeName` (bare `host:port`) was compared against grid targets (`http://host:port`), so no node was ever elected (#3142) - Fixed data race on `rolesMap` reads in IAM — replaced with lock-free `xsync.Map` (#3091) - Fixed STS policy resolution order — JWT claims now checked before PolicyDB (#3138) - Fixed `AssumedRoleUser` Arn and AssumedRoleId never populated in AssumeRole response; also fixed XML tag misspelling (`AssumeRoleId` → `AssumedRoleId`) causing AWS SDK parsers to silently drop the field (#3310) - Fixed race condition in `getPeerName` (#3178) - Fixed nil pointer dereference in `PeerPolicyMappingHandler` (#3040) - Fixed config changes being applied during rolling upgrades before all nodes are upgraded and the cluster API version is bumped (#3169) ### Object Listing / Storage - Fixed zombie objectDir `CommonPrefixes` dropped in non-versioned listings (#3293) - Fixed zombie `VersionPurgeStatus` entries incorrectly filtered at metacache limit points (#3290) - Fixed `ListObjects` data race — `NoLock` path in `GetObjectInfo` could create a dangling namespace lock race under concurrent listing (#3262) - Fixed `writeUniqueFileInfo` unsafe under partial-quorum write failures — metadata could be left inconsistent when a subset of drives returned errors (#3264) - Fixed `CleanAbandonedData` writing stale metadata to drives that already held current data (#3081) - Fixed false `DeleteDanglingObject` on versioned erasure sets during concurrent CopyObject + HeadObject (#3230) - Fixed erasure `ToFileInfo` panic on nil `PartActualSizes` for pre-September 2023 metadata (#3200) - Fixed `GetObjectReader` data race between concurrent `Read` and `Close` (#3133) - Fixed `lazyPipeReader` goroutine outliving `GetObjectReader.Close` — background erasure read goroutine could access object data after cleanup released the namespace read lock; `Close` now blocks until the goroutine exits (4065f3e2) - Fixed tmpfile cleanup not running on error paths; scratch files now use the correct local drive (#3086) - Fixed lock races and singleflight pointer aliasing in coalesced lock path (#3245) - Fixed `AllHidden`/`isAllFreeVersions` swallowing errors instead of returning them (#3234) - Fixed data race on `ctx` variable in `nsScanner` goroutine — outer loop's `ctx` was mutated inside a spawned goroutine (d5d90f17) ### Delta Sharing / Tables - Fixed DV presigned URL inconsistency — multiple data files referencing the same deletion vector file now share one presigned URL; previously distinct signature timestamps caused `add.deletionVector` to mismatch `deletionVectorFile.url` (#3319) - Fixed Delta Sharing queries silently dropping files with deletion vectors (#3105) - Fixed deletion vector descriptors not transformed for standard clients (#3122) - Fixed table transaction recovery rolling forward instead of backward (#2996) - Fixed orphaned `metadata.json` files left when a commit loses the CAS race — async cleanup now removes the superseded file (#3182) - Fixed warehouse creation returning 500 instead of 409 on name conflict (#3156) - Improved error when `mc mb` targets an existing Tables warehouse — returns a descriptive conflict error instead of the generic `BucketAlreadyOwnedByYou` (#3157) - Fixed `loadAllShards` returning 500 on concurrent namespace delete (#3150) - Fixed tables encryption APIs not gated on cluster API version (#3260) - Fixed tables trace `-e / --errors` filter not working (#3250) ### Inventory - Fixed `saveFinalJobStateWithRetry` overwriting concurrent control-plane changes (#3163) - Fixed stale `Lock` field on jobs after Suspend → Resume cycle preventing rescheduling (#3192) - Fixed `CancelBatchJob` deletion being overwritten by a concurrent final persist from the job executor (#3129) - Fixed goroutine leak and incorrect NDJSON manifest key names (#2938) - Added panic recovery with 1-minute backoff to inventory scheduler and executor (#2522) ### Scanner / Decommission - Fixed decommission incorrectly migrating per-pool scanner internal files (`.usage-cache.bin`, `.background-heal.json`) — these are pool-specific and regenerated automatically (#3161) ### SMART / Storage Health - Fixed SMART collection for LVM-based drives — SMART data was not collected for drives accessed through LVM device mapper paths (#3256) ### Multipart / Object Operations - Fixed double XML response during `CompleteMultipartUpload` when precondition check fails after keep-alive goroutine has written HTTP 200 (#3134) - Fixed `writeChunkToDisk` failing when queue directory does not yet exist (#3257) ### Logging / Observability - Fixed `WaitGroup` data race in logger queue worker lifecycle (20e26993) - Fixed excessive logging on cordoned nodes — retries now respect context cancellation (#3036) - Fixed `ClusterSummaryHandler` performing three redundant `ServerInfo` RPC fan-outs; now reuses a single response, reducing RPCs by ~67% (#3110) - Fixed logger subsystems rejecting deprecated config keys on upgrade (#3265) ### Metrics / Admin - Fixed percent-encoded URL paths not decoded in metrics v3 handler (#3026) - Fixed `ServicesQueryHandler` not including LDAP status (#3092) ### Quality of Service / Other - Fixed `ConcLimiter` spinning with unnecessary sleep (#3114) - Fixed `qos.Error` missing `Unwrap()` breaking error chain inspection (#3082) - Fixed `kvFields` substring collision on key matching — `strings.Index` caused shorter keys to falsely match inside longer keys (e.g. `speed=` matching within `idle_speed=`) (#3202) - Fixed `joinErrs` iterating over an empty string slice instead of the actual errors (#3206) - Fixed tier validation returning inconsistent error codes — `BucketNotFound` and invalid credential errors now map to the correct S3 error codes (#3047) - Fixed `BucketKeyEnabled` incorrectly reported in batch-catalog for SSE-S3 and SSE-KMS objects (#3043) - Fixed `StopDiskAtLimit` incorrectly applied in cold listing path (#3258) - Fixed `config.yaml` `setDriveCount` auto-detection not matching CLI behavior (#3255) --- ## Improvements - **Rolling upgrade error handling** — config save during rolling upgrade returns HTTP 409 Conflict and tells the operator the exact `mc` command to unblock (#3335) - **Scanner advanced config** — `delay` and `max_wait` revived as hidden advanced options that override the speed preset for fine-grained scanner timing control (#3102) - **Batch key rotation template** — adds `plaintextOnly` and `forceEncryptLocked` filter options (#3137) - **Inspect `--config` mode output** — `mc admin inspect` now includes a rewritten `config.yaml` with local drive paths and a `start-minio.sh` script when the server runs in `--config` mode (#3152) - **Drive mount stability** — updated `madmin-go` adds the `FstabSource` field to the `Partition` struct, enabling detection of whether drives are mounted via stable UUIDs/LABELs or unstable device paths (#3063) - **Audit log Parquet compatibility** — JWT claims converted to string map in API audit logs, enabling Iceberg/Parquet-based audit log storage (#3180) - **Notification listener** — SSE endpoint sends HTTP 200 immediately on listen start, improving compatibility with buffering proxies (#3155) - **Tables: nested table prefixes** for improved namespace isolation (#2976) - **Console updated to v0.0.38** (#3071) --- ## Security & Compliance ### Software Bill of Materials (SBOM) This release includes comprehensive SBOM documentation in multiple formats: - [SPDX JSON](sbom-RELEASE.2026-03-12T15-15-27Z.spdx.json) - Standard SBOM format - [CycloneDX JSON](sbom-RELEASE.2026-03-12T15-15-27Z.cyclonedx.json) - Security scanner compatible - [Go Modules](go-modules-RELEASE.2026-03-12T15-15-27Z.txt) - Human-readable dependency list SBOM files document all direct and transitive dependencies for security auditing and compliance requirements. --- ## Upgrade Instructions For detailed upgrade instructions, please read: https://docs.min.io/enterprise/aistor-object-store/upgrade-aistor-server/ Platform-specific upgrade guides: - **Linux/Bare Metal**: https://docs.min.io/enterprise/aistor-object-store/upgrade-aistor-server/upgrade-aistor-linux/ - **Kubernetes with Helm**: https://docs.min.io/enterprise/aistor-object-store/upgrade-aistor-server/upgrade-aistor-kubernetes-helm/ ### New Configuration Options - `MINIO_KUBERNETES_TOKEN_VALIDATION` — default changed from `disabled` to `oidc`. Set explicitly to `tokenreview` to restore previous Kubernetes TokenReview API behavior - Scanner `delay` and `max_wait` — hidden advanced options that override the scanner speed preset ### Migration Notes - **Tables DROP TABLE**: if workflows depend on data surviving a `DROP TABLE`, pass `purgeRequested=false` explicitly before upgrading ### Support For enterprise support: - SUBNET Support: https://subnet.min.io - Documentation: https://docs.min.io