# MinIO AIStor RELEASE.2026-04-11T03-20-12Z

Released: April 11, 2026

This release closes an authentication bypass in unsigned-trailer handling and hardens input validation across admin API endpoints. It also delivers significant performance improvements for Delta Sharing presigned URL generation, fixes numerous data-race and concurrency issues in decommission, pool hot-reload, and rolling upgrade paths, and resolves IAM policy mapping bugs affecting LDAP deployments and SSE-C conditional-deny evaluation.

---

## Downloads

### Binary Downloads

| Platform | Architecture | Download                                                                                  |
| -------- | ------------ | ----------------------------------------------------------------------------------------- |
| Linux    | amd64        | [minio](https://dl.min.io/aistor/minio/release/linux-amd64/minio)                        |
| Linux    | arm64        | [minio](https://dl.min.io/aistor/minio/release/linux-arm64/minio)                        |
| macOS    | arm64        | [minio](https://dl.min.io/aistor/minio/release/darwin-arm64/minio)                       |
| macOS    | amd64        | [minio](https://dl.min.io/aistor/minio/release/darwin-amd64/minio)                       |
| Windows  | amd64        | [minio.exe](https://dl.min.io/aistor/minio/release/windows-amd64/minio.exe)              |

### FIPS Binaries

| Platform | Architecture | Download                                                                                  |
| -------- | ------------ | ----------------------------------------------------------------------------------------- |
| Linux    | amd64        | [minio.fips](https://dl.min.io/aistor/minio/release/linux-amd64/minio.fips)              |
| Linux    | arm64        | [minio.fips](https://dl.min.io/aistor/minio/release/linux-arm64/minio.fips)              |

### Package Downloads

| Format | Architecture | Download                                                                                                                                           |
| ------ | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------- |
| DEB    | amd64        | [minio\_20260411032012.0.0\_amd64.deb](https://dl.min.io/aistor/minio/release/linux-amd64/minio_20260411032012.0.0_amd64.deb)                     |
| DEB    | arm64        | [minio\_20260411032012.0.0\_arm64.deb](https://dl.min.io/aistor/minio/release/linux-arm64/minio_20260411032012.0.0_arm64.deb)                     |
| RPM    | amd64        | [minio-20260411032012.0.0-1.x86\_64.rpm](https://dl.min.io/aistor/minio/release/linux-amd64/minio-20260411032012.0.0-1.x86_64.rpm)               |
| RPM    | arm64        | [minio-20260411032012.0.0-1.aarch64.rpm](https://dl.min.io/aistor/minio/release/linux-arm64/minio-20260411032012.0.0-1.aarch64.rpm)              |

### Container Images

```bash
# Standard
docker pull quay.io/minio/aistor/minio:RELEASE.2026-04-11T03-20-12Z
podman pull quay.io/minio/aistor/minio:RELEASE.2026-04-11T03-20-12Z

# FIPS
docker pull quay.io/minio/aistor/minio:RELEASE.2026-04-11T03-20-12Z.fips
podman pull quay.io/minio/aistor/minio:RELEASE.2026-04-11T03-20-12Z.fips
```

### Homebrew (macOS)

```bash
brew install minio/aistor/minio
```

---

## Security Updates

- **Unsigned-trailer authentication bypass** in PutObject and Snowball handlers has been closed. Requests with unsigned trailing headers could bypass signature validation under specific conditions. All deployments should upgrade. (#3978)

- **Input validation hardened** in admin API endpoints `getSetInfo` and `applyPagination`. Crafted URL path parameters with negative or out-of-bounds values could trigger index-out-of-range panics, crashing the server process. (#3980)

---

## Performance Improvements

- **Delta Sharing presigned URL generation parallelized** for large Delta tables with tens of thousands of data files. Client allocation is now performed once per request instead of per-file, and signing is distributed across GOMAXPROCS-sized goroutine pools. This removes the dominant bottleneck in snapshot, refresh token, and incremental/CDF query paths. (#3465)

- **Healing tracker reads eliminated from uncached DiskInfo calls** that do not use healing status. With 24 drives, this removes 24 unnecessary disk reads every 15 seconds from the `monitorDiskWritable` path. (#3798)

---

## Bug Fixes

### Erasure / Storage

- Fixed nil pointer dereference in `RawDirWalk` when disks are offline during admin inspect operations (#3984)
- Fixed `EcM` field not being zeroed during V2 header unmarshal, preventing stale erasure metadata from leaking across objects (#3704)
- Fixed `GetObjectReader` Read/Close data race by replacing atomic bool mutex with atomic counter for in-flight read tracking (8d8aee2)
- Fixed stale fields leaking across pooled `NSScanner` RPC responses, which could cause incorrect bucket usage data (#3867)

### Decommission / Pool Management / Rebalance

- Fixed missing `poolsLock` read lock in decommission code paths, eliminating data race with pool hot-reload operations (#3927)
- Hardened pool hot-reload for add and remove paths: proxy endpoint updates under proper locking, SIGHUP registration before goroutine spawn, config validation against new endpoints, and tolerance for unreachable nodes (#3584)
- Fixed missing `rebalMu` lock when writing `rebalMeta` during rebalance initialization (#3719)

### Rolling Upgrades

- Fixed bootstrap `CmdLines` divergence during rolling upgrades across the 2026-03-12 release boundary (#3874)
- Fixed grid connection race condition during rolling updates that could cause intermittent connectivity failures (#3541)
- Added automatic cluster API version bump after stable rolling upgrades complete, ensuring new features activate without manual intervention (#3433)

### IAM / Authentication

- Fixed LDAP policy mapping migration to persist normalized Distinguished Name filenames, preventing policy loss when DN casing varies across directory lookups (#3916)
- Fixed SSE-C conditional-deny evaluation in AccountInfo: the Console Buckets page no longer incorrectly reports read-only access for users whose policies combine `s3:PutObject` Allow with conditional SSE-C Deny (#3498)
- Fixed IAM policy heal-before-broadcast to prevent stale policy rollback during cluster-wide propagation (#3509)
- Replaced `init()` goroutine with context-aware STS rate limiter cleanup, eliminating a data race when the global limiter maps are modified (#3514)

### Replication

- Fixed swapped bucket/object arguments in replication worker channel hashing, which could route a PUT and its corresponding DELETE to different workers under backlog (#3703)
- Fixed `proxyTaggingToRepTarget` incrementing the wrong replication stats field (#3709)
- Fixed ghost peer entries persisting after site replication removal (#3718)

### Monitoring / Metrics

- Fixed internode network metrics to report only internode NICs instead of including loopback, and to use actual interface names instead of a hardcoded key. Multi-NIC configurations are now correctly aggregated. (#3796)
- Fixed FTP metrics always reporting zero bytes transferred and nil error (#3736)
- Fixed healing disk count in `getPoolsInfo` always reporting exactly one healing drive per erasure set regardless of actual count (#3714)
- Fixed `Scanning` flag not being set in the uncached `DiskInfo` path (#3672)

### Lifecycle

- Fixed ILM trace reporting: deferred `traceFn` was capturing the error return value at registration time (always nil) instead of at execution time, causing free-version delete traces to always report success (#3711)

### Tables / Delta Sharing

- Fixed shard lock deadlock in table maintenance configuration handlers when a cache miss triggers a table registry reload under an already-held write lock (#3417)
- Added `NumFiles` and `Size` metadata to uniform Delta tables and improved presigned URL batching (#3946)

### Healing

- Suppressed spurious heal audit log entries when no healing was actually attempted (#3963)

### Logging / Observability

- Fixed incorrect strings in log messages, error formatting, and OpenTelemetry attributes (#3713)
- Fixed prepared statement close errors being silently discarded in MySQL and PostgreSQL notification targets; they are now logged via `loggerOnce` (#3627)

---

## Improvements

- Drive hash mismatch errors now display actual drive paths and pool/set/drive locations instead of opaque SHA-256 hashes (#3454)
- Stack traces in console and stdout log targets are now truncated to 15 source frames for concise output (#3569)
- Updated Console to v0.0.40 (#3906)
- Upgraded to Go v1.26.2 with module dependency updates (#3886)

---

## Security & Compliance

### Software Bill of Materials (SBOM)

This release includes comprehensive SBOM documentation in multiple formats:

- [SPDX JSON](sbom-RELEASE.2026-04-11T03-20-12Z.spdx.json) - Standard SBOM format
- [CycloneDX JSON](sbom-RELEASE.2026-04-11T03-20-12Z.cyclonedx.json) - Security scanner compatible
- [Go Modules](go-modules-RELEASE.2026-04-11T03-20-12Z.txt) - Human-readable dependency list

SBOM files document all direct and transitive dependencies for security auditing and compliance requirements.

---

## Upgrade Instructions

For detailed upgrade instructions, please read: https://docs.min.io/enterprise/aistor-object-store/upgrade-aistor-server/

Platform-specific upgrade guides:

- **Linux/Bare Metal**: https://docs.min.io/enterprise/aistor-object-store/upgrade-aistor-server/upgrade-aistor-linux/
- **Kubernetes with Helm**: https://docs.min.io/enterprise/aistor-object-store/upgrade-aistor-server/upgrade-aistor-kubernetes-helm/

### Support

For enterprise support:

- SUBNET Support: https://subnet.min.io
- Documentation: https://docs.min.io