# MinIO AIStor EDGE.2025-12-01T18-12-15Z

Released: 2025-12-01

This release adds batch key rotation for plaintext objects, enabling encryption of existing unencrypted data without re-upload. A critical fix addresses incorrect checksum calculation on compressed objects introduced in RELEASE.2025-10-17T06-17-41Z. Tables Catalog users should upgrade for the authorization fix in the metrics endpoint.

## Security Updates

- **Tables Catalog authorization fix** - Added missing IAM policy enforcement to TableMetrics handler. Previously, any authenticated user could report metrics to any table regardless of permissions (#2359)

## New Features

- **Batch key rotation for plaintext objects** - Encrypt existing unencrypted objects using batch key rotation jobs. Organizations can now apply encryption policies to legacy data without re-uploading objects (#1843)
- **Tables Catalog Metrics v3** - Full observability for Iceberg REST Catalog operations including namespace/table lifecycle events, transaction counts, and cache performance metrics (#2126)
- **Iceberg REST Catalog compatible errors** - Error responses now conform to Iceberg REST Catalog specification for improved client compatibility (#2221)

## Bug Fixes

- **Fixed checksum calculation for compressed objects** - Corrected regression where server-side checksums were computed on the compressed data stream instead of original content. Objects with incorrect checksums written by RELEASE.2025-10-17T06-17-41Z are automatically filtered on read (#2383)
- **Fixed usage metrics gaps during restarts/upgrades** - Scanner now tracks per-set failures and continues scanning healthy sets instead of aborting the entire cluster scan. Partial results are sent when at least one set reports data. Backup interval reduced from every 10th to every 2nd update cycle (#2372)
- **Fixed batch job cancellation** - Resolved issues where batch job cancellation did not work properly and metrics failed to update correctly (#2337)
- **Fixed multipart upload checksum validation** - Corrected FULL_OBJECT checksum type validation in CompleteMultipartUpload (#2379)
- **Fixed race condition in PutObjectExtract** - Resolved data race in concurrent tar extraction where request form data was overwritten across goroutines (#2347)
- **Fixed QueueStore performance** - Reduced excessive `lstat` calls and corrected ordering issues in event notification queue (#2315)
- **Fixed Tables transaction recovery** - Hardened transaction logging for improved crash recovery (#2205)
- **Fixed batch job start validation** - Corrected incorrect validation logic for job start conditions (#2381)
- **Fixed DeleteTable grid RPC** - Corrected grid handler for DeleteTable operations (#2368)

## Improvements

- **Certificate hot-reload on SIGHUP** - All TLS certificates (server, client, CA) now reload on SIGHUP signal without service restart (#554)
- **Ringbuffer I/O optimization** - Added 8KB minimum output size hint to reduce micro-writes during streaming operations (#1757)
- **CPU metrics accuracy** - Improved CPU statistics collection with explicit timer/load counters for reliable cross-node aggregation (#2354)
- **Tables namespace prefix validation** - Register-table now verifies no other table exists in the same prefix to prevent conflicts (#2357)
- **Write verification metrics** - New `api_write_verification_failures_total` metric with debug logging for diagnosing write verification failures (#2287)
- **Admin API status codes** - Return StatusNotImplemented instead of StatusUpgradeRequired when retry would be futile (#2386)
- **Cluster registration metadata** - MinioCommitID now included in cluster registration for version tracking (#2336)
- **Tables namespace error messages** - Improved error messages to include namespace name for easier debugging (#2361)

## Dependencies

- Migrated YAML package from `gopkg.in/yaml.v3` to `go.yaml.in/yaml/v3` v3.0.4, fixing xtime.Duration unmarshaling in batch job configurations (#2360)
- Updated sio encryption library to v0.4.3 with writer safety improvements (#2345)
- Updated minio/pkg/v3 to v3.5.0 for YAML package compatibility (#2360)

## Code Maintenance

- Refactored ILM evaluation logic for improved maintainability (#2152)
- Removed dead code in newStorageAPI (#2334)
- Empty table registry file now created during namespace creation (#2342)

---

## Upgrade Instructions

For detailed upgrade instructions, visit: https://docs.min.io/enterprise/aistor-object-store/upgrade-aistor-server/upgrade-aistor-linux/

### Quick Upgrade Steps:

1. Download the latest binary for your architecture
2. Stop the MinIO AIStor service
3. Replace the existing binary with the new version
4. Restart the MinIO AIStor service

**Important for Tables Catalog users**: This release fixes a missing authorization check in the TableMetrics handler. If you use IAM policies to restrict Tables Catalog access, upgrade promptly.

**Note for users upgrading from RELEASE.2025-10-17T06-17-41Z**: If you have compressed objects written by that release, incorrect checksums will be automatically filtered when reading those objects. No manual action required.

For complete release details and downloads, visit: https://github.com/miniohq/eos/releases/tag/EDGE.2025-12-01T18-12-15Z