This release introduces significant performance and data management enhancements, including a new S3 Express API mode for faster object listings and the ability to append data to encrypted objects. Administrators gain new diagnostic tools for performance tracing, while batch jobs now support flexible JSON output and optional compression to streamline data integration and reduce storage costs. ### New Features * **Append to Encrypted Objects**: Incrementally update large files secured with SSE-S3 and SSE-KMS encryption, ideal for workflows like updating log files or building large datasets. (#672) * **S3 Express API Mode**: Enable significantly faster object listing performance, especially for buckets with many items. **Note:** Applications must be updated to handle unsorted list results when this mode is active. (#609) * **JSON Output for Batch Catalog**: Export batch catalog results in a structured JSON format for flexible integration with modern data pipelines and analytics tools. (#705) * **Performance Tracing for Speed Tests**: Diagnose performance bottlenecks with a new capability to gather detailed timing information during object storage speed tests. (#700) * **Configurable Compression for Catalog Output**: Control batch catalog output size with a new compression option to reduce storage and bandwidth consumption. (#720) * **MinKMS Integration for MACs**: Leverage master keys stored in MinKMS to compute Message Authentication Codes (MACs) for enhanced message integrity verification. (#735) ### Improvements * **Enhanced Object Metadata API**: Retrieve object versioning and bitrot detection status via the Object Summary API for more robust data management and integrity checks. (#688) * **Reduced Memory Usage for Encrypted Uploads**: Optimized the encryption process by reusing internal buffers, lowering memory consumption during high-volume encrypted uploads. (#681) * **Resilient Data Replication**: Queued replication tasks are now automatically replayed upon node restart, ensuring data consistency across sites. (#561) * **Improved Cluster Responsiveness**: Enhanced detection of offline nodes in a cluster, reducing performance degradation during operations like object listing. (#680) * **Efficient Background Task Processing**: Optimized background processing for IAM and replication resynchronization tasks to reduce overall system resource usage. (#702) * **PostgreSQL Schema Support**: PostgreSQL integration now supports the `schema.table` naming convention, simplifying configuration for tables in non-default schemas. (#766) * **Enhanced Batch Job Progress Reporting**: Gain better visibility into active batch jobs with more frequent status updates, even while scanning for eligible objects. (#717) * **Updated User Interface Components**: AIStor user interface assets have been updated to the latest version, incorporating recent visual and functional refinements. (#696) ### Security Updates * **Enforced IAM Secret Key Validation**: Added missing secret key validation during specific IAM operations to prevent the use of invalid keys. (#745) * **Secure Admin Updates**: The `mc admin update` command now downloads update binaries exclusively over HTTPS, improving the security and reliability of the update process. (#757) ### Bug Fixes * **Data Integrity for Unversioned Buckets**: Increased data integrity for uploads to unversioned buckets by preventing metadata inconsistencies after network interruptions. **Note:** The legacy `xl.json` metadata format is no longer supported and requires data migration. (#670) * **Automatic Data Healing Restored**: Re-enabled the automatic background self-healing scanner for all erasure coded deployments to ensure continuous data integrity checks. (#731) * **Consistent Metadata for S3 API Calls**: Ensured that API calls like `GetObjectTagging` consistently return the most up-to-date metadata in distributed environments. (#739) * **Reliable Service Account Authentication**: Service accounts for non-OIDC users now authenticate correctly when OpenID Connect (OIDC) is globally enabled. (#756) * **Resilient Self-Healing Operations**: Self-healing processes now resume correctly after transient errors, accelerating the restoration of data redundancy. (#759) * **PostgreSQL Notification Timeout**: Added a 30-second query timeout for PostgreSQL bucket notifications to prevent server hangs caused by slow database responses. (#752) * **Reliable Multipart Upload Cancellation**: Improved the handling of concurrent cancellation requests for large, in-progress multipart uploads. (#733) * **Correct Synchronization of Deleted Versions**: Resolved an issue with synchronizing delete markers in replicated buckets, preventing `VersionNotFound` errors. (#707) * **Automatic Recovery of Failed Drives**: Drives that fail during startup but later recover are now correctly detected and re-integrated into the storage pool. (#718) * **Correct Handling of Revoked Tokens**: Addressed a race condition in the handling of revoked authentication tokens to ensure correct behavior under heavy concurrent access. (#729) * **Fixed `KMS_SECRET_KEY` Deployment**: Corrected an issue that prevented successful deployment when using `KMS_SECRET_KEY` for automatic credential generation. (#704) * **Restored Append for Plain-Text Objects**: Fixed a regression that prevented data from being correctly appended to plain-text objects. (#723) * **Accurate Batch Expiry Metrics**: Corrected metrics for batch object expiry jobs to accurately report the handling of delete markers. (#722) * **Improved Object Readability**: Fixed an issue where objects could become unreadable (404 error) after certain interrupted operations or bucket suspension. (#701) * **Clarified Expired License Error**: The server startup error for an expired license now explicitly states `license: license has expired` for faster troubleshooting. (#713) * **Ceased Health Checks for Removed Peers**: Health checks now correctly stop for removed site replication peers, reducing unnecessary network traffic and log noise. (#751) * **Updated Internal Dependencies**: Updated core dependencies, including the `minio-go` client library, to incorporate underlying performance and correctness fixes. (#741)