This release enhances administrative control and system diagnostics, introducing direct OpenTelemetry integration and an API for validating Identity Provider configurations. Key improvements focus on data lifecycle management, including a new API to cancel replication resync tasks and optimizations for the data healing process, which now runs in the background to improve scanner performance. ### New Features - **Direct OpenTelemetry Integration**: Servers can now send telemetry traces directly to OpenTelemetry-compatible collectors, streamlining setup and improving reporting efficiency. Administrators should migrate from `mc support telemetry proxy` to this new direct export mechanism. (#943) - **S3ZIP Individual File Extraction**: Generate presigned URLs with the `x-minio-extract=true` parameter to directly access and serve specific files from within a ZIP archive, avoiding the need to download the entire file. (#944) - **Identity Provider Status API**: A new API endpoint allows administrators to proactively verify the status and validity of their LDAP configurations, simplifying troubleshooting of authentication issues. (#853) - **Cancel Replication Resync Task**: A new API enables cancellation of ongoing S3 bucket replication resynchronization tasks for specific replication rules, providing greater control over system resources. **Note**: This API is not functional if site-level (cluster) replication is enabled. (#802) - **Detailed Network Connection Tracing**: Outgoing network connection attempts are now traced with detailed telemetry, providing connection times and target addresses to accelerate diagnosis of network-related issues. (#925) ### Improvements - **Distributed Locking System Overhaul**: Reworked the distributed locking mechanism for improved performance in high-concurrency environments, featuring a more efficient lock expiration process that reduces system load. (#947) - **Enhanced Data Healing Process**: Data healing tasks are now processed in the background, allowing the data scanner to complete its cycles more quickly. Administrators can also dynamically adjust the number of background healing workers to optimize resource allocation. (#937) - **Improved LDAP Configuration Experience**: Provides clearer, more actionable error messages and suggestions when setting up LDAP, along with more detailed diagnostic logs for Distinguished Name (DN) processing. (#927) - **More Robust Server Bootstrap**: The server startup process is now more efficient by avoiding redundant configuration checks and correctly enforcing configuration consensus (quorum) among nodes before startup. (#960) - **Enhanced Replication Diagnostics**: The `mc support diag` command now provides more detailed reports on pending synchronizations, specifying which peer sites require syncing to and from for each out-of-sync entity. (#849) - **Trial License Grace Period**: Introduces a grace period after trial license expiration, allowing for a smoother transition to a full license. (#929) - **Keep-Alives for Long-Running Operations**: The system now sends periodic keep-alive signals during lengthy operations like large batch deletes, preventing premature client connection timeouts. (#872) - **Admin Console Updated**: The Admin Console has been updated to version v0.0.14, incorporating the latest features, UI enhancements, and bug fixes. (#933, #958) ### Performance Improvements - **Optimized Object Healing**: The process for healing objects and cleaning up abandoned data parts has been optimized to reduce network overhead, resulting in faster data integrity restoration. (#919) - **Reduced Memory Usage for Tracing**: Enhanced the efficiency of metrics collection for tracing by reducing memory allocations, contributing to lower resource consumption during intensive diagnostic activities. (#961) ### Bug Fixes - **Corrected Prometheus Metrics for Bucket Traffic**: Resolved an issue where 'sent bytes' and 'received bytes' metrics for buckets were swapped in Prometheus, ensuring accurate network monitoring. (#931) - **Reliable 'AND' Logic in Batch Catalog Filters**: Corrected the evaluation logic for 'AND' conditions in Batch Catalog job filters to ensure they function reliably. Job template examples have also been updated for accuracy. (#939) - **Resolved LDAP Sync Race Condition**: Fixed a bug where a service account could be unintentionally restored or have its group memberships incorrectly updated during LDAP group synchronization. (#932) - **Accurate Error Reporting for Canceled Operations**: Operations on erasure-coded objects that are canceled or time out will now correctly report this as the primary error, avoiding potentially misleading secondary errors. (#948) - **Resolved Grid Connection Data Race**: Fixed a potential data race condition within the internal grid connection management system to prevent unexpected behavior in high-concurrency environments. (#942) - **Corrected Startup Initialization Order**: Ensured the global drive manager is initialized before other subsystems to prevent potential crashes during the server startup sequence. (#956) - **Accurate 'Last Online' Timestamp**: The 'last online' timestamp for a target is now correctly recorded when it is marked offline, ensuring precise downtime calculations. (#952) ### Security Updates - **Redacted Sensitive Data in Admin Info**: The `mc admin info` command now correctly redacts all sensitive configuration values set via environment variables in its output, preventing unintentional exposure of secrets. (#935) - **Modified Kubernetes JWT Audience Default**: The default audience for Kubernetes Service Account JWT tokens is now an empty string to simplify migrations. **Action Required**: For stricter security, administrators should set the `MINIO_KUBERNETES_TOKEN_AUDIENCE` environment variable to `sts.min.io` to limit the token's scope. (#922)