This release enhances data resilience with an intelligent, automated drive healing process and improves operational visibility with granular, per-target replication status. Secure integration with enterprise systems is expanded through Kerberos authentication support for Kafka event notifications. These updates reduce administrative overhead, improve monitoring precision, and strengthen security for critical workflows. ### New Features - Introduced an intelligent, automated healing process for drives offline for over 48 hours, reducing administrative overhead and improving data resilience. The system now avoids unnecessary I/O by only initiating healing if the erasure set had write quorum during the outage. (#1147) - Enhanced multi-target replication with granular, per-destination status visibility via new HTTP headers. This allows for precise monitoring and troubleshooting of object replication, including delete markers and version deletions. (#1206) - Enabled secure integration with enterprise Kafka clusters by adding Kerberos (SASL/GSSAPI) authentication support for event notifications and audit logs. (#1187) ### Improvements - Increased data safety for object lifecycle transitions by implementing a two-phase process that confirms remote tier writes before removing source data. The self-healing process now continues repairing data on available drives even if other drives fail during the operation. (#1217) - Enforced strict read quorum for `ListObjects` operations to prevent incomplete results on degraded clusters. This ensures data consistency by failing the operation rather than returning a partial object list. (#1247) - Added a data integrity check for server-side encrypted uploads to validate the data stream structure before writing to storage. This prevents corrupted encrypted data from being persisted. (#1258) ### Performance Improvements - Optimized memory buffer reuse for object uploads, reducing allocations and improving performance, especially for small objects. (#1237) - Improved resource handling for S3 streaming uploads (Signature V4), increasing performance under high-concurrency workloads. (#1243) ### Bug Fixes - Resolved a race condition in memory buffer management during I/O operations to prevent resource leaks and improve system robustness under heavy load. (#1241) - Addressed a deadlock condition that could cause a node to become unresponsive during network disconnections under high load, ensuring more reliable cluster reconnections. (#1255) - Fixed a regression causing connection failures with certain Identity Providers (e.g., Azure AD). A new setting is available to explicitly control the HTTP protocol version for IDP communication. (#1251) - Corrected an issue where connections to Kafka were not closed when audit logging was disabled, preventing resource leaks. (#1245) - Ensured replication proxy metrics are no longer incorrectly incremented when proxying is disabled, providing accurate status reporting. (#1262) - Resolved a race condition within the internal performance testing tool to improve measurement consistency during high-concurrency tests. (#1250) ### Security Updates - Added a startup check that logs a warning if the configured MinKMS identity has administrator privileges, encouraging the use of least-privilege principles for enhanced security. (#1214)