This release introduces high-performance, prefix-based object expiration for efficient large-scale data cleanup and enhances identity management with automatic Azure AD group synchronization. Administrators gain deeper operational insight through new object placement metadata and LDAP monitoring metrics. Numerous fixes improve data healing, versioning, and system resource management in distributed environments. ### New Features - **High-Performance Prefix Deletion**: Lifecycle expiration rules now support a `prefix` type, enabling rapid deletion of all objects and versions within a specified prefix, which is significantly faster than individual object deletion. (#1273) - **Automated Azure AD Group Sync**: User group memberships from Azure AD are now refreshed periodically, ensuring permissions are automatically updated without requiring re-authentication. *Note: This requires adding the `offline_access` scope to your OIDC configuration.* (#1181) - **Enhanced LDAP Monitoring**: New Prometheus metrics provide visibility into the health and connectivity of LDAP identity providers. This release also resolves a potential server panic during IAM metric collection when no external provider is configured. (#1292) - **Detailed Object Placement Information**: Object listing operations now include the Pool ID and Erasure Set ID, providing administrators with precise data location details for advanced management and monitoring scripts. (#1054) ### Improvements - **Console Usability Enhancements**: The Console dashboard now displays server and drive information for at-a-glance monitoring. The workflow for creating access keys with custom policies has been streamlined. (#1303) - **Expanded Filesystem Compatibility**: The server now starts successfully on filesystems that do not support Direct I/O (e.g., tmpfs) by logging a warning and falling back to standard buffered I/O. (#1294) - **Improved OIDC Traffic Identification**: Outgoing requests to OpenID providers now include a `User-Agent` header, allowing administrators to more easily identify, monitor, and troubleshoot authentication traffic. (#1309) ### Bug Fixes - **Data Healing and Resiliency**: - Resolved a deadlock condition that could occur during concurrent data healing of new and recently offline drives, ensuring self-healing processes complete successfully. (#1302) - Corrected an issue where deleting a specific object version could fail in a distributed deployment, ensuring features like object quarantine function reliably. (#1312) - Fixed a bug where `mc admin heal` created empty quarantine directories for small, inlined objects. (#1305) - Optimized the background scanner to prevent redundant processing of the same bucket, improving resource efficiency. (#1304) - **Lifecycle and Data Management**: - Addressed a memory leak in the batch object expiration process, preventing excessive memory consumption on buckets with many object versions. (#1285) - Blocked batch expiration jobs from running on WORM-enabled buckets, now returning a clear error to protect locked data. (#1295) - Bucket configuration imports (`mc admin cluster bucket import`) in site replication setups no longer fail if remote metadata is missing; the system now attempts to heal it automatically. (#1308) - **System Operations and API Compatibility**: - Enhanced the distributed locking mechanism to prevent race conditions during `ForceUnlock` operations in highly concurrent environments. (#1310) - The server now correctly reports the checksum mode as `FULL_OBJECT` for single-part uploads, ensuring S3 API compatibility for clients that validate this header. (#1189) - Reduced log noise by eliminating unnecessary "file not found" errors for `xl.meta` during normal concurrent operations. (#1293) - Resolved Console login and file preview issues when running on a subpath, and corrected an error with bucket replication when using TLS. (#1303)