This release enhances operational visibility with new KMS and persistent API metrics, and improves data lifecycle management with more flexible batch expiration rules. It also includes a critical security update to ensure STS session policies are correctly enforced, alongside significant performance optimizations for data rebalancing and inventory reporting. ### Security Updates * Corrected a critical vulnerability where Security Token Service (STS) session policies were not enforced. Temporary credentials are now correctly restricted by the provided policy, ensuring least-privilege access is maintained. (#1405) ### New Features * Introduced new metrics for monitoring external Key Management Server (KMS) health, enabling proactive alerting on encryption-related issues. (#1361) * API usage statistics now persist across server restarts, providing continuous and accurate metrics for long-term monitoring and capacity planning. (#1362) ### Improvements * Server logs sent to webhook endpoints now include the originating node's hostname, simplifying log analysis and troubleshooting in distributed deployments. (#1339) * Enhanced batch expiration jobs to support multiple prefixes and added a rule to remove entire prefixes, providing greater flexibility for data lifecycle management. (#1359) * The response header timeout for Lambda webhooks is now configurable, preventing errors for long-running data processing tasks. (#1337) * Updated documentation for Prometheus to include previously undocumented metrics, enabling more comprehensive monitoring of system health and performance. (#1401) ### Performance Optimizations * Significantly improved the generation speed of Parquet-based inventory reports by implementing more efficient batch-writing logic, reducing I/O load. (#1355) * Optimized the data rebalancing process to stop scanning once the target is met, reducing unnecessary system load and completing operations faster. (#1390) ### Bug Fixes * Enhanced storage subsystem resilience by adding safety checks against resource leaks during drive operations. (#1377) * Resolved a race condition during Parquet file generation, ensuring data integrity for inventory reports and other Parquet-based outputs. (#1381) * The Speedtest diagnostic tool now functions correctly with temporary (STS) credentials in a distributed deployment. (#1378) * Fixed a resource leak where reloading a server license would start duplicate background processes. (#1394) * Corrected an error that could prevent the replication queue from being saved to disk, improving replication reliability across server restarts. (#1397) * Administrators can now reliably start a new data rebalance operation immediately after a previous one completes without erroneous errors. (#1385) * Multi-object delete operations now correctly report success to the client, preventing false failure notifications in automated workflows. (#1410) * The status of a data rebalancing operation is now correctly persisted even if its configuration file is missing, improving operational consistency. (#1409) * Addressed multiple UI issues in the MinIO Console, including correct data unit display, accurate storage capacity reporting, and proper enforcement of read-only user permissions. (#1383)