# MinIO AIStor RELEASE.2025-10-17T06-17-41Z

Released: 2025-10-17

MinIO AIStor delivers critical security enhancements and replication reliability improvements in this release. This update resolves historical replication issues affecting multipart objects and addresses a privilege escalation vulnerability in service account management, ensuring robust access control and data consistency across distributed deployments.

## Security Updates

- **Fixed privilege escalation vulnerability in service account management ([GHSA-jjjj-jwhf-8rgr](https://github.com/minio/minio/security/advisories/GHSA-jjjj-jwhf-8rgr))** - Service accounts and STS accounts can no longer bypass inline policy restrictions when performing operations on their parent accounts. Previously, service accounts could create new service accounts without proper validation of attached sub-policies, potentially granting broader access than intended. Organizations using service accounts with inline policies should update immediately to maintain proper security boundaries (#1893)

## Bug Fixes

- **Resolved replication failures for CopyObject-affected objects** - Objects incorrectly copied from multipart to single-part format while retaining multipart checksums in previous releases can now replicate successfully. Eliminates data consistency issues in replicated deployments without requiring manual intervention or object re-upload (#1889)

- **Fixed replication failures for multipart objects from December 2022 to April 2023 releases** - The system now correctly filters malformed checksums for multipart objects created during this release window, enabling reliable cross-site and cross-bucket replication without manual intervention (#1423)

## Improvements

- **Updated to Go 1.24.9 toolchain** - Incorporates latest stability improvements and security patches from the Go runtime, enhancing overall system reliability and security posture (42fb512)

## Security & Compliance

### Software Bill of Materials (SBOM)

This release includes comprehensive SBOM documentation in multiple formats:
- [SPDX JSON](sbom-RELEASE.2025-10-17T06-17-41Z.spdx.json) - Standard SBOM format
- [CycloneDX JSON](sbom-RELEASE.2025-10-17T06-17-41Z.cyclonedx.json) - Security scanner compatible
- [Go Modules](go-modules-RELEASE.2025-10-17T06-17-41Z.txt) - Human-readable dependency list

SBOM files document all direct and transitive dependencies for security auditing and compliance requirements.

---

## Upgrade Instructions

For detailed upgrade instructions, visit: https://docs.min.io/enterprise/aistor-object-store/upgrade-aistor-server/upgrade-aistor-linux/

### Quick Upgrade Steps:

1. Download the latest binary for your architecture from the links above
2. Stop the MinIO AIStor service
3. Replace the existing binary with the new version
4. Restart the MinIO AIStor service

**Important**: Due to the security fix in this release (#1893), organizations using service accounts with inline policies should prioritize this upgrade.

For complete release details and downloads, visit: https://github.com/miniohq/eos/releases/tag/RELEASE.2025-10-17T06-17-41Z