# MinIO AIStor RELEASE.2025-12-20T04-58-37Z

Released: December 20, 2025

This major release introduces FIPS 140-3 compliant cryptography, extended backend format for full S3 object naming compatibility, bucket-level QoS enforcement for multi-tenant workloads, and multiple LDAP configuration support. Performance improvements include up to 46% reduction in memory allocations and 50% fewer disk IOPS for delete operations. Key enhancements include inventory job control, lease-based distributed locking for improved reliability, automatic multipart checksums, kernel-level storage protection, and 56 additional v3 metrics.

## New Features

### Bucket Inventory System

New bucket-scoped inventory APIs for comprehensive object metadata tracking (#1357):

- Generate, get, put, list, delete, and status operations
- Named configurations with unique IDs for easier management
- Full scheduling support: hourly, daily, weekly, monthly, and yearly
- Improved Parquet writer performance with optimized flush thresholds (#1367)
- LastUpdate timestamp tracking in job status (#2512)
- Retry limits for inventory jobs (#1443)
- Object AccessTime support (#1488, #1525)

**Job Control APIs** (#1510):
- Cancel, suspend, and resume operations for active inventory jobs
- State change detection for executing jobs
- Operational control for maintenance windows and resource management

### Bucket-Level Quality of Service (QoS) Enforcement

Comprehensive bucket-level API rate limiting and throttling system (#1389):

- **Request Rate Limiting**: Token bucket-based requests-per-second (RPS) throttling with configurable burst limits
- **Concurrency Limiting**: Restrict concurrent requests per API operation
- **Priority-Based Rules**: Multiple rules per API with priority-based enforcement and prefix matching
- **Per-Node Limits**: Rate limits apply independently on each node
- **Prometheus Metrics**: Comprehensive throttling metrics for monitoring
- **CLI Management**: Configure and monitor QoS rules via `mc qos rule` commands

Enables fine-grained performance SLAs per bucket, prevents noisy neighbor issues, and ensures fair resource allocation in multi-tenant environments.

### Identity and Access Management

**Multiple LDAP Configurations** (#1931):
- Connect to multiple LDAP servers simultaneously for identity management
- New LDAP IAM type supporting multi-directory authentication
- Enhanced SFTP and FTP server integration with multiple LDAP sources
- Simplified complex organizational structures and phased LDAP migrations
- Improved site replication compatibility with diverse directory services
- **Limitation**: Console UI login with multiple LDAP configurations will be available in a future release

**LDAP Enhancements**:
- Fixed missing account status for LDAP users (#2254)
- Resolved LDAP TLS handshake failures with StartTLS and tls_skip_verify=off

### Extended Backend Format for S3-Compatible Object Naming

**Full S3 Object Naming Compatibility** (#1395, #1513):

MinIO AIStor now supports extended backend format enabling storage of objects with special characters for complete AWS S3 compatibility:

- **Special Character Support**: Store objects with double slashes (`//`), leading slashes (`/foo`), and trailing slashes (`foo/`)
- **Transparent Encoding**: Unicode-based encoding transparently handles filesystem restrictions while presenting original names to clients
- **Cluster Validation**: Mode persisted per drive with cluster-wide validation to prevent configuration mismatches (#1513)
- **Performance Optimization**: BigCache-based LRU cache (256 MB, 10-minute TTL) for encoded object names
- **Enable at Deployment**: Use `minio server --object-naming=extended /data` flag at first deployment

**Important Restrictions**:
- Extended mode must be set at initial deployment and cannot be changed later
- Replication between extended mode and safe mode clusters is not supported (#1632)
- Object naming mode is included in `mc admin info` output for cluster visibility

Enables migration from S3 environments that use complex object naming patterns without object renaming.

### Storage Protection and Integrity

- **Automatic Multipart Checksums**: Multipart uploads automatically compute and verify checksums without requiring client-side computation (#2398)
- **Kernel-Level Storage Protection**: SELinux (RHEL/CentOS) and eBPF LSM (Ubuntu/Debian) mechanisms prevent accidental deletion of MinIO data directories (#1945)
- **Drive Usage Limits**: New `MINIO_DRIVE_MAX_USAGE_PCT` returns 507 Insufficient Storage when drives approach configured limits (#2338)
- **Read-After-Write Verification**: Optional verification reads data immediately after writing to validate successful persistence (#1508)

### Certificate Management

- **FTPS Certificate Reload**: Reload TLS certificates for FTPS without server restart, enabling zero-downtime certificate rotation (#2011)

### API Enhancements

- **X-Amz-Mp-Object-Size Validation**: CompleteMultipartUpload validates optional size header (#1879)
- **Custom Zip File Headers**: Per-file metadata headers in zip archive downloads (#2485)
- **Batch Job List Filtering by Bucket**: Filter batch job listings by source bucket (#1929)
- **Rapid Scan Healing**: Fast dangling data detection using directory listing only (#1222)
- **Console Login Link API**: Generate console API login links programmatically for SSO and embedding scenarios (#1653)
- **Azure Policy Management**: New APIs for managing Azure-specific policies and provider configurations (#1567)

### Observability and Metrics

**v3 Metrics Enhancements**:
- **56 New v3 Metrics**: Network interface statistics, CPU load metrics, and statistical variants (avg/max) for feature parity with v2 (#2102)
- **Real-Time Replication Metrics**: Time-windowed statistics for live monitoring of replication lag, throughput, and site replication status (#2128)
- **v3 Site Replication Metrics**: Full port of cluster and node-level site replication metrics to v3 (#1474)
- **Wildcard Bucket Patterns**: Query metrics for multiple buckets using wildcards without configuration updates (#1026)
- **Persisted Time-Segmented Disk Metrics**: Per-operation-type metrics with 1-minute and 24-hour rolling windows (#1421)
- **QoS Metrics**: Comprehensive throttling and rate limit metrics (#1389)
- **Missing v2 Metrics**: Added 41 previously missing v2 metrics to v3 implementation (#2054)
- **Comprehensive v3 Fixes**: Resolved all outstanding v3 metrics issues (#2185)

**Additional Metrics**:
- **KMS Connectivity Tracking**: Prometheus histogram for request latency with percentile queries (#2289)
- **Object Age Distribution**: Track object age across 6 buckets from <30 days to >2 years (#1412)
- **ILM Transition Workers Metric**: New `minio_ilm_transition_num_workers` metric (#2458)
- **Notification Target Failures**: New `minio_notification_target_failed_events` metric (#2261)
- **Drive Query Metrics**: Enhanced drive metrics in query responses (#1618)

**Tracing and Diagnostics**:
- **RWLocker Events in Traces**: Lock/unlock requests visible in OpenTelemetry traces (#2433)
- **Network Status in Node Query**: Network interface details in admin API responses (#2397)
- **Global Header Filters for Audit**: Define global filters to exclude sensitive headers from audit logs (#1727)

### Drive and Query Enhancements

- **Drive Query Improvements**: Additional drive fields including healing info in Drive Query API (#1618, #1825, #1924)
- **Parity Information**: Parity field added to Pools Query Handler (#1779)
- **Query Results Sorting**: Default sorting for query API results (#1989, #1369)

## Improvements

### System Reliability

**Lease-Based Distributed Locking** (#2073):
- Replaces refresh-based lock validity with absolute lease expiry timestamps
- Eliminates stale lock accumulation that could block operations indefinitely
- Prevents lock starvation in high-contention scenarios
- Improves overall cluster reliability and lock management

**IAM Consistency**:
- Hash-based IAM broadcast deduplication replaces version-based sync, preventing IAM broadcast storms (#1880)
- Eliminated data race in qosManager access (#1882)

**Cluster Operations**:
- Lock Server Manager uses hash-based distribution for consistent distributed lock selection (#1454)
- Fixed health check panic by using endpoint-based pool lookup (#1666)

### Grid RPC Framework

- **Request Versioning and Compression**: Reduces inter-node bandwidth consumption for internal RPC communications (#1754)
- **Telemetry**: Added telemetry to storage REST client for better observability (#1934)

### Panic Recovery

- Goroutine panic recovery added to critical I/O paths for improved fault tolerance (#2051, #1804)

## Performance Improvements

### Memory Optimization

- **Pooled Erasure Buffers**: Eliminates ~23% of allocations during erasure decode (#2566)
- **Pooled Decompressors**: Reduces memory allocation by ~44% during read operations (#2567)
- **Reduced Read Allocations**: Pre-allocated buffers and bigcache optimization (#2557)

### I/O Optimization

- **Delete Operations**: Concurrent delete operations and elimination of redundant deletes reduce disk IOPS by ~50% (#2438)
- **Concurrent DiskInfo Fetching**: Parallel remote disk queries reduce latency (#2434)
- **CRC32C Bitrot for ARM64**: Hardware-accelerated bitrot for Cortex A8.2 and BlueField deployments (#2196)

### Admin API and Metrics

- **Eliminate Repeated DiskInfo Calls**: Reduced overhead in IO metrics collection (#2070)
- **Optimized ServerInfo**: Reduced TTL and Grid-based connectivity improve admin API response times (#2048)
- **Parallelized Admin Endpoint**: Network checks run in parallel with cached server info for faster `/admin/info` calls (#1499)

### Inventory Performance

- Parquet writer throughput improved by ~45% with optimized buffering (#1367)

## Bug Fixes

### Security

- **LDAP Password Leak**: Fixed LDAP passwords appearing in audit logs during AssumeRoleWithLDAPIdentity (#2409)
- **S3 Select CSV Limit**: Prevent OOM/DoS by limiting CSV lines to 128KB in S3 Select operations (#2546)
- **User Password Change**: Users with no permissions can now change their own password (#1449)
- **Sub-Policy Validation**: Fixed sub-policy checks when present (#1893)
- **PostPolicy Tag Enforcement**: Fixed tagging in PostPolicy upload not enforcing policy tags (#2005)

### Data Handling

- **CopyAligned Buffer Management**: Improved synchronization in CopyAligned to ensure buffer operations complete in correct order (#2506)
- **CopyObject Checksum**: Fixed checksum computation for uncompressed copy operations (#2472)
- **Invalid Checksum in Replication**: Filter out incorrect zero checksums causing replication failures (#2509)
- **Object Rewrite on Tagging**: Avoid unnecessary rewrite and ETag changes when updating tags only (#2422)
- **Batch Replication Checksums**: Preserve checksums when batch replicating from remote source (#2332)
- **Batch Replication Part Numbers**: Fixed incorrect part number handling for multipart objects (#2329)
- **Non-Sequential Part Numbers**: Correct GetObject PartNumber handling for non-sequential parts (#2323)
- **Key Rotation**: Fixed keyrotate failing on versioned buckets with multiple versions (#2320)

### Batch and Lifecycle

- **Batch Filter Logic**: Fixed inverted tag/metadata filtering in StartFromSource (#2392)
- **Batch Job Cancellation**: Proper state validation and metrics cleanup when canceling jobs (#2337)
- **ILM Expiry Replication**: Fixed DelMarkerExpiration and AllVersionsExpiration rules not replicating to peer sites (#2013)
- **ILM NewerNoncurrentVersions in Decommission**: Respects ILM rules to skip versions that would be deleted (#2400)
- **Dynamic ILM Reload During Decommission**: Policies reload within 1 minute during pool decommissioning (#2415)
- **ILM Noncurrent Version Expiration Metric**: Fixed counter not incrementing (#2430)

### Cluster Operations

- **Panic on Startup Without License**: Fixed server crash when no license provided (#2564)
- **Distributed Maintenance Health Checks**: Only the node being taken offline excludes drives from quorum (#2508)
- **Site Replication Self-Removal**: Prevent sites from removing themselves (#2424)
- **Site Replication Name Generation**: Auto-generate site name when empty instead of returning error for improved usability (#2288)
- **Site Replication Rollback**: Revert partially completed site join operations on failure (#1872)
- **Preserve Retention/Versioning in Site Replication**: Settings preserved during initial setup (#2457)
- **Replication Through Load Balancers**: Allow bucket replication through load balancers on different ports (#2202)
- **Replication Purge Hang**: Fixed replication purge on delete hang (#2186)
- **Lock Server Manager**: Hash-based distribution for consistent distributed lock selection (#1454)
- **IAM Broadcaster**: Single-node IAM asset broadcasting for improved consistency (#1481)
- **IAM Context Propagation**: Pass context to IAMStoreSys.GetUserInfo to prevent resource leaks (#2001)

### Healing

- **Offline Drive Healing**: Restored xattr delete and write tracking to fix offline drive healing operations (#1988)

### Extended Backend Mode

- **Decommission/Rebalance Handling**: Fixed decommission and rebalance operations in extended mode (#1628)
- **Walk Merge Implementation**: Corrected Walk() merge behavior for extended naming mode (#1640)
- **Drive Replacement**: Preserve object naming mode when formatting replacement drives to maintain cluster consistency (#2188)

### Metrics and Monitoring

- **Heal Objects Metric**: Fixed `minio_heal_objects_heal_total` counter during `mc admin heal` (#2459)
- **User UpdatedAt Timestamp**: Fixed returning policy timestamp instead of user timestamp (#2439)
- **QoS Metrics Regression**: Fixed QoS stats update regression and added LastActivity tracking to reduce metrics bloat (#2155)
- **QoS API Management**: Fixed exclusions to prevent throttling lockout, improved stats collection (#2455)
- **Scanner Crash**: Fixed crash when calculating per-drive write failures (#2387)
- **Missing Metrics on Restart**: Fixed dips in usage values during restarts/upgrades (#2372)
- **Single-Node Metrics**: Fixed single node single drive NodesQuery returning empty metrics (#2080)
- **Inverted Condition**: Fixed inverted condition in collectAPIMetrics causing empty ClusterAPIStats (#1944)
- **API Latency Metric**: Populate minio_system_drive_api_latency_micros metric correctly (#2225)
- **Tier Metrics**: Fixed tier metrics and pool index handling in admin APIs (#2285)
- **Metrics Cardinality**: Reduced cardinality by removing redundant target_name label (#2277)
- **Driver IO Stat**: Fixed missing driver IO stat metric (#2068)
- **Offline Drive Metrics**: Fixed offline drives having no metrics populated in DrivesQueryHandler (#2014)
- **License Metrics**: Fixed nil pointer check for license in cluster config metrics (#2267)

### API Handlers

- **Client Disconnects**: Return 499 status code for client disconnects instead of 503 in GetObject (#1908)
- **Single-Node Hostname**: Return local node name for single-drive endpoints (#2017)
- **Single-Node Admin Info**: Populate hostname in admin object info for single-node deployments (#1990)
- **V4 API Offline Server**: Fixed V4 API becoming slow when server is offline (#2023)
- **Race Conditions**: Fixed race condition between three concurrent actors (#2127)
- **Context Cancellation**: Suppress context.Canceled logs in walkDir function (#2106)

### Console UI (v0.0.33 - v0.0.36)

- STS token revocation during logout
- OAuth2 automatic token refresh
- Fixed Add Access Key modal
- Fixed delete file issue
- Fixed CallHome error notifications
- Network and Drive performance tests in UI
- Site replication configuration from UI (#2475)

### Inventory

- **Improved YAML Validation**: Better error messages for inventory YAML validation (#2461)
- **JSON Serialization**: Initialize Items slice in ListInventoryConfigs to prevent null JSON serialization (#2266)

## Breaking Changes

### FIPS 140-3 Cryptography Enforcement

**CRITICAL SECURITY CHANGE** (#1878):

MinIO AIStor now enforces FIPS 140-3 compliant cryptography when `GODEBUG=fips140=on` is set, and restricts insecure ciphers by default:

**TLS Changes**:
- CBC cipher suites removed in FIPS mode

**SSH/SFTP Changes** (potentially breaking):
- Weak key exchange algorithms (DH-SHA1, DH Group 1) blocked by default
- Insecure ciphers (RC4) removed
- RSA-SHA1 and DSA public key algorithms filtered in FIPS mode
- HMAC-SHA1 MAC algorithms excluded by default

**JWT Changes**:
- Migrated from golang.org/x/crypto/sha3 to crypto/sha3 (FIPS 140-3 validated)

**Migration Required**: Users relying on weak SSH/SFTP ciphers or key exchange algorithms must explicitly set:
```
MINIO_API_SECURE_CIPHERS=off
```
to restore previous behavior. This is not recommended for production environments.

**Impact**: Government and regulated sector deployments now meet FIPS 140-3 compliance requirements. SFTP clients using legacy ciphers will fail to connect unless explicitly allowed.

### Security Requirements

- **Default Root Credentials Disallowed**: When `MINIO_API_ROOT_ACCESS=off`, explicit credentials or KMS configuration required. Default credentials no longer permitted (#1430)

### Token Expiration

- **AssumeRole Token TTL**: Maximum TTL enforced at 1 year. Centralized min/max/default values (#1360)

### License Restrictions

- **Free Tier Limitations**: Free tier licenses restrict distributed deployments, site replication, bucket replication, batch replication, tiering, and support commands (#2504, #2547, #2523, #2565)

### Metrics Changes

- **KMS Metrics**: Changed request metrics from gauge to counter (#2289)

### Extended Backend Mode Restrictions

- **Replication Limitation**: Replication between extended mode and safe mode clusters is not supported. Clusters in different object naming modes cannot replicate to each other (#1632)
- **Deployment-Time Decision**: Object naming mode must be set at initial deployment with `--object-naming=extended` flag and cannot be changed later

### API Configuration

- **CORS Wildcard Origins**: New configuration option to disallow credentials with wildcard CORS origins for enhanced security (#1809)

---

## Security & Compliance

### FIPS 140-3 Compliance

This release introduces FIPS 140-3 compliant cryptography enforcement for TLS, SSH/SFTP, and JWT operations when `GODEBUG=fips140=on`. See Breaking Changes section for migration details.

### Software Bill of Materials (SBOM)

This release includes comprehensive SBOM documentation in multiple formats:

- [SPDX JSON](sbom-RELEASE.2025-12-20T04-58-37Z.spdx.json) - Standard SBOM format
- [CycloneDX JSON](sbom-RELEASE.2025-12-20T04-58-37Z.cyclonedx.json) - Security scanner compatible
- [Go Modules](go-modules-RELEASE.2025-12-20T04-58-37Z.txt) - Human-readable dependency list

SBOM files document all direct and transitive dependencies for security auditing and compliance requirements.

---

## Upgrade Instructions

For detailed upgrade instructions, please read: https://docs.min.io/enterprise/aistor-object-store/upgrade-aistor-server/

Platform-specific upgrade guides:

- **Linux/Bare Metal**: https://docs.min.io/enterprise/aistor-object-store/upgrade-aistor-server/upgrade-aistor-linux/
- **Kubernetes with Helm**: https://docs.min.io/enterprise/aistor-object-store/upgrade-aistor-server/upgrade-aistor-kubernetes-helm/

### New Configuration Options

**Environment Variables**:
- `MINIO_DRIVE_MAX_USAGE_PCT` - Maximum drive usage percentage before rejecting new uploads
- `MINIO_API_SECURE_CIPHERS` - Set to `off` to allow legacy SSH/SFTP ciphers (not recommended)

**Feature Configuration**:
- Bucket-level QoS rules via `mc qos rule` commands
- Multiple LDAP configurations via admin API
- Inventory job control APIs (cancel, suspend, resume)

### Migration Notes

**Critical - FIPS Compliance**:
- SFTP clients using legacy ciphers (RC4, DH-SHA1, DH Group 1, RSA-SHA1, DSA, HMAC-SHA1) will fail to connect
- Set `MINIO_API_SECURE_CIPHERS=off` only if legacy cipher support is required (not recommended)
- Review SFTP client configurations for FIPS-compliant cipher suites

**Extended Backend Format**:
- New deployments requiring S3-compatible special character support in object names should use `--object-naming=extended` flag
- This is a deployment-time decision that cannot be changed after initial format
- Ensure all clusters in a replication topology use the same object naming mode
- Check `mc admin info` output to verify object naming mode across clusters before configuring replication

**General**:
- Clusters using default root credentials with `MINIO_API_ROOT_ACCESS=off` must configure explicit credentials or KMS
- Review AssumeRole token expiration settings if using tokens with TTL greater than 1 year
- KMS metrics consumers should update dashboards to handle counter (not gauge) semantics
- Free tier licenses now enforce additional restrictions on distributed features

### Support

For enterprise support:

- SUBNET Support: https://subnet.min.io
- Documentation: https://docs.min.io

---

## Container Images

- `quay.io/minio/aistor/minio:RELEASE.2025-12-20T04-58-37Z`
- `quay.io/minio/aistor/minio:latest`
- `quay.io/minio/aistor/minio:RELEASE.2025-12-20T04-58-37Z.fips`

## Downloads

### darwin-arm64

- [minio](https://dl.min.io/aistor/minio/release/darwin-arm64/archive/minio)
- [minio.RELEASE.2025-12-20T04-58-37Z](https://dl.min.io/aistor/minio/release/darwin-arm64/archive/minio.RELEASE.2025-12-20T04-58-37Z)
- [minio.RELEASE.2025-12-20T04-58-37Z.sha256sum](https://dl.min.io/aistor/minio/release/darwin-arm64/archive/minio.RELEASE.2025-12-20T04-58-37Z.sha256sum)
- [minio.sha256sum](https://dl.min.io/aistor/minio/release/darwin-arm64/archive/minio.sha256sum)
- [minio.RELEASE.2025-12-20T04-58-37Z.asc](https://dl.min.io/aistor/minio/release/darwin-arm64/archive/minio.RELEASE.2025-12-20T04-58-37Z.asc)
- [minio.RELEASE.2025-12-20T04-58-37Z.minisig](https://dl.min.io/aistor/minio/release/darwin-arm64/archive/minio.RELEASE.2025-12-20T04-58-37Z.minisig)
- [minio.asc](https://dl.min.io/aistor/minio/release/darwin-arm64/archive/minio.asc)
- [minio.minisig](https://dl.min.io/aistor/minio/release/darwin-arm64/archive/minio.minisig)

### linux-amd64

- [minio](https://dl.min.io/aistor/minio/release/linux-amd64/archive/minio)
- [minio.RELEASE.2025-12-20T04-58-37Z](https://dl.min.io/aistor/minio/release/linux-amd64/archive/minio.RELEASE.2025-12-20T04-58-37Z)
- [minio-20251220045837.0.0-1.x86_64.rpm.sha256sum](https://dl.min.io/aistor/minio/release/linux-amd64/archive/minio-20251220045837.0.0-1.x86_64.rpm.sha256sum)
- [minio.RELEASE.2025-12-20T04-58-37Z.sha256sum](https://dl.min.io/aistor/minio/release/linux-amd64/archive/minio.RELEASE.2025-12-20T04-58-37Z.sha256sum)
- [minio.sha256sum](https://dl.min.io/aistor/minio/release/linux-amd64/archive/minio.sha256sum)
- [minio_20251220045837.0.0_amd64.deb.sha256sum](https://dl.min.io/aistor/minio/release/linux-amd64/archive/minio_20251220045837.0.0_amd64.deb.sha256sum)
- [minio_20251220045837.0.0_x86_64.apk.sha256sum](https://dl.min.io/aistor/minio/release/linux-amd64/archive/minio_20251220045837.0.0_x86_64.apk.sha256sum)
- [minio.RELEASE.2025-12-20T04-58-37Z.asc](https://dl.min.io/aistor/minio/release/linux-amd64/archive/minio.RELEASE.2025-12-20T04-58-37Z.asc)
- [minio.RELEASE.2025-12-20T04-58-37Z.minisig](https://dl.min.io/aistor/minio/release/linux-amd64/archive/minio.RELEASE.2025-12-20T04-58-37Z.minisig)
- [minio.asc](https://dl.min.io/aistor/minio/release/linux-amd64/archive/minio.asc)
- [minio.minisig](https://dl.min.io/aistor/minio/release/linux-amd64/archive/minio.minisig)
- [minio-20251220045837.0.0-1.x86_64.rpm](https://dl.min.io/aistor/minio/release/linux-amd64/archive/minio-20251220045837.0.0-1.x86_64.rpm)
- [minio.apk](https://dl.min.io/aistor/minio/release/linux-amd64/archive/minio.apk)
- [minio.deb](https://dl.min.io/aistor/minio/release/linux-amd64/archive/minio.deb)
- [minio.rpm](https://dl.min.io/aistor/minio/release/linux-amd64/archive/minio.rpm)
- [minio_20251220045837.0.0_amd64.deb](https://dl.min.io/aistor/minio/release/linux-amd64/archive/minio_20251220045837.0.0_amd64.deb)
- [minio_20251220045837.0.0_x86_64.apk](https://dl.min.io/aistor/minio/release/linux-amd64/archive/minio_20251220045837.0.0_x86_64.apk)

### linux-amd64 (FIPS)

- [minio.RELEASE.2025-12-20T04-58-37Z.fips](https://dl.min.io/aistor/minio/release/linux-amd64/archive/minio.RELEASE.2025-12-20T04-58-37Z.fips)
- [minio.fips](https://dl.min.io/aistor/minio/release/linux-amd64/archive/minio.fips)
- [minio.RELEASE.2025-12-20T04-58-37Z.fips.sha256sum](https://dl.min.io/aistor/minio/release/linux-amd64/archive/minio.RELEASE.2025-12-20T04-58-37Z.fips.sha256sum)
- [minio.fips.sha256sum](https://dl.min.io/aistor/minio/release/linux-amd64/archive/minio.fips.sha256sum)
- [minio.RELEASE.2025-12-20T04-58-37Z.fips.asc](https://dl.min.io/aistor/minio/release/linux-amd64/archive/minio.RELEASE.2025-12-20T04-58-37Z.fips.asc)
- [minio.RELEASE.2025-12-20T04-58-37Z.fips.minisig](https://dl.min.io/aistor/minio/release/linux-amd64/archive/minio.RELEASE.2025-12-20T04-58-37Z.fips.minisig)
- [minio.fips.asc](https://dl.min.io/aistor/minio/release/linux-amd64/archive/minio.fips.asc)
- [minio.fips.minisig](https://dl.min.io/aistor/minio/release/linux-amd64/archive/minio.fips.minisig)

### linux-arm64

- [minio](https://dl.min.io/aistor/minio/release/linux-arm64/archive/minio)
- [minio.RELEASE.2025-12-20T04-58-37Z](https://dl.min.io/aistor/minio/release/linux-arm64/archive/minio.RELEASE.2025-12-20T04-58-37Z)
- [minio-20251220045837.0.0-1.aarch64.rpm.sha256sum](https://dl.min.io/aistor/minio/release/linux-arm64/archive/minio-20251220045837.0.0-1.aarch64.rpm.sha256sum)
- [minio.RELEASE.2025-12-20T04-58-37Z.sha256sum](https://dl.min.io/aistor/minio/release/linux-arm64/archive/minio.RELEASE.2025-12-20T04-58-37Z.sha256sum)
- [minio.sha256sum](https://dl.min.io/aistor/minio/release/linux-arm64/archive/minio.sha256sum)
- [minio_20251220045837.0.0_aarch64.apk.sha256sum](https://dl.min.io/aistor/minio/release/linux-arm64/archive/minio_20251220045837.0.0_aarch64.apk.sha256sum)
- [minio_20251220045837.0.0_arm64.deb.sha256sum](https://dl.min.io/aistor/minio/release/linux-arm64/archive/minio_20251220045837.0.0_arm64.deb.sha256sum)
- [minio.RELEASE.2025-12-20T04-58-37Z.asc](https://dl.min.io/aistor/minio/release/linux-arm64/archive/minio.RELEASE.2025-12-20T04-58-37Z.asc)
- [minio.RELEASE.2025-12-20T04-58-37Z.minisig](https://dl.min.io/aistor/minio/release/linux-arm64/archive/minio.RELEASE.2025-12-20T04-58-37Z.minisig)
- [minio.asc](https://dl.min.io/aistor/minio/release/linux-arm64/archive/minio.asc)
- [minio.minisig](https://dl.min.io/aistor/minio/release/linux-arm64/archive/minio.minisig)
- [minio-20251220045837.0.0-1.aarch64.rpm](https://dl.min.io/aistor/minio/release/linux-arm64/archive/minio-20251220045837.0.0-1.aarch64.rpm)
- [minio.apk](https://dl.min.io/aistor/minio/release/linux-arm64/archive/minio.apk)
- [minio.deb](https://dl.min.io/aistor/minio/release/linux-arm64/archive/minio.deb)
- [minio.rpm](https://dl.min.io/aistor/minio/release/linux-arm64/archive/minio.rpm)
- [minio_20251220045837.0.0_aarch64.apk](https://dl.min.io/aistor/minio/release/linux-arm64/archive/minio_20251220045837.0.0_aarch64.apk)
- [minio_20251220045837.0.0_arm64.deb](https://dl.min.io/aistor/minio/release/linux-arm64/archive/minio_20251220045837.0.0_arm64.deb)

### windows-amd64

- [minio.exe](https://dl.min.io/aistor/minio/release/windows-amd64/archive/minio.exe)
- [minio.exe.RELEASE.2025-12-20T04-58-37Z](https://dl.min.io/aistor/minio/release/windows-amd64/archive/minio.exe.RELEASE.2025-12-20T04-58-37Z)
- [minio.exe.RELEASE.2025-12-20T04-58-37Z.sha256sum](https://dl.min.io/aistor/minio/release/windows-amd64/archive/minio.exe.RELEASE.2025-12-20T04-58-37Z.sha256sum)
- [minio.exe.sha256sum](https://dl.min.io/aistor/minio/release/windows-amd64/archive/minio.exe.sha256sum)
- [minio.exe.RELEASE.2025-12-20T04-58-37Z.asc](https://dl.min.io/aistor/minio/release/windows-amd64/archive/minio.exe.RELEASE.2025-12-20T04-58-37Z.asc)
- [minio.exe.RELEASE.2025-12-20T04-58-37Z.minisig](https://dl.min.io/aistor/minio/release/windows-amd64/archive/minio.exe.RELEASE.2025-12-20T04-58-37Z.minisig)
- [minio.exe.asc](https://dl.min.io/aistor/minio/release/windows-amd64/archive/minio.exe.asc)
- [minio.exe.minisig](https://dl.min.io/aistor/minio/release/windows-amd64/archive/minio.exe.minisig)

## Changelog

[View changes since RELEASE.2025-10-17T06-17-41Z](https://github.com/miniohq/eos/compare/RELEASE.2025-10-17T06-17-41Z...RELEASE.2025-12-20T04-58-37Z)