# MinIO AIStor RELEASE.2026-02-02T23-40-11Z Released: February 2, 2026 This release represents a major milestone for MinIO AIStor's lakehouse capabilities with the S3 Tables/Iceberg Catalog and a complete implementation of the Delta Sharing protocol. The Iceberg Catalog now supports Views API, multi-level namespaces, and includes significant performance improvements through msgpack storage format, namespace sharding, and optimized locking. Delta Sharing brings secure cross-organization data sharing with full protocol v1.0 compliance including Databricks compatibility. Infrastructure improvements include pool hot-reload, S.M.A.R.T. disk monitoring, coalesced distributed locks, and async LDAP/OIDC initialization for improved Kubernetes deployments. --- ## Downloads ### Binary Downloads | Platform | Architecture | Download | |----------|--------------|----------| | Linux | amd64 | [minio](https://dl.min.io/aistor/minio/release/linux-amd64/minio) | | Linux | arm64 | [minio](https://dl.min.io/aistor/minio/release/linux-arm64/minio) | | macOS | arm64 | [minio](https://dl.min.io/aistor/minio/release/darwin-arm64/minio) | | macOS | amd64 | [minio](https://dl.min.io/aistor/minio/release/darwin-amd64/minio) | | Windows | amd64 | [minio.exe](https://dl.min.io/aistor/minio/release/windows-amd64/minio.exe) | ### Package Downloads | Format | Architecture | Download | |--------|--------------|----------| | DEB | amd64 | [minio_20260202234011.0.0_amd64.deb](https://dl.min.io/aistor/minio/release/linux-amd64/minio_20260202234011.0.0_amd64.deb) | | DEB | arm64 | [minio_20260202234011.0.0_arm64.deb](https://dl.min.io/aistor/minio/release/linux-arm64/minio_20260202234011.0.0_arm64.deb) | | RPM | amd64 | [minio-20260202234011.0.0-1.x86_64.rpm](https://dl.min.io/aistor/minio/release/linux-amd64/minio-20260202234011.0.0-1.x86_64.rpm) | | RPM | arm64 | [minio-20260202234011.0.0-1.aarch64.rpm](https://dl.min.io/aistor/minio/release/linux-arm64/minio-20260202234011.0.0-1.aarch64.rpm) | ### FIPS Binaries | Platform | Architecture | Download | |----------|--------------|----------| | Linux | amd64 | [minio.fips](https://dl.min.io/aistor/minio/release/linux-amd64/minio.fips) | | Linux | arm64 | [minio.fips](https://dl.min.io/aistor/minio/release/linux-arm64/minio.fips) | ### Container Images ```bash # Standard docker pull quay.io/minio/aistor/minio:RELEASE.2026-02-02T23-40-11Z podman pull quay.io/minio/aistor/minio:RELEASE.2026-02-02T23-40-11Z # FIPS docker pull quay.io/minio/aistor/minio:RELEASE.2026-02-02T23-40-11Z.fips podman pull quay.io/minio/aistor/minio:RELEASE.2026-02-02T23-40-11Z.fips ``` ### Homebrew (macOS) ```bash brew install minio/aistor/minio ``` --- ## S3 Tables / Iceberg Catalog ### Iceberg Views API Complete implementation of the Iceberg Catalog Views API per the official specification (#2060, #2276, #2813, #2725): **Core Operations:** - **CreateView**: Create new views with SQL representation and schema - **LoadView**: Retrieve view metadata including SQL, schema, and properties - **ReplaceView**: Update existing view definition - **DropView**: Delete view with optional purge - **CommitView**: Atomic view updates with conflict detection (#2276) - **RegisterView**: Register external views as AIStor extension (#2725) **Implementation Details:** - View metadata stored in Iceberg metadata format under `metadata/` prefix - Views support multiple SQL representations for different query engines - CommitView returns HTTP 409 on concurrent modification conflicts (#2882) - Views share namespace with tables but maintain separate registry - Full integration with TableAuthSys for authorization (#2280) - TraceTables tracing for view operations (#2407) ### Multi-Level Namespaces Hierarchical namespace support enabling complex organizational structures (#2491): **Features:** - Nested namespace paths (e.g., `catalog.database.schema`) - Reserved namespaces for system use (#2385) - ListNamespace policy restricted by parent namespace (#2812) - HEAD namespace endpoint for existence checks (#1987) - Namespace properties update functionality (#2278) - Parent namespace validation in ListNamespaces (#2380) **Implementation:** - Multi-namespace character escape handling in SigV4 signatures (#1679) - Dot notation for IAM policy condition matching (#2730) - Namespace registry sharding to avoid contention (#2609) - Synchronous cleanup on DeleteNamespace to prevent orphaned data (#2827) ### Performance Optimizations #### Msgpack Storage Format Replaced JSON with msgpack for all on-disk table/view metadata (#2703): - **7,670+ lines** of generated serialization code - Faster serialization/deserialization - Smaller storage footprint - Backward-compatible migration on first access #### Namespace Sharding Sharded namespace.json into 16 separate files to eliminate contention (#2609): - Prevents lock contention on large warehouses - Reduces file size for warehouses with many tables - Uses xxhash for consistent shard distribution - Parallel shard loading for ListTables #### Shard-Based Pagination New pagination implementation for ListTables and ListViews (#2889): - Load single shard per page instead of all 16 shards - Binary search for pagination token lookup (#2804) - Cross-node token routing via NodeName encoding - 15-minute cache TTL with 3-minute idle expiry - Memory reduction: 16x for first page requests #### Metadata Caching - **Metadata pointer caching** for load-table operations (#2900) - **Registry file read optimization**: Read once instead of multiple times (#2646) - **MakeTableLive consolidation**: Single shard load for multiple operations (#2775) - **Redundant metadata lookup elimination** in hot paths (#2774) - **Memory allocation reduction** using pooled msgp readers (#2776) - **Singleflight for registry shards**: Coalesce concurrent shard reads to reduce I/O amplification (#2912) - **Single table lazy loading** for S3 operations (#2829) #### Locking Improvements - **Locking rework** to reduce number of locks and contention (#2789) - **Per-warehouse namespace locks** replace global lock for RegisterTable/RegisterView (#2884) - **Non-blocking locks** for multi-table transactions (#1771, #1748) - **Catalog metadata max parity** for improved durability (#2771) ### Transaction Recovery #### Unified Recovery Framework Implemented Recoverable interface on Transaction for unified recovery (#2548): - Single recovery code path for all transaction types - Eliminates 200+ lines of duplicated recovery code - Clear separation of concerns in transaction hierarchy (#1806) - State helpers: LoadState, CheckForZombieTransaction #### Atomic RenameTable RenameTable now fully atomic with transaction log recovery (#2724): - **3,975+ lines** of implementation and tests - Two-phase commit with persistent transaction log - Automatic recovery on server restart - Handles partial failures and network partitions - Prevents table name conflicts during rename #### Transaction Hardening - **Transaction logging hardening** (#2205) - **Multi-table recovery rollback prevention** when participant dropped (#2636) - **Validation before atomic log write** in multi-table transactions (#2625) - **Orphaned staged-to-live log prevention** (#2641) - **Staged table lifecycle enforcement** (#1700) ### Authentication and Authorization #### TableAuthSys New dedicated authentication system with caching for table operations (#2249, #2286): - **1,438+ lines** of implementation - Per-table/view authorization checks - Cache with notifications for invalidation (#2286) - Reduces repeated IAM policy evaluations - Integrated with S3 standard SigV4 authentication (#1672) #### IAM Enhancements - **RegisterTable permission**: New s3tables IAM action (#2454) - **Authorization filtering**: Tables and namespaces listing filtered by user permissions (#2203) - **Multi-table transaction privilege checks**: Verify permissions on each table in transaction (#2352) - **Auth filtering for Create\* operations** (#2519) - **S3 Tables IAM policy resource handling** (#1717) - **Proper s3tables policy actions** (#1675) - **Explicit ListTables/ListViews permission** requirement (#2787) - **TableMetrics authorization check** (#2359) ### Error Handling Comprehensive error handling improvements for Iceberg REST Catalog compatibility (#2221): | HTTP Code | Condition | PRs | | --------- | -------------------------------------- | ------------ | | 409 | Concurrent modification conflicts | #2834, #2882 | | 404 | Namespace deleted during operation | #2886 | | 404 | Table/view not found (wrapped errors) | #2824 | | 400 | Invalid create-table/view requests | #1847, #2487 | | 400 | CommitMultiTableTransaction validation | #2487 | | 400 | Warehouse bucket deletion via S3 API | #2432, #2179 | **Additional Fixes:** - Response codes aligned with iceberg-go spec (#2792) - View conflict detection in CommitTable for RCK compatibility (#2517) - Error messages with context in S3 Tables/Iceberg catalog (#2363) - Namespace validation error handling (#1667) - Staged table cleanup during namespace deletion (#2399) ### Warehouse Bucket Management Enhanced isolation and protection for warehouse buckets: - **Filter from S3 and admin listings** (#2915) - **Allow S3 list/head operations** for compatibility (#2881) - **Prevent as replication targets** (#2717) - **Block bucket ops** (versioning, lifecycle, encryption) on warehouse buckets (#2695) - **Exclude from Replication and ListBucket** (#2658) - **IsWarehouse field** in bucket metadata for detection (#2668) - **Persist warehouse bucket tag** via globalBucketMetadataSys (#2644) - **Validate bucket configs** before warehouse upgrade (#2757) - **Notify peers** to load bucket metadata after warehouse creation (#2890) ### Inventory Integration Support for S3 Inventory with AIStor Tables (#1867): - **3,392+ lines** of implementation - Generate inventory reports for Iceberg tables - Iceberg metadata format output - Batch catalog record count and file splitting fixes (#2452) - createTablesAdapter for inventory Iceberg format support ### Additional Tables Features - **ETag support** for table operations (#2507) - **X-Minio-Tables-Include-Paths header** for ListTables/ListViews to include full object paths (#2885) - **Namespace type refactoring** with proper type safety (#2780) - **View creation with staged table**: Allow view creation when staged table exists with same name (#2393) - **RegisterTable path overlap check**: Uses disk-based checks instead of in-memory for reliability (#2420) - **Last consistent state on LoadTable**: Return last consistent state during recovery (#1911) - **Iceberg metadata file naming**: Correct naming convention for metadata files (#2499) ### Client Compatibility #### Spark - **Per-bucket purge-on-delete** for Spark clients via versioning config (#2779) - **DROP TABLE defaults purgeRequested to true** (#2848) - workaround for Spark bug where PURGE flag not forwarded - **Distributed setup** for PySpark tests (#1720) #### Trino - **Trino CI/CD tests** (#1730) - **Allow Trino to set table location** (#1723) - **Trino notebook fixes** (#1837) #### PyIceberg - **Apache Iceberg RCK and PyIceberg catalog tests** (#2189) - **Distributed setup** for PyIceberg tests (#1720) - **iceberg-go fork updates** (#2777, #2466, #2022, #1661) ### Metrics and Observability - **Tables Catalog v3 metrics** integration (#2126) - **TTFB and request count metrics** for Iceberg APIs (#2614) - **Tables/delta metrics fixes** (#2738) - **Admin trace support** for AIStor tables (#2165) - **TraceTables** instead of TraceObject in DeleteTable (#2407) --- ## Delta Sharing ### Protocol Implementation Full implementation of Delta Sharing open protocol v1.0 for secure cross-organization data sharing (#2450): **Scope: 19,740+ lines across 62 files** #### Core Protocol Compliance - Complete REST API per Delta Sharing protocol specification - Bearer token authentication (RFC 6750) - `delta-sharing-capabilities` header negotiation - Response formats: parquet (default) and delta - NDJSON streaming responses with proper Content-Type - `Delta-Table-Version` header on all table responses - Pagination (maxResults, pageToken, nextPageToken) - Case-insensitive name matching per spec #### Delta Lake Integration - **Delta log parser** (1,000+ lines): Read Delta Lake transaction logs - **Predicate pushdown** (1,605+ lines): Query optimization for efficient data retrieval - **Snapshot cache**: Metadata caching for Delta tables - **Uniform reader**: Read both Delta and Iceberg table formats #### Authentication - OAuth 2.0 client credentials support - JWT token isolation for Delta Sharing API endpoints (#2743) - Token management and credential regeneration (#2694, #2711) - Refresh token support with secure storage ### Databricks Compatibility - **endStreamAction inclusion** for streaming responses (#2583) - **Proper UUID formatting** for table IDs - **Consistent table IDs** for uniform tables ### Admin API - **Share management**: Create, list, update, delete shares - **Share name handling** improvements (#2497) - **Multi-table share policy generation** fix for same-bucket tables (#2627) - **Admin tracing** for Delta Sharing REST APIs ### Error Handling - **Page token validation** (#2607) - **Error code fixes** for protocol compliance (#2727) - **Delta Sharing tags** in logs with reduced redundant error logging ### Metrics - **Prometheus TTFB and request count metrics** (#2614) - **Delta sharing Prometheus v3 metrics** (#2541) ### Documentation Comprehensive documentation in `docs/aistor-delta-sharing/`: - README.md (470 lines): Overview and concepts - api-reference.md (336 lines): Complete API documentation - client-setup.md (412 lines): Client configuration guides - user-guide.md (361 lines): Usage examples and best practices --- ## Infrastructure Improvements ### Pool Hot-Reload Dynamically add or remove storage pools without server restart (#2302): - Update `config.yaml` and send `SIGHUP` to apply pool changes - All nodes validate changes before applying - Heal buckets to new pool automatically during hot reload (#2642) - Extended `config.yaml` supports most server CLI flags (#2597) ### S.M.A.R.T. Disk Health Monitoring Pure Go S.M.A.R.T. monitoring for NVMe and SATA drives (#2629): - Metrics at `/minio/metrics/v3/system/drive/smart` - Health status tracking (healthy, warning, critical) - Failure risk prediction based on Backblaze empirical data - Requires `CAP_SYS_ADMIN` and `CAP_DAC_OVERRIDE` capabilities or root ### Thread Pressure Monitoring Proactive thread exhaustion protection (#2631): - Health endpoints return HTTP 429 at critical pressure (≥85% of kernel limit) - `X-Minio-Server-Status: thread-pressure` header for orchestrator detection - Configurable thresholds via `mc admin config set` ### Coalesced Distributed Locks Read lock coalescing for reduced RPC overhead (#2768): - Multiple goroutines share single distributed RLock via reference counting - Reduces N distributed RPCs to 1 for N concurrent readers - Addresses ServerBusy errors under high concurrency ### Async LDAP/OIDC Initialization Server starts when identity providers are temporarily unreachable (#2781): - Configuration errors still block startup - Connectivity errors allow startup with providers in pending state - Prevents cascading container restarts in Kubernetes ### Extended Erasure Coding Support for up to 32 drives per erasure set (#2376): - Default remains 16 drives for optimal performance - Configure via `MINIO_ERASURE_SET_DRIVE_COUNT=17-32` ### Performance Optimizations - **DeleteVersions Grid RPC migration**: Migrated from HTTP REST to Grid RPC for improved performance (#2640) - **Heap-based k-way merge for ListObjects**: O(n log k) replaces O(n\*k) linear scan when merging entries from multiple erasure sets (#2544) - **MRF abandoned children healing**: Moved from inline scanner to background MRF with controlled concurrency (#2558) - **MRF reading and parsing optimization** (#2654) - **DeleteObject disk operations reduction**: Eliminates duplicate GetObjectInfo calls, reducing disk reads by factor of disks_per_set \* pools (#2438) - **PUT request hot path optimization** for high performance networks (#2638) - **Heap escape reduction** in hot paths (#2596) - **Lock contention reduction**: List cache uses atomic operations and sync.Map; DiscoverTables rate-limited to max 50 concurrent goroutines (#2910) - **Path.Clean allocation elimination**: Allocation-free path comparison in metacache merge (#2660) - **Regex precompilation**: Table/namespace name validation regex moved to package-level, eliminating ~1200ns/op overhead per request (#2650) - **PutObject temp directory sharding**: 16-way sharding of upload temp directories to reduce contention on `.minio.sys/tmp` (#2577) - **24h runtime metrics**: Added runtime, memory, process, scanner, OS and network metrics for last 24 hours (#2705) ### Monitoring Enhancements - **Per-peer internode metrics**: RTT, reconnect counts, queue length for identifying misbehaving nodes (#2610) - **Silent data corruption metrics**: Prometheus metrics for detecting bit rot and corruption (#2514) - **API version in healthinfo response** (#2897) ### Replication Enhancements - **S3 RTC threshold events**: ObjectReplicationMissedThreshold and ObjectReplicationReplicatedAfterThreshold events per AWS S3 RTC spec (#2606) - **Configurable threshold**: `MINIO_REPLICATION_EVENT_THRESHOLD` (default 15m) - **Site replication UI**: Configure site replication from Console without mc (#2475) ### Additional Infrastructure - **Pool filter for inspect-data**: Extract data from specific pool via `pool` query parameter (#2759) - **Scanner refreshes bucket configs** every minute during long-running scans (#2808) - **Avoid pools with offline drives** near EC threshold (#2647) - **Drive max_timeout KVS config** honored (#2766) - **Case-insensitive IAM map** for Windows and macOS (#2618) - **Batch key rotation** for plaintext objects (#1843) - **eBPF loader rewritten in Go** using cilium/ebpf (#2534) - **Homebrew support**: macOS users can install via Homebrew formula (#2836) - **Build info flag**: `--build-info` flag for extended build information (#2603) --- ## Experimental: Server-Side Logging > **Note:** This feature is experimental. The backend implementation may change in future releases as we evaluate scale characteristics. This is an opt-in feature disabled by default. ### Persistent Log Recorder Server-side persistent logging for API, Error, and Audit events (#2173, #2463): **Internal Disk Recording:** - `log_api_internal`: API request/response logging - `log_error_internal`: Error event logging - `log_audit_internal`: Audit trail logging **External Log Targets:** - Webhook targets: `log_api_webhook`, `log_error_webhook`, `log_audit_webhook` - Kafka targets: `log_api_kafka`, `log_error_kafka`, `log_audit_kafka` - Configurable batching for improved throughput - Persistent queue recovery after restart **Configuration:** ```bash # Enable internal API logging mc admin config set myminio log_api_internal enable=on # Configure webhook target mc admin config set myminio log_api_webhook:mytarget \ endpoint=https://logs.example.com/api \ auth_token=xxx ``` **Important Notes:** - Disabled by default (#2411) - Backend storage format subject to change - Monitor disk usage when enabling internal logging - Race condition and lock handling fixes included (#2752, #2751, #2851, #2917) --- ## Bug Fixes ### Security - **CVE fixes**: Go 1.25.6 security updates for zip handling vulnerabilities (#2758) - **Environment variable redaction**: Variables containing "passwd" redacted in logs (#2891) - **Kubernetes nil pointer**: Fixed dereference when HTTP request fails (#2831) ### Race Conditions - **WaitGroup race** in netperf (#2753) - **Storage metric persistence** load race at startup (#2760) - **Historic metrics initialization** race (#2805) - **Lock file race** during drive rotation in log recorder (#2751) - **Log recorder overflow** notification race (#2752) - **Scheduler PutConfig** race recreating run metadata (#2739) - **License management** race - health check before license validated (#2765) ### Replication - **Status set correctly** in all cases (#2677) - **Disabled target filtering** from backlog output (#2769) - **Resync cancellation** validation relaxed (#2713) - **EdgeSyncBeforeExpiry** blocking ILM expiry (#2619) - **Inline checksum filter** for replication (#2648) ### Cluster Operations - **Decommission metadata skip**: Skip all .minio.sys metadata in post-verification (#2906) - **Decommission inode tracking** for progress monitoring (#2793) - **Decommission object readability**: Verify object readability to handle inconsistent metadata (#2699) - **Pool hot-reload S3PeerSys** update (#2635) - **EC mismatch merging** fix (#2807) - **Storage consistency** and error handling (#2590) ### Identity and Access - **OpenID access key claims** deletion fix (#2823) - **OpenID access key list/info** retrieval fix (#2620) - **Group member normalization** fix (#2633) - **JWKS pull fallback** client (#2671) - **Skip root user service accounts** during site replication init (#2676) ### Licensing - **License management consolidation** into single licenseManager (#2765, #2691) - **License config order**: Set before token lookup (#2810) - **Free license restriction** on distributed setups (#2643) ### Metrics - **TTFB accuracy**: Excludes request read time (#2843) - **Inventory sequence number** fix (#2750) - **Missing metric descriptors** added (#2622) - **Metrics initialization** before starting load (#2805) ### Startup and Configuration - **TLS certificate error messages**: Improved actionable error messages for TLS misconfigurations in DEB/RPM deployments (#2904) - **Server start without certs directory**: Server starts when certs directory is unavailable (#2632) - **Version format panic**: Fixed panic when version is not set or has unknown format (#2600) ### ILM - **Deleted tier handling**: Handle deleted tier during free-version cleanup (#2599) - **Batch job start validation**: Fixed incorrect job start validation (#2381) ### RingBuffer - **Flush deadlock fix**: Fixed Flush() deadlock when minWriteTo was set with partial buffer (#2709) ### Network - **Netperf error handling**: Don't set error for individual peer connection failures (#2907) - **Coalesced write lock error**: Correct error message on write lock contention (#2802) --- ## Important Notes ### Tables: DROP TABLE Behavior DROP TABLE defaults `purgeRequested` to `true` (#2848): - Workaround for Spark bug where PURGE flag not forwarded to REST catalog - Matches behavior of Lakekeeper and Tabular.io catalogs - Related to Apache Iceberg issue #11023 ### Tables: On-Disk Format Tables metadata uses msgpack storage format (#2703): - Efficient serialization with smaller storage footprint - Faster read/write operations ### Tables: HTTP Response Codes Tables APIs return proper HTTP error codes per Iceberg REST Catalog spec: - **409 Conflict**: Concurrent modification - **404 Not Found**: Namespace/table/view not found - **400 Bad Request**: Invalid requests ### v3 Metrics Bucket Limit The v3 metrics wildcard endpoint now returns up to 1000 buckets per request (#2941), increased from the previous limit of 10. Use the `offset` query parameter for pagination when you have more than 1000 buckets. --- ## Upgrade Instructions For detailed upgrade instructions: https://docs.min.io/enterprise/aistor-object-store/upgrade-aistor-server/ Platform-specific guides: - **Linux/Bare Metal**: https://docs.min.io/enterprise/aistor-object-store/upgrade-aistor-server/upgrade-aistor-linux/ - **Kubernetes with Helm**: https://docs.min.io/enterprise/aistor-object-store/upgrade-aistor-server/upgrade-aistor-kubernetes-helm/ ### New Configuration Options **Environment Variables:** - `MINIO_ERASURE_SET_DRIVE_COUNT` - Set EC set size to 17-32 drives - `MINIO_REPLICATION_EVENT_THRESHOLD` - Configure S3 RTC threshold for replication events (default: 15m) **Versioning Config:** - `PurgeOnDelete: spark` - Enable purge-on-delete per bucket for Spark clients (#2779) **Experimental Log Recording** (via `mc admin config`): - `log_api_internal`, `log_error_internal`, `log_audit_internal` - `log_api_webhook`, `log_error_webhook`, `log_audit_webhook` - `log_api_kafka`, `log_error_kafka`, `log_audit_kafka` ### Implementation Notes **Tables API Clients:** - Handle HTTP 409, 404, 400 responses per Iceberg REST Catalog spec - CommitView and CommitTable return 409 on concurrent modification conflicts **Spark Users:** - DROP TABLE purges by default (workaround for Spark PURGE flag issue) - Per-bucket `PurgeOnDelete: spark` option available for granular control **S.M.A.R.T. Monitoring:** - Requires root or Linux capabilities: `cap_sys_admin,cap_dac_override+ep` ### Support - SUBNET Support: https://subnet.min.io - Documentation: https://docs.min.io