# MinIO AIStor RELEASE.2026-06-06T02-44-06Z Released: 2026-06-06 This release closes three security issues in policy evaluation and the Go standard library, corrects lifecycle expiration scoping for objects whose versions span multiple pools, and restores full PUT throughput by keeping O_DIRECT on the write path. It also hardens site-replication and the distributed locking layer against data races and deadlocks under high concurrency. Upgrading is strongly recommended for all deployments, especially those using object tagging policies, IP-based access conditions, or lifecycle expiration. --- ## Downloads ### Binary Downloads | Platform | Architecture | Download | | -------- | ------------ | ------------------------------------------------------------------------- | | Linux | amd64 | [minio](https://dl.min.io/aistor/minio/release/linux-amd64/minio) | | Linux | arm64 | [minio](https://dl.min.io/aistor/minio/release/linux-arm64/minio) | | macOS | arm64 | [minio](https://dl.min.io/aistor/minio/release/darwin-arm64/minio) | | macOS | amd64 | [minio](https://dl.min.io/aistor/minio/release/darwin-amd64/minio) | | Windows | amd64 | [minio.exe](https://dl.min.io/aistor/minio/release/windows-amd64/minio.exe) | ### FIPS Binaries | Platform | Architecture | Download | | -------- | ------------ | ------------------------------------------------------------------------- | | Linux | amd64 | [minio.fips](https://dl.min.io/aistor/minio/release/linux-amd64/minio.fips) | | Linux | arm64 | [minio.fips](https://dl.min.io/aistor/minio/release/linux-arm64/minio.fips) | ### Package Downloads | Format | Architecture | Download | | ------ | ------------ | ------------------------------------------------------------------------------------------------------------------- | | DEB | amd64 | [minio\_20260606024406.0.0_amd64.deb](https://dl.min.io/aistor/minio/release/linux-amd64/minio_20260606024406.0.0_amd64.deb) | | DEB | arm64 | [minio\_20260606024406.0.0_arm64.deb](https://dl.min.io/aistor/minio/release/linux-arm64/minio_20260606024406.0.0_arm64.deb) | | RPM | amd64 | [minio-20260606024406.0.0-1.x86_64.rpm](https://dl.min.io/aistor/minio/release/linux-amd64/minio-20260606024406.0.0-1.x86_64.rpm) | | RPM | arm64 | [minio-20260606024406.0.0-1.aarch64.rpm](https://dl.min.io/aistor/minio/release/linux-arm64/minio-20260606024406.0.0-1.aarch64.rpm) | ### Container Images ```bash # Standard docker pull quay.io/minio/aistor/minio:RELEASE.2026-06-06T02-44-06Z podman pull quay.io/minio/aistor/minio:RELEASE.2026-06-06T02-44-06Z # FIPS docker pull quay.io/minio/aistor/minio:RELEASE.2026-06-06T02-44-06Z.fips podman pull quay.io/minio/aistor/minio:RELEASE.2026-06-06T02-44-06Z.fips ``` ### Homebrew (macOS) ```bash brew install minio/aistor/minio ``` --- ## Security Updates - **Object tagging policy condition poisoning (#5308)**: `PutObjectTaggingHandler` evaluated the `s3:ExistingObjectTag` policy condition from the attacker-controlled `x-amz-object-tagging` request body rather than the object's stored tags. A caller could supply tag values in the request to satisfy a policy that should have been denied. `s3:ExistingObjectTag` is now sourced from the object's persisted `UserTags`, while the request body populates only `s3:RequestObjectTag`. Deployments using tag-based access policies should upgrade promptly. - **`aws:SourceIp` condition spoofable via `X-Forwarded-For` (#5380)**: The `aws:SourceIp` policy condition could be spoofed through client-supplied forwarding headers, allowing IP-restricted policies to be bypassed. Proxy header handling is now governed by an explicit trusted-proxy configuration so that `aws:SourceIp` reflects the real client address. See the new configuration options below. - **Go toolchain updated to 1.26.4 (#5496)**: Picks up upstream Go standard-library CVE fixes. Recommended for all deployments. --- ## Performance Improvements - **Restored PUT throughput on the write path (#5467)**: `ReadAlignedFrom` was stripping `O_DIRECT` from peer shard writes whenever the source network/pipe stream returned unaligned chunks, forcing buffered I/O and roughly halving PUT throughput. O_DIRECT is now retained on the write path; only the guarded final-block overshoot disable (the actual corruption fix) remains. High-throughput write workloads will see PUT performance return to expected levels. - **Faster expiration of deeply nested ILM prefixes and pruning of empty directories (#5414)**: Lifecycle expiration rules targeting deeply nested prefixes were applied up to 16x slower than expected, and empty directories left behind after expiration were not cleaned up. Scanning now expires nested prefixes promptly and prunes the leftover directories. --- ## Bug Fixes ### Lifecycle & Data Integrity - **Stricter `AllVersionsExpiration` scoping for objects spanning multiple pools (#5524)**: When an object's versions spanned multiple pools, a lifecycle `DeleteAll` fanned out from a pool holding an older version could expire more versions than the rule intended, including newer versions in other pools. The scanner now compares the scanned version against the cluster-wide latest and skips ILM enforcement for objects whose versions span pools, where it cannot be applied safely (build-break follow-up in `02e3896f`). ### AIStor Table Sharing - **Consistent table IDs across list and metadata (#5495)**: AIStor Table Sharing returned inconsistent table identifiers between the list-tables and table-metadata responses, breaking clients that correlate the two. Table IDs are now generated consistently across both paths. ### Pool & Drive Management - **Corrected off-by-one in pool index bounds check for new drive formatting (#3602)**: A bounds check during new-drive formatting used an incorrect pool index limit, which could mis-target the pool when formatting freshly added drives. - **Reject nested pool endpoint paths at startup (#3812)**: The server now validates server pool endpoints at startup and rejects configurations where one pool's path is nested inside another, preventing an invalid topology from starting. ### Concurrency & Site Replication - **Fixed data races across locking, replication, heal, and cache paths (#5555)**: Distributed-lock map readers iterated backing slices lock-free while writers mutated them in place, racing under `-race` and risking a corrupted lock index. All access now goes through a single `Compute`-based path with cloned reads, closing the races and a pre-existing lost-update in expired-lock purging. - **Stopped site-replication goroutines from racing config state (#5584)**: Replication hook goroutines could outlive their caller's read lock and read site-replication config state concurrently with a writer. Each caller now snapshots the peers, credentials, and site name up front and uses lock-free helpers, so no background goroutine reads shared config state. - **Prevented recursive read-lock deadlock in site replication (#5552)**: Bucket and IAM replication hooks invoked `concDo` while already holding a read lock, and `concDo` re-acquired the same non-reentrant lock — a pending writer could wedge the entire site-replication subsystem until restart. Callers now pass a peers snapshot into `concDo`, removing the recursive acquisition. --- ## Improvements - **Recently-expired object listing with expiry queue cleanup (#3930)**: Adds a periodic expiry-queue clean timer and the ability to list recently expired objects, giving operators visibility into lifecycle expiration activity. - **Leader-only daily license renewal (#5429)**: Daily license renewal now runs only on the elected leader node instead of every node, reducing redundant renewal traffic in distributed deployments. --- ## Security & Compliance ### Software Bill of Materials (SBOM) This release includes comprehensive SBOM documentation in multiple formats: - [SPDX JSON](sbom-RELEASE.2026-06-06T02-44-06Z.spdx.json) - Standard SBOM format - [CycloneDX JSON](sbom-RELEASE.2026-06-06T02-44-06Z.cyclonedx.json) - Security scanner compatible - [Go Modules](go-modules-RELEASE.2026-06-06T02-44-06Z.txt) - Human-readable dependency list SBOM files document all direct and transitive dependencies for security auditing and compliance requirements. --- ## Upgrade Instructions For detailed upgrade instructions, please read: https://docs.min.io/enterprise/aistor-object-store/upgrade-aistor-server/ Platform-specific upgrade guides: - **Linux/Bare Metal**: https://docs.min.io/enterprise/aistor-object-store/upgrade-aistor-server/upgrade-aistor-linux/ - **Kubernetes with Helm**: https://docs.min.io/enterprise/aistor-object-store/upgrade-aistor-server/upgrade-aistor-kubernetes-helm/ ### New Configuration Options - **Trusted proxy configuration for `X-Forwarded-For` handling (#5380)**: New API configuration controls which proxies are trusted when deriving the client IP for the `aws:SourceIp` policy condition. Deployments behind a load balancer or reverse proxy that rely on IP-based policy conditions should review and set this configuration. See the API configuration documentation (`docs/config/README.md`) for details. ### Migration Notes No migration steps are required. Deployments behind a trusted proxy that use `aws:SourceIp` policy conditions should review the new trusted-proxy configuration to ensure source IPs continue to be evaluated correctly after upgrade. ### Support For enterprise support: - SUBNET Support: https://subnet.min.io - Documentation: https://docs.min.io