# MinIO AIStor EDGE.2026-06-01T02-39-13Z Released: 2026-06-01 This EDGE build introduces a completely re-implemented embedded web console built on the shadcn/ui design system, a major expansion of Iceberg Tables including catalog-aware site replication, a new per-bucket System Inventory subsystem, native alerting with SUBNET/Kafka/webhook targets, and a re-written Rust-based GPU-Direct RDMA transport for internode and S3 data paths. It also ships broad observability additions, server-side audit/API/error log storage, and a large number of correctness, security, and performance fixes. --- ## Downloads ### Binary Downloads | Platform | Architecture | Download | | -------- | ------------ | ------------------------------------------------------------------------ | | Linux | amd64 | [minio](https://dl.min.io/aistor/minio/edge/linux-amd64/minio) | | Linux | arm64 | [minio](https://dl.min.io/aistor/minio/edge/linux-arm64/minio) | | macOS | arm64 | [minio](https://dl.min.io/aistor/minio/edge/darwin-arm64/minio) | | macOS | amd64 | [minio](https://dl.min.io/aistor/minio/edge/darwin-amd64/minio) | | Windows | amd64 | [minio.exe](https://dl.min.io/aistor/minio/edge/windows-amd64/minio.exe) | ### FIPS Binaries | Platform | Architecture | Download | | -------- | ------------ | ------------------------------------------------------------------------ | | Linux | amd64 | [minio.fips](https://dl.min.io/aistor/minio/edge/linux-amd64/minio.fips) | | Linux | arm64 | [minio.fips](https://dl.min.io/aistor/minio/edge/linux-arm64/minio.fips) | ### GPU-Direct RDMA Binaries | Platform | Architecture | Download | | -------- | ------------ | ------------------------------------------------------------------------ | | Linux | amd64 | [minio.rdma](https://dl.min.io/aistor/minio/edge/linux-amd64/minio.rdma) | | Linux | arm64 | [minio.rdma](https://dl.min.io/aistor/minio/edge/linux-arm64/minio.rdma) | ### Package Downloads | Format | Architecture | Download | | ------ | ------------ | -------------------------------------------------------------------------------------------------------------------------------- | | DEB | amd64 | [minio_20260601023913.0.0_amd64.deb](https://dl.min.io/aistor/minio/edge/linux-amd64/minio_20260601023913.0.0_amd64.deb) | | DEB | arm64 | [minio_20260601023913.0.0_arm64.deb](https://dl.min.io/aistor/minio/edge/linux-arm64/minio_20260601023913.0.0_arm64.deb) | | RPM | amd64 | [minio-20260601023913.0.0-1.x86_64.rpm](https://dl.min.io/aistor/minio/edge/linux-amd64/minio-20260601023913.0.0-1.x86_64.rpm) | | RPM | arm64 | [minio-20260601023913.0.0-1.aarch64.rpm](https://dl.min.io/aistor/minio/edge/linux-arm64/minio-20260601023913.0.0-1.aarch64.rpm) | ### Container Images ```bash # Standard docker pull quay.io/minio/aistor/minio:EDGE.2026-06-01T02-39-13Z podman pull quay.io/minio/aistor/minio:EDGE.2026-06-01T02-39-13Z # FIPS docker pull quay.io/minio/aistor/minio:EDGE.2026-06-01T02-39-13Z.fips podman pull quay.io/minio/aistor/minio:EDGE.2026-06-01T02-39-13Z.fips ``` Note: Homebrew is only available for RELEASE builds, not EDGE builds. --- ## Breaking Changes - **Legacy `~/.minio` configuration removed.** The on-disk `~/.minio` config directory and the v33 config migration path have been removed. Clusters must already be on the current configuration format before upgrading (#5112). - **S3 Select removed.** `SELECT` object-content requests now return `405 MethodNotAllowed`. Workloads relying on S3 Select must migrate to client-side querying or Iceberg Tables (#3628). - **ZIP archive listing now requires `s3:GetObject`.** Listing the contents of an `s3zip` archive requires `GetObject` permission on the archive object, and archive metadata is now always encrypted (#5168, #5171). - **Bucket notifications migrated to a unified global queue.** Per-target event queues have been replaced by a single `GlobalQueue`, changing on-disk queue layout for store-and-forward targets (#3825). --- ## Security Updates - Upgraded Go to 1.26.x to resolve standard-library vulnerabilities, and refreshed CVE-affected module dependencies (#3289, #3886). - Replaced the `buger/jsonparser` dependency with an internal parser to remediate **CVE GO-2026-4514** (40d21b3). - Restricted OIDC JWT validation to the signing algorithms declared by the identity provider, preventing algorithm-substitution attacks (#3359). - Normalized LDAP STS error responses to prevent user enumeration (#3379). - Added per-IP, per-LDAP-user, and global **rate limiting on STS endpoints** to blunt brute-force attacks and prevent cascading LDAP account lockout, configurable via `MINIO_STS_RATE_LIMIT_PER_IP`, `MINIO_STS_RATE_LIMIT_PER_LDAP_USER`, and `MINIO_STS_RATE_LIMIT_GLOBAL` (#3380). - Closed an unsigned-trailer authentication bypass in the PutObject and Snowball handlers (#3978). - Capped SigV4 streaming-trailer buffers to prevent a memory-amplification DoS (#4502), and bounded JSON S3 Select line reads to prevent OOM (#4975). - Fixed several S3 APIs that performed unbounded in-memory reads of client-supplied input (#4458). - Hardened internode security: REST calls originating from IPs outside the cluster are now rejected (#4530), and routes served by local handlers now require an explicit permission check (#3426). - Extended the internal-bucket access guard to batch expire, key-rotate, and replication jobs (#5231), and fixed tables namespace listing to enforce `s3:ListAllMyBuckets` policy checks (#5258). Access to internal warehouse control files (`.namespaces`, `.warehouse`, `.maintenance`) is now blocked (#5130). - Governance-retention shortening is now gated on the bypass IAM permission (#5143), and `env` hash validation moved server-side (#5178). - Upgraded dependencies flagged by Dependabot security alerts (#5061). --- ## New Features ### Re-implemented Embedded Web Console The embedded web console has been rebuilt from the ground up on the **shadcn/ui** design system, replacing the previous UI in its entirety. The new console is admin-aware, license-aware, and wired directly to AIStor admin and S3 APIs, with consistent pagination, design-system tokens, dark/system theming, and a command palette (Cmd+K). It covers the full management surface, including: - **Object browser** with multi-file upload/download (zip), drag-and-drop, prefix navigation, per-object/version retention and legal hold, tags, and versioned delete. - **Identity & access**: users, groups, policies, access keys, anonymous-access rules with prefix scoping, LDAP/OIDC configuration with display names, and an MCP token permission model. - **Buckets**: creation wizard, tags, quotas, object locking, versioning, lifecycle (ILM expiry/transition), compression, encryption/KMS, and bucket inventory. - **Data services**: batch jobs (replication, expiration, key-rotation), site replication setup/resync/metrics, and tiering. - **Tables**: warehouse/namespace/table browsing, preview, search, sharing, replication, and monitoring charts. - **Monitoring & support**: cluster, drive, server, network, pools, erasure-set, rebalance, decommission and resiliency pages; QoS rule management; alerts; audit/API/error log viewers; and inspect/profile diagnostics. Sessions integrate with OIDC token refresh and logout, STS-token revocation, proxy/sub-path deployment, and `aws:SourceIp` policy evaluation via forwarded client IP. ### Iceberg Tables - Added an Iceberg **table preview** endpoint and wired the console preview and search tabs (#3529, #4042). - Added **snapshot expiration maintenance** with warehouse-level configuration and a `GetTableMaintenanceJobStatus` API (#2593, #3655, #3446). - Added **real-time and aggregate table statistics** APIs, zstd-compressed stats objects, and a CPU-bound worker pool for table iteration (#3591, #5138, #5243). - Added **search queries** for warehouse, namespace, and table listings, plus index-based pagination (#3445, #3483, #3486, #3770). - Added **catalog-aware site replication** for Tables: the warehouse and catalog are replicated to the replica site and rebuilt with a dedicated scanner, including default-encryption config, empty namespaces, and replica-side stats (#3506, #4397, #4389, #4846, #4712). - Reserved `minio`/`aistor` as protected system warehouses and blocked invalid replication topologies and bucket-replication use on table warehouses (#3321, #4231, #5126, #5237). - Delta Sharing shares are now **cascade-deleted** when their backing Iceberg table is dropped, preventing orphaned shares (#3248). ### System Inventory A new per-bucket System Inventory subsystem records object metadata into an internal Iceberg table for querying. It is feature-gated behind the `MINIO_SCANNER_INVENTORY` config key, with schema extensions, write-path event hooks, a `storageClass` filter with `Not` negation, and configurable warehouse naming (#3332, #3331, #3507, #3919, #3538, #4383, #5050). ### Native Alerting Added a native alerting system that delivers to internal, SUBNET, and external (Kafka, webhook) targets, including license expiring/expired alerts on a tiered schedule and alerts when usage nears licensed capacity (#2880, #4398, #5335). ### Logging, Audit & API Observability - Store API logs in the system warehouse as `minio.logs.api`, with cluster-wide log-target stats aggregated over peer RPC (#2732, #4657). - Added a **syslog** logging target for `log_api`, `log_error`, and `log_audit` (#5249). - Audit logs now emit one-line, human-readable messages with flexible metadata (#5081, #5309). - Added multi-value, server-side filters for the API log viewer and per-recorder metrics for API/error/audit logs (#5128, #5259). ### GPU-Direct RDMA - Added **GPU-Direct RDMA for S3 transfers** with multi-NIC and ARM64 support, plus dedicated `minio.rdma` binaries, container images, and arm64 artifacts (#3360, #5421, #5425). - Replaced the C++/librpma internode RDMA implementation with a **Rust p2p-rdma DC transport**, adding per-peer congestion windows and credit-based flow control (#3792). - Bumped `libcuobjserver` to 1.2.0 for NIC resiliency (#4466). ### S3, IAM & Cluster - Implemented the S3 **RenameObject** API (#4018). - Added an `--api-bandwidth` listener throttle for multi-tenant fabrics (#5252). - Added a built-in KMS implementation with a `MINIO_KMS_BUILTIN_ENCRYPTED` toggle and persisted KMS metrics (#3020, #4121, #5049). - Use `RoleARN` in AssumeRole so admins can mint STS credentials for other users (#3478), and added site replication for non-default LDAP configurations (#4851, #3684). - Site-replication peer (site) names now synchronize dynamically across the mesh when changed, instead of requiring manual reconfiguration (#3144). - Added the **AIStor MCP server** with individual token permissions (#3130, #4396), including a `tables_query` tool for running SQL queries on Iceberg tables (#4132). - Added a per-bucket bucket-quota query API and an admin endpoint to force IAM refresh (#3367, #3534). - Added a `GET /admin/v4/list-notification-targets` endpoint (#3358) and optional `resource`-scoped support in admin actions (#3415). - Added an expiry-queue clean timer with a recently-expired listing (#3930). - Added new AWS checksum types and per-object `ChecksumAlgorithm` in ListObjects responses (#4554, #3342). - Added dynamic config reload for notification, lambda, and policy targets, and a console-driven restart action for static subsystems (#3500, #3579). - Added a built-in **`consolereadonly`** canned policy for read-only console access (#4414). - The cluster now **starts resiliently when peer hostnames cannot be resolved**: unresolvable peers are treated as offline and reconnect automatically once DNS recovers, instead of blocking startup on a single failed lookup (#3329). - **Hot-pool expansion is now blocked during an active rebalance** to prevent conflicting topology changes (#4455). - License enforcement now validates the **nodes, product, and capacity** fields (#5076). ### Metrics & Telemetry - Real-time healing telemetry and heal-sequence metrics (#4115, #4816). - Decommission progress and error-tracking metrics (#3323). - Per-bucket and cluster-wide object-lock scanner metrics (#3374). - Per-status-code metric for S3 API responses (#4984). - Server power-draw metrics via BMC IPMI and server vendor/model via DMI (#4977, #5047). - Block-queue, XFS stat/retry, and ECC-memory metrics under `/debug/system`, with drive I/O metrics gated on IOStats availability (#5199, #5332). - Dangling, quarantine, trash, and stale-multipart counters; per-erasure-set bucket scan duration; object access-time age distribution; and authorization plugin metrics (#4795, #4894, #3309, #3668). - Per-deployment-ID replication received-from-peers metrics (#4892). - Historic per-drive and per-server monitoring metrics for resource dashboards (#3416). --- ## Performance Improvements - Reduced allocations in the erasure-decode hot path and across response encoding, replication, and event handling (#4178, #3378). - Switched new-object encryption to AES-128-GCM (#4714). - Zero-copy string→bytes conversion in `sipHashMod`/`crcHashMod` (#5018). - Removed the mutex from `apiConfig` for lock-free hot-path config reads (#5052). - Reduced request-trace buffering (#3667), used `r.Form` instead of `r.URL.Query()` in handlers (#3503), replaced single-arg `fmt.Sprintf("%d")` with `strconv` (#5016), and used `strings.NewReplacer` in tracer op-name resolution (#5011). - Parallelized **Delta Sharing presigned-URL generation**, cutting query latency for large tables with tens of thousands of data files (#3465). - Cached the merged policy mapping to speed up **`IsAllowed` authorization checks** on the request hot path (#3513). - Replaced the global `RWMutex` on the replication-stats cache with a sharded `xsync.Map`, removing lock contention on replicated-object writes (#3115). --- ## Bug Fixes ### Tables - Bootstrap system-warehouse stats on startup and initialize the cache before unfreezing the API to prevent SSE drops (#5177, #4736). - Bumped Iceberg to 1.11.0 and fixed the Spark fallback condition (#5402). - Fixed catalog reset/cache clearing, staged-metadata cleanup after promotion, multi-node cache invalidation, and stats-at-commit updates (#5029, #5051, #3734, #4251). - Fixed table preview failing with "decoder: invalid block" when KMS is enabled (#4490), system-warehouse listing, and replica-side stats population (#4853, #4846). - Refresh stats on `LoadTable` and re-push table stats when a downstream peer was unreachable; expire old versions of replicated properties objects (#4407, #4305, #4842). - Improved `PutWarehouseMaintenanceConfiguration` UX, added basic catalog scanner metrics, and blocked invalid replication setup state (#4337, #4456, #4883). - Paginated the tables admin status API and retried `503` responses from the tables client (#5078, #5075). ### Replication & Site Replication - Backfill bucket `Created` timestamp when zero to unblock site-replication heal (#5369). - Fixed per-(bucket, ARN) windowed stats, errors, retries, and bandwidth-limit surfacing for site replication (#4445, #4493, #4586, #4246, #4441). - Fixed division-by-zero in replication rate measurement, an `RLock`-held channel send in `queueReplicaTask`, and orphaned multipart uploads on parent context cancellation (#4050, #3715, #4973, #4980). ### IAM, LDAP & Authentication - `ListAccessKeysBulk` now works for any user when called on self (#5411). - Compute effective `UpdatedAt` for IAM users from all related entities and reflect attach/detach in policy `UpdateDate` (#3759, #3762). - Disambiguate OIDC providers sharing the same issuer, and only add the token revoke claim when revoke is enabled (#5115, #4822). - Fixed `GetServiceAccount` key lookup in `InfoAccessKey`, IAM list context cancellation, and multi-byte truncation in LDAP `SimpleDNFilename` (#4673, #4625, #4819). - Fixed STS and service-account audit-logging issues (#5244). ### KMS & Encryption - Fixed builtin-KMS metrics panic and peer state not updating on enable, and a panic when fetching KMS metrics (#4320, #4325). - KMS-down now returns a `500` and no longer mis-labels client-cancel error logs (#5046); fixed KMS records not returned for `Limit <= 0` (#3894). - Retry KMS initialization on transient quorum errors (#3787). - Removed the auto-encryption handler (#5240). ### Storage, Erasure & Scanner - Treat `errVolumeNotFound` from a newly added pool as non-fatal in `listMerged` / `listUnsorted` (#5223). - Include `errFileCorrupt` in the quorum check for inconsistent metadata (#4737), and fixed `DeleteMultipleObjects` index-out-of-bounds (#3987). - Fixed `ReadPartsHandler` error-handling protocol and metacache bounds/dead- error checks (#4161, #3925, #4165). - Corrected the `GetObjectAttributes` API response structure (#3330), honored an explicit `versionID` in bucket purge-on-delete (#4370), and prevented a process crash when bucket versioning metadata could not be fetched (#4970). - Closed an `UpdateFlushCountRuntime` race with the background flusher (#5381). - Fixed a panic while scraping metrics and bare-write races on heal-disk tracker fields (#5133, #3804); clear bucket scan state before the anti-stampede delay (#4928); use current object count in excess alerts (#4735). ### Lifecycle, Tiering & Batch - Expire deeply nested ILM prefixes and prune emptied directories (#5414); fixed expiry-worker task loss when shrinking the pool (#4123). - Tiering: skip remote-backend validation on force removal, clearer XML syntax error, and `SaveWithKeyAndOpts` receiver fix (#3859, #4687, #4048). - Batch: support days/weeks in key-rotate filters, surface failure reasons, persist canceled jobs, block expiry on table buckets, and fine-grained metric permissions (#5247, #4469, #4003, #4440, #4662). ### RDMA - Fixed RDMA GET concurrent-map crash and a `GetObjectReader.Close()` deadlock (ec92c7f, 7fdc4cc); plugged C heap memory leaks in CGO code (#3629). - Fixed internode RDMA data corruption from race conditions and cache per-NIC MR registrations on pool buffers (#3750, #5116). - Aligned the `cuObjRDMATunableParam` struct with the libcuobjserver ABI (#3640). ### Notifications, Config & Cluster Operations - Fixed duplicate `StreamItems` goroutines on queue-backed notification targets and excluded table buckets from notification UI (#4256, #4619). - Config get now always emits enable status and no longer corrupts values for subsystems without an enable key (#4716, #4150). - Return `503` for in-flight requests during node shutdown, and improved restart participation/halt-on-failure/stall visibility (#4402, #5187). - Made `StopRebalance` idempotent, guarded nil `rebalMeta`, and fixed rebalance/ decommission edge cases (#4787, #3720, #4163). - Fixed leader-lock-loss causing long-running goroutines to exit incorrectly (#5336), and rebuilt the DNS allowlist on every cache refresh (#4571). - Allow hotfix upgrades with same version but a different binary (#3934), and preserve excluded prefixes across versioning suspend/re-enable (#5037). - Fixed alert delivery accuracy/timing, no-license alerts to SUBNET, and writing alerts to the correct meta-bucket path (#4642, #5357, #4748, #4583). - Allow `partNumber` GetObject/HeadObject in S3Express mode (#5304), short-circuit expired POST policy before reading the body (#5073), and fixed `CompleteMultipartUpload` ETag XML escaping (#4590). - Fixed QoS `rate==0` rules panicking S3 requests and excluded console requests from QoS metrics (#5135, #3806). --- ## Improvements - Honor the capacity-optimized setting and fix `parity_failure` config handling (#4886); restore `O_DIRECT` default to enabled (#3516). - Detect self-referential endpoints and license-restricted tier targets (#5346). - Sync cluster name to SUBNET on site-name config change (#5359); route webhook log-target health checks through the configured proxy (#4867). - Replace HTTP HEAD with a TCP/TLS dial for log-target `IsActive` health checks (#4997); validate webhook client cert/key (#4911). - Recover from panics in `cachevalue` background refresh and `pubsub` cleanup (#4879, #4134); simplify configuration structure (#3241). - Maximize data captured in IAM and bucket-metadata zip exports (#4821). - Removed the `CompressedSize` field from object metadata API responses and updated tag-editor behavior (#3366). - Guard `PercentageUsed` against division by zero (#3504); add a target to the healthcheck map immediately after bucket replication is set up (#4830). --- ## Security & Compliance ### Software Bill of Materials (SBOM) This release includes comprehensive SBOM documentation in multiple formats: - [SPDX JSON](sbom-EDGE.2026-06-01T02-39-13Z.spdx.json) - Standard SBOM format - [CycloneDX JSON](sbom-EDGE.2026-06-01T02-39-13Z.cyclonedx.json) - Security scanner compatible - [Go Modules](go-modules-EDGE.2026-06-01T02-39-13Z.txt) - Human-readable dependency list SBOM files document all direct and transitive dependencies for security auditing and compliance requirements. --- ## Upgrade Instructions For detailed upgrade instructions, please read: https://docs.min.io/enterprise/aistor-object-store/upgrade-aistor-server/ Platform-specific upgrade guides: - **Linux/Bare Metal**: https://docs.min.io/enterprise/aistor-object-store/upgrade-aistor-server/upgrade-aistor-linux/ - **Kubernetes with Helm**: https://docs.min.io/enterprise/aistor-object-store/upgrade-aistor-server/upgrade-aistor-kubernetes-helm/ ### New Configuration Options - `MINIO_SCANNER_INVENTORY` — enable the per-bucket System Inventory subsystem. - `MINIO_KMS_BUILTIN_ENCRYPTED` — toggle encryption for the built-in KMS. - `--api-bandwidth` — per-listener bandwidth throttle for multi-tenant fabrics. - `MINIO_STS_RATE_LIMIT_PER_IP`, `MINIO_STS_RATE_LIMIT_PER_LDAP_USER`, `MINIO_STS_RATE_LIMIT_GLOBAL` — STS endpoint rate limits (set to `0` to disable). - `MINIO_SUBNET_RENEWAL` — set to `off` to skip the daily automatic SUBNET license renewal (default on) (#4387). ### Migration Notes - Ensure clusters are on the current configuration format before upgrading; the legacy `~/.minio` config directory and v33 migration path have been removed. - Workloads using S3 Select must migrate, as the API now returns `405 MethodNotAllowed`. - Store-and-forward notification targets are migrated to the unified global queue automatically; review custom queue-directory configuration after upgrade. ### Support For enterprise support: - SUBNET Support: https://subnet.min.io - Documentation: https://docs.min.io