Highlights

• Click here to download the latest version of MinIO.

• Click here for production support.

• Downgrades are not supported in this release for erasure-coded clusters, due to on-disk data format version bump - once upgraded erasure-coded clusters cannot be downgraded to the previous release. Please upgrade staging or testing environments first.

• Re-implementation of xl.meta metadata handling for objects with multiple versions, provides following improvements - refer #13573

  • Allows checking if a version exists.
  • Allows reading a single version without file wide unmarshal.
  • Allows reading latest version of type without file wide unmarshal.
  • Allows reading the latest version without file wide unmarshal.
  • Allows checking if the latest is delete-marker by reading the first entry.
  • Allows adding/updating/deleting a version with only header deserialization.
  • Reduces allocations on conversion to internal data structures.

• 'Host' header-based dynamic redirect_uri when OpenID SSO is enabled.

mc admin config set alias/ identity_openid --env
...
MINIO_IDENTITY_OPENID_REDIRECT_URI_DYNAMIC  (on|off)    Enable 'Host' header based dynamic redirect URI

• Multiple healing-related issues were addressed related to objects healed from xl.json -> xl.meta format, refer #13671 #13681 #13717 #13715
• Disk caching now supports multipart write-through caching by default, refer #13613
• Adds explicit deny support for AddServiceAccoun, refer #13657
• Other miscellaneous bug fixes in ListObjects(), Tiering and LDAP service account handling.

What's Changed

• Add CI for etcd IAM backend by @donatello in #13614
• allocate new highwayhash for each string hash by @harshavardhana in #13623
• Default multipart caching to writethrough by @poornas in #13613
• fix: use equalFold() instead of lower and compare by @harshavardhana in #13624
• Support dynamic reset of minio config by @anjalshireesh in #13626
• Fix missing entries on first list resume by @klauspost in #13627
• add multi-site replication tests by @harshavardhana in #13631
• fix: backend not reachable should be more descriptive by @harshavardhana in #13634
• Add tests for OpenID STS creds and add to CI by @donatello in #13638
• IAM: init IAM with Init() rather than InitStore() in tests by @donatello in #13643
• add a tool to read healing.bin for debugging by @harshavardhana in #13650
• add explicit deny support for service accounts by @harshavardhana in #13657
• ignore swapped drives instead of throwing errors by @harshavardhana in #13655
• fix: restored object to preserve x-amz-meta properly by @harshavardhana in #13664
• Fix: Thread context in surrounding function into IAM functions by @donatello in #13658
• add gocritic/ruleguard checks back again, cleanup code. by @harshavardhana in #13665
• reduceErrs to handle context.Canceled errors by @krisis in #13670
• support dynamic redirect_uri based on incoming 'host' header by @harshavardhana in #13666
• honor requests_max based on cgroup_limits if configured by @harshavardhana in #13673
• metrics: Add replication latency metrics by @vadmeste in #13515
• de-couple bucket metadata loading with lock context by @harshavardhana in #13679
• Add grafana json file for replication metrics by @sinhaashish in #13678
• fallback O_DIRECT if not supported, do regular reads() by @harshavardhana in #13680
• heal legacy objects when versioning is enabled after upgrade by @harshavardhana in #13671
• Use pointer based TLS field by @anjalshireesh in #13659
• Improve performance on multiple versions by @klauspost in #13573
• fix: Use policies from claims for service accounts by @donatello in #13690
• add missing copyright on testfile by @harshavardhana in #13691
• do not flush if Write() failed by @harshavardhana in #13597
• Fix the unit of measurement by @mshanmu in #13686
• allow in-memory persistence for gateway by @harshavardhana in #13694
• retry disk replacement healing if listing fails by @harshavardhana in #13689
• simplify the reader for speedtest by @harshavardhana in #13682
• Allow users to list their own service accounts by @donatello in #13706
• fix: allow scanner compaction on replicated buckets by @harshavardhana in #13711
• Add caching to CI job by @donatello in #13712
• Add MaxNoncurrentVersions to NoncurrentExpiration action by @krisis in #13580
• Fix entries not cleared on resolve by @klauspost in #13705
• Fix OpenID service accounts creation and update by @donatello in #13708
• dataDir needs maxima calculation to be correct by @harshavardhana in #13715
• re-implement pickValidInfo dataDir, move to quorum calculation by @harshavardhana in #13681
• fix: obtaining a valid FileInfo in getLatestFileInfo by @harshavardhana in #13717
• fix: make sure esClient is allocated before use by @harshavardhana in #13727
• Don't set net.ipv6.conf.wlp59s0.disable_ipv6=1 on host in docker-buildx.sh by @3nprob in #13724
• remove "expires" header from presign v2 as metadata by @harshavardhana in #13718
• policy: Fix a typo when validating the list of policies by @vadmeste in #13735
• Update minio-overview.json by @chrisbecke in #13730
• Reduce JWT overhead. by @klauspost in #13738
• allow service freeze/unfreeze on a setup by @harshavardhana in #13707
• fix: atomic.Value should be a concrete type to avoid panics by @harshavardhana in #13740
• Fix "send on closed channel" panic by @klauspost in #13745
• multi-delete: Avoid empty Delete tag in the response by @vadmeste in #13725
• use acceptedResponseStatusCode everywhere in HTTP logger by @harshavardhana in #13755
• Fix returning invalid account-not-exists error for LDAP svc acc by @donatello in #13756

New Contributors

• @mshanmu made their first contribution in #13686
• @3nprob made their first contribution in #13724
• @chrisbecke made their first contribution in #13730

Full Changelog: RELEASE.2021-11-09T03-21-45Z...RELEASE.2021-11-24T23-19-33Z