Security BugFix Release
·
4601 commits
to master
since this release
RELEASE.2021-03-17T02-33-02Z
This tag was signed with the committer’s verified signature.
Highlights
- Click here to download the latest version of MinIO.
- Click here for production support.
- This release fixes a MITM attack in aws-chunked signature v4 encoding, for more information please read
our security advisory here - Other miscellaneous fixes include
- r/w failure regression on FreeBSD operating system due to unexpected file open flags.
- browser now supports QR code with presigned URLs.
- Support DeleteMarker disable setting in replication configuration.
Changelog
- s3v4: read and verify S3 signature v4 chunks separately (#11801) (03/16/21) (Andreas Auernhammer)
- Fix
STANDARDdefaults, point to new docs site. (#11800) (03/16/21) (Ravind Kumar) - erasure pools enable faster checks for file not found (#11799) (03/16/21) (Klaus Post)
- policy: Add Merge API (#11793) (03/16/21) (Anis Elleuch)
- fix: erasure index based reading based on actual ParityBlocks (#11792) (03/15/21) (Harshavardhana)
- s3 select: fix date_diff behavior (#11786) (03/15/21) (Klaus Post)
- fix: runtime issue on FreeBSD due to missing O_NOATIME/O_DSYNC support (#11790) (03/15/21) (Steve Wills)
- fix: mips 32bit compilation issue (#11775) (03/15/21) (Harshavardhana)
- add missing principalId in web notifications (#11777) (03/13/21) (Harshavardhana)
- Replication: Enforce DeleteMarker disable setting (#11720) (03/13/21) (Poorna Krishnamoorthy)
- Add consoleAdmin as a default canned policy (#11770) (03/13/21) (Nitish Tiwari)
- cmd/os-readdir_other.go - return nil with err (#11772) (03/12/21) (Philip Brown)
- update browser assets for react-qr-code (03/11/21) (Harshavardhana)