MinIO AIStor RELEASE.2025-08-13T17-08-54Z delivers performance improvements for large-scale data management alongside enhanced identity and access controls. Key additions include high-performance prefix-based object expiration, automatic Azure AD group synchronization, and expanded LDAP monitoring capabilities.
Answer
This release focuses on improving data lifecycle management efficiency and identity provider integration. Organizations managing large object namespaces will benefit from the new prefix deletion capability, while enterprises using Azure AD or LDAP will gain better operational visibility and reduced authentication overhead.
New Features
High-Performance Prefix Deletion
What
Lifecycle expiration rules now support a prefix type parameter, enabling rapid deletion of all objects and versions within a specified prefix. This approach substantially outperforms individual object removal operations.
Key capabilities:
- Bulk deletion of entire prefix hierarchies
- Includes all object versions within the prefix
- Significantly faster than per-object deletion
Availability
Available in this release.
Why
Traditional object-by-object deletion becomes prohibitively slow when managing large namespaces with millions of objects. Organizations implementing data retention policies or cleaning up temporary data need efficient mechanisms to remove entire data hierarchies without impacting system performance or requiring extended maintenance windows.
What This Means for Customers
- Faster data cleanup for retention policy enforcement
- Reduced operational overhead when removing temporary or staging data
- Lower system impact during bulk deletion operations
- Simplified lifecycle management for prefix-organized data structures
Automated Azure AD Group Sync
What
User group memberships from Azure AD now refresh automatically on a scheduled basis, updating permissions without requiring users to re-authenticate.
Configuration requirement: Add the offline_access scope to your OIDC configuration.
Availability
Available in this release.
Why
Previously, Azure AD group membership changes only took effect when users obtained new tokens. This created delays in permission updates and required manual intervention or forced re-authentication. Automatic synchronization ensures that access control changes propagate promptly without disrupting user sessions.
What This Means for Customers
- Immediate permission updates when Azure AD groups change
- No user disruption from forced re-authentication
- Better security posture with timely access revocation
- Reduced helpdesk burden from permission synchronization issues
Enhanced LDAP Monitoring
What
New Prometheus metrics expose LDAP identity provider health and connectivity status, providing visibility into authentication infrastructure. This release also eliminates a potential server crash during IAM metric collection when no external identity provider is configured.
Availability
Available in this release.
Why
LDAP connectivity issues can cause authentication failures that are difficult to diagnose without proper monitoring. Proactive visibility into LDAP health enables operations teams to identify and resolve issues before they impact users.
What This Means for Customers
- Proactive alerting on LDAP connectivity problems
- Faster troubleshooting of authentication failures
- Integration with existing monitoring via Prometheus
- Improved stability with the panic fix for environments without external IdP
Detailed Object Placement Information
What
Object listing operations now include Pool ID and Erasure Set ID details, providing precise data location information for operational scripts and resource management.
Availability
Available in this release.
Why
Understanding where data physically resides within a distributed storage cluster is essential for capacity planning, performance optimization, and troubleshooting. This metadata enables more sophisticated operational tooling.
What This Means for Customers
- Better capacity analysis by understanding data distribution
- Enhanced troubleshooting with precise location data
- Improved operational scripts with location-aware logic
Improvements
Console Dashboard Enhancements
What
The web console now displays server and drive status summaries and streamlines the workflow for generating access keys with custom policies.
Availability
Available in this release.
Why
Quick visibility into cluster health without navigating multiple screens improves operational efficiency. Simplified access key workflows reduce configuration errors.
What This Means for Customers
- At-a-glance cluster health visibility
- Faster access key provisioning with streamlined UI
- Reduced administrative time for common tasks
Expanded Filesystem Compatibility
What
The system now successfully initializes on filesystems lacking Direct I/O support (such as tmpfs) by issuing a warning and reverting to buffered I/O operations.
Availability
Available in this release.
Why
Development environments, testing scenarios, and certain specialized deployments may use filesystems without Direct I/O support. This change expands deployment flexibility while maintaining clear visibility into the configuration.
What This Means for Customers
- Broader deployment options for development and testing
- Clear warnings when running in non-optimal configurations
- Graceful fallback instead of startup failures
Bug Fixes
Data Healing and Resiliency
| Issue | Resolution |
|---|---|
| Deadlock during concurrent healing of offline drives | Eliminated race condition ensuring self-healing completes reliably |
| Object version deletion failures in distributed deployments | Resolved failures affecting quarantine functionality |
| Unnecessary quarantine directories for small objects | Corrected healing behavior for inlined objects |
| Duplicate bucket processing in background scanning | Optimized scanner to reduce resource consumption |
Lifecycle and Data Management
| Issue | Resolution |
|---|---|
| Memory leak in batch expiration | Fixed leak affecting buckets with many object versions |
| Batch expiration on WORM buckets | Prevented with clear error notification |
| Missing remote metadata during bucket import | Automated healing in site replication setups |
System Operations and API Compatibility
| Issue | Resolution |
|---|---|
| Race conditions in distributed locking | Reinforced ForceUnlock operations |
| Incorrect checksum mode reporting | Now correctly reports FULL_OBJECT for S3 compatibility |
Spurious xl.meta file not found warnings | Eliminated log noise during normal operations |
| Console issues on subpath deployments | Fixed authentication and preview functionality |
Upgrade Recommendations
| Environment | Recommendation |
|---|---|
| Using Azure AD or LDAP | Upgrade soon for improved identity management |
| Large-scale lifecycle management | Upgrade for prefix deletion capability |
| Production deployments | Upgrade at next maintenance window |
| Development/Test environments | Upgrade when convenient |
References
For upgrade assistance, contact your MinIO support team.