f2619d1f62
Fix description error in README ( #21099 )
There is prefix in json, but not in the equivalent command line. Although the role of prefix has been explained in the previous example, I think it should be supplemented.
4 months ago
8c70975283
make sure to validate signature unsigned trailer stream ( #21103 )
This is a security incident fix, it would seem like since
the implementation of unsigned payload trailer on PUTs,
we do not validate the signature of the incoming request.
The signature can be invalid and is totally being ignored,
this in-turn allows any arbitrary secret to upload objects
given the user has "WRITE" permissions on the bucket, since
acces-key is a public information in general exposes these
potential users with WRITE on the bucket to be used by any
arbitrary client to make a fake request to MinIO the signature
under Authorization: header is totally ignored.
A test has been added to cover this scenario and fail
appropriately.
4 months ago
01447d2438
Fix evaluation of NewerNoncurrentVersions ( #21096 )
- Move VersionPurgeStatus into replication package
- ilm: Evaluate policy w/ obj retention/replication
- lifecycle: Use Evaluator to enforce ILM in scanner
- Unit tests covering ILM, replication and retention
- Simplify NewEvaluator constructor
4 months ago
07f31e574c
Try reconnect IAM systems if failed initially ( #20333 )
Fixes: https://github.com/minio/minio/issues/20118
Signed-off-by: Shubhendu Ram Tripathi <shubhendu@minio.io>
4 months ago
8d223e07fb
Fix: Change TTFB metric type to histogram ( #20999 )
4 months ago
4041a8727c
start publishing latest-cicd images
4 months ago
5f243fde9a
Fix anonymous unsigned trailing headers ( #21095 )
Do not fail on anonymous requests with trailing headers.
Fixes #21005
With modified minio-go (will send PR):
```
<DEBUG> PUT /tbb/mc.exe HTTP/1.1
Host: 127.0.0.1:9001
User-Agent: MinIO (windows; amd64) minio-go/v7.0.90 mc/DEVELOPMENT.GOGET
Content-Length: 44301288
Accept-Encoding: zstd,gzip
Content-Encoding: aws-chunked
Content-Type: application/x-msdownload
X-Amz-Content-Sha256: STREAMING-UNSIGNED-PAYLOAD-TRAILER
X-Amz-Date: 20250401T150402Z
X-Amz-Decoded-Content-Length: 44295168
X-Amz-Trailer: x-amz-checksum-crc32
mc: <DEBUG> HTTP/1.1 200 OK
Content-Length: 0
Accept-Ranges: bytes
Date: Tue, 01 Apr 2025 15:04:02 GMT
Etag: "46273a30f232dc015ead1c0da8925c98"
Server: MinIO
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
Vary: Accept-Encoding
X-Amz-Checksum-Crc32: wElc/A==
X-Amz-Id-2: 7987905dee74cdeb212432486a178e511309594cee7cb75f892cd53e35f09ea4
X-Amz-Request-Id: 18323A0F322B41C8
X-Content-Type-Options: nosniff
X-Ratelimit-Limit: 2478
X-Ratelimit-Remaining: 2478
X-Xss-Protection: 1; mode=block
```
Tested on multipart uploads as well.
4 months ago
a0e3f1cc18
internal: add handling of KVS config parse ( #21079 )
4 months ago
b1bc641105
chore(all): replace map key deletion loop with clear() ( #21082 )
4 months ago
e0c8738230
fix: token is invalid for admin heal when minio is distErasure on windows ( #21092 )
4 months ago
9aa24b1920
fix call toAPIErrorCode with a nil value error after check another err ( #21083 )
if check lerr != nil and return a toAPIErrorCode(nil)
it should return toAPIErrorCode(lerr)
4 months ago
53d40e41bc
Add new API endpoint to revoke STS tokens ( #21072 )
4 months ago
e88d494775
Migrate golanglint-ci config to V2 ( #21081 )
4 months ago
b67f0cf721
build(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 ( #21056 )
Bumps [github.com/golang-jwt/jwt/v4](https://github.com/golang-jwt/jwt ) from 4.5.1 to 4.5.2.
- [Release notes](https://github.com/golang-jwt/jwt/releases )
- [Changelog](https://github.com/golang-jwt/jwt/blob/main/VERSION_HISTORY.md )
- [Commits](https://github.com/golang-jwt/jwt/compare/v4.5.1...v4.5.2 )
---
updated-dependencies:
- dependency-name: github.com/golang-jwt/jwt/v4
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
4 months ago
46922c71b7
Updating Prom queries to include tilde needed to work ( #21054 )
4 months ago
670edb4fcf
build(deps): bump github.com/golang-jwt/jwt/v5 from 5.2.1 to 5.2.2 ( #21055 )
Bumps [github.com/golang-jwt/jwt/v5](https://github.com/golang-jwt/jwt ) from 5.2.1 to 5.2.2.
- [Release notes](https://github.com/golang-jwt/jwt/releases )
- [Changelog](https://github.com/golang-jwt/jwt/blob/main/VERSION_HISTORY.md )
- [Commits](https://github.com/golang-jwt/jwt/compare/v5.2.1...v5.2.2 )
---
updated-dependencies:
- dependency-name: github.com/golang-jwt/jwt/v5
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
4 months ago
42d4ab2a0a
fix(templates): replace dash with underscore ( #19566 )
5 months ago
5e2eb372bf
update dependencies for CVE fix x/net
5 months ago
cccb37a5ac
Update yaml files to latest version RELEASE.2025-03-12T18-04-18Z
5 months ago
dbf31af6cb
decom: Ignore not found buckets ( #509 ) ( #21023 )
When decommissioning is started, the list of buckets to decommission is
calculated, however, a bucket can be removed before decommissioning reaches
it. This will cause an infinite loop of listing error complaining about
the non-existence of the bucket. This commit will ignore
errVolumeNotFound to skip the not found bucket.
5 months ago
93e40c3ab4
Disable unstable test ( #20996 )
Disable unstable test in vendored package. Only used for s3 select.
5 months ago
8aa0e9ff7c
Update ssh and jws libs for fixed CVEs ( #21017 )
- https://pkg.go.dev/vuln/GO-2025-3488
- https://pkg.go.dev/vuln/GO-2025-3487
5 months ago
bbd6f18afb
Update typos config ( #21018 )
5 months ago
2a3acc4f24
drive heal if we have enough success, do not error setList() ( #516 )
5 months ago
11507d46da
Enforce a bucket limit of 100 to v2 metrics calls ( #20761 )
Enforce a bucket count limit on metrics for v2 calls.
If people hit this limit, they should move to v3, as certain calls explode with high bucket count.
Reviewers: This *should* only affect v2 calls, but the complexity is overwhelming.
5 months ago
f9c62dea55
Update yaml files to latest version RELEASE.2025-02-28T09-55-16Z
5 months ago
8c2c92f7af
Fix healing probability for skipped folders ( #20988 )
We must update the heal probability when selectively skipping folders.
5 months ago
4c71f1b4ec
fix: SFTP auth bypass with no pub key in LDAP ( #20986 )
If a user attempts to authenticate with a key but does not have an
sshpubkey attribute in LDAP, the server allows the connection, which
means the server trusted the key without reason. This is now fixed,
and a test has been added for validation.
5 months ago
6cd8a372cb
replication: set checksum type correctly ( #20985 )
Fixes : #20978
5 months ago
953a3e2bbd
check for errors on bitrotWriter Close() ( #20982 )
5 months ago
7cc0c69228
Allow disabling of all X-Forwarded-For header processing ( #20977 )
5 months ago
f129fd48f2
Update golang.org/x/crypto to address govulncheck complaint ( #20983 )
5 months ago
bc4008ced4
Fix typos ( #20970 )
5 months ago
526053339b
build(deps): bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 ( #20976 )
Bumps [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose ) from 4.0.4 to 4.0.5.
- [Release notes](https://github.com/go-jose/go-jose/releases )
- [Changelog](https://github.com/go-jose/go-jose/blob/main/CHANGELOG.md )
- [Commits](https://github.com/go-jose/go-jose/compare/v4.0.4...v4.0.5 )
---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v4
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
5 months ago
62a35b3e77
Update SRSvcAccCreate with new type ( #20974 )
5 months ago
39df134204
Fix importIAM issue with importing implied policies ( #20956 )
5 months ago
ad4cbce22d
Update yaml files to latest version RELEASE.2025-02-18T16-25-55Z
5 months ago
90f5e1e5f6
tests: Do not allow forced type asserts ( #20905 )
5 months ago
aeabac9181
Test checksum types for invalid combinations ( #20953 )
5 months ago
b312f13473
Extract all files from encrypted stream with inspect ( #20937 )
Allow multiple private keys and extract all files from streams.
Place files in the folder with `.enc` removed.
Do basic checks so streams cannot traverse outside of the folder.
5 months ago
727a803bc0
fix(docs): update mc admin trace link to MinIO official docs ( #20943 )
5 months ago
d0e443172d
chore: remove unused and incorrect IsEmpty method from TargetIDSet ( #20939 )
5 months ago
60446e7ac0
ftp: Enable trailing headers, just like sftp ( #20938 )
5 months ago
b8544266e5
fix: typo in queuestore.go
5 months ago
437dd4e32a
Fix missing authorization check for `PutObjectRetentionHandler` ( #20929 )
6 months ago
447054b841
Update console to 1.7.6 ( #20925 )
6 months ago
9bf43e54cd
allow ARCH specific hotfixes
6 months ago
60f8423157
Quick patch for Snowball AutoExtract: #20883 ( #20885 )
* Checking allowance on empty prefix or Snowball-prefix - fixes #20883
* Check the policy for each object during Snowball auto-extraction
6 months ago
4355ea3c3f
(s)ftp: Enable trailing headers for upload ( #20914 )
Since we always "connect" to minio, it is fine.
6 months ago
e30f1ad7bd
Fix nil pointer deref in PeerPolicyMappingHandler ( #20913 )
The following lines will attempt to de-reference the nil value. Instead just return the error at once.
6 months ago
爱折腾的小竹同学