Medium severity5.3OSV Advisory· Published May 28, 2024· Updated Apr 15, 2026
CVE-2024-36107
CVE-2024-36107
Description
MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. If-Modified-Since and If-Unmodified-Since headers when used with anonymous requests by sending a random object name requests can be used to determine if an object exists or not on the server on a specific bucket and also gain access to some amount of information such as Last-Modified (of the latest version), Etag (of the latest version), x-amz-version-id (of the latest version), Expires (metadata value of the latest version), Cache-Control (metadata value of the latest version). This conditional check was being honored before validating if the anonymous access is indeed allowed on the metadata of an object. This issue has been addressed in commit e0fe7cc3917. Users must upgrade to RELEASE.2024-05-27T19-17-46Z for the fix. There are no known workarounds for this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
MinIO object storage vulnerability allows anonymous users to detect object existence and metadata via timed conditional headers, bypassing access validation.
CVE-2024-36107 describes an information disclosure vulnerability in MinIO, a high-performance object storage system. The issue arises when anonymous requests use the If-Modified-Since or If-Unmodified-Since headers. Before validating whether anonymous access is permitted to an object's metadata, MinIO processes these conditional headers. This allows an attacker to infer the existence of an object by sending a request with a random object name and observing the server's response behavior [1][2].
To exploit this vulnerability, an attacker needs network access to a MinIO instance. By crafting anonymous requests with these headers, they can determine if an object exists on a specific bucket. Additionally, the server may leak metadata such as Last-Modified, Etag, x-amz-version-id, Expires, and Cache-Control for the latest version of the object [2]. No authentication or prior knowledge of bucket content is required, only the ability to send HTTP requests.
The primary impact is information disclosure. An attacker can enumerate object existence and obtain metadata, which can aid in further attacks, such as inferring data patterns or targeting specific files. The vulnerability does not allow direct data access but exposes sensitive metadata that might be used for reconnaissance.
The fix is implemented in commit e0fe7cc3917 and is included in MinIO release RELEASE.2024-05-27T19-17-46Z [3]. Users must upgrade to this version or later. There are no known workarounds for this issue [1][2]. Organizations using MinIO should prioritize patching to prevent anonymous metadata disclosure.
References
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/minio/minioGo | < 0.0.0-20240527191746-e0fe7cc39172 | 0.0.0-20240527191746-e0fe7cc39172 |
Affected products
11- osv-coords10 versionspkg:apk/chainguard/miniopkg:apk/chainguard/minio-bitnami-2024-compatpkg:apk/chainguard/minio-bitnami-2025-compatpkg:apk/chainguard/minio-iamguarded-2025-compatpkg:apk/wolfi/miniopkg:apk/wolfi/minio-bitnami-2024-compatpkg:apk/wolfi/minio-bitnami-2025-compatpkg:apk/wolfi/minio-iamguarded-2025-compatpkg:bitnami/miniopkg:golang/github.com/minio/minio
< 0.20240613.225353-r0+ 9 more
- (no CPE)range: < 0.20240613.225353-r0
- (no CPE)range: < 0.20240613.225353-r0
- (no CPE)range: < 0.20240613.225353-r0
- (no CPE)range: < 0.20240613.225353-r0
- (no CPE)range: < 0.20240613.225353-r0
- (no CPE)range: < 0.20240613.225353-r0
- (no CPE)range: < 0.20240613.225353-r0
- (no CPE)range: < 0.20240613.225353-r0
- (no CPE)range: < 2024.5.27
- (no CPE)range: < 0.0.0-20240527191746-e0fe7cc39172
Patches
1e0fe7cc39172fix: information disclosure bug in preconditions GET (#19810)
19 files changed · +91 −92
buildscripts/rewrite-old-new.sh+7 −7 modified@@ -45,7 +45,8 @@ function verify_rewrite() { "${MINIO_OLD[@]}" --address ":$start_port" "${WORK_DIR}/xl{1...16}" >"${WORK_DIR}/server1.log" 2>&1 & pid=$! disown $pid - sleep 10 + + "${WORK_DIR}/mc" ready minio/ if ! ps -p ${pid} 1>&2 >/dev/null; then echo "server1 log:" @@ -77,7 +78,8 @@ function verify_rewrite() { "${MINIO[@]}" --address ":$start_port" "${WORK_DIR}/xl{1...16}" >"${WORK_DIR}/server1.log" 2>&1 & pid=$! disown $pid - sleep 10 + + "${WORK_DIR}/mc" ready minio/ if ! ps -p ${pid} 1>&2 >/dev/null; then echo "server1 log:" @@ -87,14 +89,12 @@ function verify_rewrite() { exit 1 fi - go install -v github.com/minio/minio/docs/debugging/s3-check-md5@latest - - if ! s3-check-md5 \ + if ! ./s3-check-md5 \ -debug \ -versions \ -access-key minio \ -secret-key minio123 \ - -endpoint http://127.0.0.1:${start_port}/ 2>&1 | grep INTACT; then + -endpoint "http://127.0.0.1:${start_port}/" 2>&1 | grep INTACT; then echo "server1 log:" cat "${WORK_DIR}/server1.log" echo "FAILED" @@ -114,7 +114,7 @@ function verify_rewrite() { go run ./buildscripts/heal-manual.go "127.0.0.1:${start_port}" "minio" "minio123" sleep 1 - if ! s3-check-md5 \ + if ! ./s3-check-md5 \ -debug \ -versions \ -access-key minio \
buildscripts/verify-healing-empty-erasure-set.sh+10 −4 modified@@ -19,7 +19,7 @@ function start_minio_3_node() { export MINIO_ERASURE_SET_DRIVE_COUNT=6 export MINIO_CI_CD=1 - start_port=$2 + start_port=$1 args="" for i in $(seq 1 3); do args="$args http://127.0.0.1:$((start_port + i))${WORK_DIR}/$i/1/ http://127.0.0.1:$((start_port + i))${WORK_DIR}/$i/2/ http://127.0.0.1:$((start_port + i))${WORK_DIR}/$i/3/ http://127.0.0.1:$((start_port + i))${WORK_DIR}/$i/4/ http://127.0.0.1:$((start_port + i))${WORK_DIR}/$i/5/ http://127.0.0.1:$((start_port + i))${WORK_DIR}/$i/6/" @@ -37,7 +37,8 @@ function start_minio_3_node() { pid3=$! disown $pid3 - sleep "$1" + export MC_HOST_myminio="http://minio:minio123@127.0.0.1:$((start_port + 1))" + /tmp/mc ready myminio if ! ps -p $pid1 1>&2 >/dev/null; then echo "server1 log:" @@ -99,18 +100,23 @@ function __init__() { ## version is purposefully set to '3' for minio to migrate configuration file echo '{"version": "3", "credential": {"accessKey": "minio", "secretKey": "minio123"}, "region": "us-east-1"}' >"$MINIO_CONFIG_DIR/config.json" + + if [ ! -f /tmp/mc ]; then + wget --quiet -O /tmp/mc https://dl.minio.io/client/mc/release/linux-amd64/mc && + chmod +x /tmp/mc + fi } function perform_test() { - start_minio_3_node 120 $2 + start_minio_3_node $2 echo "Testing Distributed Erasure setup healing of drives" echo "Remove the contents of the disks belonging to '${1}' erasure set" rm -rf ${WORK_DIR}/${1}/*/ set -x - start_minio_3_node 120 $2 + start_minio_3_node $2 rv=$(check_online) if [ "$rv" == "1" ]; then
buildscripts/verify-healing.sh+11 −9 modified@@ -15,14 +15,18 @@ MINIO=("$PWD/minio" --config-dir "$MINIO_CONFIG_DIR" server) GOPATH=/tmp/gopath function start_minio_3_node() { + for i in $(seq 1 3); do + rm "${WORK_DIR}/dist-minio-server$i.log" + done + export MINIO_ROOT_USER=minio export MINIO_ROOT_PASSWORD=minio123 export MINIO_ERASURE_SET_DRIVE_COUNT=6 export MINIO_CI_CD=1 first_time=$(find ${WORK_DIR}/ | grep format.json | wc -l) - start_port=$2 + start_port=$1 args="" for d in $(seq 1 3 5); do args="$args http://127.0.0.1:$((start_port + 1))${WORK_DIR}/1/${d}/ http://127.0.0.1:$((start_port + 2))${WORK_DIR}/2/${d}/ http://127.0.0.1:$((start_port + 3))${WORK_DIR}/3/${d}/ " @@ -42,9 +46,11 @@ function start_minio_3_node() { pid3=$! disown $pid3 - sleep "$1" + export MC_HOST_myminio="http://minio:minio123@127.0.0.1:$((start_port + 1))" + /tmp/mc ready myminio - [ ${first_time} -eq 0 ] && upload_objects $start_port + [ ${first_time} -eq 0 ] && upload_objects + [ ${first_time} -ne 0 ] && sleep 120 if ! ps -p $pid1 1>&2 >/dev/null; then echo "server1 log:" @@ -127,10 +133,6 @@ function __init__() { } function upload_objects() { - start_port=$1 - - /tmp/mc alias set myminio http://127.0.0.1:$((start_port + 1)) minio minio123 --api=s3v4 - /tmp/mc ready myminio /tmp/mc mb myminio/testbucket/ for ((i = 0; i < 20; i++)); do echo "my content" | /tmp/mc pipe myminio/testbucket/file-$i @@ -140,15 +142,15 @@ function upload_objects() { function perform_test() { start_port=$2 - start_minio_3_node 120 $start_port + start_minio_3_node $start_port echo "Testing Distributed Erasure setup healing of drives" echo "Remove the contents of the disks belonging to '${1}' node" rm -rf ${WORK_DIR}/${1}/*/ set -x - start_minio_3_node 120 $start_port + start_minio_3_node $start_port check_heal ${1} rv=$?
cmd/object-handlers.go+9 −9 modified@@ -476,6 +476,15 @@ func (api objectAPIHandlers) getObjectHandler(ctx context.Context, objectAPI Obj return true } + if oi.UserTags != "" { + r.Header.Set(xhttp.AmzObjectTagging, oi.UserTags) + } + + if s3Error := authorizeRequest(ctx, r, policy.GetObjectAction); s3Error != ErrNone { + writeErrorResponse(ctx, w, errorCodes.ToAPIErr(s3Error), r.URL) + return true + } + return checkPreconditions(ctx, w, r, oi, opts) } @@ -547,15 +556,6 @@ func (api objectAPIHandlers) getObjectHandler(ctx context.Context, objectAPI Obj objInfo := gr.ObjInfo - if objInfo.UserTags != "" { - r.Header.Set(xhttp.AmzObjectTagging, objInfo.UserTags) - } - - if s3Error := authorizeRequest(ctx, r, policy.GetObjectAction); s3Error != ErrNone { - writeErrorResponse(ctx, w, errorCodes.ToAPIErr(s3Error), r.URL) - return - } - if !proxy.Proxy { // apply lifecycle rules only for local requests // Automatically remove the object/version if an expiry lifecycle rule can be applied if lc, err := globalLifecycleSys.Get(bucket); err == nil {
docs/bucket/replication/setup_3site_replication.sh+13 −15 modified@@ -43,8 +43,6 @@ unset MINIO_KMS_KES_KEY_FILE unset MINIO_KMS_KES_ENDPOINT unset MINIO_KMS_KES_KEY_NAME -go install -v github.com/minio/minio/docs/debugging/s3-check-md5@latest - wget -q -O mc https://dl.minio.io/client/mc/release/linux-amd64/mc && chmod +x mc @@ -202,19 +200,19 @@ head -c 221227088 </dev/urandom >200M sleep 10 echo "Verifying ETag for all objects" -s3-check-md5 -versions -access-key minio -secret-key minio123 -endpoint http://127.0.0.1:9001/ -bucket bucket -s3-check-md5 -versions -access-key minio -secret-key minio123 -endpoint http://127.0.0.1:9002/ -bucket bucket -s3-check-md5 -versions -access-key minio -secret-key minio123 -endpoint http://127.0.0.1:9003/ -bucket bucket -s3-check-md5 -versions -access-key minio -secret-key minio123 -endpoint http://127.0.0.1:9004/ -bucket bucket -s3-check-md5 -versions -access-key minio -secret-key minio123 -endpoint http://127.0.0.1:9005/ -bucket bucket -s3-check-md5 -versions -access-key minio -secret-key minio123 -endpoint http://127.0.0.1:9006/ -bucket bucket - -s3-check-md5 -versions -access-key minio -secret-key minio123 -endpoint http://127.0.0.1:9001/ -bucket olockbucket -s3-check-md5 -versions -access-key minio -secret-key minio123 -endpoint http://127.0.0.1:9002/ -bucket olockbucket -s3-check-md5 -versions -access-key minio -secret-key minio123 -endpoint http://127.0.0.1:9003/ -bucket olockbucket -s3-check-md5 -versions -access-key minio -secret-key minio123 -endpoint http://127.0.0.1:9004/ -bucket olockbucket -s3-check-md5 -versions -access-key minio -secret-key minio123 -endpoint http://127.0.0.1:9005/ -bucket olockbucket -s3-check-md5 -versions -access-key minio -secret-key minio123 -endpoint http://127.0.0.1:9006/ -bucket olockbucket +./s3-check-md5 -versions -access-key minio -secret-key minio123 -endpoint http://127.0.0.1:9001/ -bucket bucket +./s3-check-md5 -versions -access-key minio -secret-key minio123 -endpoint http://127.0.0.1:9002/ -bucket bucket +./s3-check-md5 -versions -access-key minio -secret-key minio123 -endpoint http://127.0.0.1:9003/ -bucket bucket +./s3-check-md5 -versions -access-key minio -secret-key minio123 -endpoint http://127.0.0.1:9004/ -bucket bucket +./s3-check-md5 -versions -access-key minio -secret-key minio123 -endpoint http://127.0.0.1:9005/ -bucket bucket +./s3-check-md5 -versions -access-key minio -secret-key minio123 -endpoint http://127.0.0.1:9006/ -bucket bucket + +./s3-check-md5 -versions -access-key minio -secret-key minio123 -endpoint http://127.0.0.1:9001/ -bucket olockbucket +./s3-check-md5 -versions -access-key minio -secret-key minio123 -endpoint http://127.0.0.1:9002/ -bucket olockbucket +./s3-check-md5 -versions -access-key minio -secret-key minio123 -endpoint http://127.0.0.1:9003/ -bucket olockbucket +./s3-check-md5 -versions -access-key minio -secret-key minio123 -endpoint http://127.0.0.1:9004/ -bucket olockbucket +./s3-check-md5 -versions -access-key minio -secret-key minio123 -endpoint http://127.0.0.1:9005/ -bucket olockbucket +./s3-check-md5 -versions -access-key minio -secret-key minio123 -endpoint http://127.0.0.1:9006/ -bucket olockbucket # additional tests for encryption object alignment go install -v github.com/minio/multipart-debug@latest
docs/debugging/build.sh+2 −1 modified@@ -2,5 +2,6 @@ export CGO_ENABLED=0 for dir in docs/debugging/*/; do - go build -C ${dir} -v + bin=$(basename ${dir}) + go build -C ${dir} -o ${PWD}/${bin} done
docs/debugging/inspect/go.mod+1 −1 modified@@ -1,6 +1,6 @@ module github.com/minio/minio/docs/debugging/inspect -go 1.19 +go 1.21 require ( github.com/klauspost/compress v1.17.4
docs/debugging/pprofgoparser/go.mod+1 −1 modified@@ -1,3 +1,3 @@ module github.com/minio/minio/docs/debugging/pprofgoparser -go 1.19 +go 1.21
docs/debugging/reorder-disks/go.mod+2 −2 modified@@ -1,5 +1,5 @@ module github.com/minio/minio/docs/debugging/reorder-disks -go 1.19 +go 1.21 -require github.com/minio/pkg/v2 v2.0.6 +require github.com/minio/pkg/v3 v3.0.1
docs/debugging/reorder-disks/go.sum+2 −2 modified@@ -1,2 +1,2 @@ -github.com/minio/pkg/v2 v2.0.6 h1:n+PpbSMaJK1FfQkP55l1y0wj5Hi9R5w2DtGhxiGdP9I= -github.com/minio/pkg/v2 v2.0.6/go.mod h1:Z9Z/LzhTIxZ6zhPeW658vmLRilRek3zBOqNB9j+lxSY= +github.com/minio/pkg/v3 v3.0.1 h1:qts6g9rYjAdeomRdwjnMc1IaQ6KbaJs3dwqBntXziaw= +github.com/minio/pkg/v3 v3.0.1/go.mod h1:53gkSUVHcfYoskOs5YAJ3D99nsd2SKru90rdE9whlXU=
docs/debugging/xattr/go.mod+1 −1 modified@@ -1,6 +1,6 @@ module github.com/minio/minio/docs/debugging/xattr -go 1.19 +go 1.21 require ( github.com/olekukonko/tablewriter v0.0.5
docs/distributed/decom-compressed-sse-s3.sh+1 −3 modified@@ -148,8 +148,6 @@ if [ $ret -ne 0 ]; then exit 1 fi -go install -v github.com/minio/minio/docs/debugging/s3-check-md5@latest - -s3-check-md5 -versions -access-key minioadmin -secret-key minioadmin -endpoint http://127.0.0.1:9001/ -bucket versioned +./s3-check-md5 -versions -access-key minioadmin -secret-key minioadmin -endpoint http://127.0.0.1:9001/ -bucket versioned kill $pid
docs/distributed/decom-encrypted-kes.sh+2 −4 modified@@ -238,10 +238,8 @@ if [ $ret -ne 0 ]; then exit 1 fi -go install -v github.com/minio/minio/docs/debugging/s3-check-md5@latest - -s3-check-md5 -versions -access-key minioadmin -secret-key minioadmin -endpoint http://127.0.0.1:9001/ -bucket versioned -s3-check-md5 -versions -access-key minioadmin -secret-key minioadmin -endpoint http://127.0.0.1:9001/ -bucket versioned-1 +./s3-check-md5 -versions -access-key minioadmin -secret-key minioadmin -endpoint http://127.0.0.1:9001/ -bucket versioned +./s3-check-md5 -versions -access-key minioadmin -secret-key minioadmin -endpoint http://127.0.0.1:9001/ -bucket versioned-1 kill $pid kill $kes_pid
docs/distributed/decom-encrypted.sh+1 −3 modified@@ -144,8 +144,6 @@ if [ "${expected_checksum}" != "${got_checksum}" ]; then exit 1 fi -go install -v github.com/minio/minio/docs/debugging/s3-check-md5@latest - -s3-check-md5 -versions -access-key minioadmin -secret-key minioadmin -endpoint http://127.0.0.1:9001/ -bucket versioned +./s3-check-md5 -versions -access-key minioadmin -secret-key minioadmin -endpoint http://127.0.0.1:9001/ -bucket versioned kill $pid
docs/distributed/decom-encrypted-sse-s3.sh+1 −3 modified@@ -158,8 +158,6 @@ if [ $ret -ne 0 ]; then exit 1 fi -go install -v github.com/minio/minio/docs/debugging/s3-check-md5@latest - -s3-check-md5 -versions -access-key minioadmin -secret-key minioadmin -endpoint http://127.0.0.1:9001/ -bucket versioned +./s3-check-md5 -versions -access-key minioadmin -secret-key minioadmin -endpoint http://127.0.0.1:9001/ -bucket versioned kill $pid
docs/distributed/decom.sh+0 −2 modified@@ -212,8 +212,6 @@ if [ "${expected_checksum}" != "${got_checksum}" ]; then exit 1 fi -go install -v github.com/minio/minio/docs/debugging/s3-check-md5@latest - s3-check-md5 -versions -access-key minioadmin -secret-key minioadmin -endpoint http://127.0.0.1:9001/ -bucket bucket2 s3-check-md5 -versions -access-key minioadmin -secret-key minioadmin -endpoint http://127.0.0.1:9001/ -bucket versioned
.github/workflows/multipart/migrate.sh+7 −9 modified@@ -24,8 +24,6 @@ if [ ! -f ./mc ]; then chmod +x mc fi -go install -v github.com/minio/minio/docs/debugging/s3-check-md5@latest - export RELEASE=RELEASE.2023-08-29T23-07-35Z docker-compose -f docker-compose-site1.yaml up -d @@ -45,10 +43,10 @@ sleep 30s sleep 5 -s3-check-md5 -h +./s3-check-md5 -h -failed_count_site1=$(s3-check-md5 -versions -access-key minioadmin -secret-key minioadmin -endpoint http://site1-nginx:9001 -bucket testbucket 2>&1 | grep FAILED | wc -l) -failed_count_site2=$(s3-check-md5 -versions -access-key minioadmin -secret-key minioadmin -endpoint http://site2-nginx:9002 -bucket testbucket 2>&1 | grep FAILED | wc -l) +failed_count_site1=$(./s3-check-md5 -versions -access-key minioadmin -secret-key minioadmin -endpoint http://site1-nginx:9001 -bucket testbucket 2>&1 | grep FAILED | wc -l) +failed_count_site2=$(./s3-check-md5 -versions -access-key minioadmin -secret-key minioadmin -endpoint http://site2-nginx:9002 -bucket testbucket 2>&1 | grep FAILED | wc -l) if [ $failed_count_site1 -ne 0 ]; then echo "failed with multipart on site1 uploads" @@ -64,8 +62,8 @@ fi sleep 5 -failed_count_site1=$(s3-check-md5 -versions -access-key minioadmin -secret-key minioadmin -endpoint http://site1-nginx:9001 -bucket testbucket 2>&1 | grep FAILED | wc -l) -failed_count_site2=$(s3-check-md5 -versions -access-key minioadmin -secret-key minioadmin -endpoint http://site2-nginx:9002 -bucket testbucket 2>&1 | grep FAILED | wc -l) +failed_count_site1=$(./s3-check-md5 -versions -access-key minioadmin -secret-key minioadmin -endpoint http://site1-nginx:9001 -bucket testbucket 2>&1 | grep FAILED | wc -l) +failed_count_site2=$(./s3-check-md5 -versions -access-key minioadmin -secret-key minioadmin -endpoint http://site2-nginx:9002 -bucket testbucket 2>&1 | grep FAILED | wc -l) ## we do not need to fail here, since we are going to test ## upgrading to master, healing and being able to recover @@ -93,8 +91,8 @@ for i in $(seq 1 10); do ./mc admin heal -r --remove --json site2/ 2>&1 >/dev/null done -failed_count_site1=$(s3-check-md5 -versions -access-key minioadmin -secret-key minioadmin -endpoint http://site1-nginx:9001 -bucket testbucket 2>&1 | grep FAILED | wc -l) -failed_count_site2=$(s3-check-md5 -versions -access-key minioadmin -secret-key minioadmin -endpoint http://site2-nginx:9002 -bucket testbucket 2>&1 | grep FAILED | wc -l) +failed_count_site1=$(./s3-check-md5 -versions -access-key minioadmin -secret-key minioadmin -endpoint http://site1-nginx:9001 -bucket testbucket 2>&1 | grep FAILED | wc -l) +failed_count_site2=$(./s3-check-md5 -versions -access-key minioadmin -secret-key minioadmin -endpoint http://site2-nginx:9002 -bucket testbucket 2>&1 | grep FAILED | wc -l) if [ $failed_count_site1 -ne 0 ]; then echo "failed with multipart on site1 uploads"
.gitignore+10 −1 modified@@ -43,4 +43,13 @@ docs/debugging/inspect/inspect docs/debugging/pprofgoparser/pprofgoparser docs/debugging/reorder-disks/reorder-disks docs/debugging/populate-hard-links/populate-hardlinks -docs/debugging/xattr/xattr \ No newline at end of file +docs/debugging/xattr/xattr +hash-set +healing-bin +inspect +pprofgoparser +reorder-disks +s3-check-md5 +s3-verify +xattr +xl-meta
Makefile+10 −15 modified@@ -45,7 +45,7 @@ lint-fix: getdeps ## runs golangci-lint suite of linters with automatic fixes @$(GOLANGCI) run --build-tags kqueue --timeout=10m --config ./.golangci.yml --fix check: test -test: verifiers build build-debugging ## builds minio, runs linters, tests +test: verifiers build ## builds minio, runs linters, tests @echo "Running unit tests" @MINIO_API_REQUESTS_MAX=10000 CGO_ENABLED=0 go test -v -tags kqueue ./... @@ -127,37 +127,32 @@ test-site-replication-minio: install-race ## verify automatic site replication @echo "Running tests for automatic site replication of SSE-C objects with compression enabled for site" @(env bash $(PWD)/docs/site-replication/run-ssec-object-replication-with-compression.sh) -verify: ## verify minio various setups +verify: install-race ## verify minio various setups @echo "Verifying build with race" - @GORACE=history_size=7 CGO_ENABLED=1 go build -race -tags kqueue -trimpath --ldflags "$(LDFLAGS)" -o $(PWD)/minio 1>/dev/null @(env bash $(PWD)/buildscripts/verify-build.sh) -verify-healing: ## verify healing and replacing disks with minio binary +verify-healing: install-race ## verify healing and replacing disks with minio binary @echo "Verify healing build with race" - @GORACE=history_size=7 CGO_ENABLED=1 go build -race -tags kqueue -trimpath --ldflags "$(LDFLAGS)" -o $(PWD)/minio 1>/dev/null @(env bash $(PWD)/buildscripts/verify-healing.sh) @(env bash $(PWD)/buildscripts/verify-healing-empty-erasure-set.sh) @(env bash $(PWD)/buildscripts/heal-inconsistent-versions.sh) -verify-healing-with-root-disks: ## verify healing root disks +verify-healing-with-root-disks: install-race ## verify healing root disks @echo "Verify healing with root drives" - @GORACE=history_size=7 CGO_ENABLED=1 go build -race -tags kqueue -trimpath --ldflags "$(LDFLAGS)" -o $(PWD)/minio 1>/dev/null @(env bash $(PWD)/buildscripts/verify-healing-with-root-disks.sh) -verify-healing-with-rewrite: ## verify healing to rewrite old xl.meta -> new xl.meta +verify-healing-with-rewrite: install-race ## verify healing to rewrite old xl.meta -> new xl.meta @echo "Verify healing with rewrite" - @GORACE=history_size=7 CGO_ENABLED=1 go build -race -tags kqueue -trimpath --ldflags "$(LDFLAGS)" -o $(PWD)/minio 1>/dev/null @(env bash $(PWD)/buildscripts/rewrite-old-new.sh) -verify-healing-inconsistent-versions: ## verify resolving inconsistent versions +verify-healing-inconsistent-versions: install-race ## verify resolving inconsistent versions @echo "Verify resolving inconsistent versions build with race" - @GORACE=history_size=7 CGO_ENABLED=1 go build -race -tags kqueue -trimpath --ldflags "$(LDFLAGS)" -o $(PWD)/minio 1>/dev/null @(env bash $(PWD)/buildscripts/resolve-right-versions.sh) build-debugging: @(env bash $(PWD)/docs/debugging/build.sh) -build: checks ## builds minio to $(PWD) +build: checks build-debugging ## builds minio to $(PWD) @echo "Building minio binary to './minio'" @CGO_ENABLED=0 go build -tags kqueue -trimpath --ldflags "$(LDFLAGS)" -o $(PWD)/minio 1>/dev/null @@ -196,15 +191,15 @@ docker: build ## builds minio docker container @echo "Building minio docker image '$(TAG)'" @docker build -q --no-cache -t $(TAG) . -f Dockerfile -install-race: checks ## builds minio to $(PWD) +install-race: checks build-debugging ## builds minio to $(PWD) @echo "Building minio binary with -race to './minio'" @GORACE=history_size=7 CGO_ENABLED=1 go build -tags kqueue -race -trimpath --ldflags "$(LDFLAGS)" -o $(PWD)/minio 1>/dev/null @echo "Installing minio binary with -race to '$(GOPATH)/bin/minio'" - @mkdir -p $(GOPATH)/bin && cp -f $(PWD)/minio $(GOPATH)/bin/minio + @mkdir -p $(GOPATH)/bin && cp -af $(PWD)/minio $(GOPATH)/bin/minio install: build ## builds minio and installs it to $GOPATH/bin. @echo "Installing minio binary to '$(GOPATH)/bin/minio'" - @mkdir -p $(GOPATH)/bin && cp -f $(PWD)/minio $(GOPATH)/bin/minio + @mkdir -p $(GOPATH)/bin && cp -af $(PWD)/minio $(GOPATH)/bin/minio @echo "Installation successful. To learn more, try \"minio --help\"." clean: ## cleanup all generated assets
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- github.com/advisories/GHSA-95fr-cm4m-q5p9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-36107ghsaADVISORY
- developer.mozilla.org/en-US/docs/Web/HTTP/Headers/If-Modified-SincenvdWEB
- developer.mozilla.org/en-US/docs/Web/HTTP/Headers/If-Unmodified-SincenvdWEB
- github.com/minio/minio/commit/e0fe7cc391724fc5baa85b45508f425020fe4272nvdWEB
- github.com/minio/minio/pull/19810nvdWEB
- github.com/minio/minio/security/advisories/GHSA-95fr-cm4m-q5p9nvdWEB
News mentions
0No linked articles in our index yet.