Enhancements in 5.3.3

  • Updated on Jan 30, 2026
  • Published on Jan 26, 2026
  • 2 minute(s) read
Prev Next

Encryption of Data at Rest

  • Added support for Utimaco Enterprise Secure Key Manager.

  • Provided an ability to enable generic KMIP support instead of choosing one of the specific EKMs.

S3

  • ORION-224714: Added support for x-amz-checksum-algorithm header and SHA256 checksum verification for PUT and UploadPart requests. For other request types, the header is ignored.

  • ORION-194806: Added support for the ‘?’ wildcard (denoting any single character) in identity and bucket policies.

  • ORION-178140: Starting with VAST Cluster 5.3.3, VAST S3 implementation supports S3 requests that set an ACL for a grantee being a group. The group can be specified using GroupLoginName as the type and group's email address as the value. For example:

    • In a PutBucketAcl or a PutObjectAcl request: 

      <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="GroupLoginName">
    <EmailAddress>mygroup@domain.com</EmailAddress>
</Grantee>

    • In a PutObject request:

      x-amz-grant-read: groupLoginName=mygroup@domain.com

    Note that GetBucketAcl and GetObjectAcl requests will continue to return group VAST IDs.

Protocol Auditing

  • ORION-211474: The Create permissions for the Logical realm are no longer required to access the VAST Audit Log via VMS (in VAST Web UI: DataBase -> VAST Audit Log).

Authentication & Authorization

  • ORION-213300: Improved the way VAST Cluster queries authentication providers for user groups.

    Starting with VAST Cluster 5.3.3, if a tenant has multiple providers attached, a group is queried in all providers attached in a way that ensures that all the information for this group on all of the providers is taken into account.

    Prior to this change, once the group was found on any of the providers, the cluster would not repeat queries for this group to the other providers, which in some cases could result in access denied errors for the users.

    For newly installed clusters, the new behavior is enabled by default. For upgraded clusters, contact VAST Support to enable the new behavior.

VMS

  • ORION-277321: The stripe_available_permille metric (shows the amount of available stripes on the cluster) can now be exported with VAST Prometheus Exporter.

  • ORION-265739: Added an alert to be raised when the cluster time is not synchronized with an NTP server.

VAST CLI

  • ORION-269530: The vms list and vms show commands now display fields that provide information about the management data interface for L3 networks. The information includes the interface's name, virtual IP, network mask and VLAN.

  • ORION-269527: The vms modify command offers a new option, --delete-mgmt-data-vip, that lets you delete the VMS virtual IP.

Platform & Control

  • ORION-266611: The BMC firmware version for Cisco EBox nodes is now displayed including the release details in parentheses, for example: 4.3(5.250043).

Related articles
  • Enhancements in 5.3.0
    VAST Cluster > Version 5.3 > Version 5.3 Release Notes > VAST Cluster 5.3.0 Release Notes
  • Enhancements in 5.2.0
    VAST Cluster > Version 5.2 > VAST Cluster 5.2 Release Notes > VAST Cluster 5.2.0 Release Notes
  • Enhancements in 5.1.0
    VAST Cluster > Version 5.1 > VAST Cluster 5.1 Release Notes > VAST Cluster 5.1.0 Release Notes