pluginAuthnServiceLastFailSeconds      = "plugin_authn_service_last_fail_seconds"
	pluginAuthnServiceLastSuccSeconds      = "plugin_authn_service_last_succ_seconds"
	pluginAuthnServiceSuccAvgRttMsMinute   = "plugin_authn_service_succ_avg_rtt_ms_minute"
	pluginAuthnServiceSuccMaxRttMsMinute   = "plugin_authn_service_succ_max_rtt_ms_minute"
	pluginAuthnServiceTotalRequestsMinute  = "plugin_authn_service_total_requests_minute"

| `minio_cluster_iam_plugin_authn_service_last_succ_seconds`      | `counter` | When plugin authentication is configured, returns time (in seconds) since the last successful request to the service     |        |

			},
			{
				Description: MetricDescription{
					Namespace: nodeMetricNamespace,
					Subsystem: iamSubsystem,
					Name:      "plugin_authn_service_last_succ_seconds",
					Help:      "When plugin authentication is configured, returns time (in seconds) since the last successful request to the service",
					Type:      gaugeMetric,
				},

	}
	metrics := globalTierMetrics.Report()
	var succ, fail float64
	for _, metric := range metrics {
		switch metric.Description.Name {
		case tierRequestsSuccess:
			succ += metric.Value
		case tierRequestsFailure:
			fail += metric.Value
		}
	}
	if int(succ) != expSuccess {
		t.Fatalf("Expected %d successes but got %f", expSuccess, succ)
	}
	if int(fail) != expFailure {

		// some broken clients set empty-sha256
		// with > 0 content-length in the body,
		// we should skip such clients and allow
		// blindly such insecure clients only if
		// S3 strict compatibility is disabled.

		// We return true only in situations when
		// deployment has asked MinIO to allow for
		// such broken clients and content-length > 0.
		return r.ContentLength > 0 && !globalServerCtxt.StrictS3Compat
	}
	return false

    heal legacy objects when versioning is enabled after upgrade (#13671)
```

- A security fix must be backported if a customer is affected by it, we have a mechanism in SUBNET to send out notifications to affected customers in such situations, this is a mandatory requirement.

```
commit 99bf4d0c429f04dbd013ba98840d07b759ae1702 (tag: RELEASE.2019-06-15T23-07-18Z)
Author: Harshavardhana <******@****.***>
Date:   Sat Jun 15 11:27:17 2019 -0700

package cmd

import (
	"syscall"
)

// Returns true if no error and there is no object or prefix inside this directory
func isDirEmpty(dirname string, legacy bool) bool {
	if legacy {
		// On filesystems such as btrfs, nfs this is not true, so fallback
		// to performing readdir() instead.
		entries, err := readDirN(dirname, 1)
		if err != nil {
			return false
		}
		return len(entries) == 0
	}
	var stat syscall.Stat_t

	// that clients cannot decode the token using the temp
	// secret keys and generate an entirely new claim by essentially
	// hijacking the policies. We need to make sure that this is
	// based on admin credential such that token cannot be decoded
	// on the client side and is treated like an opaque value.
	claims, err := auth.ExtractClaims(token, secret)
	if err != nil {

	info.Major = unix.Major(devID)
	info.Minor = unix.Minor(devID)

	// Check for overflows.
	// https://github.com/minio/minio/issues/8035
	// XFS can show wrong values at times error out
	// in such scenarios.
	if info.Free > info.Total {
		return info, fmt.Errorf("detected free space (%d) > total drive space (%d), fs corruption at (%s). please run 'fsck'", info.Free, info.Total, path)
	}
	info.Used = info.Total - info.Free

			// whether you also have the s3:ListBucket
			// permission.
			// * If you have the s3:ListBucket permission
			//   on the bucket, Amazon S3 will return an
			//   HTTP status code 404 ("no such key")
			//   error.
			// * if you don’t have the s3:ListBucket
			//   permission, Amazon S3 will return an HTTP
			//   status code 403 ("access denied") error.`
			if globalPolicySys.IsAllowed(policy.BucketPolicyArgs{