Neo SPCC released NeoFS Node v0.54.0 “Ando” on June 29, delivering a new atomic container-with-eACL creation feature, significant erasure coding performance optimizations, and seven bug fixes across storage node and Inner Ring components. The release requires no migration from v0.53.0.

Atomic eACL creation

v0.54.0 features atomic eACL creation (PR #4006), which allows container creation and extended Access Control List attachment to be submitted in a single RPC call. eACLs provide fine-grained, attribute-based access control rules for NeoFS containers, extending the simpler basic ACL system.

Previously, setting up a container with custom access rules required two separate network round trips: one to create the container, and a second to attach the eACL table. The new approach batches both operations into a single FS chain transaction, ensuring either both succeed or both fail. The neofs-cli container create command gains a new --eacl flag that accepts a JSON or binary-encoded eACL table file.

On the Inner Ring side, the container processor now validates and applies an optional eACL table when processing CreateContainerV2 notary events. The feature depends on changes introduced in NeoFS SDK RC20.

Performance optimizations

Four performance improvements target read-path operations across different storage scenarios.

The release optimizes GET requests for erasure-coded objects that do not require full EC recovery (PR #3996). When the requested data is already present on the local node or the first data part holder, NeoFS now streams directly from that source instead of assembling all EC parts.

Request forwarding has also been reworked (PR #4008, #4021). When a storage node forwards GET, HEAD, SEARCH, or RANGE requests to another node, it previously re-signed the forwarded request on every attempt. Signing now happens at most once per request, with additional improvements to node selection logic. Primary holders are tried first for REP containers, with shuffling for load balancing.

Split object assembly now prefetches child objects concurrently while streaming (PR #4014, #4042). Large multi-part objects previously fetched each child sequentially. A new pipelined approach uses a configurable look-ahead window to pre-fetch subsequent children in the background while one child streams to the client, reducing end-to-end GET latency for large files.

FSTree range reads have been optimized to use proper seeking instead of copying skipped bytes to a no-op sink (PR #4016), reducing CPU overhead on RANGE operations for non-compressed objects.

Bug fixes

The release addresses seven bugs, with three of particular note.

Ranged object reads from the FSTree backend could return more payload bytes than requested (PR #4046, #4051). The range-limiting logic did not correctly account for bytes already present in its read buffer prefix. The same PR also fixed incorrect remote EC part ranges used during policer checks, which shared a root cause in range boundary calculations.

GET requests marked as payload-only could be incorrectly denied during eACL rechecks (PR #4024, #4029). When a request omitted the object header, the node failed to match against attribute-based eACL rules, blocking access for users relying on those rules.

The neofs-ir epoch metric was not populated at startup and failed to update after FS chain connection loss (issue #4035), causing monitoring dashboards to display incorrect epoch data.

Additional fixes addressed a storage node panic on startup without the Control service configured, and protobuf scanning and data race issues in EC GET response handling.

Dependencies and upgrade

NeoFS Node v0.54.0 updates its dependency on NeoGo to v0.120.0, which patches multiple security vulnerabilities, and on NeoFS SDK to RC20, which provides the underlying support for atomic eACL creation.

No configuration changes or metabase migrations are required to upgrade from v0.53.0. Binaries are available for Linux, macOS, and Windows on both amd64 and arm64 architectures.

The full release notes can be found at the link below:
https://github.com/nspcc-dev/neofs-node/releases/tag/v0.54.0