irods · korydraughn · Apr 10, 2026 · Apr 20, 2026 · Apr 20, 2026 · Apr 20, 2026
diff --git a/docs/release_notes.md b/docs/release_notes.md
@@ -1,5 +1,125 @@
 #
 
+## 5.1.0
+
+Release Date: 2026-0X-YY
+
+The iRODS Consortium and RENCI are pleased to announce iRODS 5.1.0.
+
+This release ... WORDS
+
+MORE WORDS ...
+
+The latest binary packages for Enterprise Linux 9, Enterprise Linux 10, Ubuntu 22.04, Ubuntu 24.04, Debian 12, and Debian 13 are available at <https://packages.irods.org/>.
+
+### Changed
+
+- GenQuery2: Return parser error information via rError stack (#8094).
+- Update help text for `irsync` (#8288).
+- Skip policy layer when setting up access control for GenQuery1 (#8304).
+- Update feature test macros (#8580).
+- Merge iCommands source back into server repository (#8591).
+- Modify calculations for physical quotas to account for coordinating resources (#8667).
+- Use `CHKSUM_LEN` instead of `NAME_LEN` for checksums (#8731).
+- Update help text for physical quotas `iadmin` subcommands (#8618).
+- Remove redundant checksum verification in `bulkProcAndRegSubfile` (#8734).
+- Prevent removal of password for currently authenticated user (#8747).
+- Prevent removal of password for service account rodsadmin (#8747).
+- GenQuery2: Expose user type through permission-related columns (#8754).
+- Use `irods::authentication::scheme_name` instead of string literals (#8834).
+- Use Hasher options to control session token hashes (#8909).
+
+### Removed
+
+- Remove undefined `getValByInx` declaration (#8707).
+- Remove undefined `untarBuf` and `tarToBuf` declarations (#8708).
+- Remove undefined `resolveStatForStructFileOpr` declaration (#8709).
+- Remove undefined `addIntArray` declaration (#8710).
+- Remove undefined `irodsCloseSock` declaration (#8713).
+- Remove undefined `getParentPathlen` declaration (#8714).
+- Remove undefined `svrReconnect` declaration (#8715).
+
+### Deprecated
+
+- Deprecate `check_sent_sid`, `sign_server_sid`, `remote_SID_key_map` (#5948).
+- Deprecate `msiDataObjPut` (#8229).
+- Deprecate adding custom `user_type` tokens (#8233).
+- Deprecate user authentication names (#8408).
+- Deprecate legacy authentication API numbers (#8424).
+- Deprecate `isPathSymlink` function (#8711).
+- Deprecate interactive mode for `iadmin` (#8738).
+- Deprecate interactive mode for `igroupadmin` (#8738).
+- Deprecate Oracle database plugin (#8829).
+- Deprecate token addition and removal (#8892).
+
+### Fixed
+
+- Fix memory leak related to `bytesBuf_t` (irods/irods_rule_engine_plugin_policy_composition#5).
+- Fix too many arguments in format string (#858).
+- Stop server from incrementing ticket `write-file` count after reaching limit (#2720).
+- Return correct error code to client when ticket limit is exceeded (#2720).
+- Honor logical locking in registration/unregistration APIs (#5763).
+- Update modification time of replica on open with `O_TRUNC` (#7128).
+- Fix `ils` page boundary bug involving linkPoint collections (#7712).
+- Harden DataObjRename API's use of Logical Locking (#7935, #8888).
+- Fix memory leaks in delay server (#8254, #8575).
+- Check for `nullptr` in data_object_modify_info API (#8307).
+- Fix potential memory leak in `resolveRodsTarget` (#8334).
+- Fix potential `collHandle` memory leaks (#8334).
+- Fix memory leak in `getUtil` (#8334).
+- Update modification time on empty overwrite for copy operation (#8413).
+- Remove `imeta ls -C` path length constraint of 256 bytes (#8519).
+- Fix double-free/corruption by setting free'd pointers to `nullptr` in network plugins (#8593).
+- Fix zone reports for server-to-server connect errors (#8607).
+- Make `RESC_NAME_KW` (`-R`) a directive for DataObjOpen API (#8627).
+- Make `imiscsvrinfo` report an error when connected to a server older than 4.3.4 (#8653).
+- Make physical quota count the largest overrun (#8691).
+- Make total quota update only apply to correct `resc_id` (#8699).
+- Check return value of `base64_encode` in hashers (#8703).
+- Do not ignore errors from hashers (#8703).
+- Expand internal buffer used by sha512 hasher (#8703).
+- Replace spaces with hyphens for agent information (`ips`) (#8733).
+- Do not cross lib->server boundary unconditionally (#8740).
+- Use `OWN` permissions instead of `data_owner_name` when calculating physical quota totals (#8750).
+- Refactor physical quotas query so that quotas are properly processed (#8758).
+- Specify byte order when invoking `to_bytes` Python method for CRC64/NVME (#8763).     <-- REVISIT
+- Prevent checksum without status update in replica_close API (#8801).
+- DataObjOpen: Rework update to replica access table to avoid potential uninitialized values (#8808).
+- Avoid brace-initialization when constructing nlohmann JSON objects with other JSON objects (#8839).
+- Do not use `memset` on RsComm (#8843).
+- Fix memory leaks stemming from `clearMsParam` (#8857).
+- Do not crash delay server when in-memory delay queue buffer is too small (#8859).
+- Fix memory leaks in iRODS Rule Language (#8864).
+- Fix stalling of delay rule processing in delay server by removing unnecessary use of pool memory resource (#8868).
+- GenQuery2: Do not duplicate rows when user has access via multiple groups (#8880).
+- Allow empty context strings for resources (#8900).
+- Use `FETCH FIRST ROWS ONLY` instead of `LIMIT` (#8907).
+- Fix group permission expansion in filesystem library (#8912).
+- Fix handling of single quotes in paths for univmss resource plugin (#8928).
+
+### Added
+
+- Add `sign_server_sid` replacement: `sign_zone_key` (#2295).
+- Add configuration for zone key signing hash scheme (#2295, #3403).      <-- CHANGED: WAS 3404?
+- GeneralAdmin API: Add support for removing passwords (#2899).
+- GenQuery2: Expose new columns for querying when metadata is attached (#7889).
+- Serialize `TicketAdminInput` data structure for policy enforcement (#8518).
+- Add CRC64/NVME hash strategy (#8554).
+- Add resource operation for reading checksums from storage device (#8554).
+- Add and use common tool to get password from stdin (#8697).
+- Add python script to ease removal of user passwords (#8697).
+- Add password hashing utilities for server (#8697).
+- Add hashed password support (#8697).
+- Add authentication session token support (#8697).
+- Add new **irods** authentication scheme (#8697, #8729).
+- Add `user_password_storage_mode` grid configuration option (#8748).
+- Add `R_USER_CREDENTIALS` table on database upgrade (#8729, #8769).      <-- CONTINUE FROM HERE
+- Add `password_reuse_previous` grid configuration option for PAM-generated passwords (#8789).        <-- REVISIT FOR CLARITY
+- Add option to skip post-install PUT test during setup (#8901).
+- Hasher: Add digest overload to control output string (#8909).
+
+[Full GitHub commit history](https://github.com/irods/irods/compare/5.0.2...5.1.0)
+
 ## 5.0.2
 
 Release Date: 2025-10-01