5.3.5 Release Notes

Due to an error in the tooling, we have had to skip the Platform releases of 5.3.3 and 5.3.4 and move directly to 5.3.5.


  • Improved the permission checks by fixing the CVE-2023-45859 and CVE-2023-45860 vulnerabilities. #25661

  • Added permission checks to the client message types (MessageTasks) which were missing it. #25539

  • Changed the exception type from CancellationException to CancellationByUserException in case the user cancels a job before it is initialized. #25452

  • Updated the versions of following dependencies

    • gRPC to 1.57.0

    • Netty to 4.1.100

    • Avro to 1.1.13

    • Snappy Java to

    • Elasticsearch to 7.17.13

  • Renamed the service port for Hazelcast clusters deployed in Kubernetes environments as hazelcast. Previously, the name was hazelcast-service-port causing the member auto-discovery (for embedded deployments) to fail. #24834


  • Fixed an issue where the map entries' metadata, such as time-to-live and expiration, was not replicated correctly over WAN after updating existing entries. #25505

  • Fixed an issue where the member list was not updated after a cluster failover scenario. #25504

  • Fixed a memory leak issue that happened while destroying fenced locks, when Hazelcast is used in the embedded mode. #25421

Known Issues

  • When using maps with WAN replication enabled, and BINARY or NATIVE in-memory formats for the entries, it is possible for WAN replication to fail when an entry is updated with the same key/value pair. This issue will be fixed starting with the next Platform release (5.3.6). See #25899 for the fix details.

Removed/Deprecated Features

  • Removed the evaluation tool (for trying out Platform 5.x features for IMDG 3.x users) and the relevant IMDG 3.x JAR libraries from Hazelcast Platform distributions. #25663