5.4.2 Release Notes

Added system property to bypass cluster name check during client authentication: Introduced the system property hazelcast.client.internal.skip.cluster.namecheck.during.connection (default: false) to allow clients to connect without matching the cluster name. This helps ease upgrades in environments with large numbers of existing clients where updating configurations is impractical. When enabled, the cluster name validation is skipped during client authentication.

Added ZGC statistics support: Added support for exposing garbage collector statistics when using Z Garbage Collector (ZGC) with Java 17+. Previously, GcStats metrics remained empty due to missing bean name registration, limiting observability in ZGC-enabled environments. This update ensures minorGcTime, majorGcCount, and related metrics are correctly populated, enabling effective GC monitoring and troubleshooting.

Improved latency distribution tracking for InvocationProfiler and OperationProfiler: Enhanced the InvocationProfiler and OperationProfiler diagnostic plugins to record latency distributions with finer granularity by distinguishing operations wrapped in the OperationFactoryWrapper class. This improvement provides better visibility into cluster activity and helps diagnose performance issues more effectively.

Security Fix for CVE-2025-30065 – Remote code execution via parquet-avro in hazelcast-sql module: Resolved CVE-2025-30065, a critical vulnerability in the org.apache.parquet:parquet-avro:1.14.1 transitive dependency used by the hazelcast-sql module. The issue allows remote code execution via malicious Avro schema deserialization when reading Avro-encoded Parquet files.

Fixed AWS discovery failure due to overly restrictive region regex: Resolved an issue where Hazelcast failed to form clusters in valid AWS regions such as us-iso-east-1 due to an overly restrictive regular expression in region detection.

Fixed NullPointerException during Continuous Query Cache event serialization under load: Resolved an issue where Continuous Query Cache (CQC) events were frequently lost under high load due to internal NullPointerException during event serialization. The root cause was a missing null check in the event encoding logic, leading to failures in dispatching CQC updates and resulting in stale cache data. The fix adds proper null handling to ensure reliable event delivery even in large, high-throughput clusters.

Fixed handling of expired entries when depopulating global indexes: Resolved an issue where expired entries were skipped during the cleanup of global indexes on migration source nodes. This caused query threads to encounter dangling pointers in the index, leading to JVM crashes. The fix ensures that expired entries are included when depopulating global indexes, preventing such crashes and improving system stability.

Fixed performance degradation for large input lengths in ByteArrayObjectDataOutput: Resolved an issue where providing an input length greater than Integer.MAX_VALUE / 2 caused significant performance degradation (up to 100x). This was due to the buffer resizing in small increments instead of a single large increment, as the doubling strategy would overflow and result in a negative value. The fix ensures that in cases of overflow, the buffer length is set to MAX_ARRAY_SIZE, which is approximately the largest supported array size in the JVM.

Fixed handling of DestroyQueryCacheOperation after cache configuration removal: Resolved an issue where calling DestroyQueryCacheOperation after a cache configuration was removed resulted in a NullPointerException. The fix ensures that a NullPointerException is no longer thrown in this scenario. Instead, the operation now handles the exception gracefully and logs a finest-level entry, improving robustness and debuggability of cache operations.

Fixed exception when using CREATE MAPPING with SQL statement-timeout-millis configured: Resolved an issue where setting a non-zero value for statement-timeout-millis in the SQL configuration caused exceptions for statements that do not support timeouts, such as CREATE MAPPING. Previously, executing such statements would result in a descriptive but unnecessary exception (CREATE MAPPING does not support timeout), which could prevent client applications from starting if CREATE MAPPING was part of the initialization process. The fix ensures that non-timeout-supported statements like CREATE MAPPING succeed as expected, regardless of the statement-timeout-millis configuration.

Fixed data loss on rapid graceful shutdown after data insertion: Resolved an issue where performing a graceful shutdown immediately after inserting data could result in lost entries and missing SQL mappings upon cluster restart. The fix ensures all data is fully persisted before shutdown completes, preventing data loss in fast shutdown scenarios.

Fixed issue with hot backup failing after changing the backup folder during a rolling restart: Resolved an issue where hot backups would fail if the underlying backup folder was changed during a rolling restart and a hot backup was subsequently initiated from the Management Center (MC). This fix ensures that hot backups function correctly even after the backup folder is updated during a rolling restart.

Fixed TTL eviction issue for entries loaded from MapLoader: Resolved an issue where entries loaded from a MapLoader into an IMap with time-to-live (TTL)-based eviction enabled were not evicted after the configured TTL. This caused entries to persist indefinitely, contrary to the expected behavior where such entries should expire after the TTL. The fix restores the correct behavior, ensuring that entries loaded from a MapLoader respect the configured TTL and are evicted as expected.

Fixed stuck hot backup state after NativeOutOfMemoryError during backup: Resolved an issue where a NativeOutOfMemoryError during hot backup caused the backup status to remain stuck in progress, preventing subsequent backups from completing. This occurred due to unhandled ConcurrentConveyorException during event queue draining. The fix ensures such failures are now handled gracefully, marking the backup as failed and allowing future backups to proceed.

Fixed memory leak with OpenSSL in Netty: Resolved a memory leak where OpenSslEngine instances were not released after connection closure. The leak stemmed from missing reference count deallocation for SSLEngine objects. The fix adds proper cleanup, ensuring SSL engines are released and preventing heap growth in long-lived clusters.

Fixed incorrect XSD reference in Docker image: Resolved an issue where the Docker image embedded 5.3 XSD references instead of 5.4, leading to warnings at startup. The fix updates bundled configuration files to reference the correct 5.4 schema, eliminating unnecessary warnings.

Fixed IllegalThreadStateException when evicting HD map entries on TPC threads: Resolved an issue where using HD memory with eviction enabled on Thread-Per-Core (TPC) partition threads could trigger IllegalThreadStateException during operations like putAll. This occurred due to incorrect thread context checks in LazyEvictableEntryView. The fix ensures thread-safe access for eviction logic, preventing unexpected failures during high-throughput operations.

Fixed issue with CDC connector filtering out schema change events: Resolved an issue where schema changes (e.g., ALTER TABLE) were silently filtered out by the CDC connector due to internal Debezium message handling. This prevented expected schema change events from appearing in downstream sinks. The fix ensures Debezium SchemaChangeValue messages are no longer excluded, allowing full visibility into schema evolution.

Fixed inconsistency between map.size() and map.keySet().size() when ExpirationPolicy throws an exception: Resolved an issue where a discrepancy could occur between map.size() and map.keySet().size() when an ExpirationPolicy threw an exception. This issue was triggered in scenarios where an index was defined for a non-existing field, causing an error during indexing without affecting the storage of entries. The fix ensures that map.size() and map.keySet().size() remain consistent, even in cases where exceptions are thrown during expiration or indexing.