5.4.4 Release Notes

5.7-SNAPSHOT 5.6 5.5 5.4 5.3 5.2 5.1 5.0

These release notes list any new features, enhancements, fixes, and breaking changes implemented between version 5.4.3 and version 5.4.4 of Hazelcast Platform.

Release date: 2025-12-01

This is a maintenance release for Enterprise Edition.

For help downloading Hazelcast Enterprise Edition, see Installing Hazelcast Enterprise Edition or request a trial license key.

Security

  • Resolved gRPC security vulnerabilities and updated Python support for Jet transforms: Fixed multiple vulnerabilities (CVE-2024-11407 and CVE-2025-53864) by upgrading the gRPC dependency, which required dropping support for Python 3.7 in Python-based transforms. Those transforms in Data Pipelines now require at least Python 3.8.0. This is a breaking change only for users still on Python 3.7, which is already end-of-life.

  • Resolved CVE-2024-13009, CVE-2024-45801, CVE-CVE-2024-47875, and CVE-2025-26791 in Jetty: Fixed multiple vulnerabilities by upgrading the Jetty dependency.

  • Resolved CVE-2024-47561 in Apache Avro: Fixed a vulnerability by upgrading the Apache Avro dependency.

  • Resolved CVE-2024-25638, CVE-2024-29131, and CVE-2025-48734 in Apache Hadoop: Fixed multiple vulnerabilities by upgrading the Apache Hadoop dependency.

  • Resolved CVE-2024-7254 in Protobuf: Fixed an information disclosure vulnerability by upgrading the Protobuf dependency.

  • Resolved CVE-2025-52520, CVE-2025-53506, and CVE-2025-41249 in Spring Boot: Fixed multiple vulnerabilities by upgrading the Spring Boot dependency.

  • Resolved CVE-2025-55163 in Netty: Fixed HTTP/2 control frame handling vulnerability by upgrading the Netty dependency.

  • Resolved CVE-2025-48989 in Apache Tomcat Embed: Fixed an issue about improper resource shutdown by upgrading the Apache Tomcat embed dependency.

Fixes

  • Fixed delayed cleanup of job resources in Jet jobs: Resolved an issue where job resource IMaps were not deleted swiftly on job completion and instead lingered until the 2-hour default expiration, increasing memory usage and cleanup overhead. The fix restores immediate deletion of job resources and corrects cleanup when resource uploads partially fail for files and directories.

  • Fixed incorrect filtering of non-expired entries in global indexes: Enhanced the thread-safe handling of expired entries in global indexes (originally addressed in 5.4.3), where a race condition allowed one thread to modify expiry metadata while another was reading it. This bug could cause non-expired entries to be incorrectly filtered out from query results. The fix ensures consistent expiry metadata access across threads so that only truly expired entries are excluded.

Help and support