Enterprise Edition Release Notes

Resolved gRPC security vulnerabilities and updated Python support for Jet transforms: Fixed multiple vulnerabilities (CVE-2024-11407 and CVE-2025-53864) by upgrading the gRPC dependency, which required dropping support for Python 3.7 in Python-based transforms. Those transforms in Data Pipelines now require at least Python 3.8.0. This is a breaking change only for users still on Python 3.7, which is already end-of-life.

Resolved CVE-2024-13009, CVE-2024-45801, CVE-CVE-2024-47875, and CVE-2025-26791 in Jetty: Fixed multiple vulnerabilities by upgrading the Jetty dependency.

Resolved CVE-2024-47561 in Apache Avro: Fixed a vulnerability by upgrading the Apache Avro dependency.

Resolved CVE-2024-25638, CVE-2024-29131, and CVE-2025-48734 in Apache Hadoop: Fixed multiple vulnerabilities by upgrading the Apache Hadoop dependency.

Resolved CVE-2024-7254 in Protobuf: Fixed an information disclosure vulnerability by upgrading the Protobuf dependency.

Resolved CVE-2025-52520, CVE-2025-53506, and CVE-2025-41249 in Spring Boot: Fixed multiple vulnerabilities by upgrading the Spring Boot dependency.

Resolved CVE-2025-55163 in Netty: Fixed HTTP/2 control frame handling vulnerability by upgrading the Netty dependency.

Resolved CVE-2025-48989 in Apache Tomcat Embed: Fixed an issue about improper resource shutdown by upgrading the Apache Tomcat embed dependency.

Fixed delayed cleanup of job resources in Jet jobs: Resolved an issue where job resource IMaps were not deleted swiftly on job completion and instead lingered until the 2-hour default expiration, increasing memory usage and cleanup overhead. The fix restores immediate deletion of job resources and corrects cleanup when resource uploads partially fail for files and directories.

Fixed incorrect filtering of non-expired entries in global indexes: Enhanced the thread-safe handling of expired entries in global indexes (originally addressed in 5.4.3), where a race condition allowed one thread to modify expiry metadata while another was reading it. This bug could cause non-expired entries to be incorrectly filtered out from query results. The fix ensures consistent expiry metadata access across threads so that only truly expired entries are excluded.

Security Fix for CVE-2024-13009 – Request body data leakage via Jetty GzipHandler in Jetty server library: Resolved CVE-2024-13009, a high-severity vulnerability in org.eclipse.jetty:jetty-server where GzipHandler may incorrectly release buffers on gzip inflate errors, potentially causing parts of a request body to be exposed to subsequent requests.

Security Fix for CVE-2025-24970 – Native crash via Netty SslHandler input validation: Resolved CVE-2025-24970, a high-severity vulnerability in io.netty:netty-handler where SslHandler may not correctly validate specially crafted packets when using the native SSLEngine, leading to a potential native process crash.

Security Fix for CVE-2025-27817 – Arbitrary file read and SSRF via Kafka OAUTHBEARER endpoints in kafka-clients: Resolved CVE-2025-27817, a moderate vulnerability in org.apache.kafka:kafka-clients where untrusted configuration of sasl.oauthbearer.token.endpoint.url or sasl.oauthbearer.jwks.endpoint.url could enable arbitrary file read via error logs and server-side request forgery.

Security Fix for CVE-2025-27818 – Deserialization of untrusted data via SASL JAAS login modules in Apache Kafka/Connect: Resolved CVE-2025-27818, a high-severity issue in org.apache.kafka:kafka where an authenticated operator could set sasl.jaas.config to com.sun.security.auth.module.LdapLoginModule, triggering LDAP-based deserialization that may enable Remote Code Execution.

Security Fix for CVE-2025-46701 – Security constraint bypass via CGI servlet pathInfo case handling in Apache Tomcat: Resolved CVE-2025-46701, a low-severity issue where improper case-sensitivity handling in the CGI servlet could allow bypass of security constraints applied to the pathInfo component.

Security Fix for CVE-2025-48988 – Denial of service via multipart upload in Apache Tomcat: Resolved CVE-2025-48988, a high-severity issue where unrestricted resource allocation during multipart upload handling could enable a denial of service.

Security Fix for CVE-2025-49124 – Untrusted search path in Apache Tomcat Windows installer: Resolved CVE-2025-49124, a high-severity issue where the Windows installer invoked icacls.exe without a fully qualified path, enabling potential DLL or binary hijacking during installation.

Security Fix for PRISMA-2023-0067 – Denial of service via uncontrolled resource consumption in Jackson: Resolved PRISMA-2023-0067, a high-severity issue where com.fasterxml.jackson.core:jackson-core did not properly restrict resource usage, enabling potential DoS through uncontrolled resource consumption.

Fixed handling of expired entries when depopulating global indexes: Resolved an issue where expired entries were skipped during the cleanup of global indexes on migration source nodes. This caused query threads to encounter dangling pointers in the index, leading to JVM crashes. The fix ensures that expired entries are included when depopulating global indexes, preventing such crashes and improving system stability.

Fixed Kafka Connector Compatibility: Resolved an issue where some connectors were incompatible with Kafka Connect Runtime > 3.9.0 due to missing kafka-clients utilities. This caused connector failures during runtime. The fix ensures that the kafka-clients dependency is included, restoring compatibility for affected connectors.

Added system property to bypass cluster name check during client authentication: Introduced the system property hazelcast.client.internal.skip.cluster.namecheck.during.connection (default: false) to allow clients to connect without matching the cluster name. This helps ease upgrades in environments with large numbers of existing clients where updating configurations is impractical. When enabled, the cluster name validation is skipped during client authentication.

Added ZGC statistics support: Added support for exposing garbage collector statistics when using Z Garbage Collector (ZGC) with Java 17+. Previously, GcStats metrics remained empty due to missing bean name registration, limiting observability in ZGC-enabled environments. This update ensures minorGcTime, majorGcCount, and related metrics are correctly populated, enabling effective GC monitoring and troubleshooting.

Improved latency distribution tracking for InvocationProfiler and OperationProfiler: Enhanced the InvocationProfiler and OperationProfiler diagnostic plugins to record latency distributions with finer granularity by distinguishing operations wrapped in the OperationFactoryWrapper class. This improvement provides better visibility into cluster activity and helps diagnose performance issues more effectively.

Security Fix for CVE-2025-30065 – Remote code execution via parquet-avro in hazelcast-sql module: Resolved CVE-2025-30065, a critical vulnerability in the org.apache.parquet:parquet-avro:1.14.1 transitive dependency used by the hazelcast-sql module. The issue allows remote code execution via malicious Avro schema deserialization when reading Avro-encoded Parquet files.

Fixed AWS discovery failure due to overly restrictive region regex: Resolved an issue where Hazelcast failed to form clusters in valid AWS regions such as us-iso-east-1 due to an overly restrictive regular expression in region detection.

Fixed NullPointerException during Continuous Query Cache event serialization under load: Resolved an issue where Continuous Query Cache (CQC) events were frequently lost under high load due to internal NullPointerException during event serialization. The root cause was a missing null check in the event encoding logic, leading to failures in dispatching CQC updates and resulting in stale cache data. The fix adds proper null handling to ensure reliable event delivery even in large, high-throughput clusters.

Fixed handling of expired entries when depopulating global indexes: Resolved an issue where expired entries were skipped during the cleanup of global indexes on migration source nodes. This caused query threads to encounter dangling pointers in the index, leading to JVM crashes. The fix ensures that expired entries are included when depopulating global indexes, preventing such crashes and improving system stability.

Fixed performance degradation for large input lengths in ByteArrayObjectDataOutput: Resolved an issue where providing an input length greater than Integer.MAX_VALUE / 2 caused significant performance degradation (up to 100x). This was due to the buffer resizing in small increments instead of a single large increment, as the doubling strategy would overflow and result in a negative value. The fix ensures that in cases of overflow, the buffer length is set to MAX_ARRAY_SIZE, which is approximately the largest supported array size in the JVM.

Fixed handling of DestroyQueryCacheOperation after cache configuration removal: Resolved an issue where calling DestroyQueryCacheOperation after a cache configuration was removed resulted in a NullPointerException. The fix ensures that a NullPointerException is no longer thrown in this scenario. Instead, the operation now handles the exception gracefully and logs a finest-level entry, improving robustness and debuggability of cache operations.

Fixed exception when using CREATE MAPPING with SQL statement-timeout-millis configured: Resolved an issue where setting a non-zero value for statement-timeout-millis in the SQL configuration caused exceptions for statements that do not support timeouts, such as CREATE MAPPING. Previously, executing such statements would result in a descriptive but unnecessary exception (CREATE MAPPING does not support timeout), which could prevent client applications from starting if CREATE MAPPING was part of the initialization process. The fix ensures that non-timeout-supported statements like CREATE MAPPING succeed as expected, regardless of the statement-timeout-millis configuration.

Fixed data loss on rapid graceful shutdown after data insertion: Resolved an issue where performing a graceful shutdown immediately after inserting data could result in lost entries and missing SQL mappings upon cluster restart. The fix ensures all data is fully persisted before shutdown completes, preventing data loss in fast shutdown scenarios.

Fixed issue with hot backup failing after changing the backup folder during a rolling restart: Resolved an issue where hot backups would fail if the underlying backup folder was changed during a rolling restart and a hot backup was subsequently initiated from the Management Center (MC). This fix ensures that hot backups function correctly even after the backup folder is updated during a rolling restart.

Fixed TTL eviction issue for entries loaded from MapLoader: Resolved an issue where entries loaded from a MapLoader into an IMap with time-to-live (TTL)-based eviction enabled were not evicted after the configured TTL. This caused entries to persist indefinitely, contrary to the expected behavior where such entries should expire after the TTL. The fix restores the correct behavior, ensuring that entries loaded from a MapLoader respect the configured TTL and are evicted as expected.

Fixed stuck hot backup state after NativeOutOfMemoryError during backup: Resolved an issue where a NativeOutOfMemoryError during hot backup caused the backup status to remain stuck in progress, preventing subsequent backups from completing. This occurred due to unhandled ConcurrentConveyorException during event queue draining. The fix ensures such failures are now handled gracefully, marking the backup as failed and allowing future backups to proceed.

Fixed memory leak with OpenSSL in Netty: Resolved a memory leak where OpenSslEngine instances were not released after connection closure. The leak stemmed from missing reference count deallocation for SSLEngine objects. The fix adds proper cleanup, ensuring SSL engines are released and preventing heap growth in long-lived clusters.

Fixed incorrect XSD reference in Docker image: Resolved an issue where the Docker image embedded 5.3 XSD references instead of 5.4, leading to warnings at startup. The fix updates bundled configuration files to reference the correct 5.4 schema, eliminating unnecessary warnings.

Fixed IllegalThreadStateException when evicting HD map entries on TPC threads: Resolved an issue where using HD memory with eviction enabled on Thread-Per-Core (TPC) partition threads could trigger IllegalThreadStateException during operations like putAll. This occurred due to incorrect thread context checks in LazyEvictableEntryView. The fix ensures thread-safe access for eviction logic, preventing unexpected failures during high-throughput operations.

Fixed issue with CDC connector filtering out schema change events: Resolved an issue where schema changes (e.g., ALTER TABLE) were silently filtered out by the CDC connector due to internal Debezium message handling. This prevented expected schema change events from appearing in downstream sinks. The fix ensures Debezium SchemaChangeValue messages are no longer excluded, allowing full visibility into schema evolution.

Fixed inconsistency between map.size() and map.keySet().size() when ExpirationPolicy throws an exception: Resolved an issue where a discrepancy could occur between map.size() and map.keySet().size() when an ExpirationPolicy threw an exception. This issue was triggered in scenarios where an index was defined for a non-existing field, causing an error during indexing without affecting the storage of entries. The fix ensures that map.size() and map.keySet().size() remain consistent, even in cases where exceptions are thrown during expiration or indexing.

Introduced a new YAML configuration option for User Code Namespaces that enables multiple name spaces to be defined within a name-spaces collection [#2485]. For more info, see Member Configuration.

Exclude non-WAN address aliases during WAN MemberHandshake (#2418)

Fix NullPointerException in NotifyMemberShutdownOperation during RU (#1727)

JobConfig#add not using derived id for some resources (#1723)

Vulnerabilities in protobuf-java 3.19.4 and hadoop-shaded-protobuf_3_7-1.1.1 #22541

Vulnerability in hadoop-shaded-guava-1.1.1.jar (shaded: com.google.guava:guava:30.1.1-jre) #24981

Vulnerability in aircompressor-0.21 #26354

Enterprise User Code Namespaces: Enable deployment and redeployment of your custom classes. See the User Code Namespaces documentation.

Enterprise Thread-Per-Core (TPC): TPC is now generally available. You can enable this feature on the clients and cluster members for improved performance. See the Thread-Per-Core (TPC) documentation.

Enterprise CPMap: Added CPMap as a minimal key-value CP data structure. See CPMap documentation. #25802

The MergingValue interface within the SPI package now requires the getDeserializedValue() method to be defined within implementations, replacing the getValue() definition. #25942

Moved the MongoDB connector to the extensions module, that is, its classes and related dependencies relocated; if you are using Maven to install the connector, you must add <classifier>jar-with-dependencies</classifier> to your pom.xml. Also removed the permissions for MongoDB connector. #25744, #25701

Method names used as parameters in SecurityInterceptor checks were reviewed and unified into a single place - class com.hazelcast.security.SecurityInterceptorConstants. Some client messages have the method name changed to reflect their purpose better. Some client messages are newly covered by SecurityInterceptor checks now. #25020

Renamed the service port for Hazelcast clusters deployed in Kubernetes environments to hazelcast. The previous name, hazelcast-service-port, caused member auto-discovery for embedded deployments to fail. #24834, #24705, #24688

Fixed an issue where Hazelcast was not failing fast when a member is started with a blank public address. This has been fixed by introducing a configuration validation that might break any existing, but invalid, configuration. #24729

Fixed an issue where sending internal Debezium messages was causing failures when connecting to databases. #26027

Fixed an issue where the entry listeners for Replicated Maps were checking the Map permissions instead of the Replicated Map permissions. #25965

Fixed an issue where the queries with indexes were producing duplicate results or failing. #25527

Fixed an issue where the map entries' metadata, such as time-to-live and expiration, was not replicated correctly over WAN after updating existing entries. #25481

Fixed an issue where the loading of compact-serialized generic records by the complex classloaders, such as JetClassLoader, were likely to cause deadlocks. #25379

Fixed a memory leak issue happening in Hazelcast members and clients while destroying fenced locks. #25353

Fixed an issue where the sorted index scans were hanging or producing duplicate values when there are multiple entries with the same key. #25328

Fixed an issue where setting indexes in a different order, while dynamically adding a map configuration, was failing. #25234

Fixed an issue where the diagnostic tool was showing the suggestion of enabling it, even it is already enabled. #25220

Fixed an issue where clearing an inexistent map was resulting in an exception. #25202

Fixed an issue where the mechanism to retrieve partitioning strategy on a client was ignoring the provided Hazelcast cluster properties. #25162

Fixed an issue where ClientConfigXmlGenerator didn’t support the hazelcast-cloud configuration. #25155

Fixed an issue where the cache provider was not able to read the YAML configurations. #25137

Fixed an issue where the getDistributedObjects() was returning inconsistent results when multiple members simultaneously join to the cluster. #25114

Fixed an issue where zero-config compact serialization was not working on the objects that have a field of type java.util.UUID. #25073

Fixed an issue where the retry mechanism for the communications between CP leader and followers was generating too many retries, due to incorrect backoff timeout reset behavior. #25055

Fixed an issue where there was a difference between the elapsed clock time and elapsed total time when listening to migration events. #25028

Fixed an issue where the transaction in the Kafka producer was not committed when a batch job finished. #25024

Fixed an issue where data events were being fired through WAN replication after a split-brain, even when there were no changes in data. #24928

Fixed an issue where the lite members were not reporting statistics for map operations. #24871

Fixed an issue where the blacklisting was ignored after a split-brain scenario. #24830

Fixed an issue where the Kinesis sink might lose data, when retrying on failures, during a terminal snapshot. #24779

Fixed an issue where the member list was not updated after a cluster failover scenario. #24745

Fixed an issue where the batches produced for write-behind queues did not have the expected size of entries. #24763

Fixed an issue where the fused Jet vertex was ignoring the configured local parallelism and using the default parallelism instead. #24683

Fixed an issue where Hazelcast was sending empty map interceptor information to the members that are newly joined to the cluster; it was causing eager map initializations. #24639

Fixed an issue where the REST calls were failing for Hazelcast clusters with TLS v1.3 configured, and deployed on Kubernetes. #24616

Fixed an issue where the predicates did not have managed context injection when the predicate is local or not serialized. #24463

Fixed an issue where the results of the stream-to-stream join could not be inserted into the remote table connected via JDBC, causing an exception. #22459

Fixed an issue where the combining step of AggregateOperations.maxBy() was not checking if the incoming element is null, which can happen if some members did not have any items to process. In this case, the comparator was invoked with the null value which was invalid. #895

Fixed a race condition occurred when canceling Jet jobs during their initializations. #889

Fixed an issue where the indexes added during the migration of partitions to newly joined members, were not persisted on these new members. Relatedly, the ability to persist dynamically added indexes, when the Hot Restart feature is enabled, has been implemented. #829, #596

Fixed an issue where the merge operations after a split-brain (with no changes in the entry values) were emitting WAN events for offloaded operations. #734

Fixed an issue where replicating over WAN from a cluster to other clusters, when all clusters share the same cluster name, was failing. #728

Fixed a race condition occurred when the execution of registration/deregistration operation for JobStatusListener is offloaded to the event striped executor; now, this offloading is waited to finish. #673

Fixed an issue when querying JSON, elements that appear after an element containing nested JSON was not appearing in the query results. #570

Fixed an issue where data was lost from the ICache data structure with NATIVE entries in a split-brain scenario. #480

Fixed an issue where the ANALYZE INSERT INTO SQL statement did not generate metrics. #444

Enterprise Fixed an issue where the map entries with time-to-live values were being removed as soon as the cluster with persistence enabled is restarted. #233

Fixed an issue where map entries' metadata were replicated incorrectly over WAN after a merge, causing deserialization of values. #225

Fixed an issue where the process of retrieving metrics for job executions was entering an infinite loop when a job execution is completed on a member, but continued on the other members. With this fix, only the members on which the jobs have not been completed are queried for metrics; for completed jobs, the metrics are already retrieved from the completed jobs context. #194

Fixed an issue where the attribute partitioning strategy was not working with Compact and Portable classes. #127

The connector for Elasticsearch 6 is removed, as the Elasticsearch 6 module is removed from Hazelcast distributions. #24734

The evaluation tool for IMDG 3.x users (Hazelcast 3 Connector) is removed. In the upcoming releases, a new tool for migrating data from 3.x versions will be introduced. #25051

Portable Serialization has been deprecated. We recommend you use Compact Serialization as Portable Serialization will be removed as of version 7.0.

The user code deployment API is deprecated, and will be removed in Hazelcast Platform version 6.0. #223