5.5.3 Release Notes

6.0-SNAPSHOT 5.5 5.4 5.3 5.2 5.1 5.0

These release notes list any new features, enhancements, fixes, and breaking changes implemented between version 5.5.2 and version 5.5.3 of Hazelcast Platform.

There is a known issue with release 5.5.3 of Hazelcast Platform Enterprise Edition that may occur during deployment of stream processing (Jet) jobs and SQL execution. Please DO NOT upgrade to this release; install version 5.5.4 instead. If you have already upgraded to 5.5.3 and you are using these features, please contact Hazelcast Support if you would like additional information.

Release date: 2025-02-12

This is a maintenance release for Enterprise Edition.

For help downloading Hazelcast Enterprise Edition, see Installing Hazelcast Enterprise Edition or request a trial license key.

Enhancements

  • Added IPv6 support to the AWS discovery plugin: The AWS discovery plugin now supports IPv6 by checking for an ipv6address` field in the instance description and adding an extra entry for private-to-public mapping as (ipv6address, ipv6address). If the client is inside AWS, it will prioritize using the private IPv6, which ensures better connectivity in IPv6-enabled environments.

  • Updated BouncyCastle to support FIPS compliance: Hazelcast now supports FIPS-compliant mode with an updated BouncyCastle implementation. Previously, a public key used by Hazelcast was not endorsed in FIPS-approved mode under BouncyCastle version 2.0.0.

  • Enhanced error message received by clients using FencedLock: During a CP Subsystem reset, clients using FencedLock previously received a NotLeaderException stating “null is not LEADER of null. Known leader is: N/A". This message now reads "Lock[<lock-name>] is no longer valid in the CP group [<group-id>] as the cluster has no information about Lock[<lock-name>]. Please recreate the lock or rejoin the cluster to obtain a valid reference."

For more details on new features, see What’s new in 5.5.

Security

  • Security Fix for CVE-2023-45676: We have resolved CVE-2023-45676, a dependency vulnerability related to improper authorization checks in certain scenarios. This issue could potentially allow attackers to bypass expected permission restrictions.

Fixes

  • Fixed task config publishing in Kafka Connect: Fixed an issue in LateJoiningListener where a race condition in ringbuffer.tailSequence() could result in a missed message if a message was published between two calls to tailSequence(). Also resolved a race condition where a message could be processed before sourceConnector and taskRunner were fully initialized, causing a hidden NullPointerException (NPE). The listener is now registered only after these fields are set and additional logging is added for exceptions in processMessage to help identify issues like the hidden NPE.

  • Fixed migration issues with UCN classes in InMemoryFormat.OBJECT: Fixed an issue where inserting an entry with classes from User Code Namespace (UCN) into an IMap and other data structures configured with InMemoryFormat.OBJECT resulted in migration failures.

Known issues

  • There is currently a known issue that has potential for causing a memory leak in Vector collections in some scenarios. For more information, including a workaround, see Vector Collection Known Issue.

lifebuoy

Help and support