5.5.5 Release Notes

Security Fix for CVE-2024-47561: We have resolved CVE-2024-47561, a critical vulnerability in the Apache Avro Java SDK (versions 1.11.3 and earlier) that allowed attackers to execute arbitrary code through maliciously crafted Avro schemas.

Fixed NATIVE memory inconsistency after recovery: Resolved an issue where NATIVE High-Density (HD) IMap memory usage could unexpectedly increase after two cluster members shut down simultaneously and rejoined. This caused incorrect metrics, such as map.usedMemory and map.entryCount, displaying persistent “ghost entries” even after clearing the maps, leading to misleading memory reports and, in extreme cases, potential cluster instability due to continuous memory growth.

Fixed NPE when destroying a cache during replication: Resolved an issue where calling ICache.destroy() while a Cache Replication operation was in progress could result in a NullPointerException (NPE) due to the cache configuration being removed prematurely. This prevented backup operations from being completed, potentially leading to data loss. The fix ensures that cache destruction does not interfere with ongoing replication, maintaining correct backup behavior and preventing misleading error states.

Fixed NPE when upgrading to 5.5 with CP enabled: Resolved an issue where upgrading a Hazelcast cluster from a version earlier than 5.5 to 5.5 with CP mode enabled could result in a NullPointerException (NPE). This issue caused repeated exceptions even after the upgraded cluster was fully formed, potentially impacting CP cluster availability. The fix ensures a smooth upgrade process without unexpected errors.