Release Notes

5.11-SNAPSHOT 5.10 5.9 5.8 5.7 5.6

These release notes list any new features, enhancements, fixes, security issues and breaking changes that were made for Hazelcast Management Center.

For help installing Hazelcast Management Center, see Install and start Management Center.

5.10.0

Release date: 2026-02-24

Security

  • Resolved CVE-2025-41254, which addresses a vulnerability in STOMP over WebSocket applications that could allow attackers to send unauthorized messages. This has been resolved by upgrading the spring-boot-dependencies and spring-framework-core.

  • Resolved CVE-2024-56518, which risks remote code execution via a JndiLoginModule user.provider.url in a hazelcast-client XML document (a client configuration file). The com.sun.jndi.ldap.object.trustSerialData system property is set to false.

  • Prevented Cross-Site-Scripting (XSS): Pen testing highlighted improvements to the admin web forms in Management Center to prevent Cross-Site-Scripting (XSS), which have been implemented.

  • Pen testing highlighted that Management Center was responding with HTTP code 400 for the HTTP TRACE verb. This has been resolved and Management Center now properly handles HTTP TRACE verb requests with 405 status codes.

Enhancements

  • Extended the REST API Endpoint so that Map configuration details can be retrieved: It is now possible to access Map configuration over the Management Center REST API, including TTL, Max-Idle, Eviction and Backup settings for automated auditing purposes.

  • Updated Prometheus metrics: The V2 format support for the Prometheus Exporter in Management Center has been extended to include the following metrics. See Prometheus metrics.

    • Topic, Reliable Topic, Queue, Cache, Replicated Map, MultiMap, Vector Collection.

    • CP Subsystem, Raft Algorithm, Flake ID Generator, PN Counter, Proxies, Transactions.

    • Clients, Client Invocations, Near Cache.

    • Cluster, Partitions, WAN Replication, High-Density (HD) Memory Store, Management Center Config HealthcheckUser Code Deployment, User Code Namespaces.

    • Persistence, Executor Service, Streaming Engine Cluster-Wide Metrics, Streaming Engine Job-specific Metrics.

  • Added an option to copy the Config Healthcheck report to make it easier to share.

  • Added a settable hostname: By default it shows the hostname that Management Center is running on but this can be set to any value via the hazelcast.mc.info.instanceName system property (or to blank to hide it).

  • Improved UI on the meaning of max native size: The UI has been updated to clarify that the max native memory size is per node.

Fixes

  • Resolved an issue where stale CP members could be incorrectly displayed in Management Center: The fix automatically removes these stale entries with outdated "last seen" timestamps from the CP membership screens.

  • Resolved an issue where CLC would fail to connect to clusters that require a username and password: The embedded Command Line Client (CLC) in Management Center would fail to connect to clusters requiring username and password authentication. This fix addresses this previously documented known issue.

  • Updated Management Center rolling upgrade functionality to align with Hazelcast Platform upgrade capabilities: Previously, Management Center was limited to single minor version upgrades. It now supports multi-version upgrades based on Platform version compatibility.

  • Management Center now shows a clear warning if connecting to a platform version that is newer than itself: A banner is show in Management Center if the Platform version is newer than the Management Center version. When upgrading, you should always upgrade Management Center first.

  • Resolved an issue with testing the Security Providers: The fix ensures the SAML and Active Directory Security Provider tests pass prior to saving the configuration. This prevents from saving configuration that will not connect to the security provider.

  • Resolved an issue in Management Center’s Config Healthcheck: Fixed Management Center connection diagnostic failures related to missing service-dns configuration in Kubernetes environments.

  • Resolved an issue relating to upgrading Management Center from earlier versions: Under certain circumstances, the issue prevented the H2 database upgrade from running, which resulted in the existing cluster connection configuration being lost. Additional fixes were applied when running on Microsoft Windows.

  • Resolved a Dynamic Diagnostic Config error message: A fix has been applied to stop error messages from being shown when accessing these screens for a cluster that has just been stopped.

  • Resolved a licensing warning message: Management Center shows clearer messages when connecting to a Community Edition cluster.

  • Resolved an issue with the alert levels in Config Health Check: In non-development mode, the alert level for the minimum number of nodes in a cluster has been reduced from a FAIL to WARNING. It remains INFO in developer mode.

Help and support