5.8.0 Release notes

These release notes list any new features, enhancements, fixes, and breaking changes implemented between version 5.7.1 and version 5.8.0 of Hazelcast Management Center (MC).

For help downloading Hazelcast Management Center, see Installing and Starting Management Center.

New features

  • Console support: If you are experiencing any issues using the Command Line Client (CLC) in Management Center, there is a new option to switch from the CLC-based console to the original console. You can enable this by setting the environment variable HAZELCAST_MC_ORIGINAL_CONSOLE_ENABLED to true.

    For more information, see Executing console commands.

Security

  • Security Fix for CVE-2024-47554 – Uncontrolled resource consumption vulnerability in Apache Commons IO: We have resolved CVE-2024-47554, a high-severity vulnerability in Apache Commons IO where the XmlStreamReader class could excessively consume CPU resources when processing maliciously crafted input. This issue affected versions 2.0 up to but not including 2.14.0. The vulnerability has been mitigated by upgrading to a version that includes Apache Commons IO 2.14.0 or later.

  • Security Fix for CVE-2025-22235 – Improper input validation vulnerability in Spring Boot: We have resolved CVE-2025-22235, a medium-severity vulnerability in Spring Boot where EndpointRequest.to() could create a matcher for null/** if the targeted actuator endpoint was disabled or not exposed. This misconfiguration could unintentionally leave the /null path unprotected if it was handled by the application and expected to be secured. The issue has been addressed by upgrading to Spring Boot version 3.4.5.

  • Security Fix for CVE-2025-22228 – Authentication bypass vulnerability in Spring Security Crypto: We have resolved CVE-2025-22228, a high-severity vulnerability in Spring Security’s BCryptPasswordEncoder where the matches() function would incorrectly return true for passwords longer than 72 characters, provided the first 72 characters matched. This flaw could allow attackers to bypass authentication checks by exploiting password truncation. The vulnerability has been mitigated by upgrading to spring-security-crypto version 6.4.5.

Breaking changes

  • Changes to Prometheus Exporter metrics v2 (BETA): The following changes have been implemented to Prometheus Exporter metrics v2, which are currently in BETA:

    Note: There are no changes to the format of v1 metrics. All v1 metrics start with hz_ and all v2 metrics start with hazelcast_. For more information, see Prometheus metrics.

The following Prometheus Exporter metrics v2 have been renamed:

Version 5.7.x Version 5.8.0

hazelcast_map_backups

hazelcast_map_backups_total

hazelcast_map_entries_backup

hazelcast_map_backup_entries_total

hazelcast_map_entries_backup_memory_cost

hazelcast_map_backup_entries_memory_cost_bytes

hazelcast_map_entries_dirty

hazelcast_map_dirty_entries_total

hazelcast_map_evictions

hazelcast_map_evictions_total

hazelcast_map_expirations

hazelcast_map_expirations_total

hazelcast_map_queries_indexed

hazelcast_map_indexed_queries_total

hazelcast_map_entries_locked

hazelcast_map_locked_entries_total

hazelcast_map_events

hazelcast_map_events_total

hazelcast_map_entries_owned

hazelcast_map_owned_entries_total

hazelcast_map_entries_owned_memory_cost

hazelcast_map_owned_entry_memory_cost_bytes

hazelcast_map_queries

hazelcast_map_queries_total

hazelcast_map_hits

hazelcast_map_hits_total

hazelcast_map_latency_total_seconds

hazelcast_map_latency_seconds_total

hazelcast_map_index_hits

hazelcast_map_index_hits_total

hazelcast_map_index_inserts

hazelcast_map_index_inserts_total

hazelcast_map_index_memory_cost

hazelcast_map_index_memory_cost_bytes

hazelcast_map_index_queries

hazelcast_map_index_queries_total

hazelcast_map_index_removes

hazelcast_map_index_removes_total

hazelcast_map_index_latency_total_seconds

hazelcast_map_index_latency_seconds_total

hazelcast_map_index_updates

hazelcast_map_index_updates_total

hazelcast_set_creation_timestamp

hazelcast_set_creation_timestamp_seconds