Bump the maven group across 11 directories with 24 updates

[dependabot]

Bumps the maven group with 4 updates in the /apache-kafka directory: org.apache.kafka:kafka-clients, com.fasterxml.jackson.core:jackson-databind, ch.qos.logback:logback-classic and org.assertj:assertj-core.
Bumps the maven group with 20 updates in the / directory:

Package	From	To
com.fasterxml.jackson.core:jackson-databind	2.11.1	2.12.7.1
ch.qos.logback:logback-classic	1.2.6	1.2.13
org.assertj:assertj-core	3.19.0	3.27.7
com.squareup.okhttp3:okhttp	3.4.1	4.9.2
com.fasterxml.jackson.core:jackson-core	2.11.1	2.18.6
com.google.code.gson:gson	2.8.0	2.8.9
org.springframework:spring-web	4.3.4.RELEASE	6.1.21
org.asynchttpclient:async-http-client	2.2.0	2.12.4
org.bouncycastle:bcprov-jdk15on	1.58	1.70
com.hazelcast:hazelcast	3.8.4	5.2.5
org.apache.hadoop:hadoop-client	2.2.0	2.7.0
org.apache.storm:storm-core	1.2.2	1.2.3
org.infinispan:infinispan-core	9.1.5.Final	14.0.25.Final
io.debezium:debezium-connector-mysql	1.4.2.Final	2.3.0.Final
org.yaml:snakeyaml	1.21	2.0
com.esotericsoftware.yamlbeans:yamlbeans	1.15	1.17
com.google.protobuf:protobuf-java	3.1.0	3.25.5
org.springframework:spring-webflux	5.1.9.RELEASE	6.2.17
org.apache.commons:commons-vfs2	2.4	2.10.0
net.lingala.zip4j:zip4j	2.9.0	2.11.3

Bumps the maven group with 2 updates in the /libraries-server-2 directory: ch.qos.logback:logback-classic and org.assertj:assertj-core.
Bumps the maven group with 5 updates in the /libraries-security directory:

Package	From	To
ch.qos.logback:logback-classic	1.2.6	1.2.13
org.assertj:assertj-core	3.21.0	3.27.7
org.bouncycastle:bcprov-jdk15on	1.58	1.70
org.bouncycastle:bcpkix-jdk15on	1.58	1.70
org.springframework.security.oauth:spring-security-oauth2	2.4.0.RELEASE	2.4.2.RELEASE

Bumps the maven group with 4 updates in the /libraries-io directory: ch.qos.logback:logback-classic, org.assertj:assertj-core, org.apache.commons:commons-vfs2 and net.lingala.zip4j:zip4j.
Bumps the maven group with 6 updates in the /libraries-http directory:

Package	From	To
com.fasterxml.jackson.core:jackson-databind	2.13.0	2.13.4.2
ch.qos.logback:logback-classic	1.2.6	1.2.13
org.assertj:assertj-core	3.21.0	3.27.7
com.squareup.okhttp3:okhttp	4.9.1	4.9.2
com.google.code.gson:gson	2.8.5	2.8.9
org.asynchttpclient:async-http-client	2.2.0	2.12.4

Bumps the maven group with 6 updates in the /libraries-http-2 directory:

Package	From	To
com.fasterxml.jackson.core:jackson-databind	2.13.0	2.13.4.2
ch.qos.logback:logback-classic	1.2.6	1.2.13
org.assertj:assertj-core	3.21.0	3.27.7
com.squareup.okhttp3:okhttp	4.9.1	4.9.2
com.google.code.gson:gson	2.8.5	2.8.9
org.springframework:spring-webflux	5.1.9.RELEASE	6.2.17

Bumps the maven group with 7 updates in the /libraries-data directory:

Package	From	To
com.fasterxml.jackson.core:jackson-databind	2.13.0	2.13.4.2
ch.qos.logback:logback-classic	1.2.6	1.2.13
org.assertj:assertj-core	3.21.0	3.27.7
com.google.code.gson:gson	2.8.2	2.8.9
com.hazelcast:hazelcast	3.8.4	5.2.5
org.apache.hadoop:hadoop-client	2.2.0	2.7.0
org.apache.storm:storm-core	1.2.2	1.2.3

Bumps the maven group with 7 updates in the /libraries-data-io directory:

Package	From	To
com.fasterxml.jackson.core:jackson-databind	2.12.3	2.12.7.1
ch.qos.logback:logback-classic	1.2.6	1.2.13
org.assertj:assertj-core	3.21.0	3.27.7
com.google.code.gson:gson	2.8.7	2.8.9
org.yaml:snakeyaml	1.21	2.0
com.esotericsoftware.yamlbeans:yamlbeans	1.15	1.17
com.google.protobuf:protobuf-java	3.17.3	3.25.5

Bumps the maven group with 3 updates in the /libraries-data-db directory: ch.qos.logback:logback-classic, org.assertj:assertj-core and io.debezium:debezium-connector-mysql.
Bumps the maven group with 5 updates in the /libraries-data-2 directory:

Package	From	To
com.fasterxml.jackson.core:jackson-databind	2.13.0	2.13.4.2
ch.qos.logback:logback-classic	1.2.6	1.2.13
org.assertj:assertj-core	3.21.0	3.27.7
org.springframework:spring-web	4.3.8.RELEASE	6.1.21
org.infinispan:infinispan-core	9.1.5.Final	14.0.25.Final

Updates org.apache.kafka:kafka-clients from 2.8.0 to 3.9.2

Updates com.fasterxml.jackson.core:jackson-databind from 2.13.0 to 2.13.4.2

Commits

• See full diff in compare view

Updates ch.qos.logback:logback-classic from 1.2.6 to 1.2.13

Commits

• 2648b9e prepare release 1.2.13
• bb09515 fix CVE-2023-6378
• 4573294 start work on 1.2.13-SNAPSHOT
• a388193 Merge branch 'branch_1.2.x' of github.com:qos-ch/logback into branch_1.2.x
• de44dc4 prepare release 1.2.12
• ca0cf17 Merge pull request #532 from joakime/fix-jetty-requestlog
• e31609b removed unused files
• 21e29ef Merge pull request #567 from spliffone/LOGBACK-1633
• e869000 fix: published POM file contain the wrong scm URL
• 009ea46 version for next dev cycle
• Additional commits viewable in compare view

Updates ch.qos.logback:logback-core from 1.2.6 to 1.2.13

Commits

• 2648b9e prepare release 1.2.13
• bb09515 fix CVE-2023-6378
• 4573294 start work on 1.2.13-SNAPSHOT
• a388193 Merge branch 'branch_1.2.x' of github.com:qos-ch/logback into branch_1.2.x
• de44dc4 prepare release 1.2.12
• ca0cf17 Merge pull request #532 from joakime/fix-jetty-requestlog
• e31609b removed unused files
• 21e29ef Merge pull request #567 from spliffone/LOGBACK-1633
• e869000 fix: published POM file contain the wrong scm URL
• 009ea46 version for next dev cycle
• Additional commits viewable in compare view

Updates org.assertj:assertj-core from 3.21.0 to 3.27.7

Release notes

Sourced from org.assertj:assertj-core's releases.

v3.27.7

🔒 Security

Core

• Fix XXE vulnerability in isXmlEqualTo assertion (CVE-2026-24400)
  • See GHSA-rqfh-9r24-8c9r for details; many thanks to @​wxt201 and @​Song-Li for responsibly reporting it!

🚫 Deprecated

Core

• Deprecate XmlStringPrettyFormatter with no replacement

🐛 Bug Fixes

Guava

• Navigation to assertj-core or guava types from assertj-guava Javadoc site has unnecessary header #3478

🔨 Dependency Upgrades

Core

• Upgrade to Byte Buddy 1.18.3
• Upgrade to JUnit BOM 5.14.1

Guava

• Upgrade to Guava 33.5.0-jre

v3.27.6

🐛 Bug Fixes

Core

• Add missing export for org.assertj.core.annotation #3951

❤️ Contributors

Thanks to all the contributors who worked on this release:

@​duponter

v3.27.5

⚡ Improvements

Core

• ByteBuddy in AssertJ 3.27.4 not compatible with Java 25 #3946

... (truncated)

Commits

• e840716 [maven-release-plugin] prepare release assertj-build-3.27.7
• 85ca7eb Deprecate XmlStringPrettyFormatter
• 77081dc Merge commit from fork
• b68fc24 Bump github/codeql-action from 4.31.9 to 4.31.10 in the github-actions group ...
• 0cf5bb6 Bump kotlin.version from 2.1.0 to 2.2.21
• d393ef1 Abort tests when symbolic links cannot be created (#3788)
• 2212433 Add IntelliJ custom inspection for test class names
• 5717d02 Update JetBrains icon
• a8ec20b Add icon for JetBrains products
• c05fb3d Bump Maven to 3.9.12 and Wrapper to 3.3.4
• Additional commits viewable in compare view

Updates com.fasterxml.jackson.core:jackson-databind from 2.11.1 to 2.12.7.1

Commits

• See full diff in compare view

Updates ch.qos.logback:logback-classic from 1.2.6 to 1.2.13

Commits

• 2648b9e prepare release 1.2.13
• bb09515 fix CVE-2023-6378
• 4573294 start work on 1.2.13-SNAPSHOT
• a388193 Merge branch 'branch_1.2.x' of github.com:qos-ch/logback into branch_1.2.x
• de44dc4 prepare release 1.2.12
• ca0cf17 Merge pull request #532 from joakime/fix-jetty-requestlog
• e31609b removed unused files
• 21e29ef Merge pull request #567 from spliffone/LOGBACK-1633
• e869000 fix: published POM file contain the wrong scm URL
• 009ea46 version for next dev cycle
• Additional commits viewable in compare view

Updates ch.qos.logback:logback-core from 1.2.6 to 1.2.13

Commits

• 2648b9e prepare release 1.2.13
• bb09515 fix CVE-2023-6378
• 4573294 start work on 1.2.13-SNAPSHOT
• a388193 Merge branch 'branch_1.2.x' of github.com:qos-ch/logback into branch_1.2.x
• de44dc4 prepare release 1.2.12
• ca0cf17 Merge pull request #532 from joakime/fix-jetty-requestlog
• e31609b removed unused files
• 21e29ef Merge pull request #567 from spliffone/LOGBACK-1633
• e869000 fix: published POM file contain the wrong scm URL
• 009ea46 version for next dev cycle
• Additional commits viewable in compare view

Updates org.assertj:assertj-core from 3.19.0 to 3.27.7

Release notes

Sourced from org.assertj:assertj-core's releases.

v3.27.7

🔒 Security

Core

• Fix XXE vulnerability in isXmlEqualTo assertion (CVE-2026-24400)
  • See GHSA-rqfh-9r24-8c9r for details; many thanks to @​wxt201 and @​Song-Li for responsibly reporting it!

🚫 Deprecated

Core

• Deprecate XmlStringPrettyFormatter with no replacement

🐛 Bug Fixes

Guava

• Navigation to assertj-core or guava types from assertj-guava Javadoc site has unnecessary header #3478

🔨 Dependency Upgrades

Core

• Upgrade to Byte Buddy 1.18.3
• Upgrade to JUnit BOM 5.14.1

Guava

• Upgrade to Guava 33.5.0-jre

v3.27.6

🐛 Bug Fixes

Core

• Add missing export for org.assertj.core.annotation #3951

❤️ Contributors

Thanks to all the contributors who worked on this release:

@​duponter

v3.27.5

⚡ Improvements

Core

• ByteBuddy in AssertJ 3.27.4 not compatible with Java 25 #3946

... (truncated)

Commits

• e840716 [maven-release-plugin] prepare release assertj-build-3.27.7
• 85ca7eb Deprecate XmlStringPrettyFormatter
• 77081dc Merge commit from fork
• b68fc24 Bump github/codeql-action from 4.31.9 to 4.31.10 in the github-actions group ...
• 0cf5bb6 Bump kotlin.version from 2.1.0 to 2.2.21
• d393ef1 Abort tests when symbolic links cannot be created (#3788)
• 2212433 Add IntelliJ custom inspection for test class names
• 5717d02 Update JetBrains icon
• a8ec20b Add icon for JetBrains products
• c05fb3d Bump Maven to 3.9.12 and Wrapper to 3.3.4
• Additional commits viewable in compare view

Updates com.squareup.okhttp3:okhttp from 3.4.1 to 4.9.2

Changelog

Sourced from com.squareup.okhttp3:okhttp's changelog.

Change Log

Version 5.3.2

2025-11-18

• Fix: Don't delay triggering timeouts. In Okio 3.16.0 we introduced a regression that caused timeouts to fire later than they were supposed to.

• Upgrade: [Okio 3.16.4][okio_3_16_4].

Version 5.3.1

2025-11-16

This release is the same as 5.3.0. Okio 3.16.3 didn't have a necessary fix!

• Upgrade: [Okio 3.16.3][okio_3_16_3].

Version 5.3.0

2025-10-30

• New: Add tags to Call, including computable tags. Use this to attach application-specific metadata to a Call in an EventListener or Interceptor. The tag can be read in any other EventListener or Interceptor.

    override fun intercept(chain: Interceptor.Chain): Response {
      chain.call().tag(MyAnalyticsTag::class) {
        MyAnalyticsTag(...)
      }
  return chain.proceed(chain.request())
  
  }

• New: Support request bodies on HTTP/1.1 connection upgrades.

• New: EventListener.plus() makes it easier to observe events in multiple listeners.

• Fix: Don't spam logs with ‘Method isLoggable in android.util.Log not mocked.’ when using OkHttp in Robolectric and Paparazzi tests.

• Upgrade: [Kotlin 2.2.21][kotlin_2_2_21].

• Upgrade: [Okio 3.16.2][okio_3_16_2].

• Upgrade: [ZSTD-KMP 0.4.0][zstd_kmp_0_4_0]. This update fixes a bug that caused APKs to fail [16 KB ELF alignment checks][elf_alignment].

... (truncated)

Commits

• 3edf17c Prepare for release 4.9.2.
• 262b3cd Handle strict module handling on JDK17 (#6707) (#6742)
• f574ea2 Cherry pick fix for CVE-2021-0341 onto 4.9.x (#6741)
• 1fd7c0a Make it more difficult to accidentally log sensitive headers (#6551) (#6740)
• b0397cc 4.9.x GitHub builds update (#6732)
• eb5a834 Prepare next development version.
• 63dcd95 Prepare for release 4.9.1.
• d2e28ab Silently ignore 'bio == null' NullPointerExceptions (#6534)
• cbeaf8f Prepare for release 4.9.0.
• 8fd74a7 Conscrypt 2.5.1 Upgrade (#6263)
• Additional commits viewable in compare view

Updates com.fasterxml.jackson.core:jackson-core from 2.11.1 to 2.18.6

Commits

• 9a46ef8 [maven-release-plugin] prepare release jackson-core-2.18.6
• 5f192db Prep for 2.18.6 release
• b0c428e Enforce StreamReadConstraints.maxNumberLength for non-blocking (async) pars...
• 7c8b6d5 Add test for nesting for DataInput-backed JsonParser (#1550)
• 97a647b Update CI: JDK 23 -> 25
• 1601331 (backport from 2.21) Fix #1548: validate max doc length for fixed buffer inpu...
• fae2542 release notes update
• 70c99ba Update UTF8DataInputJsonParser.java (#1512)
• caea665 Post-release dep version bump
• 635d3bd [maven-release-plugin] prepare for next development iteration
• Additional commits viewable in compare view

Updates com.google.code.gson:gson from 2.8.0 to 2.8.9

Release notes

Sourced from com.google.code.gson:gson's releases.

Gson 2.8.9

• Make OSGi bundle's dependency on sun.misc optional (#1993).
• Deprecate Gson.excluder() exposing internal Excluder class (#1986).
• Prevent Java deserialization of internal classes (#1991).
• Improve number strategy implementation (#1987).
• Fix LongSerializationPolicy null handling being inconsistent with Gson (#1990).
• Support arbitrary Number implementation for Object and Number deserialization (#1290).
• Bump proguard-maven-plugin from 2.4.0 to 2.5.1 (#1980).
• Don't exclude static local classes (#1969).
• Fix RuntimeTypeAdapterFactory depending on internal Streams class (#1959).
• Improve Maven build (#1964).
• Make dependency on java.sql optional (#1707).

Gson 2.8.8

• Fixed issue with recursive types (#1390).
• Better behaviour with Java 9+ and Unsafe if there is a security manager (#1712).
• EnumTypeAdapter now works better when ProGuard has obfuscated enum fields (#1495).

Changelog

Sourced from com.google.code.gson:gson's changelog.

Version 2.8.9

• Make OSGi bundle's dependency on sun.misc optional (google/gson#1993).
• Deprecate Gson.excluder() exposing internal Excluder class (google/gson#1986).
• Prevent Java deserialization of internal classes (google/gson#1991).
• Improve number strategy implementation (google/gson#1987).
• Fix LongSerializationPolicy null handling being inconsistent with Gson (google/gson#1990).
• Support arbitrary Number implementation for Object and Number deserialization (google/gson#1290).
• Bump proguard-maven-plugin from 2.4.0 to 2.5.1 (google/gson#1980).
• Don't exclude static local classes (google/gson#1969).
• Fix RuntimeTypeAdapterFactory depending on internal Streams class (google/gson#1959).
• Improve Maven build (google/gson#1964).
• Make dependency on java.sql optional (google/gson#1707).

Version 2.8.8

• Fixed issue with recursive types (google/gson#1390).
• Better behaviour with Java 9+ and Unsafe if there is a security manager (google/gson#1712).
• EnumTypeAdapter now works better when ProGuard has obfuscated enum fields (google/gson#1495).

Version 2.8.7

• Fixed ISO8601UtilsTest failing on systems with UTC+X.
• Improved javadoc for JsonStreamParser.
• Updated proguard.cfg (google/gson#1693).
• Fixed IllegalStateException in JsonTreeWriter (google/gson#1592).
• Added JsonArray.isEmpty() (google/gson#1640).
• Added new test cases (google/gson#1638).
• Fixed OSGi metadata generation to work on JavaSE < 9 (google/gson#1603).

Version 2.8.6

2019-10-04 GitHub Diff

• Added static methods JsonParser.parseString and JsonParser.parseReader and deprecated instance method JsonParser.parse
• Java 9 module-info support

Version 2.8.5

2018-05-21 GitHub Diff

• Print Gson version while throwing AssertionError and IllegalArgumentException
• Moved utils.VersionUtils class to internal.JavaVersion. This is a potential backward incompatible change from 2.8.4
• Fixed issue google/gson#1310 by supporting Debian Java 9

Version 2.8.4

2018-05-01 GitHub Diff

• Added a new FieldNamingPolicy, LOWER_CASE_WITH_DOTS that mapps JSON name someFieldName to some.field.name
• Fixed issue google/gson#1305 by removing compile/runtime dependency on sun.misc.Unsafe

Version 2.8.3

2018-04-27 GitHub Diff

• Added a new API, GsonBuilder.newBuilder() that clones the current builder
• Preserving DateFormatter behavior on JDK 9

... (truncated)

Commits

• 6a368d8 [maven-release-plugin] prepare release gson-parent-2.8.9
• ba96d53 Fix missing bounds checks for JsonTreeReader.getPath() (#2001)
• ca1df7f #1981: Optional OSGi bundle's dependency on sun.misc package (#1993)
• c54caf3 Deprecate Gson.excluder() exposing internal Excluder class (#1986)
• e6fae59 Prevent Java deserialization of internal classes (#1991)
• bda2e3d Improve number strategy implementation (#1987)
• cd748df Fix LongSerializationPolicy null handling being inconsistent with Gson (#1990)
• fe30b85 Support arbitrary Number implementation for Object and Number deserialization...
• 1cc1627 Fix incorrect feature request template label (#1982)
• 7b9a283 Bump bnd-maven-plugin from 5.3.0 to 6.0.0 (#1985)
• Additional commits viewable in compare view

Updates org.springframework:spring-web from 4.3.4.RELEASE to 6.1.21

Release notes

Sourced from org.springframework:spring-web's releases.

v6.1.21

🐞 Bug Fixes

• Encode non-printable character in Content-Disposition parameter #35035
• Allow update of existing WebSession after max sessions limit is reached #35018
• Enhanced configuration class fails to call package-visible superclass constructor on WebSphere #34951

🔨 Dependency Upgrades

• Upgrade to Reactor 2023.0.19 #35022

v6.1.20

⭐ New Features

• Add option for case-insensitive match to PatternMatchUtils #34802

🐞 Bug Fixes

• HttpComponentsClientHttpRequestFactory setConnectionRequestTimeout not working with httpclient 5.3.1 #34854
• Accidental ClassLoader defineClass enforcement after #34677 #34839

📔 Documentation

• Clarify CompositePropertySource behavior for EnumerablePropertySource contract #34887

🔨 Dependency Upgrades

• Upgrade to Reactor 2023.0.18 #34899

v6.1.19

⭐ New Features

• Suggest compilation with -parameters when AspectJAdviceParameterNameDiscoverer fails against ambiguity #34618

🐞 Bug Fixes

• PropertyBatchUpdateException: causes of nested PropertyAccessExceptions not shown in output #34698
• Change in Jar usecache behavior with Spring 6.1.x causing java.lang.IllegalStateException: zip file closed #34694
• Startup performance regression due to CGLIB class load attempts in Spring 6.1.x #34693
• IllegalAccessError for package-private member of AzureStorageConfiguration on WebSphere #34690
• @Configuration classes can no longer be abstract without @Bean methods #34689
• Generated-code for LinkedHashMap is missing static keyword #34661
• AbstractReactiveTransactionManager throws IllegalStateException when rollback fails after commit attempt #34619

📔 Documentation

• Add javadoc notes on potential exception suppression in ListableBeanFactory#getBeansOfType #34631
• Remove remaining references to Forwarded headers in MvcUriComponentsBuilder #34626
• MvcUriComponentsBuilder javadocs inaccurately reflects usage of forwarded headers #34620

... (truncated)

Commits

• fa36b34 Release v6.1.21
• 498ccda Upgrade to Gradle 8.14.2
• fd68ea6 Encode non-printable character in Content-Disposition parameter
• 28caa39 Upgrade to Reactor 2023.0.19
• 8ecc553 Polish contribution
• cd44efa Allow update of existing WebSession after max sessions limit is reached
• 59d2895 Fix InMemoryWebSessionStoreTests.startsSessionImplicitly() test
• a876bb4 Polish WebSession support and tests
• 3b6beca Check for package-visible constructor in case of ClassLoader mismatch
• 59ffbd7 Test conversion support in PropertySourcesPlaceholderConfigurer
• Additional commits viewable in compare view

Updates org.asynchttpclient:async-http-client from 2.2.0 to 2.12.4

Release notes

Sourced from org.asynchttpclient:async-http-client's releases.

AHC v2.12.4 Release

Security Advisory

GHSA-mfj5-cf8g-g2fv

Important

This is a breaking release. RequestBuilderBase.java has a new method added. This is in response to GHSA-mfj5-cf8g-g2fv.

Commits

• 6afba08 Release 2.12.4 with CVE Fix: 2024-53990
• 7a370af [maven-release-plugin] prepare release async-http-client-project-2.12.3
• 7201bf1 Bump netty to 4.1.60.Final #1775 (#1782)
• 576decf Proxy CONNECT custom headers (#1774)
• d2fc371 Fix for NPE when connection is reset by peer (#1771)
• bd7b5bd Use original method in redirects for HEAD / OPTIONS requests (#1736)
• d24ee6a Propagate original request user-agent in proxy CONNECT requests (#1742)
• 7770c8b [maven-release-plugin] prepare for next development iteration
• 64622ad [maven-release-plugin] prepare release async-http-client-project-2.12.2
• 2658825 Bump netty.version for vulnerability fixes (#1755)
• Additional commits viewable in compare view

Updates org.bouncycastle:bcprov-jdk15on from 1.58 to 1.70

Changelog

Sourced from org.bouncycastle:bcprov-jdk15on's changelog.

2.1.1 Version Release: 1.84 Date:      TBD

2.2.1 Version Release: 1.83 Date:      2025, November 27th.

... (truncated)

Commits

• See full diff in compare view

Updates com.hazelcast:hazelcast from 3.8.4 to 5.2.5

Release notes

Sourced from com.hazelcast:hazelcast's releases.

v5.2.5

This document lists the enhancements and fixed issues for the Hazelcast Platform 5.2.5 release. The numbers in the square brackets refer to the issues and pull requests in Hazelcast's GitHub repository.

Enhancements

• Improved the permission checks in the file connectors by adding a method that returns the permissions required to resolve field names. #25674
• Updated the versions of following dependencies: ** Snappy to 1.1.10.5 ** gRPC to 1.59 ** Netty to 4.1.100.Final ** Elasticsearch to 7.17.13 ** Everit JSON Schema to 1.14.3 #24866, #25820, #25708, #25729, #25775

Fixes

• Fixed an issue where the entry listeners for Replicated Maps were checking the Map permissions instead of the Replicated Map permissions. #25971
• Fixed an issue where the map entries' metadata, such as time-to-live and expiration, was not replicated correctly over WAN after updating existing entries. #25506
• Fixed an issue where there was a difference between the elapsed clock time and elapsed total time when listening to migration events. #25066
• Fixed an issue where the member list was not updated after a cluster failover scenario. #24944
• Renamed the service port for Hazelcast clusters deployed in Kubernetes environments to hazelcast. The previous name, hazelcast-service-port, caused member auto-discovery for embedded deployments to fail. #24841
• Fixed an issue where Hazelcast was sending empty map interceptor information to the members that are newly joined to the cluster; it was causing eager map initializations. #24669

Removed/Deprecated Features

• Removed the evaluation tool (for trying out Platform 5.x features for IMDG 3.x users) and the relevant IMDG 3.x JAR libraries from Hazelcast Platform distributions. #25697

Contributors

We would like to thank the contributors from our open source community who worked on this release:

• Aleksei Zotov

v5.2.4

This document lists the enhancements and fixed issues for the Hazelcast Platform 5.2.4 release. The numbers in the square brackets refer to the issues and pull requests in Hazelcast's GitHub repository (github.com/hazelcast/hazelcast).

Enhancements

• Updated the version of jackson-core dependency to 2.15.2. #24730
• Hazelcast was sending requests to Kubernetes API when deploying an application with embedded Hazelcast and service-dns (DNS lookup mode) specified to a Kubernetes cluster. This was causing the requests to be unsuccessful and the application not to start. This mechanism has been improved by creating Kubernetes client only for the DNS lookup mode. #24045

Fixes

• Fixed an issue where some of the members in a Hazelcast cluster deployed on Kubernetes (as a statefulset) shut down with en exception in a delayed manner. #24709
• Fixed an issue where Jet job snapshots could be prematurely deleted after a restart of a cluster, having lossless restart enabled. #24576
• Fixed an issue where the SELECT COUNT(DISTINCT COLUMN) query for maps was producing incorrect results. #24490
• Fixed various issues in [Health Monitor] including incorrect metric names. #24634
• Fixed an issue where the REST calls were failing for Hazelcast clusters with TLS v1.3 configured, and deployed on Kubernetes. #24624
• Fixed an issue where SQL statements were failing when a class (to determine the fields of a key/value pair) no longer exists but the mapping is still valid. #24043

... (truncated)

Commits

• 8b1bd72 Upgrade version to 5.2.5
• c4f388d Adding OS RN for 5.2.5 (#827)
• 0c3b54d Best-effort fix for merging metadata over WAN after merge rejection [5.2.5] (...
• 1eec447 Extend permission checks in MessageTasks and add a test coverage [HZ-2090] [5...
• e394e3d Fix K8s service port [CN-894] [5.2.5] (#797)
• 06a10be [BACKPORT] Do not try to connect to the old member list after the cluster cha...
• 1239695 Make MigrationListener timers use wall-clock not CPU time [5.2.5][HZ-2651][HZ...
• 3939548 Correctly WAN replicate IMap metadata when updating existing records (#6514) ...
• 6c471c1 Use MapContainer to filter maps to be cleaned up when migrating off a partiti...
• 366fad9 Bump grpc to mitigate CVE-2023-44487 [5.2.5]
• Additional commits viewable in compare view

Updates org.apache.hadoop:hadoop-client from 2.2.0 to 2.7.0

Updates org.apache.storm:storm-core from 1.2.2 to 1.2.3

Updates org.infinispan:infinispan-core from 9.1.5.Final to 14.0.25.Final

Release notes

Sourced from org.infinispan:infinispan-core's releases.

14.0.25.Final

What's Changed

• ISPN-15648 Bump versionx.com.amazonaws from 1.12.649 to 1.12.650 by @​dependabot in infinispan/infinispan#11916
• ISPN-15655 Bump versionx.com.amazonaws from 1.12.650 to 1.12.651 by @​dependabot in infinispan/infinispan#11925
• [14.0] ISPN-15631 Aesh 2.7 by @​tristantarrant in infinispan/infinispan#11927
• ISPN-15671 Bump version.lucene from 8.11.2 to 8.11.3 by @​dependabot in infinispan/infinispan#11947
• ISPN-15478 Data Grid Caches documentation refers to old Postgresql by @​theashiot in infinispan/infinispan#11943
• [14.0.x] ISPN-15658 Do no fail build if snapshot deployment fails by @​github-actions in infinispan/infinispan#11938
• [14.0.x] ISPN-14418 Stable topology recovery after shutdown backports by @​jabolina in infinispan/infinispan#11939
• [14.0.x] ISPN-15665 SSLContext ignored by RemoteStore by @​github-actions in infinispan/infinispan#11949
• ISPN-15677 Bump versionx.com.amazonaws from 1.12.651 to 1.12.656 by @​dependabot in infinispan/infinispan#11956
• Bump s4u/setup-maven-action from 1.11.0 to 1.12.0 by @​dependabot in infinispan/infinispan#11959
• ISPN-15678 Bump org.asciidoctor:asciidoctor-maven-plugin from 2.2.5 to 2.2.6 by @​dependabot in infinispan/infinispan#11957
• [14.0.x] ISPN-15657 NullPointerException in MBeans without getters by @​github-actions in infinispan/infinispan#11952
• ISPN-15686 Bump versionx.com.amazonaws from 1.12.656 to 1.12.657 by @​dependabot in infinispan/infinispan#11967
• ISPN-15687 Bump org.jgroups:jgroups from 5.2.21.Final to 5.2.22.Final by @​dependabot in infinispan/infinispan#11968
• ISPN-15692 Bump version.netty from 4.1.106.Final to 4.1.107.Final by @​dependabot in infinispan/infinispan#11975
• [14.0] SIFS and persistence changes by @​wburns in infinispan/infinispan#11806
• ISPN-15699 Bump versionx.com.amazonaws from 1.12.657 to 1.12.659 by @​dependabot in infinispan/infinispan#11983
• [14.0.x] ISPN-15659 Hot Rod Client RemoteCache#computeAsync() can lose the res… by @​msfm in infinispan/infinispan#11930
• [14.0.x] ISPN-15674 Undeprecate JBoss Marshalling by @​github-actions in infinispan/infinispan#11987
• [14.0.x] ISPN-15651 HR Rolling Upgrades fail with ___protobuf_metadata cache by @​ryanemerson in