Error Prone's dependency on protobuf has been downgraded to 3.25.5 for this release.
Version 3.25.5 of protobuf still fixes CVE-2024-7254. This release is provided for users who aren't ready to update to 4.x, see also #4584 and #4634. Future versions of Error Prone will upgrade back to protobuf 4.x.
Error Prone's dependency on protobuf has been downgraded to 3.25.5 for this release.
Version 3.25.5 of protobuf still fixes CVE-2024-7254. This release is provided for users who aren't ready to update to 4.x, see also #4584 and #4634. Future versions of Error Prone will upgrade back to protobuf 4.x.
v1.68.0 was a mistake. This is the first release of version 1.68.x
Bug Fixes
xds: Fix NullPointerException introduced in "Fix load reporting when pick first is used for locality-routing" (#11553). This was in 1.67.1 but not 1.68.0
Behavior Changes
core: JSON parsing rejects duplicate keys in objects (#11575) (4be69e3f8). This is the existing behavior in C core. Duplicate keys in objects are dangerous as which value takes effect is undefined. Previously, the last value was used
okhttp: Detect transport executors with no remaining threads (#11503) (3a6be9ca1). The transport uses two threads, but one is on-demand. If the executor provided to builder.transportExecutor() runs out of threads (e.g., it is a fixed-size thread pool), all transports can be wedged, unable to run on-demand tasks, until keepalive kills one of them. Two threads are now used when handshaking a new transport, and the transport will time out after 1 second with “Timed out waiting for second handshake thread” if two threads are unavailable
gcp-csm-o11y: Get mesh_id value from CSM_MESH_ID environment variable, instead of getting it from bootstrap file (84d30afad)
Improvements
New grpc-context-override-opentelemetry artifact (#11523) (782a44ad6) (#11599) (e59ae5fad). This is a io.grpc.Context storage override to store its state in io.opentelemetry.context.Context. Libraries should not add a dependency on this artifact, as applications can only have one storage override in their classpath
New grpc-s2a artifact. It is a transport that offloads the handshake similar to ALTS, but for TLS. It provides io.grpc.s2a.S2AChannelCredentials
api: Enhance name resolver `ResolutionResult` to hold addresses or error so the single listener API onResult2 is used to convey both success and error cases for name resolution (#11330) (1ded8aff8)
core: Handle NameResolver/LoadBalancer exceptions when panicking (b692b9d26). This expands the class of bugs that will fail RPCs with the panic error, versus some undefined behavior
core: Use the default service config in case of initial name resolver address resolution error (#11577) (fa26a8bc5)
core: StreamTracer.inboundMessageRead() now reports uncompressed message size when the message does not need compression (#11598) (2aae68e11). Previously it always reported -1 (unknown)
netty: Avoid TCP_USER_TIMEOUT warning when explicitly specifying a non-epoll channel type to use (#11564) (62f409810)
okhttp: Don't warn about missing Conscrypt (6f3542297). This is especially helpful when using TLS but not running on Android
android: For UdsChannelBuilder, use fake IP instead of localhost (a908b5e40). This avoids an unnecessary DNS lookup
xds: Add xDS node ID in select control plane errors to enable cross-referencing with control plane logs when debugging (f3cf7c3c7)
xds: Enhanced how ADS stream terminations are handled, specifically addressing cases where a response has or hasn't been received (#2e9c3e19f)
binder: Update status code documentation for Android 11's package visibility rules. (#11551) (99be6e985)
binder: Update binderDied() error description to spell out the possibilities for those unfamiliar with Android internals. (#11628) (46c1b387f)
example-gauth: Use application default creds instead of file argument (#11595) (94a0a0d1c)
opentelemetry: Experimental OpenTelemetry tracing is available. Set the GRPC_EXPERIMENTAL_ENABLE_OTEL_TRACING environment variable to true to enable tracing support in GrpcOpenTelemetry (#11409, #11477)(043ba55, 421e237)
Dependencies
Updated protobuf-java to 3.25.5. This helps avoid CVE-2024-7254 (2ff837ab6)
#9540 - WhitespaceAround: new property allowEmptySwitchBlockStatements
#15263 - UnnecessaryParenthesesCheck does not flag unnecessary parentheses in conditional expression
Bug fixes:
#15664 - false-negative in google_checks.xml for not being able to detect requirement of K & R style for FINALLY
#15769 - google_checks.xml: remove xpath suppression and false-positive indentation violations for block codes
#15685 - JavadocParagraph does not work when paragraphs have their corresponding closing tag
#15324 - Enforce preceding line break for opening braces of a case/default under switch in google_checks.xml
#15733 - JavadocParagraph: report violation with column
#15503 - JavadocParagraph: violate preceding P tag before block-level HTML tags
#15716 - google_checks.xml: JavadocParagraph should have allowNewlineParagraph as false
Error Prone's dependency on protobuf has been downgraded to 3.25.5 for this release.
Version 3.25.5 of protobuf still fixes CVE-2024-7254. This release is provided for users who aren't ready to update to 4.x, see also #4584 and #4634. Future versions of Error Prone will upgrade back to protobuf 4.x.
This document lists the new features, enhancements, fixed issues and, removed or deprecated features for Hazelcast Platform 5.4.0 release. The numbers in the square brackets refer to the issues and pull requests in Hazelcast's GitHub repository.
[!CAUTION]
Starting with this release of Hazelcast Platform, the minimum supported Java version is 17.
New Features
EnterpriseUser Code Namespaces: Enable deployment and redeployment of your custom classes. See the User Code Namespaces documentation.
EnterpriseCPMap: Added CPMap as a minimal key-value CP data structure. See CPMap documentation. #25802
EnterpriseThread-Per-Core (TPC): TPC is now generally available. You can enable this feature on the clients and cluster members for improved performance. See the Thread-Per-Core (TPC) documentation.
Breaking Changes
The MergingValue interface within the SPI package now requires the getDeserializedValue() method to be defined within implementations, replacing the getValue() definition. #25942
Moved the MongoDB connector to the extensions module, that is, its classes and related dependencies relocated;
if you are using Maven to install the connector, you must add <classifier>jar-with-dependencies</classifier> to your pom.xml. Also removed the permissions for MongoDB connector. #25744, #25701
Method names used as parameters in SecurityInterceptor checks were reviewed and unified into a single place - class com.hazelcast.security.SecurityInterceptorConstants. Some client messages have the method name changed to reflect their purpose better. Some client messages are newly covered by SecurityInterceptor checks now. #25020
Renamed the service port for Hazelcast clusters deployed in Kubernetes environments to hazelcast.
The previous name, hazelcast-service-port, caused member auto-discovery for embedded deployments to fail. #24834, #24705, #24688
Fixed an issue where Hazelcast was not failing fast when a member is started with a blank public address. This has been fixed by introducing a configuration validation that might break any existing, but invalid, configuration. #24729
Enhancements
SQL/Jet Engine
Removed the beta annotations from the data connection classes. #26000
Replaced the user-defined types (UDTs) feature flag with the cyclic UDT feature flag, to prevent querying such type data. #25977
Added support for loading and storing a single column as the value using the GenericMapStore. #25878
Each Jet engine job was creating a client for connecting to the remote cluster, resulting in an excessive number of clients. This has been fixed by introducing a single data connection, which can be reused for all job instances. #25754, #25731
Added support for resolving fields from Avro schemas in Kafka mappings. #25935
Changed the exception type from CancellationException to CancellationByUserException when the user cancels a job before it is initialized. #25383
Added nested field support for Avro serialization format. #25269
Removed the redundant sort and merge operations in sorted index scans, for the computations where the index order is not needed, for example, aggregations. #25180
Updated the data comparator to improve the performance of sorted index operations. #25196
Added support for partition pruning for the __key filters. #25105
Added support for partitioned edges in Jet engine's partition pruning. #25062
Added a new mechanism to compute the required partitions to be scanned, if attribute partitioning strategy is applied. #25006
Added the condition type to the EXPLAIN PLAN statement outputs for all physical joins. #24899
Added support for nullable types when reading Avro files. #24840
Added the ability to pass parameters for JDBC configuration, such as the fetch size for large tables. #24835
Added support for partition pruning for SQL queries that have trivial filter predicates. #24813
Reflected the change of javax.jms to jakarta.jms in Hazelcast distributions. #24804
Added support for member pruning for Platform jobs to optimize a job's performance by picking up only the members required for the job. #24689
Added the stream() method to the SQL service to return the stream of result rows. #24525
Introduced a new configuration object to control the exact initial partition offsets when consuming records from Kafka via the Jet engine. #21546
Aligned the behavior of hashCode() method of KeyedWindowResult with that of Map.Entry. #697
Most Recent Ignore Conditions Applied to This Pull Request
| Dependency Name | Ignore Conditions |
| --- | --- |
| com.hazelcast:hazelcast | [>= 5.4.a, < 5.5] |
| com.hazelcast:hazelcast | [>= 5.5.a, < 5.6] |
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore
Bumps the dev-dependencies group with 16 updates:
2.18.02.18.15.11.25.11.30.32.170.32.182.2.162.2.173.1.193.1.200.38.220.38.232.33.02.35.12.33.02.35.11.68.01.68.13.6.1.Final3.8.0.Final3.4.13.5.010.18.210.20.05.3.85.5.01.78.11.791.78.11.791.78.11.79Updates
com.fasterxml.jackson:jackson-bomfrom 2.18.0 to 2.18.1Commits
ef33ac7[maven-release-plugin] prepare release jackson-bom-2.18.1f43bf9fPrepare for 2.18.1 release6f5259dChange to snapshot version of jackson-parent3f21ec5Back to snapshot depbb45933[maven-release-plugin] prepare for next development iterationUpdates
org.junit:junit-bomfrom 5.11.2 to 5.11.3Release notes
Sourced from org.junit:junit-bom's releases.
Commits
b20991eRelease 5.11.3e57b508Finalize 5.11.3 release notesfb1254cAllow repeatingExtendWithannotation on fields and parametersa3192bdFix package name comparison on Java 8 (#4077)fcb7b01Remove uselessOrderannotation57dfcb5Allow repeating@…Sourceannotations when used as meta annotations09cd8b3Add ArchUnit test for consistency of repeatable annotationsfa46a92Hard-wrap at 90 characters8f45eeaFind repeatable @ExtendWith meta-annotations on fields againb451122Introduce release notes for 5.11.3Updates
com.github.jnr:jnr-enxiofrom 0.32.17 to 0.32.18Commits
d23f02e[maven-release-plugin] prepare release jnr-enxio-0.32.18c21e0a9Update jnr-ffi to 2.2.17f5269b2Merge pull request #45 from headius/fix_blocking2bfd9f8Add a test for setBlocking04e6dc8Fix fnctl bindingaaa74df[maven-release-plugin] prepare for next development iterationUpdates
com.github.jnr:jnr-ffifrom 2.2.16 to 2.2.17Commits
32cd8f6[maven-release-plugin] prepare release jnr-ffi-2.2.17dc231daLost update to 2.2.17 snapshot after 2.2.16 release4212776Merge tag 'jnr-ffi-2.2.16'648962aUpdate to latest ASMc2de390Add FAQ about EINVAL for in/out vars59d3f61Merge pull request #342 from headius/update_jffiUpdates
com.github.jnr:jnr-posixfrom 3.1.19 to 3.1.20Commits
3ebda1d[maven-release-plugin] prepare release jnr-posix-3.1.20998ab81Update jnr-ffi to 2.2.178390054Merge pull request #195 from Anxbbq/riscv64-support32f783bMerge pull request #194 from adoroszlai/return-default-handler16f47c5Update LinuxPOSIX.javae117fc6Create LinuxFileStatRISCV64.javad9409a0Update LinuxPOSIX.javacfd6f10Revert "replace with lambda"90870bdRevert "add comments"4b420d3add commentsUpdates
com.github.jnr:jnr-unixsocketfrom 0.38.22 to 0.38.23Commits
8e475c8[maven-release-plugin] prepare release jnr-unixsocket-0.38.238bbab73Update jnr dependencies5012fec[maven-release-plugin] prepare for next development iterationUpdates
com.google.errorprone:error_prone_annotationsfrom 2.33.0 to 2.35.1Release notes
Sourced from com.google.errorprone:error_prone_annotations's releases.
Commits
0e06cc2Release Error Prone 2.35.1db6c890Downgrade protobuf version to 3.25.5ed6b121Add a repro test for broken behavior inlining the parameter value into the fu...a931fa3RemoveDoNotUseRuleChainfrom JavaCodeClarity.ec2983bcompileUnsafe->compilefor compile-time-constant expressions.2ce9632Strip the quotation marks from the source code when reconstructing the literal.99a0d9dTimeUnitMismatch: handle BinaryTrees.60c5f76TimeUnitMismatch: consider trees likefooSeconds * 1000to have units of `m...427b51dGetSeconds to ToSeconds error prone82a2168Recognize thatRuntime.haltandexitnever return.Updates
com.google.errorprone:error_prone_corefrom 2.33.0 to 2.35.1Release notes
Sourced from com.google.errorprone:error_prone_core's releases.
Commits
0e06cc2Release Error Prone 2.35.1db6c890Downgrade protobuf version to 3.25.5ed6b121Add a repro test for broken behavior inlining the parameter value into the fu...a931fa3RemoveDoNotUseRuleChainfrom JavaCodeClarity.ec2983bcompileUnsafe->compilefor compile-time-constant expressions.2ce9632Strip the quotation marks from the source code when reconstructing the literal.99a0d9dTimeUnitMismatch: handle BinaryTrees.60c5f76TimeUnitMismatch: consider trees likefooSeconds * 1000to have units of `m...427b51dGetSeconds to ToSeconds error prone82a2168Recognize thatRuntime.haltandexitnever return.Updates
io.grpc:grpc-corefrom 1.68.0 to 1.68.1Release notes
Sourced from io.grpc:grpc-core's releases.
Commits
16f93c8Bump version to 1.68.12b53352Update README etc to reference 1.68.1135f433Revert "stub: Ignore unary response on server if status is not OK" (#11636) (...2d0c158Bump to 1.68.1-SNAPSHOT (#11637)46c1b38Update binderDied() error description to spell out the possibilities for thos...b65cbf5inprocess: Support tracing message sizes guarded by flag (#11629)62f4098netty: Avoid TCP_USER_TIMEOUT warning when not using epoll (#11564)00c8bc7Minor grammar fix in Javadoc (#11609)4be69e3core: SpiffeUtil API for extracting Spiffe URI and loading TrustBundles (#11575)1e0928fapi: fix javadoc of CallCredentials.applyRequestMetadataUpdates
org.jboss.threads:jboss-threadsfrom 3.6.1.Final to 3.8.0.FinalCommits
60a6d35Prep 3.8.0.Finalc2e1c42Merge pull request #192 from dmlloyd/false-sharing73b7213Merge pull request #195 from dmlloyd/go-17c83731aRemove stack depth test89b69feMinor cleanups4ab166bRemove more pointer chasing in tight loops7099668Remove one level of pointer-chasing from thread bodyc38841cFlatten queue processing to remove some redundant checks958a3bbDefer creating new PoolThreadNode until after task is run2cc0ffaReverseiforderUpdates
org.mariadb.jdbc:mariadb-java-clientfrom 3.4.1 to 3.5.0Release notes
Sourced from org.mariadb.jdbc:mariadb-java-client's releases.
Changelog
Sourced from org.mariadb.jdbc:mariadb-java-client's changelog.
Commits
8be57f3[CONJ-1205] permit setObject with ARRAY dataType3e94848[CONJ-1205] permit use of Array parametera54a87e[misc] update readme versionae8e740[misc] permit using setObject/getObject on float[]/Float[] values5463572[misc] code style correction91c06e6Merge branch 'develop'1ce5982[misc] XA Pool datasource ensuring close when using XAConnection.close()a81f0e3[misc] XA test correctiona66f05d[misc] test correction for ES server32ca5d7[misc] changing testing option disableSessionTracking defaut valueUpdates
com.puppycrawl.tools:checkstylefrom 10.18.2 to 10.20.0Release notes
Sourced from com.puppycrawl.tools:checkstyle's releases.
... (truncated)
Commits
41e15b3[maven-release-plugin] prepare release checkstyle-10.20.0719ae40doc: release notes for 10.20.04c67922Issue #15831: enabled allowEmptySwitchBlockStatements property of WhitespaceA...67b98abIssue #14814: refactor checkline into iterative method9db3909Issue #14814: refactor findmatch into iteration method853e2baIssue #13345: Enable examples tests for ExplicitInitializationCheck8e8df58Issue #13345: Enable examples tests for CovariantEqualsCheckca693c7Issue #15829: Added test class for ConstructorsDeclarationGroupingc256c10Issue #6207: Added XPath regression test for ClassTypeParameterName42cf0adIssue #15456: Specify violation messages for ArrayTrailingCommaUpdates
com.google.errorprone:error_prone_corefrom 2.33.0 to 2.35.1Release notes
Sourced from com.google.errorprone:error_prone_core's releases.
Commits
0e06cc2Release Error Prone 2.35.1db6c890Downgrade protobuf version to 3.25.5ed6b121Add a repro test for broken behavior inlining the parameter value into the fu...a931fa3RemoveDoNotUseRuleChainfrom JavaCodeClarity.ec2983bcompileUnsafe->compilefor compile-time-constant expressions.2ce9632Strip the quotation marks from the source code when reconstructing the literal.99a0d9dTimeUnitMismatch: handle BinaryTrees.60c5f76TimeUnitMismatch: consider trees likefooSeconds * 1000to have units of `m...427b51dGetSeconds to ToSeconds error prone82a2168Recognize thatRuntime.haltandexitnever return.Updates
com.hazelcast:hazelcastfrom 5.3.8 to 5.5.0Release notes
Sourced from com.hazelcast:hazelcast's releases.
... (truncated)
Commits
e6ef7a8Upgrade version to 5.5.0da56201Fixdistribution.zip'slicenses/attribution.txtgeneration [5.5.0] [REL-2...7f1e932Resolve issues preventing Hazelcast v5.5.0 build [5.5.0] (#2760)34796eeUpdate release_notes.txt [REL-246][5.5.0] (#2751)f8bd2b8Relocate all Jackson classes (#2679)c205c0aFix stale connections in niche MULTI_MEMBER routing [CORE-150] [5.5.0] (#2696)89ed72dUpdate hazelcast-hibernate5.3 to 5.2.0 [5.5.0] (#2634)0871884Remove deprecated ExpectedException.none() from map test (#2626)03e47d7Fix sonar warnings in tests (#2625)22c1a70Client connectivity logging fixes [HZ-4807] (#2615)Updates
org.bouncycastle:bcpkix-jdk15to18from 1.78.1 to 1.79Changelog
Sourced from org.bouncycastle:bcpkix-jdk15to18's changelog.
... (truncated)
Commits
Updates
org.bouncycastle:bcprov-jdk15to18from 1.78.1 to 1.79Changelog
Sourced from org.bouncycastle:bcprov-jdk15to18's changelog.
... (truncated)
Commits
Updates
org.bouncycastle:bcutil-jdk15to18from 1.78.1 to 1.79Changelog
Sourced from org.bouncycastle:bcutil-jdk15to18's changelog.
... (truncated)
Commits
Updates
org.bouncycastle:bcprov-jdk15to18from 1.78.1 to 1.79Changelog
Sourced from org.bouncycastle:bcprov-jdk15to18's changelog.
... (truncated)
Commits
Updates
org.bouncycastle:bcutil-jdk15to18from 1.78.1 to 1.79Changelog
Sourced from org.bouncycastle:bcutil-jdk15to18's changelog.
... (truncated)
Commits
Most Recent Ignore Conditions Applied to This Pull Request
| Dependency Name | Ignore Conditions | | --- | --- | | com.hazelcast:hazelcast | [>= 5.4.a, < 5.5] | | com.hazelcast:hazelcast | [>= 5.5.a, < 5.6] |Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show