dependabot[bot] opened a new pull request, #6812: URL: https://github.com/apache/nifi/pull/6812
Bumps [hazelcast](https://github.com/hazelcast/hazelcast) from 4.2.5 to 4.2.6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/hazelcast/hazelcast/releases";>hazelcast's releases</a>.</em></p> <blockquote> <h2>v4.2.6</h2> <p>This document lists the new features, enhancements, fixed issues and, removed or deprecated features for Hazelcast IMDG 4.2.z releases. The numbers in the square brackets refer to the issues in Hazelcast's GitHub repositories.</p> <p>==== 4.2.6 ====</p> <h2>Enhancements</h2> <ul> <li>Upgrade jackson-databind to 2.14.0. <a href="https://github-redirect.dependabot.com/hazelcast/hazelcast/issues/22391";>#22391</a></li> </ul> <h2>Fixes</h2> <ul> <li>Fixed an issue where replication over WAN was failing on the source cluster members, when there are multiple batch publishers configured in a single WAN replication. <a href="https://github-redirect.dependabot.com/hazelcast/hazelcast/issues/22496";>#22496</a></li> <li>Fixed a memory leak due to incomplete clean-up of backup replica sync operations. <a href="https://github-redirect.dependabot.com/hazelcast/hazelcast/issues/22406";>#22406</a></li> <li>Fixed the cluster failure occurred after requesting healthcheck of a member using REST API while the <code>hazelcast.socket.buffer.direct</code> property is enabled. <a href="https://github-redirect.dependabot.com/hazelcast/hazelcast/issues/21702";>#21702</a></li> <li>Improved connection handling. <a href="https://github-redirect.dependabot.com/hazelcast/hazelcast/issues/21643";>#21643</a></li> <li>Fixed an issue where a cluster could not be formed when security is enabled, various client permissions are set, and multiple members are started simultaneously. <a href="https://github-redirect.dependabot.com/hazelcast/hazelcast/issues/21508";>#21508</a></li> </ul> <p>==== 4.2.5 ====</p> <p>If you’re using eviction or expiration for maps, you must set the per-entry-stats-enabled property to true to fix an issue in version 4.2.x where some map entries are not always evicted or expired according to their time-to-live or maximum idle duration configurations.</p> <h2>Enhancements</h2> <ul> <li>Introduced a system property for allowing you to audit that all the Hazelcast instances running in your environment have the instance tracking file name set correctly in the configuration. See the note in Instance Tracking. <a href="https://github-redirect.dependabot.com/hazelcast/hazelcast/issues/19929";>#19929</a></li> <li>Enabled XXE (XML External Entity Reference) protection for XMLInputFactory. The issue was reported through <a href="https://huntr.dev/bounties/d63972a2-b910-480a-a86b-d1f75d24d563/";>https://huntr.dev/bounties/d63972a2-b910-480a-a86b-d1f75d24d563/</a>. <a href="https://github-redirect.dependabot.com/hazelcast/hazelcast/issues/20942";>#20942</a></li> <li>The probe level for most of the network related statistics has been changed to "DEBUG" to decrease the pressure on Management Center; now they are not sent to Management Center by default. If you want to see these statistics, you need to set the "hazelcast.metrics.debug.enabled" property to true. <a href="https://github-redirect.dependabot.com/hazelcast/hazelcast/issues/21275";>#21275</a></li> </ul> <h2>Fixes</h2> <ul> <li>Fixed an issue where the statistics like puts and removals were not increasing when these operations are executed through Transactional interface. <a href="https://github-redirect.dependabot.com/hazelcast/hazelcast/issues/21105";>#21105</a></li> <li>Fixed an issue where Hazelcast clients, which have only the IP address of a member to connect (but the member also has a hostname), were not able to connect to the cluster. <a href="https://github-redirect.dependabot.com/hazelcast/hazelcast/issues/20631";>#20631</a></li> <li>Hazelcast’s memcached implementation was interpreting the number values and parameters for incr and decr wrongly (numbers were being converted into byte arrays instead of decimals). This has been fixed by making these commands' implementations strictly follow the memcached protocol specification. <a href="https://github-redirect.dependabot.com/hazelcast/hazelcast/issues/19676";>#19676</a></li> <li>Fixed an issue where the totalPublishes statistics for the Reliable Topic data structure were always generated as 0. <a href="https://github-redirect.dependabot.com/hazelcast/hazelcast/issues/19656";>#19656</a></li> <li>Fixed an issue where the map.clear() and cache.clear() methods were evicting all entries in all near caches of all the maps in a cluster, not only the map on which these methods are called. <a href="https://github-redirect.dependabot.com/hazelcast/hazelcast/issues/19501";>#19501</a></li> <li>Fixed an issue that caused some map entries to remain in Hazelcast even when you configured eviction or expiration. <a href="https://github-redirect.dependabot.com/hazelcast/hazelcast/issues/19483";>#19483</a></li> </ul> <h2>Removed/Deprecated Features</h2> <p>The following system properties have been deprecated:</p> <ul> <li>hazelcast.client.statistics.enabled</li> <li>hazelcast.client.statistics.period.seconds</li> </ul> <p>==== 4.2.4 =====</p> <p>For the distributions packages of IMDG, we updated the vulnerable version of log4j2 in Management Center to 2.17.0. No changes were made to the IMDG code.</p> <p>Note: The 4.2.4 release notes for the Hazelcast distribution on Maven wrongly states that log4j2 version has been updated to 2.15.0; it should be 2.17.0.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/hazelcast/hazelcast/commit/787803d32dbf978ae054e752443e76bb9a723638";><code>787803d</code></a> Upgrade version to 4.2.6</li> <li><a href="https://github.com/hazelcast/hazelcast/commit/622d299f703487d301ec00df3a801522dc415379";><code>622d299</code></a> Add unintentionally removed line back (<a href="https://github-redirect.dependabot.com/hazelcast/hazelcast/issues/22900";>#22900</a>)</li> <li><a href="https://github.com/hazelcast/hazelcast/commit/e95038d0d0cd73d343e7fe1298fc6eea3a93f4b3";><code>e95038d</code></a> Prepare release 4.2.6</li> <li><a href="https://github.com/hazelcast/hazelcast/commit/bb1fd6be5c609ffe1da153973ebbcd5075cd93c6";><code>bb1fd6b</code></a> Adding 4.2.6 release notes along with all 4.2.z series. (<a href="https://github-redirect.dependabot.com/hazelcast/hazelcast/issues/22898";>#22898</a>)</li> <li><a href="https://github.com/hazelcast/hazelcast/commit/b927138d930efd31812d89e09c3f743433b7a504";><code>b927138</code></a> Downgrade version back to 4.2.6-SNAPSHOT (<a href="https://github-redirect.dependabot.com/hazelcast/hazelcast/issues/22880";>#22880</a>)</li> <li><a href="https://github.com/hazelcast/hazelcast/commit/ddd5fafd5c711d72550e39485c1fc51cedcbe719";><code>ddd5faf</code></a> Make 'MetadataRaftGroupSnapshot' class immutable since it is stored in the Ra...</li> <li><a href="https://github.com/hazelcast/hazelcast/commit/28fbefa3e00c92c73369f466ecdb2d71d8bf9077";><code>28fbefa</code></a> Upgrade jackson-databind to 2.14.0 [4.2.z] (<a href="https://github-redirect.dependabot.com/hazelcast/hazelcast/issues/22391";>#22391</a>)</li> <li><a href="https://github.com/hazelcast/hazelcast/commit/2370a3ff3cd2cbb06344131b66461611ef9dff0e";><code>2370a3f</code></a> Handle null values of AddMapConfigMessageTask's nullable fields [4.2.z] (<a href="https://github-redirect.dependabot.com/hazelcast/hazelcast/issues/22811";>#22811</a>)</li> <li><a href="https://github.com/hazelcast/hazelcast/commit/d1ab2afa80365942856ad9a15a3b33cb8233b741";><code>d1ab2af</code></a> Convert HotRestartTriggerBackupMessageTask and ShutdownClusterMessageTask to ...</li> <li><a href="https://github.com/hazelcast/hazelcast/commit/5b473134c1a905ef48d5961af531795bf2e935dc";><code>5b47313</code></a> Fixed ClearBackupOperation [HZ-1210] [BACKPORT] (<a href="https://github-redirect.dependabot.com/hazelcast/hazelcast/issues/22082";>#22082</a>) (<a href="https://github-redirect.dependabot.com/hazelcast/hazelcast/issues/22406";>#22406</a>)</li> <li>Additional commits viewable in <a href="https://github.com/hazelcast/hazelcast/compare/v4.2.5...v4.2.6";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/nifi/network/alerts). </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
