Visit NES for Hazelcast Home Page

Hazelcast 5.1.x Release Notes

2 versions

Comprehensive release notes and changelog for Hazelcast 5.1.x, including security patches, bug fixes, and feature updates across all supported versions.

Jul 16, 2026
Latest: 5.1.9
6 Patched Vulnerabilities
VEX Statements

July 2026

Full Version:
5.1.7-hazelcast-5.1.9

Security Fixes

  • Missing permission checks on some Hazelcast client protocol operations (CVE-2023-45859)
  • Inadequate permission checking in the SQL mapping for the CSV File Source connector (CVE-2023-45860)

Dependency Updates

  • Bundled (shaded) Jackson rebuilt on Jackson (NES) 2.15.4-jackson-bom-2.15.6, which includes the jackson-core fix for GHSA-72hv-8253-57qq (Number Length Constraint Bypass in Async Parser)
  • Bundled (shaded) JSON-java (org.json) rebuilt on JSON-java (NES) 20230227.0.0-jsonjava-20230227.0.2, which includes the fix for CVE-2023-5072 (denial of service via crafted JSON with deeply nested object keys)

5.1.8

Released Jul 15, 2026
Full Version:
5.1.7-hazelcast-5.1.8

Dependency Updates

  • Bundled (shaded) Jackson rebuilt on Jackson (NES) 2.15.4-jackson-bom-2.15.5
  • Bundled (shaded) JSON-java (org.json) rebuilt on JSON-java (NES) 20230227.0.0-jsonjava-20230227.0.1

Notes

  • This release originates from the open-source Hazelcast project forked by HeroDevs. It encompasses modifications implemented by HeroDevs to ensure successful framework builds.

Stay in the loop

~/herodevs-spring-framework-support

Open Source Support

When official support ends, we're just getting started.