This document describes the new features, enhancements, and fixed issues for the Hazelcast .NET Client v5.3.1 release.
This version is a minor release and therefore is fully backward-compatible with all 5.x and 4.x versions.
Refer to the 5.3.1 milestone for details on all issues and PRs that were involved in this release.
This Release
There are no features, enhancements nor fixes in this release. In fact, this release is absolutely identical to v5.3.0, but for one change: it removes the dependency on the DotNetZip package.
The client used DotNetZip for a special corner-case, where it needed to compress metrics in a Java-supported way, in order to send them back to the cluster for Management Center to display them. A plain "zlib" compression was indeed necessary, but not available in stock .NET. However, DotNetZip makes use of Random in some places, in a way that triggers some threat-detection tools, as Random is not safe to use for anything related to security and cryptography. As a consequence, DotNetZip has been flagged with MEDIUM security issues that can be blocking for some high-security users of the .NET client.
We have therefore removed the DotNetZip dependency as follows:
- As of .NET 6, the plain "zlib" compression is available as part of the .NET stock libraries. For .NET 6+ versions of the client, we now rely on stock .NET code.
- For anything pre-.NET 6, including .NET Framework, we have embedded into the .NET client the very minimal parts of DotNetZip that the client requires. This excludes any usage of
Randomor any security- and cryptography-related code. The embedded code has been carefully reviewed by ourselves.