Hyper-Converged Database (HCD) release notes

Hyper-Converged Database (HCD) is compatible with Apache Cassandra® 4.0 and adds additional production-certified changes. HCD includes the following innovations:

Here are the features, enhancements, and updates per HCD version.

Version 1.2.6

This version was released on May 11, 2026 and includes the following items:

New features and enhancements

  • Updated default Guardrail configurations. JVM Heap settings are now automatically optimized according to the server’s number of cores and physical memory. (HCD-198)

  • Upgraded the security plugin library to include Apache Directory version 2.0.0.M27. (HCD-286)

  • Added support for Python versions 3.12 and 3.13 and Python driver version 3.29. Removed support for Python version 2.7. (HCD-190)

  • Upgraded httpcore5-h2 to version 5.4.0. (HCD-319)

  • Upgraded the logback-core library to version 1.5.25. (HCD-261)

Fixed issues

  • Fixed an issue with DSE 6.9 nodes when upgrading to HCD with encryption enabled. (HCD-241)

  • Fixed an issue with concurrent repairs and compactions. (HCD-200)

  • Fixed a race in prepared statements porting CASSANDRA-19703. (HCD-146)

  • Upgraded the Docker Management API version to 0.1.116 to fix broken metrics endpoints. (HCD-324)

  • Fixed CQLSH DESCRIBE command failures. (HCD-339)

Security fixes

Version 1.2.5

This version was released on January 26, 2026 and includes the following items:

New features and enhancements

  • Upgraded commons-codec to version 1.20.0. (HCD-262)

  • Upgraded Bouncy Castle to version 1.83. (HCD-263)

  • Added an option to skip exception logging on invalid legacy protocol magic exceptions. (HCD-247)

Security fixes

  • Upgraded Netty to version 4.1.130 and BoringSSL to version 2.0.74. (HCD-258), (CVE-2025-67735)

  • Upgraded jackson-dataformat-msgpack to version 0.9.11 and jackson to version 2.18.4. (HCD-259), (CVE-2026-21452)

  • Upgraded the JDK for RedHat UBI images to version 11.0.29. (HCD-260), (CVE-2025-53066)

  • Upgraded logback to version 1.5.25. (HCD-261), (CVE-2024-12798), (CVE-2025-11226), (CVE-2026-1225), (CVE-2024-12801)

  • Upgraded the lz4-java library to version 1.10.2. (HCD-264), (CVE-2025-12183)

For a complete list of CVEs fixed in this release, see the IBM Security Bulletin for HCD.

Version 1.2.4

This version was released on November 5, 2025 and includes the following items:

New features and enhancements

  • Upgraded Bouncy Castle to version 1.82. (HCD-207)

  • Upgraded Guava to 33.5.0. (HCD-211), (CVE-2020-8908), (CVE-2023-2976), (CVE-2025-59419)

  • Upgraded Netty to 4.1.128.Final. (HCD-205), (CVE-2025-59419)

Version 1.2.3

Version 1.2.3 is the first public release of HCD 1.2. This version was released on August 1, 2025 and includes the following items:

New features and enhancements

  • Added the following security updates:

    • Lightweight Directory Access Protocol (LDAP) authentication support (HCD-2)

    • Role-based access control (RBAC) support (HCD-3)

    • Encryption key management (HCD-4)

    • Transparent Data Encryption (TDE) support (DSP-23529)

    • OpenID Connect (OIDC) authentication support (DSP-24578)

For more information, see the Security section.

Was this helpful?

Give Feedback

How can we improve the documentation?

© Copyright IBM Corporation 2026 | Privacy policy | Terms of use Manage Privacy Choices

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: Contact IBM