diff --git a/CHANGES b/CHANGES
index c0367ad762bd5be400cada0d5b94ee828c9966d6..d15e1c56edc89d537e0ad7ad69ccbf02def06463 100644
--- a/CHANGES
+++ b/CHANGES
@@ -5,4 +5,5 @@ OpenLDAP 2.4.6 Engineering
 	Added slapd ACL sets DN ancestors operator (ITS#4860)
 	Fixed slapd ordered values add normalization issue (ITS#5136)
 	Fixed slapd-ldap SASL idassert w/o autchId
+	Fixed slapo-dynlist entry release (ITS#5135)
 	Fixed slapo-rwm modlist handling (ITS#5124)
diff --git a/servers/slapd/overlays/dynlist.c b/servers/slapd/overlays/dynlist.c
index 50119eb7a16e393d690615d03b67daebcc4efdfb..da0528ec1aad2c98056ca1f008918888505a9697 100644
--- a/servers/slapd/overlays/dynlist.c
+++ b/servers/slapd/overlays/dynlist.c
@@ -543,7 +543,7 @@ dynlist_compare( Operation *op, SlapReply *rs )
 	slap_overinst	*on = (slap_overinst *)op->o_bd->bd_info;
 	dynlist_info_t	*dli = (dynlist_info_t *)on->on_bi.bi_private;
 	Operation o = *op;
-	Entry *e;
+	Entry *e = NULL;
 
 	for ( ; dli != NULL; dli = dli->dli_next ) {
 		if ( op->oq_compare.rs_ava->aa_desc == dli->dli_member_ad ) {
@@ -626,14 +626,14 @@ dynlist_compare( Operation *op, SlapReply *rs )
 
 		o.o_bd = select_backend( &o.o_req_ndn, 1 );
 		if ( !o.o_bd || !o.o_bd->be_search ) {
-			return SLAP_CB_CONTINUE;
+			goto release;
 		}
 
 		BER_BVSTR( &o.ors_filterstr, "(objectClass=*)" );
 		o.ors_filter = str2filter_x( op, o.ors_filterstr.bv_val );
 		if ( o.ors_filter == NULL ) {
 			/* FIXME: error? */
-			return SLAP_CB_CONTINUE;
+			goto release;
 		}
 
 		o.ors_scope = LDAP_SCOPE_BASE;
@@ -654,7 +654,7 @@ dynlist_compare( Operation *op, SlapReply *rs )
 		}
 
 		if ( rc != 0 ) {
-			return rc;
+			goto release;
 		}
 
 		if ( dlc.dlc_e != NULL ) {
@@ -663,7 +663,7 @@ dynlist_compare( Operation *op, SlapReply *rs )
 
 		if ( r.sr_err != LDAP_SUCCESS || r.sr_entry == NULL ) {
 			/* error? */
-			return SLAP_CB_CONTINUE;
+			goto release;
 		}
 
 		for ( a = attrs_find( r.sr_entry->e_attrs, op->orc_ava->aa_desc );
@@ -688,6 +688,11 @@ dynlist_compare( Operation *op, SlapReply *rs )
 		}
 	}
 
+release:;
+	if ( e != NULL ) {
+		overlay_entry_release_ov( &o, e, 0, on );
+	}
+
 	return SLAP_CB_CONTINUE;
 }
 
@@ -1338,7 +1343,8 @@ dynlist_db_open(
 
 	rc = slap_str2ad( "dgIdentity", &ad_dgIdentity, &text );
 	if ( rc != LDAP_SUCCESS ) {
-		sprintf( cr->msg, "unable to fetch attributeDescription \"dgIdentity\": %d (%s)",
+		snprintf( cr->msg, sizeof( cr->msg),
+			"unable to fetch attributeDescription \"dgIdentity\": %d (%s)",
 			rc, text );
 		Debug( LDAP_DEBUG_ANY, "dynlist_db_open: %s\n", cr->msg, 0, 0 );
 		/* Just a warning */