6.0.15
Upgrade urgency: SECURITY, contains fixes to security issues that affect
authenticated client connections on 32-bit versions. MODERATE otherwise.
Fix integer overflow in BITFIELD on 32-bit versions (CVE-2021-32761).
An integer overflow bug in Redis version 2.2 or newer can be exploited using the
BITFIELD command to corrupt the heap and potentially result with remote code
execution.
Bug fixes that involve behavior changes:
- Change reply type for ZPOPMAX/MIN with count in RESP3 to nested array (#8981).
Was using a flat array like in RESP2 instead of a nested array like ZRANGE does.
Bug fixes:
- Fail EXEC command in case a watched key is expired (#9194)
- Fix SMOVE not to invalidate dest key (WATCH and tracking) when member already exists (#9244)
- Fix SINTERSTORE not to delete dest key when getting a wrong type error (#9032)
- Fix overflows on 32-bit versions in GETBIT, SETBIT, BITCOUNT, BITPOS, and BITFIELD (#9191)
- Set TCP keepalive on inbound cluster bus connections (#9230)
- Fix ziplist length updates on big-endian platforms (#2080)
- Fix diskless replica loading to recover from RDB short read on module AUX data (#9199)
- Fix race in client side tracking (#9116)
- If diskless repl child is killed, make sure to reap the child pid (#7742)
- Add a timeout mechanism for replicas stuck in fullsync (#8762)
CLI tools: