Skip to content

6.2.11
Compare
Choose a tag to compare
@oranagra oranagra released this 28 Feb 16:35
· 14 commits to 6.2 since this release
6.2.11
720ea82

Upgrade urgency: SECURITY, contains fixes to security issues.

Security Fixes:

  • (CVE-2023-25155) Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD
    commands can trigger an integer overflow, resulting in a runtime assertion
    and termination of the Redis server process.
  • (CVE-2022-36021) String matching commands (like SCAN or KEYS) with a specially
    crafted pattern to trigger a denial-of-service attack on Redis, causing it to
    hang and consume 100% CPU time.

Bug Fixes

  • Fix a crash when reaching the maximum invalidations limit of client-side tracking (#11814)
  • Fix cluster inbound link keepalive time (#11785)
  • Make sure that fork child doesn't do incremental rehashing (#11692)

Performance and resource utilization improvements

  • Avoid realloc to reduce size of strings when it is unneeded (#11766)
Assets 2