Redis 7.0.12

00-RELEASENOTES

@@ -12,6 +12,34 @@ SECURITY: There are security fixes in the release.
 --------------------------------------------------------------------------------
 
 
+================================================================================
+Redis 7.0.12   Released Mon July 10 12:00:00 IDT 2023
+================================================================================
+
+Upgrade urgency SECURITY: See security fixes below.
+
+Security Fixes:
+* (CVE-2022-24834) A specially crafted Lua script executing in Redis can trigger
+  a heap overflow in the cjson and cmsgpack libraries, and result in heap
+  corruption and potentially remote code execution. The problem exists in all
+  versions of Redis with Lua scripting support, starting from 2.6, and affects
+  only authenticated and authorized users.
+* (CVE-2023-36824) Extracting key names from a command and a list of arguments
+  may, in some cases, trigger a heap overflow and result in reading random heap
+  memory, heap corruption and potentially remote code execution. Specifically:
+  using COMMAND GETKEYS* and validation of key names in ACL rules.
+
+
+Bug Fixes
+=========
+
+* Re-enable downscale rehashing while there is a fork child (#12276)
+* Fix possible hang in HRANDFIELD, SRANDMEMBER, ZRANDMEMBER when used with `<count>` (#12276)
+* Improve fairness issue in RANDOMKEY, HRANDFIELD, SRANDMEMBER, ZRANDMEMBER, SPOP, and eviction (#12276)
+* Fix WAIT to be effective after a blocked module command being unblocked (#12220)
+* Avoid unnecessary full sync after master restart in a rare case (#12088)
+
+
 ================================================================================
 Redis 7.0.11 Released Mon Apr 17 16:00:00 IST 2023
 ================================================================================

src/version.h

@@ -1,2 +1,2 @@
-#define REDIS_VERSION "7.0.11"
-#define REDIS_VERSION_NUM 0x0007000b
+#define REDIS_VERSION "7.0.12"
+#define REDIS_VERSION_NUM 0x0007000c