Releases: redis/redis
Releases · redis/redis
7.0.9
Upgrade urgency: SECURITY, contains fixes to security issues.
Security Fixes:
- (CVE-2023-25155) Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD
commands can trigger an integer overflow, resulting in a runtime assertion
and termination of the Redis server process. - (CVE-2022-36021) String matching commands (like SCAN or KEYS) with a specially
crafted pattern to trigger a denial-of-service attack on Redis, causing it to
hang and consume 100% CPU time.
Bug Fixes
- Fix a crash when reaching the maximum invalidations limit of client-side tracking (#11814)
- Fix a crash when SPUBLISH is used after passing the cluster-link-sendbuf-limit (#11752)
- Fix possible memory corruption in FLUSHALL when a client watches more than one key (#11854)
- Fix cluster inbound link keepalive time (#11785)
- Flush propagation list in active-expire of writable replicas to fix an assertion (#11615)
- Avoid propagating DEL of lazy expire from SCAN and RANDOMKEY as MULTI-EXEC (#11788)
Performance and resource utilization improvements
6.2.11
Upgrade urgency: SECURITY, contains fixes to security issues.
Security Fixes:
- (CVE-2023-25155) Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD
commands can trigger an integer overflow, resulting in a runtime assertion
and termination of the Redis server process. - (CVE-2022-36021) String matching commands (like SCAN or KEYS) with a specially
crafted pattern to trigger a denial-of-service attack on Redis, causing it to
hang and consume 100% CPU time.
Bug Fixes
- Fix a crash when reaching the maximum invalidations limit of client-side tracking (#11814)
- Fix cluster inbound link keepalive time (#11785)
- Make sure that fork child doesn't do incremental rehashing (#11692)
Performance and resource utilization improvements
- Avoid realloc to reduce size of strings when it is unneeded (#11766)
6.0.18
Upgrade urgency: SECURITY, contains fixes to security issues.
Security Fixes:
- (CVE-2023-25155) Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD
commands can trigger an integer overflow, resulting in a runtime assertion
and termination of the Redis server process. - (CVE-2022-36021) String matching commands (like SCAN or KEYS) with a specially
crafted pattern to trigger a denial-of-service attack on Redis, causing it to
hang and consume 100% CPU time.
Bug Fixes
6.2.10
6.0.17
Upgrade urgency: SECURITY, contains fixes to security issues.
Security Fixes:
- (CVE-2022-35977) Integer overflow in the Redis SETRANGE and SORT/SORT_RO
commands can drive Redis to OOM panic
Bug Fixes
- Avoid hang when client issues long SRANDMEMBER command and gets
disconnected by client output buffer limit (#11676) - Lua: fix crash on a script call with many arguments, a regression in v6.0.16 (#9809)
- Lua: Add checks for min-slave-* configs when evaluating Lua scripts (#10160)
- Fix BITFIELD overflow detection on some compilers due to undefined behavior (#9601)
7.0.8
Upgrade urgency: SECURITY, contains fixes to security issues.
Security Fixes:
- (CVE-2022-35977) Integer overflow in the Redis SETRANGE and SORT/SORT_RO
commands can drive Redis to OOM panic - (CVE-2023-22458) Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER
commands can lead to denial-of-service
Bug Fixes
- Avoid possible hang when client issues long KEYS, SRANDMEMBER, HRANDFIELD,
and ZRANDMEMBER commands and gets disconnected by client output buffer limit (#11676) - Make sure that fork child doesn't do incremental rehashing (#11692)
- Fix a bug where blocking commands with a sub-second timeout would block forever (#11688)
- Fix sentinel issue if replica changes IP (#11590)
6.2.9
Upgrade urgency: SECURITY, contains fixes to security issues.
Security Fixes:
- (CVE-2022-35977) Integer overflow in the Redis SETRANGE and SORT/SORT_RO
commands can drive Redis to OOM panic - (CVE-2023-22458) Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER
commands can lead to denial-of-service
Bug Fixes
7.0.7
7.0.6
Upgrade urgency: MODERATE, Contains fixes for a few non-critical or unlikely bugs,
and some dramatic optimizations to Geo, EVAL, and Sorted sets commands.
Potentially Breaking Bug Fixes for new Redis 7.0 features
- RM_ResetDataset module API should not clear the functions (#11268)
- RM_Call module API used with the "C" flag to run scripts, would now cause
the commands in the script to check ACL with the designated user (#10966)
Performance and resource utilization improvements
- Geo commands speedups (#11535, #11522, #11552, #11579)
- Fix EVAL command performance regression from Redis 7.0 (#11521, #11541)
- Reduce EXPIRE commands performance regression from Redis 7.0 (#11602)
- Optimize commands returning double values, mainly affecting zset commands (#11093)
- Optimize Lua parsing of some command responses (#11556)
- Optimize client memory usage tracking operation while client eviction is disabled (#11348)
Platform / toolchain support related improvements
- Fix compilation on Solaris (#11327)
Module API changes
- RM_SetContextUser, RM_SetModuleUserACLString, RM_GetModuleUserACLString (#10966)
- Fix crash in CLIENT_CHANGE event, when the selected database is not 0 (#11500)
Changes in CLI tools
- redis-benchmark avoid aborting on NOPERM from CONFIG GET (#11096)
Bug Fixes
- Avoid hang of diskless replication fork child when parent crashes (#11463)
- Fix crash with module API of list iterator and RM_ListDelete (#11383)
- Fix TLS error handling to avoid connection drops on timeouts (#11563)
- Fix runtime changes to cluster-announce-*-port to take effect on the local node too (#10745)
- Fix sentinel function that compares hostnames if failed resolve (#11419)
- Fix MIGRATE with AUTH set to "keys" is getting wrong key names leading to MOVED or ACL errors (#11253)
Fixes for issues in previous releases of Redis 7.0
6.2.8
Upgrade urgency: MODERATE, Contains fixes for a few non-critical or unlikely bugs
Performance and resource utilization improvements
- Optimize zset conversion on large ZRANGESTORE (#10789)
Module API changes
- Fix crash in CLIENT_CHANGE event, when the selected database is not 0 (#11500)
- Fix RM_SetAbsExpire and RM_GetAbsExpire API registration (#11025, #8564)
Security improvements
- Sentinel: avoid logging auth-pass value (#9652)
Bug Fixes
- Fix a crash when a Lua script returns a meta-table (#11032)
- Fix ZRANGESTORE crash when zset_max_listpack_entries is 0 (#10767)
- Unpause clients after manual failover ends instead of waiting for timed (#9676)
- TLS: Notify clients on connection shutdown (#10931)
- Avoid hang of diskless replication fork child when parent crashes (#11463)
- Fix sentinel function that compares hostnames if failed resolve (#11419)
- Fix a hang when eviction is combined with lazy-free and maxmemory-eviction-tenacity
is set to 100 (#11237) - Fix bug with scripts ignoring client tracking NOLOOP (#11052)
- Fix client-side tracking breaking protocol when FLUSHDB / FLUSHALL / SWAPDB is
used inside MULTI-EXEC (#11038) - Fix BITFIELD overflow detection on some compilers due to undefined behavior (#9601)