7.0.9

Upgrade urgency: SECURITY, contains fixes to security issues.

Security Fixes:

• (CVE-2023-25155) Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD
  commands can trigger an integer overflow, resulting in a runtime assertion
  and termination of the Redis server process.
• (CVE-2022-36021) String matching commands (like SCAN or KEYS) with a specially
  crafted pattern to trigger a denial-of-service attack on Redis, causing it to
  hang and consume 100% CPU time.

Bug Fixes

• Fix a crash when reaching the maximum invalidations limit of client-side tracking (#11814)
• Fix a crash when SPUBLISH is used after passing the cluster-link-sendbuf-limit (#11752)
• Fix possible memory corruption in FLUSHALL when a client watches more than one key (#11854)
• Fix cluster inbound link keepalive time (#11785)
• Flush propagation list in active-expire of writable replicas to fix an assertion (#11615)
• Avoid propagating DEL of lazy expire from SCAN and RANDOMKEY as MULTI-EXEC (#11788)

Performance and resource utilization improvements

• Avoid realloc to reduce size of strings when it is unneeded (#11766)
• Improve CLUSTER SLOTS reply efficiency for non-continuous slots (#11745)

6.2.11

Upgrade urgency: SECURITY, contains fixes to security issues.

Security Fixes:

• (CVE-2023-25155) Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD
  commands can trigger an integer overflow, resulting in a runtime assertion
  and termination of the Redis server process.
• (CVE-2022-36021) String matching commands (like SCAN or KEYS) with a specially
  crafted pattern to trigger a denial-of-service attack on Redis, causing it to
  hang and consume 100% CPU time.

Bug Fixes

• Fix a crash when reaching the maximum invalidations limit of client-side tracking (#11814)
• Fix cluster inbound link keepalive time (#11785)
• Make sure that fork child doesn't do incremental rehashing (#11692)

Performance and resource utilization improvements

• Avoid realloc to reduce size of strings when it is unneeded (#11766)

6.0.18

Upgrade urgency: SECURITY, contains fixes to security issues.

Security Fixes:

• (CVE-2023-25155) Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD
  commands can trigger an integer overflow, resulting in a runtime assertion
  and termination of the Redis server process.
• (CVE-2022-36021) String matching commands (like SCAN or KEYS) with a specially
  crafted pattern to trigger a denial-of-service attack on Redis, causing it to
  hang and consume 100% CPU time.

Bug Fixes

• Make sure that fork child doesn't do incremental rehashing (#11692)
• Fix cluster inbound link keepalive time (#11785)

6.2.10

Upgrade urgency: MODERATE, a quick followup fix for a recently released 6.2.9.

Bug Fixes

• Revert the change to KEYS in the recent client output buffer limit fix (#11676)

6.0.17

Upgrade urgency: SECURITY, contains fixes to security issues.

Security Fixes:

• (CVE-2022-35977) Integer overflow in the Redis SETRANGE and SORT/SORT_RO
  commands can drive Redis to OOM panic

Bug Fixes

• Avoid hang when client issues long SRANDMEMBER command and gets
  disconnected by client output buffer limit (#11676)
• Lua: fix crash on a script call with many arguments, a regression in v6.0.16 (#9809)
• Lua: Add checks for min-slave-* configs when evaluating Lua scripts (#10160)
• Fix BITFIELD overflow detection on some compilers due to undefined behavior (#9601)

7.0.8

Upgrade urgency: SECURITY, contains fixes to security issues.

Security Fixes:

• (CVE-2022-35977) Integer overflow in the Redis SETRANGE and SORT/SORT_RO
  commands can drive Redis to OOM panic
• (CVE-2023-22458) Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER
  commands can lead to denial-of-service

Bug Fixes

• Avoid possible hang when client issues long KEYS, SRANDMEMBER, HRANDFIELD,
  and ZRANDMEMBER commands and gets disconnected by client output buffer limit (#11676)
• Make sure that fork child doesn't do incremental rehashing (#11692)
• Fix a bug where blocking commands with a sub-second timeout would block forever (#11688)
• Fix sentinel issue if replica changes IP (#11590)

6.2.9

Upgrade urgency: SECURITY, contains fixes to security issues.

Security Fixes:

• (CVE-2022-35977) Integer overflow in the Redis SETRANGE and SORT/SORT_RO
  commands can drive Redis to OOM panic
• (CVE-2023-22458) Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER
  commands can lead to denial-of-service

Bug Fixes

• Avoid possible hang when client issues long KEYS, SRANDMEMBER, HRANDFIELD,
  and ZRANDMEMBER commands and gets disconnected by client output buffer limit (#11676)
• Fix sentinel issue if replica changes IP (#11590)

7.0.7

Upgrade urgency: MODERATE, Contains fix for a regression in Geo commands.

Bug Fixes

• Fix regression from Redis 7.0.6 in distance replies of Geo commands (#11631)

7.0.6

Upgrade urgency: MODERATE, Contains fixes for a few non-critical or unlikely bugs,
and some dramatic optimizations to Geo, EVAL, and Sorted sets commands.

Potentially Breaking Bug Fixes for new Redis 7.0 features

• RM_ResetDataset module API should not clear the functions (#11268)
• RM_Call module API used with the "C" flag to run scripts, would now cause
  the commands in the script to check ACL with the designated user (#10966)

Performance and resource utilization improvements

• Geo commands speedups (#11535, #11522, #11552, #11579)
• Fix EVAL command performance regression from Redis 7.0 (#11521, #11541)
• Reduce EXPIRE commands performance regression from Redis 7.0 (#11602)
• Optimize commands returning double values, mainly affecting zset commands (#11093)
• Optimize Lua parsing of some command responses (#11556)
• Optimize client memory usage tracking operation while client eviction is disabled (#11348)

Platform / toolchain support related improvements

• Fix compilation on Solaris (#11327)

Module API changes

• RM_SetContextUser, RM_SetModuleUserACLString, RM_GetModuleUserACLString (#10966)
• Fix crash in CLIENT_CHANGE event, when the selected database is not 0 (#11500)

Changes in CLI tools

• redis-benchmark avoid aborting on NOPERM from CONFIG GET (#11096)

Bug Fixes

• Avoid hang of diskless replication fork child when parent crashes (#11463)
• Fix crash with module API of list iterator and RM_ListDelete (#11383)
• Fix TLS error handling to avoid connection drops on timeouts (#11563)
• Fix runtime changes to cluster-announce-*-port to take effect on the local node too (#10745)
• Fix sentinel function that compares hostnames if failed resolve (#11419)
• Fix MIGRATE with AUTH set to "keys" is getting wrong key names leading to MOVED or ACL errors (#11253)

Fixes for issues in previous releases of Redis 7.0

• Fix command line startup --sentinel problem (#11591)
• Fis missing FCALL commands in monitor (#11510)
• Fix CLUSTER SHARDS showing empty hostname (#11297)
• Replica that asks for rdb-only could have missed the EOF and hang (#11296)

6.2.8

Upgrade urgency: MODERATE, Contains fixes for a few non-critical or unlikely bugs

Performance and resource utilization improvements

• Optimize zset conversion on large ZRANGESTORE (#10789)

Module API changes

• Fix crash in CLIENT_CHANGE event, when the selected database is not 0 (#11500)
• Fix RM_SetAbsExpire and RM_GetAbsExpire API registration (#11025, #8564)

Security improvements

• Sentinel: avoid logging auth-pass value (#9652)

Bug Fixes

• Fix a crash when a Lua script returns a meta-table (#11032)
• Fix ZRANGESTORE crash when zset_max_listpack_entries is 0 (#10767)
• Unpause clients after manual failover ends instead of waiting for timed (#9676)
• TLS: Notify clients on connection shutdown (#10931)
• Avoid hang of diskless replication fork child when parent crashes (#11463)
• Fix sentinel function that compares hostnames if failed resolve (#11419)
• Fix a hang when eviction is combined with lazy-free and maxmemory-eviction-tenacity
  is set to 100 (#11237)
• Fix bug with scripts ignoring client tracking NOLOOP (#11052)
• Fix client-side tracking breaking protocol when FLUSHDB / FLUSHALL / SWAPDB is
  used inside MULTI-EXEC (#11038)
• Fix BITFIELD overflow detection on some compilers due to undefined behavior (#9601)