Skip to content

Update to 2.8.21 and 3.0.2#25

Merged
tianon merged 1 commit intoredis:masterfrom
TimWolla:june-4
Jun 4, 2015
Merged

Update to 2.8.21 and 3.0.2#25
tianon merged 1 commit intoredis:masterfrom
TimWolla:june-4

Conversation

@TimWolla
Copy link
Copy Markdown
Contributor

@TimWolla TimWolla commented Jun 4, 2015

see: https://groups.google.com/forum/#!msg/redis-db/4Y6OqK8gEyk/Dg-5cejl-eUJ

A few minutes ago I released Redis 3.0.2 and 2.8.1. The main reason
for this release is to address a security bug found by Ben Murphy,
documented in his blog post here:

http://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape/

It is critical but not dramatic: it needs the attacker to have direct
access to the instance, so Redis access mediated by applications is
not at risk. There are a lot of details about vulnerable deployments
in the original blog post.

@tianon
Copy link
Copy Markdown
Contributor

tianon commented Jun 4, 2015

LGTM

tianon added a commit that referenced this pull request Jun 4, 2015
@tianon
Merge pull request #25 from TimWolla/june-4
3a5023b 
Update to 2.8.21 and 3.0.2
@tianon tianon merged commit 3a5023b into redis:master Jun 4, 2015
@tianon tianon mentioned this pull request Jun 4, 2015
Merged
@TimWolla TimWolla deleted the june-4 branch June 4, 2015 18:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@TimWolla @tianon