8.6-RC1

This is the first Release Candidate of Redis 8.6 in Redis Open Source.

Release Candidates are feature-complete pre-releases. Pre-releases are not suitable for production use.

Binary distributions

• Alpine and Debian Docker images - https://hub.docker.com/_/redis
• Install using snap - see https://github.com/redis/redis-snap
• Install using brew - see https://github.com/redis/homebrew-redis
• Install using RPM - see https://github.com/redis/redis-rpm
• Install using Debian APT - see https://github.com/redis/redis-debian

Operating systems we test Redis 8.6 on

• Ubuntu 22.04 (Jammy Jellyfish), 24.04 (Noble Numbat)
• Rocky Linux 8.10, 9.5, 10.1
• AlmaLinux 8.10, 9.5, 10.1
• Debian 12 (Bookworm), Debian 13 (Trixie)
• 14 (Sonoma), 15 (Sequoia)

New Features (compared to 8.4.0)

• #14615 Streams: XADD idempotency (at-most-once guarantee) with new IDMPAUTO and IDMP arguments
• #14624 New eviction policies - least recently modified: volatile-lrm and allkeys-lrm
• #14680 Hot keys detection and reporting; new command: HOTKEYS
• #14610 TLS certificate-based automatic client authentication
• RedisTimeSeries/RedisTimeSeries#1853 Time series: support NaN values; new aggregators: COUNTNAN and COUNTALL

Security and privacy fixes

• #14645 Hide Personally Identifiable Information from ACL log
• #14659 ACL: Key-pattern bypass in MSETEX
• RedisTimeSeries/RedisTimeSeries#1837, RedisJSON/RedisJSON#1474 Hide Personally Identifiable Information from server log
• RedisBloom/RedisBloom#950 Out-of-bounds read when loading an invalid RDB file (MOD-12802)

Bug fixes (compared to 8.4.0)

• #14545 ACL: AOF loading fails if ACL rules are changed and don't allow some commands in MULTI-EXEC
• #14637 Atomic slot migration: wrong adjacent slot range behavior
• #14567 Atomic slot migration: support delay trimming slots after finishing migrating slots
• #14623 Streams: XTRIM/XADD with approx mode (~) don’t delete entries for DELREF/ACKED strategies
• #14552 Streams: Incorrect behavior when using XDELEX...ACKEDafterXGROUP DESTROY`
• #14537 SCAN: restore original filter order (revert change introduced in 8.2)
• #14581 Rare server hang at shutdown
• #14597 Panic when cluster node is uninitialized
• #14583 FLUSHALL ASYNC on a writable replica may block the main thread for an extended period
• #14504 Cluster: fix race condition in broadcast configuration
• #14416 Fixed argument position handling in Redis APIs
• RedisTimeSeries/RedisTimeSeries#1784, RedisTimeSeries/RedisTimeSeries#1839, RedisBloom/RedisBloom#952, RedisJSON/RedisJSON#1477 Atomic slot migration support
• RedisBloom/RedisBloom#946 MEMORY USAGE: fix reported value (MOD-12799)
• RedisJSON/RedisJSON#1473 Adding escapes to already-escaped characters (MOD-8137)
• RedisJSON/RedisJSON#1475 JSON.CLEAR does not error if more than one path is specified (MOD-13109)

Performance and resource utilization improvements (compared to 8.4.0)

• #14608 Reply copy-avoidance path to reduce memory copies for bulk string replies
• #14595 Hash: unify field name and value into a single struct
• #14701 Sorted set: unify score and value into a single struct
• #14662 Optimize listpack iterator on hash fields
• #14699 Optimize set commands with expiration
• #14700 Optimize prefetching
• #14715 Optimize prefetch sizing logic
• #14636 Optimize ZRANK
• #14676 Utilize hardware clock by default on ARM AArch64
• #14575 Disable RDB compression when diskless replication is used

Modules API

• #14445
  • RM_CreateKeyMetaClass - define a new key-metadata class
  • RM_ReleaseKeyMetaClass - release a key-metadata class
  • RM_SetKeyMeta - attach or update a metadata value for a key under a specific metadata-key class
  • RM_GetKeyMeta - get a metadata value for a key under a specific metadata-key class

Configuration parameters

• #14624 maxmemory-policy: new eviction policies: volatile-lrm, allkeys-lrm
• #14615 stream-idmp-duration, stream-idmp-maxsize - defaults for streams idempotent production
• #14610 tls-auth-clients-user TLS certificate-based automatic client authentication
• #14596 flushdb option for repl-diskless-load: always flush the entire dataset before diskless load

Metrics

• #14610 acl_access_denied_tls_cert - failed TLS certificate–based authentication attempts

known bugs and limitations

• Redis Query Engine: In case of load rebalancing operations (such as Atomic Slot Migration) taking place during the lifetime of a cursor, there is a chance that some results may be missing.

8.4.0

This is the General Availability release of Redis 8.4 in Redis Open Source.

Major changes compared to 8.2

• DIGEST, DELEX; SET extensions - atomic compare-and-set and compare-and-delete for string keys
• MSETEX - atomically set multiple string keys and update their expiration
• XREADGROUP - new CLAIM option for reading both idle pending and incoming stream entries
• CLUSTER MIGRATION - atomic slot migration
• CLUSTER SLOT-STATS - per-slot usage metrics: key count, CPU time, and network I/O
• Redis query engine: FT.HYBRID - hybrid search and fused scoring
• Redis query engine: I/O threading with performance boost for search and query commands (FT.*)
• I/O threading: substantial throughput increase (e.g. >30% for caching use cases (10% SET, 90% GET), 4 cores)
• JSON: substantial memory reduction for homogenous arrays (up to 92%)

Binary distributions

• Alpine and Debian Docker images - https://hub.docker.com/_/redis
• Install using snap - see https://github.com/redis/redis-snap
• Install using brew - see https://github.com/redis/homebrew-redis
• Install using RPM - see https://github.com/redis/redis-rpm
• Install using Debian APT - see https://github.com/redis/redis-debian

Operating systems we test Redis 8.4 on

• Ubuntu 22.04 (Jammy Jellyfish), 24.04 (Noble Numbat)
• Rocky Linux 8.10, 9.5
• AlmaLinux 8.10, 9.5
• Debian 12 (Bookworm), Debian 13 (Trixie)
• macOS 13 (Ventura), 14 (Sonoma), 15 (Sequoia)

Bug fixes (compared to 8.4-RC1)

• #14524 XREADGROUP CLAIM returns strings instead of integers
• #14529 Add variable key-spec flags to SET IF* and DELEX
• #P928 Potential memory leak (MOD-11484)
• #T1801, #T1805 macOS build failures (MOD-12293)
• #J1438 JSON.NUMINCRBY - wrong result on integer array with non-integer increment (MOD-12282)
• #J1437 Thread safety issue related to ASM and shared strings (MOD-12013)

Performance and resource utilization improvements (compared to 8.4-RC1)

• #14480, #14516 Optimize XREADGROUP

known bugs and limitations

• When executing FT.SEARCH, FT.AGGREGATE, FT.CURSOR, FT.HYBRID, TS.MGET, TS.MRANGE, TS.MREVRANGE, and TS.QUERYINDEX while an atomic slot migration process is in progress, the results may be partial or contain duplicates
• FT.PROFILE, FT.EXPLAIN, and FT.EXPLACINCLI do not contain the FT.HYBRID option
• Metrics from FT.HYBRID command are not displayed on FT.INFO and INFO
• FT.HYBRID: the EXPLAINSCORE, SHARD_K_RATIO, YIELD_DISTANCE_AS, and WITHCURSOR options are not supported
• FT.HYBRID: post-filtering (after COMBINE step) using FILTER is not supported
• FT.HYBRID: the default response format considers only key_id and score. This may change for delivering the entire document content

8.4-RC1

This is the first Release Candidate of Redis 8.4 in Redis Open Source.

Release Candidates are feature-complete pre-releases. Pre-releases are not suitable for production use.

Binary distributions

• Alpine and Debian Docker images - https://hub.docker.com/_/redis
• Install using snap - see https://github.com/redis/redis-snap
• Install using brew - see https://github.com/redis/homebrew-redis
• Install using RPM - see https://github.com/redis/redis-rpm
• Install using Debian APT - see https://github.com/redis/redis-debian

Operating systems we test Redis 8.4 on

• Ubuntu 22.04 (Jammy Jellyfish), 24.04 (Noble Numbat)
• Rocky Linux 8.10, 9.5
• AlmaLinux 8.10, 9.5
• Debian 12 (Bookworm), Debian 13 (Trixie)
• macOS 13 (Ventura), 14 (Sonoma), 15 (Sequoia)

New Features (compared to 8.2.3)

• #14414 New command: CLUSTER MIGRATION - atomic slot migration
• #14435 New commands: DELEX, DIGEST; SET extensions - atomic compare-and-set and compare-and-delete for string keys
• #14434 New command: MSETEX - set multiple keys and update their expiration
• #14402 XREADGROUP - add CLAIM min-idle-time to consume both idle pending entries and incoming entries
• #14058 Add auto-repair options for broken AOF tail on startup
• #14296 Support decoding JSON empty array as a Lua array
• RedisTimeSeries/RedisTimeSeries#1773 HELP and COMMAND DOCS now support time series commands (MOD-8133)
• RedisBloom/RedisBloom#892 HELP and COMMAND DOCS now support probabilistic commands (MOD-8133)
• RediSearch/RediSearch#7076, RediSearch/RediSearch#6857 New Command: FT.HYBRID - hybrid queries with RRF and LINEAR combination
• RediSearch/RediSearch#7022 Support index updates when atomic slot migrations occur
• RediSearch/RediSearch#6313 Support multiple I/O threads for RQE cluster manager - Coordinator (MOD-10562)

Bug fixes (compared to 8.2.3)

• #14423 Potential infinite loop when a stream is corrupted
• #14420 Shutdown blocked client not being properly reset after shutdown cancellation
• #14417 CLUSTER FORGET - heap-buffer-overflow
• #14415 Potential crash in lookupKey() when executing_client is NULL
• RedisTimeSeries/RedisTimeSeries#1776 Potential crash on TS.RANGE with ALIGN +, AGGREGATION twa and EMPTY (MOD-11620, MOD-10484)

Performance and resource utilization improvements (compared to 8.2.3)

• #14440 Lookahead prefetching - parse multiple commands in advance through a lookahead pipeline
• #14309 Optimize BITCOUNT with AVX2 and AVX512 popcount implementations
• #14227 Optimize BITCOUNT with Arm Neon SIMD vectorization
• #14428 Optimize HyperLogLog with branchless comparisons and Arm Neon SIMD vectorization
• #14222 Optimize Vector set VADD and VSIM with AVX2 and AVX512 dot product implementations
• RedisJSON/ijson#9 JSON - memory footprint improvement by using homogeneous arrays (MOD-9511)
• RedisJSON/ijson#7 JSON - memory footprint improvement by inlining short strings (MOD-9511)

Configuration parameters

• #14058 aof-load-corrupt-tail-max-size - maximum corrupted tail size (in bytes) to attempt to repair automatically
• #14296 decode_array_with_array_mt - Lua: control how empty JSON arrays are handled
• #14440 lookahead - runtime-configurable lookahead depth (default: 16)
• RediSearch/RediSearch#7065 search-default-scorer - default text and tag scorer (new default is BM25STD)
• RediSearch/RediSearch#6769 search-on-oom - behavior when OOM event occurs in the query time, supports 3 values:
  • IGNORE - queries run despite OOM, not recommended for heavy result sets (current behaviour)
  • FAIL - query execution fails if any node is in OOM state at start
  • RETURN - returns partial results if OOM is detected in only some cluster nodes (default)
• RediSearch/RediSearch#6313 search-io-threads - allow setting the comms threads used by the cluster manager - coordinator (default: 20)

known bugs and limitations

• When executing FT.SEARCH, FT.AGGREGATE, FT.CURSOR, FT.HYBRID, TS.MGET, TS.MRANGE, TS.MREVRANGE and TS.QUERYINDEX while an atomic slot migration process is in progress, the results may be partial or contain duplicates
• FT.PROFILE, FT.EXPLAIN and FT.EXPLACINCLI don’t contain the FT.HYBRID option
• Metrics from FT.HYBRID command aren’t displayed on FT.INFO and INFO
• Option EXPLAINSCORE, SHARD_K_RATIO, YIELD_DISTANCE_AS, and WITHCURSOR with FT.HYBRID are not available
• Post-filtering (after COMBINE step) using FILTER is not available
• Currently, the default response format considers only key_id and score, this may change for delivering the entire document content

8.2.3

Update urgency: SECURITY: There is a security fix in the release.

Security fixes

• (CVE-2025-62507) XACKDEL - potential stack overflow and RCE

Bug fixes

• HGETEX - potential crash when FIELDS is used and numfields is missing
• Potential crash on HyperLogLog with 2GB+ entries
• Cuckoo filter - Division by zero in Cuckoo filter insertion
• Cuckoo filter - Counter overflow
• Bloom filter - Arbitrary memory read/write with invalid filter
• Bloom filter - Out-of-bounds access with empty chain
• Bloom filter - Restore invalid filter [We thank AWS security for responsibly disclosing this security bug]
• Top-k - Out-of-bounds access

8.0.5

Update urgency: HIGH: There are critical bugs that may affect a subset of users.

Bug fixes

• HGETEX - potential crash when FIELDS is used and numfields is missing
• Potential crash on HyperLogLog with 2GB+ entries
• Cuckoo filter - Division by zero in Cuckoo filter insertion
• Cuckoo filter - Counter overflow
• Bloom filter - Arbitrary memory read/write with invalid filter
• Bloom filter - Out-of-bounds access with empty chain
• Bloom filter - Restore invalid filter [We thank AWS security for responsibly disclosing the security bug]
• Top-k - Out-of-bounds access

7.4.7

Update urgency: HIGH: There is a critical bug that may affect a subset of users.

Bug fixes

• Potential crash on HyperLogLog with 2GB+ entries

7.2.12

Update urgency: HIGH: There is a critical bug that may affect a subset of users.

Bug fixes

• Potential crash on HyperLogLog with 2GB+ entries

6.2.21

Update urgency: HIGH: There is a critical bug that may affect a subset of users.

Bug fixes

• Potential crash on HyperLogLog with 2GB+ entries

7.2.11

Update urgency: SECURITY: There are security fixes in the release.

Security fixes

• (CVE-2025-49844) A Lua script may lead to remote code execution
• (CVE-2025-46817) A Lua script may lead to integer overflow and potential RCE
• (CVE-2025-46818) A Lua script can be executed in the context of another user
• (CVE-2025-46819) LUA out-of-bound read

6.2.20

Update urgency: SECURITY: There are security fixes in the release.

Security fixes

• (CVE-2025-49844) A Lua script may lead to remote code execution
• (CVE-2025-46817) A Lua script may lead to integer overflow and potential RCE
• (CVE-2025-46818) A Lua script can be executed in the context of another user
• (CVE-2025-46819) LUA out-of-bound read