[RELEASE] Redis 7.0.8, 6.2.10 and 6.0.17 is out!

Dear redis-db registrants,

Following are the release notes.

Redis 7.0.8

Upgrade urgency: SECURITY, contains fixes to security issues.

Security Fixes:

  • (CVE-2022-35977) Integer overflow in the Redis SETRANGE and SORT/SORT_RO
    commands can drive Redis to OOM panic
  • (CVE-2023-22458) Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER
    commands can lead to denial-of-service

Bug Fixes

  • Avoid possible hang when client issues long KEYS, SRANDMEMBER, HRANDFIELD,
    and ZRANDMEMBER commands and gets disconnected by client output buffer limit (#11676)
  • Make sure that fork child doesn’t do incremental rehashing (#11692)
  • Fix a bug where blocking commands with a sub-second timeout would block forever (#11688)
  • Fix sentinel issue if replica changes IP (#11590)

Redis 6.2.10

Upgrade urgency: MODERATE, a quick followup fix for a recently released 6.2.9.

Bug Fixes

  • Revert the change to KEYS in the recent client output buffer limit fix (#11676)

Redis 6.2.9

Upgrade urgency: SECURITY, contains fixes to security issues.

Security Fixes:

  • (CVE-2022-35977) Integer overflow in the Redis SETRANGE and SORT/SORT_RO
    commands can drive Redis to OOM panic
  • (CVE-2023-22458) Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER
    commands can lead to denial-of-service

Redis 6.0.17

Upgrade urgency: SECURITY, contains fixes to security issues.

Security Fixes:

  • (CVE-2022-35977) Integer overflow in the Redis SETRANGE and SORT/SORT_RO
    commands can drive Redis to OOM panic

Bug Fixes

  • Avoid hang when client issues long SRANDMEMBER command and gets
    disconnected by client output buffer limit (#11676)
  • Lua: fix crash on a script call with many arguments, a regression in v6.0.16 (#9809)
  • Lua: Add checks for min-slave-* configs when evaluating Lua scripts (#10160)
  • Fix BITFIELD overflow detection on some compilers due to undefined behavior (#9601)

Cheers,

The Redis core team

Read more here: Source link