[RELEASE] Reids 7.2.1 and 7.0.13 are out!

105 views
Skip to first unread message

Itamar Haber

unread,
Sep 6, 2023, 6:37:11 PM9/6/23
to Redis DB
Hi,

We've just released Redis 7.2.1 and 7.0.13. These are patch-level releases to address security issues. Following are the notes:

Upgrade urgency SECURITY: See security fixes below.

Security Fixes

• (CVE-2023-41053) Redis does not correctly identify keys accessed by SORT_RO and, as a result, may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration.

Bug Fixes

• Fix crashes when joining a node to an existing 7.0 Redis Cluster (#12538)

• Correct request_policy and response_policy command tips on for some admin / configuration commands (#12545#12530)

Upgrade urgency SECURITY: See security fixes below.

Security Fixes

• (CVE-2023-41053) Redis does not correctly identify keys accessed by SORT_RO and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration.

Bug Fixes

• Cluster: fix a race condition where a slot migration may revert on a subsequent failover or node joining (#12344)

• Ensure that the function load timeout is disabled during loading from RDB/AOF and on replicas. (#12451)

• Fix the assertion when script timeout occurs after it signaled a blocked client (#12459)

Cheers,
The Redis core team

Reply all
Reply to author
Forward
0 new messages