[RELEASE] Redis 7.0.11, 6.2.12 and 6.0.19 are out

171 views
Skip to first unread message

Itamar Haber

unread,
Apr 17, 2023, 10:48:35 AM4/17/23
to Redis DB
Hi friends,

We've just released Redis 7.0.11, 6.2.12, and 6.0.19 to address security issues. 
The release notes are below.

Redis 7.0.11
Upgrade urgency: SECURITY, contains fixes to security issues.

Security Fixes:

  • (CVE-2023-28856) Authenticated users can use the HINCRBYFLOAT command to create an invalid hash field that will crash Redis on access

Bug Fixes

  • Add a missing fsync of AOF file in rare cases (#11973)
  • Disconnect pub-sub subscribers when revoking allchannels permission (#11992)

Platform / toolchain support related improvements

  • Fix a compiler fortification induced crash when used with link time optimizations (#11982)
Redis 6.2.12
Upgrade urgency: SECURITY, contains fixes to security issues.

Security Fixes:

  • (CVE-2023-28856) Authenticated users can use the HINCRBYFLOAT command to create an invalid hash field that will crash Redis on access

Bug Fixes

  • Fix CLIENT REPLY OFF|SKIP to not silence push notifications (#11875)
  • Disconnect pub-sub subscribers when revoking allchannels permission (#11992)
  • Trim excessive memory usage in stream nodes when exceeding stream-node-max-bytes (#11885)
Redis 6.0.19
Upgrade urgency: SECURITY, contains fixes to security issues.

Security Fixes:

  • (CVE-2023-28856) Authenticated users can use the HINCRBYFLOAT command to create an invalid hash field that will crash Redis on access

Bug Fixes

  • Fix CLIENT REPLY OFF|SKIP to not silence push notifications (#11875)
Cheers,
Redis core team
Reply all
Reply to author
Forward
0 new messages