[RELEASE] Redis 7.0 is out!

[re...@redis.io]

Howdy everybody,

We've just released Redis 7.0 - a big "thank you" to everyone who helped in the making and to those of you who will put it to good use :)

The release is available from the Redis repository and our download page.

Before upgrading, please review the full release notes for potentially breaking changes.

The changes in the GA release compared to Redis 7.0-RC3 are as follows:

Security Fixes

• (CVE-2022-24736) An attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. This issue affects all versions of Redis.
  [reported by Aviv Yahav].
• (CVE-2022-24735) By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis can inject Lua code that will execute with the (potentially higher) privileges of another Redis user.
  [reported by Aviv Yahav].

New Features

• Keyspace event for new keys (#10512)

Command replies that have been extended

• COMMAND DOCS shows deprecated_since field in command args (#10545)
• COMMAND DOCS shows module name where applicable (#10544)

Potentially Breaking Changes

• Replicas panic when they fail writing persistence (#10504)
• Prevent cross slot operations in functions and scripts with shebang (#10615)
• Rephrased some error responses about invalid commands or args (#10612)
• Lua scripts do not have access to the print() function (#10651)

Performance and resource utilization improvements

• Speed optimization in streams (#10574)
• Speed optimization in command execution pipeline (#10502)
• Speed optimization in listpack encoded sorted (#10486)
• Speed optimization in latency tracking at INFO (relevant for 7.0 RCs) (#10606)
• Speed optimization when there are many replicas (relevant for 7.0 RCs) (#10588)

New configuration options

• Allow ignoring disk persistence errors on replicas (#10504)
• Allow abort with panic when replica fails to execute a command sent by the master (#10504)
• Allow configuring shutdown flags of SIGTERM and SIGINT (#10594)
• Allow attaching an operating system-specific identifier to Redis sockets (#10349)

Module API changes

• Add argument specifying ACL reason for module log entry (#10559)
  Breaking API compatibility with 7.0 RCs
• Add the deprecated_since field in command args of COMMAND DOCS (#10545)
  Breaking API/ABI compatibility with 7.0 RCs
• Add module API flag for using enum configs as bit flags (#10643)
• Add RM_PublishMessageShard (#10543)
• Add RM_MallocSizeString, RM_MallocSizeDict (#10542)
• Add RM_TryAlloc (#10541)

Bug Fixes

• Replica report disk persistence errors in PING (#10603)
• Fixes around rejecting commands on replicas and AOF when they must be respected (#10603)
• Durability fixes for appendfsync=always policy (#9678)

Fixes for issues in previous release candidates of Redis 7.0

• Fix possible crash on CONFIG REWRITE (#10598)
• Fix regression not aborting transaction on errors (#10612)
• Fix auto-aof-rewrite-percentage based AOFRW trigger after restart (#10550)
• Fix bugs when AOF enabled after startup, in case of failure before the first rewrite completes (#10616)
• Fix RM_Yield module API bug processing future commands of the current client (#10573)

Cheers,
The Redis core team

[lei zhang]

Lua 5.1 has security issues, latest redis 7.0 still use 5.1, do we have plan to upgrade lua module to 5.4 or later? if so, what's the plan for this? thanks!