Hi all,
Redis 6.0.9 and 5.0.10 are out.
Upgrade urgency: SECURITY if you use an affected platform (see below);
otherwise, the upgrade urgency is MODERATE.
These releases fix a potential heap overflow when using a heap allocator
other
than jemalloc or glibc's malloc. The credit for discovering and
reporting the
issue, as well as providing a possible fix, belongs to Drew DeVault.
More details
are in this pull request:
https://github.com/redis/redis/pull/7963
Highlights from Redis 6.0.9's release notes
(
https://github.com/redis/redis/blob/6.0/00-RELEASENOTES):
New:
* Memory reporting of clients argv (#7874)
* Add redis-cli control on raw format line delimiter (#7841)
* Add redis-cli support for rediss:// -u prefix (#7900)
* Get rss size support for NetBSD and DragonFlyBSD
Behavior changes:
* WATCH no longer ignores keys which have expired for MULTI/EXEC (#7920)
* Correct OBJECT ENCODING response for stream type (#7797)
* Allow blocked XREAD on a cluster replica (#7881)
* TLS: Do not require CA config if not used (#7862)
Bug fixes:
* INFO report real peak memory (before eviction) (#7894)
* Allow requirepass config to clear the password (#7899)
* Fix config rewrite file handling to make it really atomic (#7824)
* Fix excessive categories being displayed from ACLs (#7889)
* Add fsync in replica when full RDB payload was received (#7839)
* Don't write replies to socket when output buffer limit reached (#7202)
* Fix redis-check-rdb support for modules aux data (#7826)
* Other smaller bug fixes
Modules API:
* Add APIs for version and compatibility checks (#7865)
* Add RM_GetClientCertificate (#7866)
* Add RM_GetDetachedThreadSafeContext (#7886)
* Add RM_GetCommandKeys (#7884)
* Add Swapdb Module Event (#7804)
* RM_GetContextFlags provides indication of being in a fork child
(#7783)
* RM_GetContextFlags document missing flags: MULTI_DIRTY, IS_CHILD
(#7821)
* Expose real client on connection events (#7867)
* Minor improvements to module blocked on keys (#7903)
The Redis 5.0.10 release
(
https://github.com/redis/redis/blob/5.0/00-RELEASENOTES) also includes
these cherry-picked fixes and changes:
* Avoid case of Lua scripts being consistently aborted due to OOM
* XPENDING will not update consumer's seen-time
* A blocked XREADGROUP didn't propagated the XSETID to replicas / AOF
* UNLINK support for streams
* RESTORE ABSTTL won't store expired keys into the DB
* Hide AUTH from MONITOR
* Cluster: reduce spurious PFAIL/FAIL states upon delayed PONG receival
* Cluster: Fix case of clusters mixing accidentally by gossip
* Cluster: Allow blocked XREAD on a cluster replica
* Cluster: Optimize memory usage CLUSTER SLOTS command
* RedisModule_ValueLength support for stream data type
* Minor fixes in redis-check-rdb and redis-cli
* Fix redis-check-rdb support for modules aux data
* Add fsync in replica when full RDB payload was received
Cheers,
Redis team
P.S. we're aiming to release Redis 6.2 by the end/beginning of this/next
year. In
the meantime, you can monitor our progress via the milestones and
projects at the
GitHub repository. Valuable contributions of and from all types are
welcome.