[RELEASE] Redis 6.2.4 and 6.0.14 are out

114 views
Skip to first unread message

re...@redis.io

unread,
Jun 1, 2021, 11:13:21 AMJun 1
to Redis mailing list

Hi everybody,

Redis 6.2.4 and 6.0.14 are out to address an overflow issue in the STRALGO LCS.

Upgrade urgency: SECURITY, Contains fixes to security issues that affect
authenticated client connections. MODERATE otherwise.

Fix integer overflow in STRALGO LCS (CVE-2021-32625)
An integer overflow bug in Redis version 6.0 or newer can be exploited using the
STRALGO LCS command to corrupt the heap and potentially result with remote code
execution. This is a result of an incomplete fix by CVE-2021-29477.

Redis 6.2.4 release notes

---

Bug fixes that are only applicable to previous releases of Redis 6.2:

  • Fix crash after a diskless replication fork child is terminated (#8991)
  • Fix redis-benchmark crash on unsupported configs (#8916)

Other bug fixes:

  • Fix crash in UNLINK on a stream key with deleted consumer groups (#8932)
  • SINTERSTORE: Add missing keyspace del event when none of the sources exist (#8949)
  • Sentinel: Fix CONFIG SET of empty string sentinel-user/sentinel-pass configs (#8958)
  • Enforce client output buffer soft limit when no traffic (#8833)

Improvements:

  • Hide AUTH passwords in MIGRATE command from slowlog (#8859)

Redis 6.0.14 release notes

---

Other bug fixes:

  • Fix crash in UNLINK on a stream key with deleted consumer groups (#8932)
  • SINTERSTORE: Add missing keyspace del event when none of the sources exist (#8949)

Cheers,
The Redis Team

Reply all
Reply to author
Forward
0 new messages