Dear redis-db registrants,
Following are the release notes.
Redis 7.0.8
Upgrade urgency: SECURITY, contains fixes to security issues.
Security Fixes:
- (CVE-2022-35977) Integer overflow in the Redis SETRANGE and SORT/SORT_RO
commands can drive Redis to OOM panic - (CVE-2023-22458) Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER
commands can lead to denial-of-service
Bug Fixes- Avoid possible hang when client issues long KEYS, SRANDMEMBER, HRANDFIELD,
and ZRANDMEMBER commands and gets disconnected by client output buffer limit (#11676) - Make sure that fork child doesn't do incremental rehashing (#11692)
- Fix a bug where blocking commands with a sub-second timeout would block forever (#11688)
- Fix sentinel issue if replica changes IP (#11590)
Redis 6.2.10
Upgrade urgency: MODERATE, a quick followup fix for a recently released 6.2.9.
Bug Fixes- Revert the change to KEYS in the recent client output buffer limit fix (#11676)
Redis 6.2.9
Upgrade urgency: SECURITY, contains fixes to security issues.
Security Fixes:
- (CVE-2022-35977) Integer overflow in the Redis SETRANGE and SORT/SORT_RO
commands can drive Redis to OOM panic - (CVE-2023-22458) Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER
commands can lead to denial-of-service
Redis 6.0.17
Upgrade urgency: SECURITY, contains fixes to security issues.
Security Fixes:
- (CVE-2022-35977) Integer overflow in the Redis SETRANGE and SORT/SORT_RO
commands can drive Redis to OOM panic
Bug Fixes
- Avoid hang when client issues long SRANDMEMBER command and gets
disconnected by client output buffer limit (#11676) - Lua: fix crash on a script call with many arguments, a regression in v6.0.16 (#9809)
- Lua: Add checks for min-slave-* configs when evaluating Lua scripts (#10160)
- Fix BITFIELD overflow detection on some compilers due to undefined behavior (#9601)
Cheers,
The Redis core team