[RELEASE] Redis 7.2.2, 7.0.14 & 6.2.14 are out
Itamar Haber
Upgrade urgency SECURITY: See security fixes below.
Security fixes
• (CVE-2023-45145) The wrong order of listen(2) and chmod(2) calls creates a race condition that can be used by another process to bypass desired Unix socket permissions on startup.
Platform / toolchain support related changes
• Fix compilation error on MacOS 13 (#12611)
Bug fixes
• WAITAOF could timeout in the absence of write traffic in case a new AOF is created and an AOF rewrite can't immediately start (#12620)
Redis cluster
• Fix crash when running rebalance command in a mixed cluster of 7.0 and 7.2 nodes (#12604)
• Fix the return type of the slot number in cluster shards to integer, which makes it consistent with past behavior (#12561)
• Fix CLUSTER commands are called from modules or scripts to return TLS info appropriately (#12569)
Changes in CLI tools
• redis-cli, fix crash on reconnect when in SUBSCRIBE mode (#12571)
Module API changes
• Fix overflow calculation for next timer event (#12474)
Redis 7.0.14
Upgrade urgency SECURITY: See security fixes below.
Security fixes
• (CVE-2023-45145) The wrong order of listen(2) and chmod(2) calls creates a race condition that can be used by another process to bypass desired Unix socket permissions on startup.
Redis 6.2.14
Upgrade urgency SECURITY: See security fixes below.
Security fixes
• (CVE-2023-45145) The wrong order of listen(2) and chmod(2) calls creates a race condition that can be used by another process to bypass desired Unix socket permissions on startup.
Cheers,
The Redis core team