Dear friends,
We're happy to announce the general availability of Redis 6.2: https://github.com/redis/redis/releases/tag/6.2.0
The full release notes that cover all release candidates and this release are at https://github.com/redis/redis/blob/6.2.0/00-RELEASENOTES. When upgrading, please pay attention to changes to commands and behavior.
Here are the release notes describing the difference between the GA and RC3:
Upgrade urgency: SECURITY if you use 32-bit build of Redis (see bellow), MODERATE
if you used earlier versions of Redis 6.2, LOW otherwise.
Integer overflow on 32-bit systems (CVE-2021-21309):
Redis 4.0 or newer uses a configurable limit for the maximum supported bulk
input size. By default, it is 512MB which is a safe value for all platforms.
If the limit is significantly increased, receiving a large request from a client
may trigger several integer overflow scenarios, which would result with buffer
overflow and heap corruption.
Here is a comprehensive list of changes in this release compared to 6.2 RC3,
each one includes the PR number that added it, so you can get more details
at https://github.com/redis/redis/pull/
Bug fixes:
Avoid 32-bit overflows when proto-max-bulk-len is set high (#8522)
Fix broken protocol in client tracking tracking-redir-broken message (#8456)
Avoid unsafe field name characters in INFO commandstats, errorstats, modules (#8492)
XINFO able to access expired keys during CLIENT PAUSE WRITE (#8436)
Fix allowed length for REPLCONF ip-address, needed due to Sentinel's support for hostnames (#8517)
Fix broken protocol in redis-benchmark when used with -a or --dbnum (#8486)
XADD counts deleted records too when considering switching to a new listpack (#8390)
Bug fixes that are only applicable to previous releases of Redis 6.2:
Fixes in GEOSEARCH bybox (accuracy and mismatch between width and height) (#8445)
Fix risk of OOM panic in HRANDFIELD, ZRANDMEMBER commands with huge negative count (#8429)
Fix duplicate replicas issue in Sentinel, needed due to hostname support (#8481)
Fix Sentinel configuration rewrite, an improvement of #8271 (#8480)
Command behavior changes:
SRANDMEMBER uses RESP3 array type instead of set type (#8504)
EXPIRE, EXPIREAT, SETEX, GETEX: Return error when provided expire time overflows (#8287)
Other behavior changes:
Remove ACL subcommand validation if fully added command exists. (#8483)
Improvements:
Optimize sorting in GEORADIUS / GEOSEARCH with COUNT (#8326)
Optimize HRANDFIELD and ZRANDMEMBER case 4 when ziplist encoded (#8444)
Optimize in-place replacement of elements in HSET, HINCRBY, LSET (#8493)
Remove redundant list to store pubsub patterns (#8472)
Add --insecure option to command line tools (#8416)
Info fields and introspection changes:
Add INFO fields to track progress of BGSAVE, AOFRW, replication (#8414)
Modules:
RM_ZsetRem: Delete key if empty, the bug could leave empty zset keys (#8453)
RM_HashSet: Add COUNT_ALL flag and set errno (#8446)
Cheers,
The Redis Team