[RELEASE] Redis 6.2 is out

915 views
Skip to first unread message

re...@redis.io

unread,
Feb 23, 2021, 8:08:37 AM2/23/21
to Redis mailing list

Dear friends,

We're happy to announce the general availability of Redis 6.2: https://github.com/redis/redis/releases/tag/6.2.0

The full release notes that cover all release candidates and this release are at https://github.com/redis/redis/blob/6.2.0/00-RELEASENOTES. When upgrading, please pay attention to changes to commands and behavior.

Here are the release notes describing the difference between the GA and RC3:

Upgrade urgency: SECURITY if you use 32-bit build of Redis (see bellow), MODERATE
if you used earlier versions of Redis 6.2, LOW otherwise.

Integer overflow on 32-bit systems (CVE-2021-21309):
Redis 4.0 or newer uses a configurable limit for the maximum supported bulk
input size. By default, it is 512MB which is a safe value for all platforms.
If the limit is significantly increased, receiving a large request from a client
may trigger several integer overflow scenarios, which would result with buffer
overflow and heap corruption.

Here is a comprehensive list of changes in this release compared to 6.2 RC3,
each one includes the PR number that added it, so you can get more details
at https://github.com/redis/redis/pull/

Bug fixes:

Avoid 32-bit overflows when proto-max-bulk-len is set high (#8522)
Fix broken protocol in client tracking tracking-redir-broken message (#8456)
Avoid unsafe field name characters in INFO commandstats, errorstats, modules (#8492)
XINFO able to access expired keys during CLIENT PAUSE WRITE (#8436)
Fix allowed length for REPLCONF ip-address, needed due to Sentinel's support for hostnames (#8517)
Fix broken protocol in redis-benchmark when used with -a or --dbnum (#8486)
XADD counts deleted records too when considering switching to a new listpack (#8390)
Bug fixes that are only applicable to previous releases of Redis 6.2:

Fixes in GEOSEARCH bybox (accuracy and mismatch between width and height) (#8445)
Fix risk of OOM panic in HRANDFIELD, ZRANDMEMBER commands with huge negative count (#8429)
Fix duplicate replicas issue in Sentinel, needed due to hostname support (#8481)
Fix Sentinel configuration rewrite, an improvement of #8271 (#8480)
Command behavior changes:

SRANDMEMBER uses RESP3 array type instead of set type (#8504)
EXPIRE, EXPIREAT, SETEX, GETEX: Return error when provided expire time overflows (#8287)
Other behavior changes:

Remove ACL subcommand validation if fully added command exists. (#8483)
Improvements:

Optimize sorting in GEORADIUS / GEOSEARCH with COUNT (#8326)
Optimize HRANDFIELD and ZRANDMEMBER case 4 when ziplist encoded (#8444)
Optimize in-place replacement of elements in HSET, HINCRBY, LSET (#8493)
Remove redundant list to store pubsub patterns (#8472)
Add --insecure option to command line tools (#8416)
Info fields and introspection changes:

Add INFO fields to track progress of BGSAVE, AOFRW, replication (#8414)
Modules:

RM_ZsetRem: Delete key if empty, the bug could leave empty zset keys (#8453)
RM_HashSet: Add COUNT_ALL flag and set errno (#8446)

Cheers,
The Redis Team

Reply all
Reply to author
Forward
0 new messages