[RELEASE] Redis 7.2.4 and 7.0.15 are out

199 views
Skip to first unread message

Itamar Haber

unread,
Jan 9, 2024, 7:51:46 AMJan 9
to Redis DB
Hi,

We've just released Redis 7.2.4 and 7.0.15 with security fixes.

Redis 7.2.4

Upgrade urgency SECURITY: See security fixes below.

Security fixes

• (CVE-2023-41056) In some cases, Redis may incorrectly handle resizing of memory buffers which can result in incorrect accounting of buffer sizes and lead to heap overflow and potential remote code execution.

Bug fixes

• Fix crashes of cluster commands clusters with mixed versions of 7.0 and 7.2 (#12805#12832)

• Fix slot ownership not being properly handled when deleting a slot from a node (#12564)

• Fix atomicity issues with the RedisModuleEvent_Key module API event (#12733)

Redis 7.0.15

Upgrade urgency SECURITY: See security fixes below.

Security fixes

• (CVE-2023-41056) In some cases, Redis may incorrectly handle resizing of memory buffers which can result in incorrect accounting of buffer sizes and lead to heap overflow and potential remote code execution.


Cheers,
The Redis core team
Reply all
Reply to author
Forward
0 new messages