Redis - 6.2.11
Security
Upgrade urgency: SECURITY, contains fixes to security issues.
Security Fixes:
* (CVE-2023-25155) Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD
commands can trigger an integer overflow, resulting in a runtime assertion
and termination of the Redis server process.
* (CVE-2022-36021) String matching commands (like SCAN or KEYS) with a specially
crafted pattern to trigger a denial-of-service attack on Redis, causing it to
hang and consume 100% CPU time.
Bug Fixes
- Fix a crash when reaching the maximum invalidations limit of client-side tracking (#11814)
- Fix cluster inbound link keepalive time (#11785)
- Make sure that fork child doesn't do incremental rehashing (#11692)
Performance and resource utilization improvements
- Avoid realloc to reduce size of strings when it is unneeded (#11766)
Security
Details
date
Feb. 28, 2023, 4:35 p.m.
name
6.2.11
type
Patch
official page
👇
Register or login to:
- 🔍View and search all Redis releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!