Redis - 7.0.9

Security

Upgrade urgency: SECURITY, contains fixes to security issues.

Security Fixes:
* (CVE-2023-25155) Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD
commands can trigger an integer overflow, resulting in a runtime assertion
and termination of the Redis server process.
* (CVE-2022-36021) String matching commands (like SCAN or KEYS) with a specially
crafted pattern to trigger a denial-of-service attack on Redis, causing it to
hang and consume 100% CPU time.

Bug Fixes

  • Fix a crash when reaching the maximum invalidations limit of client-side tracking (#11814)
  • Fix a crash when SPUBLISH is used after passing the cluster-link-sendbuf-limit (#11752)
  • Fix possible memory corruption in FLUSHALL when a client watches more than one key (#11854)
  • Fix cluster inbound link keepalive time (#11785)
  • Flush propagation list in active-expire of writable replicas to fix an assertion (#11615)
  • Avoid propagating DEL of lazy expire from SCAN and RANDOMKEY as MULTI-EXEC (#11788)

Performance and resource utilization improvements

  • Avoid realloc to reduce size of strings when it is unneeded (#11766)
  • Improve CLUSTER SLOTS reply efficiency for non-continuous slots (#11745)

Details

date
Feb. 28, 2023, 4:35 p.m.
name
7.0.9
type
Patch
official page
https://github.com/redis/redis/releases/tag/7.0.9
👇
Register or login to:
  • 🔍View and search all Redis releases.
  • 🛠️Create and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • 🚀Much more coming soon!
Continue with GitHub
Continue with Google
or