diff options
author | Oran Agra <oran@redislabs.com> | 2021-05-03 12:08:08 +0300 |
---|---|---|
committer | Oran Agra <oran@redislabs.com> | 2021-05-03 22:56:49 +0300 |
commit | 68e93c22c3b5844cedb5b586c1ffb5c4c1ae364b (patch) | |
tree | 3290f8720913edcf4cc90ed588375860c27201c0 | |
parent | adf8f6f63fa1eff63ec05ea293408d36f91ff77c (diff) | |
download | redis-68e93c22c3b5844cedb5b586c1ffb5c4c1ae364b.tar.gz |
Redis 6.0.136.0.13
-rw-r--r-- | 00-RELEASENOTES | 32 | ||||
-rw-r--r-- | src/version.h | 4 |
2 files changed, 34 insertions, 2 deletions
diff --git a/00-RELEASENOTES b/00-RELEASENOTES index 7b388f1fc..093a98883 100644 --- a/00-RELEASENOTES +++ b/00-RELEASENOTES @@ -12,6 +12,38 @@ SECURITY: There are security fixes in the release. -------------------------------------------------------------------------------- ================================================================================ +Redis 6.0.13 Released Mon May 3 19:00:00 IST 2021 +================================================================================ + +Upgrade urgency: SECURITY, Contains fixes to security issues that affect +authenticated client connections. LOW otherwise. + +Integer overflow in STRALGO LCS command (CVE-2021-29477): +An integer overflow bug in Redis version 6.0 or newer could be exploited using +the STRALGO LCS command to corrupt the heap and potentially result in remote +code execution. The integer overflow bug exists in all versions of Redis +starting with 6.0. + +Integer overflow in COPY command for large intsets (CVE-2021-29478): +An integer overflow bug in Redis 6.2 could be exploited to corrupt the heap and +potentially result with remote code execution. The vulnerability involves +changing the default set-max-intset-entries configuration value, creating a +large set key that consists of integer values and using the COPY command to +duplicate it. The integer overflow bug exists in all versions of Redis starting +with 2.6, where it could result with a corrupted RDB or DUMP payload, but not +exploited through COPY (which did not exist before 6.2). + +Bug fixes: +* Cluster: Skip unnecessary check which may prevent failure detection (#8585) +* Fix not starting on alpine/libmusl without IPv6 (#8655) + +Improvements: +* Fix performance regression in BRPOP on Redis 6.0 (#8689) + +Modules: +* Fix edge-case when a module client is unblocked (#8618) + +================================================================================ Redis 6.0.12 Released Mon Mar 1 17:29:52 IST 2021 ================================================================================ diff --git a/src/version.h b/src/version.h index f362ee79c..d35e52950 100644 --- a/src/version.h +++ b/src/version.h @@ -1,2 +1,2 @@ -#define REDIS_VERSION "6.0.12" -#define REDIS_VERSION_NUM 0x0006000c +#define REDIS_VERSION "6.0.13" +#define REDIS_VERSION_NUM 0x0006000d |