diff options
author | Oran Agra <oran@redislabs.com> | 2021-09-30 23:44:16 +0300 |
---|---|---|
committer | Oran Agra <oran@redislabs.com> | 2021-10-04 13:59:40 +0300 |
commit | 4930d19e70c391750479951022e207e19111eb55 (patch) | |
tree | 61184f6b5c993068122df9a5521293806379c3ad | |
parent | aba95175426de624bf1b604a1139e754b982495d (diff) | |
download | redis-4930d19e70c391750479951022e207e19111eb55.tar.gz |
Redis 6.2.66.2.6
-rw-r--r-- | 00-RELEASENOTES | 54 | ||||
-rw-r--r-- | src/version.h | 4 |
2 files changed, 56 insertions, 2 deletions
diff --git a/00-RELEASENOTES b/00-RELEASENOTES index a5fb897ee..62d1def15 100644 --- a/00-RELEASENOTES +++ b/00-RELEASENOTES @@ -12,6 +12,60 @@ SECURITY: There are security fixes in the release. -------------------------------------------------------------------------------- ================================================================================ +Redis 6.2.6 Released Mon Oct 4 12:00:00 IDT 2021 +================================================================================ + +Upgrade urgency: SECURITY, contains fixes to security issues. + +Security Fixes: +* (CVE-2021-41099) Integer to heap buffer overflow handling certain string + commands and network payloads, when proto-max-bulk-len is manually configured + to a non-default, very large value [reported by yiyuaner]. +* (CVE-2021-32762) Integer to heap buffer overflow issue in redis-cli and + redis-sentinel parsing large multi-bulk replies on some older and less common + platforms [reported by Microsoft Vulnerability Research]. +* (CVE-2021-32687) Integer to heap buffer overflow with intsets, when + set-max-intset-entries is manually configured to a non-default, very large + value [reported by Pawel Wieczorkiewicz, AWS]. +* (CVE-2021-32675) Denial Of Service when processing RESP request payloads with + a large number of elements on many connections. +* (CVE-2021-32672) Random heap reading issue with Lua Debugger [reported by + Meir Shpilraien]. +* (CVE-2021-32628) Integer to heap buffer overflow handling ziplist-encoded + data types, when configuring a large, non-default value for + hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries + or zset-max-ziplist-value [reported by sundb]. +* (CVE-2021-32627) Integer to heap buffer overflow issue with streams, when + configuring a non-default, large value for proto-max-bulk-len and + client-query-buffer-limit [reported by sundb]. +* (CVE-2021-32626) Specially crafted Lua scripts may result with Heap buffer + overflow [reported by Meir Shpilraien]. + +Bug fixes that involve behavior changes: +* GEO* STORE with empty source key deletes the destination key and return 0 (#9271) + Previously it would have returned an empty array like the non-STORE variant. +* PUBSUB NUMPAT replies with number of patterns rather than number of subscriptions (#9209) + This actually changed in 6.2.0 but was overlooked and omitted from the release notes. + +Bug fixes that are only applicable to previous releases of Redis 6.2: +* Fix CLIENT PAUSE, used an old timeout from previous PAUSE (#9477) +* Fix CLIENT PAUSE in a replica would mess the replication offset (#9448) +* Add some missing error statistics in INFO errorstats (#9328) + +Other bug fixes: +* Fix incorrect reply of COMMAND command key positions for MIGRATE command (#9455) +* Fix appendfsync to always guarantee fsync before reply, on MacOS and FreeBSD (kqueue) (#9416) +* Fix the wrong mis-detection of sync_file_range system call, affecting performance (#9371) + +CLI tools: +* When redis-cli received ASK response, it didn't handle it (#8930) + +Improvements: +* Add latency monitor sample when key is deleted via lazy expire (#9317) +* Sanitize corrupt payload improvements (#9321, #9399) +* Delete empty keys when loading RDB file or handling a RESTORE command (#9297, #9349) + +================================================================================ Redis 6.2.5 Released Wed Jul 21 16:32:19 IDT 2021 ================================================================================ diff --git a/src/version.h b/src/version.h index cd2ff3a6e..e07d557e3 100644 --- a/src/version.h +++ b/src/version.h @@ -1,2 +1,2 @@ -#define REDIS_VERSION "6.2.5" -#define REDIS_VERSION_NUM 0x00060205 +#define REDIS_VERSION "6.2.6" +#define REDIS_VERSION_NUM 0x00060206 |