diff options
author | Oran Agra <oran@redislabs.com> | 2022-04-27 11:49:59 +0300 |
---|---|---|
committer | Oran Agra <oran@redislabs.com> | 2022-04-27 16:31:52 +0300 |
commit | e6f67092f8d4d81761a60c46011d1ff1dc3c2628 (patch) | |
tree | cd7b49b379b06ea815c6c9225d1007206f72f6a3 | |
parent | 3053337043bcd58047c5f400dbc751475c5e2399 (diff) | |
download | redis-6.2.7.tar.gz |
Redis 6.2.76.2.7
-rw-r--r-- | 00-RELEASENOTES | 57 | ||||
-rw-r--r-- | src/version.h | 4 |
2 files changed, 59 insertions, 2 deletions
diff --git a/00-RELEASENOTES b/00-RELEASENOTES index 62d1def15..a5557e6df 100644 --- a/00-RELEASENOTES +++ b/00-RELEASENOTES @@ -12,6 +12,63 @@ SECURITY: There are security fixes in the release. -------------------------------------------------------------------------------- ================================================================================ +Redis 6.2.7 Released Wed Apr 27 12:00:00 IDT 2022 +================================================================================ + +Upgrade urgency: SECURITY, contains fixes to security issues. + +Security Fixes: +* (CVE-2022-24736) An attacker attempting to load a specially crafted Lua script + can cause NULL pointer dereference which will result with a crash of the + redis-server process. This issue affects all versions of Redis. + [reported by Aviv Yahav]. +* (CVE-2022-24735) By exploiting weaknesses in the Lua script execution + environment, an attacker with access to Redis can inject Lua code that will + execute with the (potentially higher) privileges of another Redis user. + [reported by Aviv Yahav]. + + +Potentially Breaking Fixes +========================== + +* LPOP/RPOP with count against non-existing list return null array (#10095) +* LPOP/RPOP used to produce wrong replies when count is 0 (#9692) + + +Performance and resource utilization improvements +================================================= + +* Speed optimization in command execution pipeline (#10502) +* Fix regression in Z[REV]RANGE commands (by-rank) introduced in Redis 6.2 (#10337) + + +Platform / toolchain support related improvements +================================================= + +* Fix RSS metrics on NetBSD and OpenBSD (#10116, #10149) +* Fix OpenSSL 3.0.x related issues (#10291) + + +Bug Fixes +========= + +* Lua: Add checks for min-slave-* configs when evaluating Lua scripts (#10160) +* Lua: fix crash on a script call with many arguments, a regression in v6.2.6 (#9809) +* Tracking: Make invalidation messages always after command's reply (#9422) +* Fix excessive stream trimming due to an overflow (#10068) +* Add missed error counting for INFO errorstats (#9646) +* Fix geo search bounding box check causing missing results (#10018) +* Improve EXPIRE TTL overflow detection (#9839) +* Modules: Fix thread safety violation when a module thread adds an error reply, broken in 6.2 (#10278) +* Modules: Fix missing and duplicate error stats (#10278) +* Module APIs: release clients blocked on module commands in cluster resharding + and down state (#9483) +* Sentinel: Fix memory leak with TLS (#9753) +* Sentinel: Fix issues with hostname support (#10146) +* Sentinel: Fix election failures on certain container environments (#10197) + + +================================================================================ Redis 6.2.6 Released Mon Oct 4 12:00:00 IDT 2021 ================================================================================ diff --git a/src/version.h b/src/version.h index e07d557e3..164ae9323 100644 --- a/src/version.h +++ b/src/version.h @@ -1,2 +1,2 @@ -#define REDIS_VERSION "6.2.6" -#define REDIS_VERSION_NUM 0x00060206 +#define REDIS_VERSION "6.2.7" +#define REDIS_VERSION_NUM 0x00060207 |