diff options
author | Oran Agra <oran@redislabs.com> | 2021-07-21 18:07:43 +0300 |
---|---|---|
committer | Oran Agra <oran@redislabs.com> | 2021-07-21 21:07:15 +0300 |
commit | 021af7629590c638ae0d4867d4b397f6e0c38ec8 (patch) | |
tree | e405bba7cb322da42787b12ebfa5fe1832a905df | |
parent | 449af2cd7a6646de0d4c0a3500fe72d8f18b7453 (diff) | |
download | redis-021af7629590c638ae0d4867d4b397f6e0c38ec8.tar.gz |
Redis 5.0.135.0.13
-rw-r--r-- | 00-RELEASENOTES | 16 | ||||
-rw-r--r-- | src/version.h | 2 |
2 files changed, 17 insertions, 1 deletions
diff --git a/00-RELEASENOTES b/00-RELEASENOTES index 3737f0712..11dffc8a6 100644 --- a/00-RELEASENOTES +++ b/00-RELEASENOTES @@ -12,6 +12,22 @@ SECURITY: There are security fixes in the release. -------------------------------------------------------------------------------- ================================================================================ +Redis 5.0.13 Released Wed Jul 21 16:32:19 IDT 2021 +================================================================================ + +Upgrade urgency: SECURITY, contains fixes to security issues that affect +authenticated client connections on 32-bit versions. MODERATE otherwise. + +Fix integer overflow in BITFIELD on 32-bit versions (CVE-2021-32761). +An integer overflow bug in Redis version 2.2 or newer can be exploited using the +BITFIELD command to corrupt the heap and potentially result with remote code +execution. + +Bug fixes: +* Fix overflows on 32-bit versions in GETBIT, SETBIT, BITCOUNT, BITPOS, and BITFIELD (#9191) +* Fix ziplist length updates on big-endian platforms (#2080) + +================================================================================ Redis 5.0.12 Released Mon Mar 1 17:29:52 IST 2021 ================================================================================ diff --git a/src/version.h b/src/version.h index 1c8a77d85..58eb2990f 100644 --- a/src/version.h +++ b/src/version.h @@ -1 +1 @@ -#define REDIS_VERSION "5.0.12" +#define REDIS_VERSION "5.0.13" |