diff options
| -rw-r--r-- | 00-RELEASENOTES | 32 | ||||
| -rw-r--r-- | src/version.h | 4 |
2 files changed, 34 insertions, 2 deletions
diff --git a/00-RELEASENOTES b/00-RELEASENOTES index 7b388f1fc..093a98883 100644 --- a/00-RELEASENOTES +++ b/00-RELEASENOTES @@ -12,6 +12,38 @@ SECURITY: There are security fixes in the release. -------------------------------------------------------------------------------- ================================================================================ +Redis 6.0.13 Released Mon May 3 19:00:00 IST 2021 +================================================================================ + +Upgrade urgency: SECURITY, Contains fixes to security issues that affect +authenticated client connections. LOW otherwise. + +Integer overflow in STRALGO LCS command (CVE-2021-29477): +An integer overflow bug in Redis version 6.0 or newer could be exploited using +the STRALGO LCS command to corrupt the heap and potentially result in remote +code execution. The integer overflow bug exists in all versions of Redis +starting with 6.0. + +Integer overflow in COPY command for large intsets (CVE-2021-29478): +An integer overflow bug in Redis 6.2 could be exploited to corrupt the heap and +potentially result with remote code execution. The vulnerability involves +changing the default set-max-intset-entries configuration value, creating a +large set key that consists of integer values and using the COPY command to +duplicate it. The integer overflow bug exists in all versions of Redis starting +with 2.6, where it could result with a corrupted RDB or DUMP payload, but not +exploited through COPY (which did not exist before 6.2). + +Bug fixes: +* Cluster: Skip unnecessary check which may prevent failure detection (#8585) +* Fix not starting on alpine/libmusl without IPv6 (#8655) + +Improvements: +* Fix performance regression in BRPOP on Redis 6.0 (#8689) + +Modules: +* Fix edge-case when a module client is unblocked (#8618) + +================================================================================ Redis 6.0.12 Released Mon Mar 1 17:29:52 IST 2021 ================================================================================ diff --git a/src/version.h b/src/version.h index f362ee79c..d35e52950 100644 --- a/src/version.h +++ b/src/version.h @@ -1,2 +1,2 @@ -#define REDIS_VERSION "6.0.12" -#define REDIS_VERSION_NUM 0x0006000c +#define REDIS_VERSION "6.0.13" +#define REDIS_VERSION_NUM 0x0006000d |