From 91ffe99e03edee658b1e3129344f1f4d633f3104 Mon Sep 17 00:00:00 2001 From: Oran Agra Date: Mon, 22 Feb 2021 16:35:42 +0200 Subject: Redis 6.0.11 --- 00-RELEASENOTES | 28 ++++++++++++++++++++++++++++ src/version.h | 4 ++-- 2 files changed, 30 insertions(+), 2 deletions(-) diff --git a/00-RELEASENOTES b/00-RELEASENOTES index bff270e77..1b18cbf4e 100644 --- a/00-RELEASENOTES +++ b/00-RELEASENOTES @@ -11,6 +11,34 @@ CRITICAL: There is a critical bug affecting MOST USERS. Upgrade ASAP. SECURITY: There are security fixes in the release. -------------------------------------------------------------------------------- +================================================================================ +Redis 6.0.11 Released Mon Feb 22 16:13:23 IST 2021 +================================================================================ + +Upgrade urgency: SECURITY if you use 32bit build of redis (see bellow), LOW +otherwise. + +Integer overflow on 32-bit systems (CVE-2021-21309): +Redis 4.0 or newer uses a configurable limit for the maximum supported bulk +input size. By default, it is 512MB which is a safe value for all platforms. +If the limit is significantly increased, receiving a large request from a client +may trigger several integer overflow scenarios, which would result with buffer +overflow and heap corruption. + +Bug fixes: +* Avoid 32-bit overflows when proto-max-bulk-len is set high (#8522) +* Fix handling of threaded IO and CLIENT PAUSE (failover), could lead to data loss or a crash (#8520) +* Fix the selection of a random element from large hash tables (#8133) +* Fix broken protocol in client tracking tracking-redir-broken message (#8456) +* XINFO able to access expired keys on a replica (#8436) +* Fix broken protocol in redis-benchmark when used with -a or --dbnum (#8486) +* Avoid assertions (on older kernels) when testing arm64 CoW bug (#8405) +* CONFIG REWRITE should honor umask settings (#8371) +* Fix firstkey,lastkey,step in COMMAND command for some commands (#8367) + +Modules: +* RM_ZsetRem: Delete key if empty, the bug could leave empty zset keys (#8453) + ================================================================================ Redis 6.0.10 Released Tue Jan 12 16:20:20 IST 2021 ================================================================================ diff --git a/src/version.h b/src/version.h index f38cc273c..c8dbb320a 100644 --- a/src/version.h +++ b/src/version.h @@ -1,2 +1,2 @@ -#define REDIS_VERSION "6.0.10" -#define REDIS_VERSION_NUM 0x0006000a +#define REDIS_VERSION "6.0.11" +#define REDIS_VERSION_NUM 0x0006000b -- cgit v1.2.1