This is a maintenance release for Redis Stack Server 6.2.6
Update urgency: SECURITY: there are security fixes in the release.
Headlines:
This version contains a security fix for the Redis server to avoid bypassing desired Unix socket permissions on startup. It also includes the latest Search and Query capability with a fix to limit the maximum phonetic length and several bug fixes. This version contains the latest version of RedisInsight.
Details:
Security and privacy:
-
Redis:
- (CVE-2023-45145) The wrong order of
listen(2)andchmod(2)calls creates a race condition that can be used by another process to bypass desired Unix socket permissions on startup.
- (CVE-2023-45145) The wrong order of
-
Search and Query:
- #3844 Limits maximum phonetic length avoiding to be exploited (MOD 5767)
Bug Fixes
- Search and Query:
- #3771 Broken lower and upper
APPLYfunctions inFT.AGGREGATEonDIALECT 3(MOD-5041) - #3910 Heavy document updates causing memory growth once memory blocks weren't properly released (MOD-5181)
- #3853 Queries with
WITHCURSORmaking memory growth sinceCURSORwasn't invalidated in the shards (MOD-5580) - #3752 Setting low
MAXIDLEparameter value inFT.AGGREGATEcauses a crash (MOD-5608) - #3823
APPLYorFILTERexpression causing a leak (MOD-5751) - #3837 Connection using TLS fails on Redis (MOD-5768)
- #3856 Adding new nodes to OSS cluster causing a crash (MOD-5778)
- #3854 Vector range query could cause Out-of-Memory due a memory corruption (MOD-5791)
- #3892 After cleaning the index the GC could cause corruption on unique values (MOD-5815)
- #3771 Broken lower and upper
Redis version
Module versions
Recommended Client Libraries
- Java
- Python
- NodeJS
- .NET
- Go
Compatible with RedisInsight. The docker image redis/redis-stack for this version is bundled with RedisInsight 2.36.
Note: version numbers follow the following pattern:
x.y.z-b
x.yRedis Major versionzincreases with even numbers as a module x.y version increases.bdenotes a patch to Redis or a module (anyzof Redis or Modules).bwill consist of av+ numeric value.