redis-stack/redis-stack v6.2.6-v17

Redis Stack 6.2.6-v17

on GitHub

This is a maintenance release for Redis Stack Server 6.2.6

Update urgency: SECURITY: there are security fixes in the release.

Docker | Download

Headlines:

This version includes security fixes for the Redis server, addressing potential vulnerabilities such as an RCE when using Lua library components, and a denial-of-service (DoS) risk due to unbounded pattern matching.
Additionally, this maintenance release includes the latest version of Redis Insight.

Details:

Security and privacy

• Redis:
  • (CVE-2024-31449) Lua library commands may lead to stack overflow and potential RCE.
  • (CVE-2024-31228) Potential Denial-of-service due to unbounded pattern matching.

Redis version

• Redis 6.2.16

Module versions

• RediSearch 2.6.20
• RedisJSON 2.4.9
• RedisGraph 2.10.12
• RedisTimeSeries 1.8.14
• RedisBloom 2.4.9

Recommended Client Libraries

• Java
  • Jedis 5.2.0 or greater
  • redis-om-spring 0.9.5 or greater
• Python
  • redis-py 5.1.0 or greater
  • redis-om-python 0.3.2 or greater
• NodeJS
  • node-redis 4.7.0 or greater
  • redis-om-node 0.2.0 or greater
• .NET
  • redis-om-dotnet 0.7.4 or greater
  • NRedisStack 0.13.0 or greater
• Go
  • go-redis 9.6.1 or greater
  • rueidis 1.0.47 or greater

Compatible with Redis Insight. The docker image redis/redis-stack for this version is bundled with Redis Insight 2.58.

Note: version numbers follow the following pattern:
x.y.z-b

• x.y Redis Major version
• z increases with even numbers as a module x.y version increases.
• b denotes a patch to Redis or a module (any z of Redis or Modules). b will consist of a v + numeric value.