Upgrade urgency SECURITY: See security fixes below.
Security fixes
- (CVE-2024-46981) Lua script commands may lead to remote code execution
- (CVE-2024-51741) Denial-of-service due to malformed ACL selectors
Bug fixes
- redis/redis#13380 Possible crash due to OOM panic on invalid command
- redis/redis#13338 Streams:
XINFOlag field is wrong when tombstone is after thelast_idof the consume group - redis/redis#13473 Streams:
XTRIMdoes not update the maximal tombstone, leading to an incorrect lag - redis/redis#13311 Cluster: crash due to unblocking client during slot migration
- redis/redis#13443 Cluster: crash when loading cluster config
- redis/redis#13422 Cluster:
CLUSTER SHARDSreturns empty array - redis/redis#13465 Cluster: incompatibility with older node versions
Hashes
=========
Algorithm : SHA256
Hash : B13B718CD88FE6F2D032D5B6BCD97A2A0A1F150DEE8197AA3AD25CA044BECE71
Path : D:\a\redis-windows\redis-windows\Redis-7.2.7-Windows-x64-msys2.zip
Algorithm : SHA256
Hash : 49D74E32042839061F06AB91CA84AE9BF4064249894D29F2A13E222A3BC65A7F
Path : D:\a\redis-windows\redis-windows\Redis-7.2.7-Windows-x64-msys2-with-Service.zip
Algorithm : SHA256
Hash : 64FBA36D56A3463E82F0154464E62AD174AED662C625D21A54248A004898BF98
Path : D:\a\redis-windows\redis-windows\Redis-7.2.7-Windows-x64-cygwin.zip
Algorithm : SHA256
Hash : 4C5E765453A17D3D79AF7FD91BB71E1F0AF8CDFA0D6F301D1EA5E2C802DD88DA
Path : D:\a\redis-windows\redis-windows\Redis-7.2.7-Windows-x64-cygwin-with-Service.zip
From workflow: https://github.com/redis-windows/redis-windows/actions/runs/12669845191