github redis/redis 6.2.0
on GitHub

latest releases: 7.2.4, 7.0.15, 7.2.3...
3 years ago

Upgrade urgency: SECURITY if you use 32bit build of redis (see bellow), MODERATE
if you used earlier versions of Redis 6.2, LOW otherwise.

Integer overflow on 32-bit systems (CVE-2021-21309):
Redis 4.0 or newer uses a configurable limit for the maximum supported bulk
input size. By default, it is 512MB which is a safe value for all platforms.
If the limit is significantly increased, receiving a large request from a client
may trigger several integer overflow scenarios, which would result with buffer
overflow and heap corruption.

Here is a comprehensive list of changes in this release compared to 6.2 RC3,
each one includes the PR number that added it, so you can get more details
at https://github.com/redis/redis/pull/

Bug fixes:

  • Avoid 32-bit overflows when proto-max-bulk-len is set high (#8522)
  • Fix broken protocol in client tracking tracking-redir-broken message (#8456)
  • Avoid unsafe field name characters in INFO commandstats, errorstats, modules (#8492)
  • XINFO able to access expired keys during CLIENT PAUSE WRITE (#8436)
  • Fix allowed length for REPLCONF ip-address, needed due to Sentinel's support for hostnames (#8517)
  • Fix broken protocol in redis-benchmark when used with -a or --dbnum (#8486)
  • XADD counts deleted records too when considering switching to a new listpack (#8390)

Bug fixes that are only applicable to previous releases of Redis 6.2:

  • Fixes in GEOSEARCH bybox (accuracy and mismatch between width and height) (#8445)
  • Fix risk of OOM panic in HRANDFIELD, ZRANDMEMBER commands with huge negative count (#8429)
  • Fix duplicate replicas issue in Sentinel, needed due to hostname support (#8481)
  • Fix Sentinel configuration rewrite, an improvement of #8271 (#8480)

Command behavior changes:

  • SRANDMEMBER uses RESP3 array type instead of set type (#8504)
  • EXPIRE, EXPIREAT, SETEX, GETEX: Return error when provided expire time overflows (#8287)

Other behavior changes:

  • Remove ACL subcommand validation if fully added command exists. (#8483)

Improvements:

  • Optimize sorting in GEORADIUS / GEOSEARCH with COUNT (#8326)
  • Optimize HRANDFIELD and ZRANDMEMBER case 4 when ziplist encoded (#8444)
  • Optimize in-place replacement of elements in HSET, HINCRBY, LSET (#8493)
  • Remove redundant list to store pubsub patterns (#8472)
  • Add --insecure option to command line tools (#8416)

Info fields and introspection changes:

  • Add INFO fields to track progress of BGSAVE, AOFRW, replication (#8414)

Modules:

  • RM_ZsetRem: Delete key if empty, the bug could leave empty zset keys (#8453)
  • RM_HashSet: Add COUNT_ALL flag and set errno (#8446)
Check out latest releases or
releases around redis/redis 6.2.0

Don't miss a new redis release

NewReleases is sending notifications on new releases.

Get notifications