redis/redis 7.4.6

on GitHub

Update urgency: SECURITY: There are security fixes in the release.

Security fixes

• (CVE-2025-49844) A Lua script may lead to remote code execution
• (CVE-2025-46817) A Lua script may lead to integer overflow and potential RCE
• (CVE-2025-46818) A Lua script can be executed in the context of another user
• (CVE-2025-46819) LUA out-of-bound read

Bug fixes

• #14330 Potential use-after-free after pubsub and Lua defrag
• #14319 Potential crash on Lua script defrag
• #14164 Prevent CLIENT UNBLOCK from unblocking CLIENT PAUSE
• #14165 Endless client blocking for blocking commands
• #14163 EVAL crash when error table is empty
• #14227 HINCRBYFLOAT removes field expiration on replica