Skip to content

Redis 7.0.9 for Windows
Compare
Choose a tag to compare
@zkteco-home zkteco-home released this 02 Mar 04:24
· 28 commits to master since this release
7.0.9
3d60bbe

Upgrade urgency: SECURITY, contains fixes to security issues.

Security Fixes:

(CVE-2023-25155) Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD
commands can trigger an integer overflow, resulting in a runtime assertion
and termination of the Redis server process.
(CVE-2022-36021) String matching commands (like SCAN or KEYS) with a specially
crafted pattern to trigger a denial-of-service attack on Redis, causing it to
hang and consume 100% CPU time.

Bug Fixes

Fix a crash when reaching the maximum invalidations limit of client-side tracking
Fix a crash when SPUBLISH is used after passing the cluster-link-sendbuf-limit
Fix possible memory corruption in FLUSHALL when a client watches more than one key
Fix cluster inbound link keepalive time
Flush propagation list in active-expire of writable replicas to fix an assertion
Avoid propagating DEL of lazy expire from SCAN and RANDOMKEY as MULTI-EXEC

Performance and resource utilization improvements

Avoid realloc to reduce size of strings when it is unneeded
Improve CLUSTER SLOTS reply efficiency for non-continuous slots

Assets 2
Loading