Releases: redis/redis
6.2.8
Upgrade urgency: MODERATE, Contains fixes for a few non-critical or unlikely bugs
Performance and resource utilization improvements
- Optimize zset conversion on large ZRANGESTORE (#10789)
Module API changes
- Fix crash in CLIENT_CHANGE event, when the selected database is not 0 (#11500)
- Fix RM_SetAbsExpire and RM_GetAbsExpire API registration (#11025, #8564)
Security improvements
- Sentinel: avoid logging auth-pass value (#9652)
Bug Fixes
- Fix a crash when a Lua script returns a meta-table (#11032)
- Fix ZRANGESTORE crash when zset_max_listpack_entries is 0 (#10767)
- Unpause clients after manual failover ends instead of waiting for timed (#9676)
- TLS: Notify clients on connection shutdown (#10931)
- Avoid hang of diskless replication fork child when parent crashes (#11463)
- Fix sentinel function that compares hostnames if failed resolve (#11419)
- Fix a hang when eviction is combined with lazy-free and maxmemory-eviction-tenacity
is set to 100 (#11237) - Fix bug with scripts ignoring client tracking NOLOOP (#11052)
- Fix client-side tracking breaking protocol when FLUSHDB / FLUSHALL / SWAPDB is
used inside MULTI-EXEC (#11038) - Fix BITFIELD overflow detection on some compilers due to undefined behavior (#9601)
7.0.5
Upgrade urgency: SECURITY, contains fixes to security issues.
Security Fixes:
- (CVE-2022-35951) Executing a XAUTOCLAIM command on a stream key in a specific
state, with a specially crafted COUNT argument, may cause an integer overflow,
a subsequent heap overflow, and potentially lead to remote code execution.
The problem affects Redis versions 7.0.0 or newer
[reported by Xion (SeungHyun Lee) of KAIST GoN].
Module API changes
- Fix RM_Call execution of scripts when used with M/W/S flags to properly
handle script flags (#11159) - Fix RM_SetAbsExpire and RM_GetAbsExpire API registration (#11025, #8564)
Bug Fixes
- Fix a hang when eviction is combined with lazy-free and maxmemory-eviction-tenacity is set to 100 (#11237)
- Fix a crash when a replica may attempt to set itself as its master as a result of a manual failover (#11263)
- Fix a bug where a cluster-enabled replica node may permanently set its master's hostname to '?' (#10696)
- Fix a crash when a Lua script returns a meta-table (#11032)
Fixes for issues in previous releases of Redis 7.0
- Fix redis-cli to do DNS lookup before sending CLUSTER MEET (#11151)
- Fix crash when a key is lazy expired during cluster key migration (#11176)
- Fix AOF rewrite to fsync the old AOF file when a new one is created (#11004)
- Fix some crashes involving a list containing entries larger than 1GB (#11242)
- Correctly handle scripts with a non-read-only shebang on a cluster replica (#11223)
- Fix memory leak when unloading a module (#11147)
- Fix bug with scripts ignoring client tracking NOLOOP (#11052)
- Fix client-side tracking breaking protocol when FLUSHDB / FLUSHALL / SWAPDB is used inside MULTI-EXEC (#11038)
- Fix ACL: BITFIELD with GET and also SET / INCRBY can be executed with read-only key permission (#11086)
- Fix missing sections for INFO ALL when also requesting a module info section (#11291)
7.0.4
Upgrade urgency: SECURITY, contains fixes to security issues.
Security Fixes:
- (CVE-2022-31144) A specially crafted XAUTOCLAIM command on a stream
key in a specific state may result with heap overflow, and potentially
remote code execution. The problem affects Redis versions 7.0.0 or newer.
7.0.3
Upgrade urgency: MODERATE, specifically if you're using a previous release of
Redis 7.0, contains fixes for bugs in previous 7.0 releases.
Performance and resource utilization improvements
- Optimize zset conversion on large ZRANGESTORE (#10789)
- Optimize the performance of sending PING on large clusters (#10624)
- Allow for faster restart of Redis in cluster mode (#10912)
INFO fields and introspection changes
- Add missing sharded pubsub keychannel count to CLIENT LIST (#10895)
- Add missing pubsubshard_channels field in INFO STATS (#10929)
Module API changes
- Add RM_StringToULongLong and RM_CreateStringFromULongLong (#10889)
- Add RM_SetClientNameById and RM_GetClientNameById (#10839)
Changes in CLI tools
- Add missing cluster-port support to redis-cli --cluster (#10344)
Other General Improvements
- Account sharded pubsub channels memory consumption (#10925)
- Allow ECHO in loading and stale modes (#10853)
- Cluster: Throw -TRYAGAIN instead of -ASK on migrating nodes for multi-key
commands when the node only has some of the keys (#9526)
Bug Fixes
- TLS: Notify clients on connection shutdown (#10931)
- Fsync directory while persisting AOF manifest, RDB file, and config file (#10737)
- Script that made modification will not break with unexpected NOREPLICAS error (#10855)
- Cluster: Fix a bug where nodes may not acknowledge a CLUSTER FAILOVER TAKEOVER
after a replica reboots (#10798) - Cluster: Fix crash during handshake and cluster shards call (#10942)
Fixes for issues in previous releases of Redis 7.0
- TLS: Fix issues with large replies (#10909)
- Correctly report the startup warning for vm.overcommit_memory (#10841)
- redis-server command line allow passing config name and value in the same argument (#10866)
- Support --save command line argument with no value for backwards compatibility (#10866)
- Fix CLUSTER RESET command regression requiring an argument (#10898)
7.0.2
Upgrade urgency: MODERATE, specifically if you're using a previous release of
Redis 7.0, contains fixes for bugs in previous 7.0 releases.
Bug Fixes
- Fixed SET and BITFIELD commands being wrongly marked movablekeys (#10837)
Regression in 7.0 possibly resulting in excessive roundtrip from cluster clients. - Fix crash when /proc/sys/vm/overcommit_memory is inaccessible (#10848)
Regression in 7.0.1 resulting in crash on startup on some configurations.
7.0.1
Upgrade urgency: MODERATE, specifically if you're using a previous release of
Redis 7.0, contains some behavior changes for new 7.0 features and important
fixes for bugs in previous 7.0 releases.
Improvements
- Add warning for suspected slow system clocksource setting
Add --check-system command line option. (#10636) - Allow read-only scripts (*_RO commands, and ones with
no-writes
flag)
during CLIENT PAUSE WRITE (#10744) - Add
readonly
flag in COMMAND command for EVAL_RO, EVALSHA_RO and FCALL_RO (#10728) - redis-server command line arguments now accept one string with spaces
for multi-arg configs (#10660)
Potentially Breaking Changes
- Omitting a config option value in command line argument no longer works (#10660)
- Hide the
may_replicate
flag from the COMMAND command response (#10744)
Potentially Breaking Changes for new Redis 7.0 features
- Protocol: Sharded pubsub publish emits
smessage
instead ofmessage
(#10792) - CLUSTER SHARDS returns slots as RESP integers, not strings (#10683)
- Block PFCOUNT and PUBLISH in read-only scripts (*_RO commands, and no-writes) (#10744)
- Scripts that declare the
no-writes
flag are implicitlyallow-oom
too (#10699)
Changes in CLI tools
- redis-cli --bigkeys, --memkeys, --hotkeys, --scan. Finish nicely after Ctrl+C (#10736)
Platform / toolchain support related improvements
INFO fields and introspection changes
Module API changes
- Add two more new checks to RM_Call script mode (#10786)
- Add new RM_Call flag to let Redis automatically refuse
deny-oom
commands (#10786) - Add module API RM_MallocUsableSize (#10795)
- Add missing REDISMODULE_NOTIFY_NEW (#10688)
- Fix cursor type in RedisModuleScanCursor to handle more than 2^31 elements (#10698)
- Fix RM_Yield bugs and RM_Call("EVAL") OOM check bug (#10786)
- Fix bugs in enum configs with overlapping bit flags (#10661)
Bug Fixes
- FLUSHALL correctly resets rdb_changes_since_last_save INFO field (#10691)
- FLUSHDB is now propagated to replicas / AOF, even if the db is empty (#10691)
- Replica fail and retry the PSYNC if the master is unresponsive (#10726)
- Fix ZRANGESTORE crash when zset_max_listpack_entries is 0 (#10767)
Fixes for issues in previous release candidates of Redis 7.0
- CONFIG REWRITE could cause a config change to be dropped for aliased configs (#10811)
- CONFIG REWRITE would omit rename-command and include lines (#10761)
NOTE: Affected users who used Redis 7.0.0 to rewrite their configuration file
should review and fix the file. - Fix broken protocol after MISCONF (persistence) error (#10786)
- Fix --save command line regression (#10690)
- Fix possible regression around TLS config changes. re-load files even if the
file name didn't change. (#10713) - Re-add SENTINEL SLAVES command, missing in redis 7.0 (#10723)
- BZMPOP gets unblocked by non-key args and returns them (#10764)
- Fix possible memory leak in XADD and XTRIM (#10753)
7.0.0
Upgrade urgency: SECURITY, contains fixes to security issues.
Security Fixes:
- (CVE-2022-24736) An attacker attempting to load a specially crafted Lua script
can cause NULL pointer dereference which will result with a crash of the
redis-server process. This issue affects all versions of Redis.
[reported by Aviv Yahav]. - (CVE-2022-24735) By exploiting weaknesses in the Lua script execution
environment, an attacker with access to Redis can inject Lua code that will
execute with the (potentially higher) privileges of another Redis user.
[reported by Aviv Yahav].
New Features
- Keyspace event for new keys (#10512)
Command replies that have been extended
- COMMAND DOCS shows deprecated_since field in command args (#10545)
- COMMAND DOCS shows module name where applicable (#10544)
Potentially Breaking Changes
- Replicas panic when they fail writing persistence (#10504)
- Prevent cross slot operations in functions and scripts with shebang (#10615)
- Rephrased some error responses about invalid commands or args (#10612)
- Lua scripts do not have access to the print() function (#10651)
Performance and resource utilization improvements
- Speed optimization in streams (#10574)
- Speed optimization in command execution pipeline (#10502)
- Speed optimization in listpack encoded sorted (#10486)
- Speed optimization in latency tracking at INFO (relevant for 7.0 RCs) (#10606)
- Speed optimization when there are many replicas (relevant for 7.0 RCs) (#10588)
New configuration options
- Allow ignoring disk persistence errors on replicas (#10504)
- Allow abort with panic when replica fails to execute a command sent by the master (#10504)
- Allow configuring shutdown flags of SIGTERM and SIGINT (#10594)
- Allow attaching an operating system-specific identifier to Redis sockets (#10349)
Module API changes
- Add argument specifying ACL reason for module log entry (#10559)
Breaking API compatibility with 7.0 RCs - Add the deprecated_since field in command args of COMMAND DOCS (#10545)
Breaking API/ABI compatibility with 7.0 RCs - Add module API flag for using enum configs as bit flags (#10643)
- Add RM_PublishMessageShard (#10543)
- Add RM_MallocSizeString, RM_MallocSizeDict (#10542)
- Add RM_TryAlloc (#10541)
Bug Fixes
- Replica report disk persistence errors in PING (#10603)
- Fixes around rejecting commands on replicas and AOF when they must be respected (#10603)
- Durability fixes for appendfsync=always policy (#9678)
Fixes for issues in previous release candidates of Redis 7.0
- Fix possible crash on CONFIG REWRITE (#10598)
- Fix regression not aborting transaction on errors (#10612)
- Fix auto-aof-rewrite-percentage based AOFRW trigger after restart (#10550)
- Fix bugs when AOF enabled after startup, in case of failure before the first rewrite completes (#10616)
- Fix RM_Yield module API bug processing future commands of the current client (#10573)
6.2.7
Upgrade urgency: SECURITY, contains fixes to security issues.
Security Fixes:
- (CVE-2022-24736) An attacker attempting to load a specially crafted Lua script
can cause NULL pointer dereference which will result with a crash of the
redis-server process. This issue affects all versions of Redis.
[reported by Aviv Yahav]. - (CVE-2022-24735) By exploiting weaknesses in the Lua script execution
environment, an attacker with access to Redis can inject Lua code that will
execute with the (potentially higher) privileges of another Redis user.
[reported by Aviv Yahav].
Potentially Breaking Fixes
- LPOP/RPOP with count against non-existing list return null array (#10095)
- LPOP/RPOP used to produce wrong replies when count is 0 (#9692)
Performance and resource utilization improvements
- Speed optimization in command execution pipeline (#10502)
- Fix regression in Z[REV]RANGE commands (by-rank) introduced in Redis 6.2 (#10337)
Platform / toolchain support related improvements
Bug Fixes
- Lua: Add checks for min-slave-* configs when evaluating Lua scripts (#10160)
- Lua: fix crash on a script call with many arguments, a regression in v6.2.6 (#9809)
- Tracking: Make invalidation messages always after command's reply (#9422)
- Fix excessive stream trimming due to an overflow (#10068)
- Add missed error counting for INFO errorstats (#9646)
- Fix geo search bounding box check causing missing results (#10018)
- Improve EXPIRE TTL overflow detection (#9839)
- Modules: Fix thread safety violation when a module thread adds an error reply, broken in 6.2 (#10278)
- Modules: Fix missing and duplicate error stats (#10278)
- Module APIs: release clients blocked on module commands in cluster resharding
and down state (#9483) - Sentinel: Fix memory leak with TLS (#9753)
- Sentinel: Fix issues with hostname support (#10146)
- Sentinel: Fix election failures on certain container environments (#10197)
7.0-rc3
New Features
New administrative and introspection commands and command arguments
- CLUSTER SHARDS command deprecates CLUSTER SLOTS (#10293)
Potentially Breaking Changes
- CONFIG GET response returned in a non-deterministic order.
It's possible that a client was relying on configs order (#10323) - SORT / SORT_RO commands reject keys access patterns in GET and BY if ACL
doesn't grant the command full keyspace access (#10340) - FUNCTION LOAD command introduced in 7.0-RC1 was stripped of the ENGINE, and
NAME arguments which are now part of the script itself. The DESCRIPTION
argument was completely removed (#10500) - Set disable-thp config to be immutable (#10409)
Performance and resource utilization improvements
- Optimize performance and memory usage on replicas (#10413)
- A faster and more robust code of zslRandomLevel using RAND_MAX (#5539)
Changes in CLI tools
- redis-cli: Use exit code 1 on error (#10468)
- redis-cli: Do DNS lookup before sending CLUSTER MEET (#10436)
- redis-benchmark: Fix --cluster with IPv6. (#10393)
- redis-cli: Better --json Unicode support and --quoted-json (#10286)
INFO fields and introspection changes
- MEMORY STATS: Show cluster.links memory usage (#10302)
Module API changes
- APIs for exposing module configs to config file and CONFIG command (#10285)
- Add an event notifying about configuration changes (#10311)
- Add API for redacting command arguments from SLOWLOG and MONITOR (#10425)
- RM_Call: new flags for script mode compatibility, no writes, and error replies (#10372)
Bug Fixes
- Sentinel: Fix no reconnect after auth-pass is changed (#10400)
- Cluster: Fix race condition: Turn into replica on SETSLOT (#10489, #10381)
- XREADGROUP: Unblock client when the stream key is deleted (#10306)
Fixes for issue in previous release candidates of Redis 7.0
- ACL DRYRUN does not validate the verified command args. (#10405)
- ACL DRYRUN returns the tested common permission error (#10359)
- Incorrect parsing of hostname information from nodes.conf (#10435)
- BITSET and BITFIELD SET should propagate even if just length changed (#10459)
- SHUTDOWN, Fix a possible crash when the shutdown was aborted (#10440)
- Script should not allow may-replicate commands when client pause write (#10364)
- Optimization tracking memory usage from i/o threads. (#10401)
- Initialize help when using redis-cli help or redis-cli ? (#10382)
- Dismiss COW of client output buffer now that it's dynamic (#10371)
- Fix memory corruption when EVAL fails before being processed (#10519)
7.0-rc2
New Features
- Add stream consumer group lag tracking and reporting (#9127)
- Add API for functions and eval Lua scripts to check ACL explicitly (#10220)
New user commands or command arguments
- COMMAND GETKEYSANDFLAGS sub-command (#10237)
- INFO command can take multiple section arguments (#6891)
- XGROUP CREATE and SETID: new ENTRIESREAD optional argument (#9127)
- XSETID new ENTRIESADDED and MAXDELETEDID optional arguments (#9127)
Command replies that have been extended
- XINFO reports consumer group lag and a few other fields (#9127)
- XAUTOCLAIM returns a new element with a list of deletes IDs (#10227)
Potentially Breaking Changes
- X[AUTO]CLAIM skips deleted entries instead of replying with Nil, and deletes
them from the pending entry list (#10227) - Fix messed up error codes returned from EVAL scripts (#10218, #10329)
- COMMAND INFO, Renames key-spec "CHANNEL" flag to be "NOT_KEY" (#10299)
Performance and resource utilization improvements
- Reduce system calls and small packets for client replies (#9934)
- Reduce memory usage of stale clients (#9822)
- Fix regression in Z[REV]RANGE commands (by-rank) introduced in Redis 6.2 (#10337)
Changes in CLI tools
- Adapt redis-check-aof tool for Multi Part AOF (#10061)
- Enable redis-benchmark to use RESP3 protocol mode (#10335)
Platform / toolchain support related improvements
- Fix OpenSSL 3.0.x related issues (#10291)
INFO fields and introspection changes
- COMMAND INFO key-specs has new variable_flags flag (#10237, #10148)
- INFO stats: add aof_rewrites and rdb_snapshots counters (#10178)
- INFO stats: add reply_buffer_shrinks and reply_buffer_expends (#9822)
- INFO modules: add no-implicit-signal-modified module option (#10284)
Module API changes
- Add RM_SetCommandInfo API to set command metadata for the new COMMAND
introspection features and ACL key permissions (#10108) - Add RM_KeyAtPosWithFlags and RM_GetCommandKeysWithFlags APIs (#10237)
- Add getchannels-api command flag and RM_IsChannelsPositionRequest,
RM_ChannelAtPosWithFlags APIs (#10299) - Change RM_ACLCheckChannelPermissions and RM_ACLCheckKeyPermissions APIs
(released in RC1) to take different flags (#10299) - Fix RM_SetModuleOptions flag collision. Bug in 7.0 RC1 header file, modules
that used OPTIONS_HANDLE_REPL_ASYNC_LOAD will mess up key invalidations (#10284)
Bug Fixes
- Modules: Fix thread safety violation when a module thread adds an error reply,
broken in 6.2 (#10278) - Lua: Fix Eval scripts active defrag, broken 7.0 in RC1 (#10271)
- Fix geo search bounding box check causing missing results (#10018)
- Lua: Add checks for min-slave-* configs when evaluating Lua scripts and
Functions (#10160) - Modules: Prevent crashes and memory leaks when MODULE UNLOAD is used on module
with a pending timer (#10187) - Fix error stats and failed command stats for blocked clients (#10309)
- Lua/Modules: Fix missing and duplicate error stats for scripts and modules (#10329, #10278)
- Check target node is a primary during cluster setslot (#10277)
- Fix key deletion not to invalidate WATCH when used on a logically expired key (#10256)
- Sentinel: return an error if configuration save fails (#10151)
- Sentinel: fix a free-after-use issue re-registering Sentinels (#10333)