mirrors
/
redis
mirror of https://mirror.osredm.com/root/redis.git
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Redis 6.0.13

This commit is contained in:
Oran Agra 2021-05-03 12:08:08 +03:00
parent adf8f6f63f
commit 68e93c22c3
2 changed files with 34 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
00-RELEASENOTES
View File

@ -11,6 +11,38 @@ CRITICAL: There is a critical bug affecting MOST USERS. Upgrade ASAP.
SECURITY: There are security fixes in the release.
--------------------------------------------------------------------------------
================================================================================
Redis 6.0.13 Released Mon May 3 19:00:00 IST 2021
================================================================================
Upgrade urgency: SECURITY, Contains fixes to security issues that affect
authenticated client connections. LOW otherwise.
Integer overflow in STRALGO LCS command (CVE-2021-29477):
An integer overflow bug in Redis version 6.0 or newer could be exploited using
the STRALGO LCS command to corrupt the heap and potentially result in remote
code execution. The integer overflow bug exists in all versions of Redis
starting with 6.0.
Integer overflow in COPY command for large intsets (CVE-2021-29478):
An integer overflow bug in Redis 6.2 could be exploited to corrupt the heap and
potentially result with remote code execution. The vulnerability involves
changing the default set-max-intset-entries configuration value, creating a
large set key that consists of integer values and using the COPY command to
duplicate it. The integer overflow bug exists in all versions of Redis starting
with 2.6, where it could result with a corrupted RDB or DUMP payload, but not
exploited through COPY (which did not exist before 6.2).
Bug fixes:
* Cluster: Skip unnecessary check which may prevent failure detection (#8585)
* Fix not starting on alpine/libmusl without IPv6 (#8655)
Improvements:
* Fix performance regression in BRPOP on Redis 6.0 (#8689)
Modules:
* Fix edge-case when a module client is unblocked (#8618)
================================================================================
Redis 6.0.12 Released Mon Mar 1 17:29:52 IST 2021
================================================================================

4
src/version.h
View File

@ -1,2 +1,2 @@
#define REDIS_VERSION "6.0.12"
#define REDIS_VERSION_NUM 0x0006000c
#define REDIS_VERSION "6.0.13"
#define REDIS_VERSION_NUM 0x0006000d