6.2.4
版本发布时间: 2021-06-01 22:07:04
redis/redis最新发布版本:8.0-m02(2024-11-04 17:16:21)
Upgrade urgency: SECURITY, Contains fixes to security issues that affect authenticated client connections. MODERATE otherwise.
Fix integer overflow in STRALGO LCS (CVE-2021-32625) An integer overflow bug in Redis version 6.0 or newer can be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. This is a result of an incomplete fix by CVE-2021-29477.
Bug fixes that are only applicable to previous releases of Redis 6.2:
- Fix crash after a diskless replication fork child is terminated (#8991)
- Fix redis-benchmark crash on unsupported configs (#8916)
Other bug fixes:
- Fix crash in UNLINK on a stream key with deleted consumer groups (#8932)
- SINTERSTORE: Add missing keyspace del event when none of the sources exist (#8949)
- Sentinel: Fix CONFIG SET of empty string sentinel-user/sentinel-pass configs (#8958)
- Enforce client output buffer soft limit when no traffic (#8833)
Improvements:
- Hide AUTH passwords in MIGRATE command from slowlog (#8859)