Redis 6.0.9
===========
Upgrade urgency: SECURITY if you use an affected platform (see below).
Otherwise the upgrade urgency is MODERATE.
This release fixes a potential heap overflow when using a heap allocator other
than jemalloc or glibc's malloc. See:
https://github.com/redis/redis/pull/7963
Other fixes in this release:
New:
* Memory reporting of clients argv
* Add redis-cli control on raw format line delimiter
* Add redis-cli support for rediss:// -u prefix
* Get rss size support for NetBSD and DragonFlyBSD
Behavior changes:
* WATCH no longer ignores keys which have expired for MULTI/EXEC
* Correct OBJECT ENCODING response for stream type
* Allow blocked XREAD on a cluster replica
* TLS: Do not require CA config if not used
Bug fixes:
* INFO report real peak memory (before eviction)
* Allow requirepass config to clear the password
* Fix config rewrite file handling to make it really atomic
* Fix excessive categories being displayed from ACLs
* Add fsync in replica when full RDB payload was received
* Don't write replies to socket when output buffer limit reached
* Fix redis-check-rdb support for modules aux data
* Other smaller bug fixes
Modules API:
* Add APIs for version and compatibility checks
* Add RM_GetClientCertificate
* Add RM_GetDetachedThreadSafeContext
* Add RM_GetCommandKeys
* Add Swapdb Module Event
* RM_GetContextFlags provides indication of being in a fork child
* RM_GetContextFlags document missing flags: MULTI_DIRTY, IS_CHILD
* Expose real client on connection events
* Minor improvements to module blocked on keys
Redis 6.0.8
===========
Upgrade urgency HIGH: Anyone who's using Redis 6.0.7 with Sentinel or
CONFIG REWRITE command is affected and should upgrade ASAP.
Bug fixes:
* CONFIG REWRITE after setting oom-score-adj-values either via CONFIG SET or
loading it from a config file, will generate a corrupt config file that will
cause Redis to fail to start
* Fix issue with redis-cli --pipe on MacOS
* Fix RESP3 response for HKEYS/HVALS on non-existing key
* Various small bug fixes
New features / Changes:
* Remove THP warning when set to madvise
* Allow EXEC with read commands on readonly replica in cluster
* Add masters/replicas options to redis-cli --cluster call command
Module API:
* Add RedisModule_ThreadSafeContextTryLock
Redis 6.0.7
Upgrade urgency MODERATE: several bugs with moderate impact are fixed,
Specifically the first two listed below which cause protocol errors for clients.
Bug fixes:
* CONFIG SET could hung the client when arrives during RDB/ROF loading (When
processed after another command that was also rejected with -LOADING error)
* LPOS command when RANK is greater than matches responded wiht broken protocol
(negative multi-bulk count)
* UNLINK / Lazyfree for stream type key would have never do async freeing
* PERSIST should invalidate WATCH (Like EXPIRE does)
* EXEC with only read commands could have be rejected when OOM
* TLS: relax verification on CONFIG SET (Don't error if some configs are set
and tls isn't enabled)
* TLS: support cluster/replication without tls-port
* Systemd startup after network is online
* Redis-benchmark improvements
* Various small bug fixes
New features:
* Add oom-score-adj configuration option to control Linux OOM killer
* Show IO threads statistics and status in INFO output
* Add optional tls verification mode (see tls-auth-clients)
Module API:
* Add RedisModule_HoldString
* Add loaded keyspace event
* Fix RedisModuleEvent_LoadingProgress
* Fix RedisModuleEvent_MasterLinkChange hook missing on successful psync
* Fix missing RM_CLIENTINFO_FLAG_SSL
* Refactor redismodule.h for use with -fno-common / extern
redis does not look in a particular path but wants the config file
path passed on the command line. The SMF script already did this,
but the rc.d script passed configuration on the command line,
causing redis to neither write a log file nor a database by default.
Bump PKGREVISION.
Redis 6.0.6
===========
Upgrade urgency MODERATE: several bugs with moderate impact are fixed here.
The most important issues are listed here:
* Fix crash when enabling CLIENT TRACKING with prefix
* EXEC always fails with EXECABORT and multi-state is cleared
* RESTORE ABSTTL won't store expired keys into the db
* redis-cli better handling of non-pritable key names
* TLS: Ignore client cert when tls-auth-clients off
* Tracking: fix invalidation message on flush
* Notify systemd on Sentinel startup
* Fix crash on a misuse of STRALGO
* Few fixes in module API
* Fix a few rare leaks (STRALGO error misuse, Sentinel)
* Fix a possible invalid access in defrag of scripts (unlikely to cause real harm)
New features:
* LPOS command to search in a list
* Use user+pass for MIGRATE in redis-cli and redis-benchmark in cluster mode
* redis-cli support TLS for --pipe, --rdb and --replica options
* TLS: Session caching configuration support
Redis 6.0.5
Upgrade urgency MODERATE: several bugs with moderate impact are fixed here.
The most important issues are listed here:
* Fix handling of speical chars in ACL LOAD.
* Make Redis Cluster more robust about operation errors that may lead
to two clusters to mix together.
* Revert the sendfile() implementation of RDB transfer. It causes some delay.
* Fix TLS certificate loading for chained certificates.
* Fix AOF rewirting of KEEPTTL SET option.
* Fix MULTI/EXEC behavior during -BUSY script errors.
Redis 6.0.4
===========
Upgrade urgency CRITICAL: this release fixes a severe replication bug.
Redis 6.0.4 fixes a critical replication bug caused by a new feature introduced
in Redis 6. The feature, called "meaningful offset" and strongly wanted by
myself (antirez) was an improvement that avoided that masters were no longer
able, during a failover where they were demoted to replicas, to partially
synchronize with the new master. In short the feature was able to avoid full
synchronizations with RDB. How did it work? By trimming the replication backlog
of the final "PING" commands the master was sending in the replication channel:
this way the replication offset would no longer go "after" the one of the
promoted replica, allowing the master to just continue in the same replication
history, receiving only a small data difference.
However after the introduction of the feature we (the Redis core team) quickly
understood there was something wrong: the apparently harmless feature had
many bugs, and the last bug we discovered, after a joined effort of multiple
people, we were not even able to fully understand after fixing it. Enough was
enough, we decided that the complexity cost of this feature was too high.
So Redis 6.0.4 removes the feature entirely, and fixes the data corruption that
it was able to cause.
However there are two facts to take in mind.
Fact 1: Setups using chained replication, that means that certain replicas
are replicating from other replicas, up to Redis 6.0.3 can experience data
corruption. For chained replication we mean that:
+--------+ +---------+ +-------------+
| master |--------->| replica |-------->| sub-replica |
+--------+ +---------+ +-------------+
People using chained replication SHOULD UPGRADE ASAP away from Redis 6.0.0,
6.0.1, 6.0.2 or 6.0.3 to Redis 6.0.4.
To be clear, people NOT using this setup, but having just replicas attached
directly to the master, SHOUDL NOT BE in danger of any problem. But we
are no longer confident on 6.0.x replication implementation complexities
so we suggest to upgrade to 6.0.4 to everybody using an older 6.0.3 release.
We just so far didn't find any bug that affects Redis 6.0.3 that does not
involve chained replication.
People starting with Redis 6.0.4 are fine. People with Redis 5 are fine.
People upgrading from Redis 5 to Redis 6.0.4 are fine.
TLDR: The problem is with users of 6.0.0, 6.0.1, 6.0.2, 6.0.3.
Fact 2: Upgrading from Redis 6.0.x to Redis 6.0.4, IF AND ONLY IF you
use chained replication, requires some extra care:
1. Once you attach your new Redis 6.0.4 instance as a replica of the current
Redis 6.0.x master, you should wait for the first full synchronization,
then you should promote it right away, if your setup involves chained
replication. Don't give it the time to do a new partial synchronization
in the case the link between the master and the replica will break in
the mean time.
2. As an additional care, you may want to set the replication ping period
to a very large value (for instance 1000000) using the following command:
CONFIG SET repl-ping-replica-period 1000000
Note that if you do "1" with care, "2" is not needed.
However if you do it, make sure to later restore it to its default:
CONFIG SET repl-ping-replica-period 10
So this is the main change in Redis 6. Later we'll find a different way in
order to achieve what we wanted to achieve with the Meaningful Offset feature,
but without the same complexity.
Other changes in this release:
* PSYNC2 tests improved.
* Fix a rare active defrag edge case bug leading to stagnation
* Fix Redis 6 asserting at startup in 32 bit systems.
* Redis 6 32 bit is now added back to our testing environments.
* Fix server crash for STRALGO command,
* Implement sendfile for RDB transfer.
* TLS fixes.
* Make replication more resistant by disconnecting the master if we
detect a protocol error. Basically we no longer accept inline protocol
from the master.
* Other improvements in the tests.
Redis 6.0.3:
Upgrade urgency CRITICAL: a crash introduced in 6.0.2 is now fixed.
Redis 6.0.2:
Upgrade urgency MODERATE: many not critical bugfixes in different areas.
Critical fix to client side caching when
keys are evicted from the tracking table but
no notifications are sent.
The following are the most serious fix:
* XPENDING should not update consumer's seen-time
* optimize memory usage of deferred replies - fixed
* Fix CRC64 initialization outside the Redis server itself.
* stringmatchlen() should not expect null terminated strings.
* Cluster nodes availability checks improved when there is
high Pub/Sub load on the cluster bus.
* Redis Benchmark: Fix coredump because of double free
* Tracking: send eviction messages when evicting entries.
* rax.c updated from upstream antirez/rax.
* fix redis 6.0 not freeing closed connections during loading.
New features:
dd
* Support setcpuaffinity on linux/bsd
* Client Side Caching: Add Tracking Prefix Number Stats in Server Info
* Add --user argument to redis-benchmark.c (ACL)
Redis 6.0.1
===========
Upgrade urgency HIGH: This release fixes a crash when builiding against
Libc malloc.
Here we revert 8110ba888, an optimization that causes a crash due to a
bug in the code. It does not happen with the default allocator because of
differences between Jemalloc and libc malloc, so this escaped all our
testing but was reported by a user. We'll add back the original optimization
that was reverted here later, after checking what happens: it is not a
critical optimization.
Redis 6.0.0 GA
==============
Upgrade urgency CRITICAL: many bugs fixed compared to the last release
candidate. Better to upgrade if you see things
affecting your environment in the changelog.
Hi all, finally we have Redis 6.0.0 GA! Enjoy this new Redis release.
Most of the documentation was updated today so that you can likely
find what you are looking for about the new features at redis.io.
This is the list of what changed compared to the previoius release candidate:
* XCLAIM AOF/replicas propagation fixed.
* Client side caching: new NOLOOP option to avoid getting notified about
changes performed by ourselves.
* ACL GENPASS now uses HMAC-SHA256 and have an optional "bits" argument.
It means you can use it as a general purpose "secure random strings"
primitive!
* Cluster "SLOTS" subcommand memory optimization.
* The LCS command is now a subcommand of STRALGO.
* Meaningful offset for replicas as well. More successful partial
resynchronizations.
* Optimize memory usage of deferred replies.
* Faster CRC64 algorithm for faster RDB loading.
* XINFO STREAM FULL, a new subcommand to get the whole stream state.
* CLIENT KILL USER <username>.
* MIGRATE AUTH2 option, for ACL style authentication support.
* Other random bugfixes.
Redis 5.0.8:
Upgrade urgency HIGH: This release fixes security issues.
This is a list of fixes in this release:
Fix Pi building needing -latomic, backport
fix impl of aof-child whitelist SIGUSR1 feature.
fix ThreadSafeContext lock/unlock function names
XREADGROUP should propagate XCALIM/SETID in MULTI/EXEC
Fix client flags to be int64 in module.c
Fix small bugs related to replica and monitor ambiguity
Fix lua related memory leak.
Free allocated sds in pfdebugCommand() to avoid memory leak.
Jump to right label on AOF parsing error.
Free fakeclient argv on AOF error.
Fix potential memory leak of rioWriteBulkStreamID().
Fix potential memory leak of clusterLoadConfig().
Fix bug on KEYS command where pattern starts with * followed by \x00 (null char).
Blocking XREAD[GROUP] should always reply with valid data (or timeout)
XCLAIM: Create the consumer only on successful claims.
Stream: Handle streamID-related edge cases
Fix ip and missing mode in RM_GetClusterNodeInfo().
Inline protocol: handle empty strings well.
Mark extern definition of SDS_NOINIT in sds.h
[FIX] revisit CVE-2015-8080 vulnerability
avoid sentinel changes promoted_slave to be its own replica.
Hi all, Redis 5.0.7 fixes a number of bugs, none is very critical, however
there are a few that may have an impact. It's a good idea to upgrade.
There are fixes in the area of replication from modules commands and
callbacks, AOF fsync (non critical issue), memory leaks (very rare and small),
streams beahvior (non critical), and a potential crash in commands
processing multiple keys at the same time that is there for years, and happens
very rarely, but is not impossible to trigger.
Redis 5.0.6
Upgrade urgency CRITICAL: Only in case of exposed instances to untrusted users.
This Redis release, 5.0.6, is a bugfix and enhancement release. The most
important bugfix is a corruption related to the HyperLogLog. A malformed
HyperLogLog string could cause an invalid access to the memory. At a first
glance the vulnerability appears to be not exploitable but just a DoS. The
way to trigger the issue is complex, we'll not provide any information about
how to do that for the users safety.
Other significant changes in this release:
* New modules APIs merged from Redis unstable to Redis 5.
* Some memory optimization related to objects creation.
* Fixes to flushSlaveOutputBuffer() that make sure that SHUTDOWN will
transfer pending buffers to replicas.
Redis 5.0.5:
Upgrade urgency CRITICAL: This release fixes an important AOF fysnc bug
and other less critical issues.
Dear user,
Redis 5.0.5 fixes an important issue with AOF and adds multiple very useful
modules APIs. Moreover smaller bugs in other parts of Redis are fixed in
this release.
The AOF bug
The AOF bug happens when the fsync policy is set to "everysec", which is the
default: if the write load in the server drops immediately, the commands
executed in the latest second may not be fsync-ed to disk as it should.
This may lead to data loss in case the write load drops immediately and
successively a server crash happens.
Other things in this release
* Streams: a bug in the iterator could prevent certain items to be returned in
range queries under specific conditions.
* Memleak in bitfieldCommand fixed.
* Modules API: Preserve client->id for blocked clients.
* Fix memory leak when rewriting config file in case of write errors.
* New modules API: RedisModule_GetKeyNameFromIO().
* Fix non critical bugs in diskless replication.
* New mdouels API: command filtering. See RedisModule_RegisterCommandFilter();
* Tests improved to be more deterministic.
* Fix a Redis Cluster bug, manual failover may abort because of the master
sending PINGs to the replicas.
Redis 5.0.4
Upgrade urgency HIGH: This release fixes several Redis stability issues.
Dear Redis users, this release includes a number of fixes for bugs that may
result in Redis crashing in special conditions (not normal usage, but specific
artificial conditions), fixes to certain Redis behaviors especially around
Redis streams, and finally a set of new APIs for Redis Modules.
Specifically:
* Hyperloglog different coding errors leading to potential crashes were fixed.
* A replication bug leading to a potential crash in case of plain misuse of handshake commands was fixed.
* XCLAIM command incrementing of number of deliveries was fixed.
* LFU field management in objects was improved.
* A potential overflow in the redis-check-aof was fixed.
* A memory leak in case of API misuse was fixed.
* ZPOP* behavior when count is 0 is fixed.
* A few redis-cli --cluster bugs were fixed, plus a few improvements.
* Many other smaller bugs.
Redis 5.0.3
===========
Upgrade urgency HIGH: Redis 5 is consolidating, upgrading is a good idea.
However there is nothing very critical here, but certain
issues resolved could lead to very rare crashes.
Welcome to Redis 5.0.3, several interesting bug fixes here:
* Redis no longer panics when you send data to a replica-mode connection that
is in MONITOR or SYNC mode.
* Fixes to certain sorted set edge cases. You are unlikely to ever notice those
issues, but now it is more correct.
* Certain BSD variants now are better supported: build & register logging
on crash.
* The networking core now recovers if an IPv6 address is listed in bind but
is actually not able to work because there is no such protocol in the
system.
* redis-cli cluster mode improved in many ways. Especially the fix subcommand
work was enhanced to cover other edge cases that were still not covered
after the work done for Redis 5.
* MEMORY USAGE is now more accurate.
* DEBUG DIGEST-VALUE added in case you want to make sure a given set of keys
(and not the whole DB) are excatly the same between two instances.
* Fix a potential crash in the networking code related to recent changes
to the way the reply is consumed.
* Reject EXEC containing write commands against an instance that changed role
from master to replica during our transaction.
* Fix a crash in KEYS and other commands using pattern matching, in an edge
case where the pattern contains a zero byte.
* Fix eviction during AOF loading due to maxmemory triggered by commands
executed in loading state.
Redis 5.0.2
===========
Upgrade urgency: CRITICAL if you use streams and consumer groups.
HIGH if you use redis-cli with Redis Cluster.
LOW otherwise.
Welcome to Redis 5.0.2. This release fixes two issues with Streams consumer
groups, where items could be returned duplicated by XREADGROUP when accessing
the history, and another bug where XREADGROUP can report some history even
if the comsumer pending list is empty. Both problems were addressed and unit
tests to avoid regressions implemented. Moreover this release fixes some
issue with redis-cli when in cluster mode. Finally some FreeBSD and DragonFly
build problems are now resolved. The list of the commits is below.
Redis 5.0.1
===========
Upgrade urgency: URGENT if you use Redis Streams. MODERATE otherwise.
Hi all, this is the first patch level release of Redis 5. It contains
both fixes and improvements. Here there is a list of the major ones, however
read the commit messages at the end of the changelog if you want to know
more about the smaller things. Let's start with the new features:
* Sentinel now supports authentication! Check the Sentinel official doc
for more info.
* Redis-cli cluster "fix" is now able to fix a big number of clusters put
in a bad condition. Previously many corner cases were not covered.
Now the critical fixes:
1. Fix RESTORE mismatch reply when certain keys already expired.
2. Fix an XCLAIM non trivial issue: sometimes the command returned a wrong
entry or desynchronized the protocol.
And now the other fixes:
3. Stack trace generation on the Raspberry PI (and 32bit ARM) fixed.
4. Don't evict expired keys when the KEYS command is called, in order to
avoid a mass deletion event. However expired keys are not displayed
by KEYS as usually.
5. Improvements in the computation of the memory used, when estimating
the AOF buffers.
6. XRANGE COUNT of 0 fixed.
7. "key misses" stats accounting fixed. Many cache misses were not counted.
8. When in MULTI state, return OOM while accumulating commands and there
is no longer memory available.
9. Fix build on FreeBSD and possibly others.
10. Fix a crash in Redis modules, thread safe context reply accumulation.
11. Fix a race condition when producing the RDB file for full SYNC.
12. Disable protected mode in Sentinel.
13. More commands now have the HELP subcommand.
14. Fixed an issue about adaptive server HZ timer.
15. Fix cluster-replica-no-failover option name.
Redis 5.0.0
===========
Upgrade urgency CRITICAL: Several fixes to streams AOF and replication.
1. The new Stream data type. https://redis.io/topics/streams-intro
2. New Redis modules APIs: Timers, Cluster and Dictionary APIs.
3. RDB now store LFU and LRU information.
4. The cluster manager was ported from Ruby (redis-trib.rb) to C code
inside redis-cli. Check `redis-cli --cluster help` for more info.
5. New sorted set commands: ZPOPMIN/MAX and blocking variants.
6. Active defragmentation version 2.
7. Improvemenets in HyperLogLog implementations.
8. Better memory reporting capabilities.
9. Many commands with sub-commands now have an HELP subcommand.
10. Better performances when clients connect and disconnect often.
11. Many bug fixes and other random improvements.
12. Jemalloc was upgraded to version 5.1
13. CLIENT UNBLOCK and CLIENT ID.
14. The LOLWUT command was added. http://antirez.com/news/123
15. We no longer use the "slave" word if not for API backward compatibility.
16. Differnet optimizations in the networking layer.
17. Lua improvements:
- Better propagation of Lua scripts to replicas / AOF.
- Lua scripts can now timeout and get in -BUSY state in the replica as well.
18. Dynamic HZ to balance idle CPU usage with responsiveness.
19. The Redis core was refactored and improved in many ways.
Redis 4.0.11:
Upgrade urgency HIGH: not critical but very important bugs fixed.
Dear users, this is just a bugfix release of Redis 4. All new work
is now focused on Redis 5, however we backported a number of bug fixes here:
* The disconnection time between the master and slave was reset in an
incorrect place, sometimes a good slave will not be able to failover
because it claims it was disconnected for too much time from the master.
* A replication bug, rare to trigger but non impossible, is in Redis for
years. It was lately discovered at Redis Labs and fixed by Oran Agra.
It may cause disconnections, desynchronizations and other issues.
* RANDOMKEY may go in infinite loop on rare situations. Now fixed.
* EXISTS now works in a more consistent way on slaves.
* Sentinel: backport of an option to deny a potential security problem
when the SENTINEL command is used to configure an arbitrary script
to execute.
Redis 4.0.10 fixes a number of important issues:
* Important security issues related to the Lua scripting engine.
Please check https://github.com/antirez/redis/issues/5017
for more information.
* A bug with SCAN, SSCAN, HSCAN and ZSCAN, that may not return all the elements.
We also add a regression test that can trigger the issue often when present, and
may in theory be able to find unrelated regressions.
* A PSYNC2 bug is fixed: Redis should not expire keys when saving RDB files
because otherwise it is no longer possible to use such RDB file as a base
for partial resynchronization. It no longer represents the right state.
* Compatibility of AOF with RDB preamble when the RDB checksum is disabled.
* Sentinel bug that in some cases prevented Sentinel to detect that the master
was down immediately. A delay was added to the detection.
* Other minor issues.
- Fix a critical AOF bug when fsync policy set to "always"
- Latency monitor could report wrong latencies under certain conditions.
- AOF rewriting could fail when a backgronud rewrite is triggered and
at the same time the AOF is switched on/off.
- Redis Cluster crash-recovery safety improved.
- Other smaller fixes (check commnits).
- Redis Cluster has now the ability to configure certain slaves so that
they'll never attempt a failover.
- Keyspace notifications API in modules.
- RM_Call() is now faster by reusing the same client.
- Tracking of the percentage of keys already logically expired but yet
not evicted.
- Many 32 bit overflows were addressed in order to allow to use Redis with
a very significant amount of data, memory size permitting.
- MEMORY USAGE fixed for the list type.
- Allow read-only scripts in Redis Cluster.
- Fix AOF pipes setup in edge case.
- AUTH option for MIGRATE.
- HyperLogLogs are no longer converted from sparse to dense in order
to be merged.
- Fix AOF rewrite dead loop under edge cases.
- Fix processing of large bulk strings (>= 2GB).
- Added RM_UnlinkKey in modules API.
- Fix Redis Cluster crashes when certain commands with a variable number
of arguments are called in an improper way.
- Fix memory leak in lazyfree engine.
- Fix many potentially successful partial synchronizations that end
doing a full SYNC, because of a bug destroying the replication
backlog on the slave. So after a failover the slave was often not able
to PSYNC with masters, and a full SYNC was triggered. The bug only
happened after 1 hour of uptime so escaped the unit tests.
- Improve anti-affinity in master/slave allocation for Redis Cluster
when the cluster is created.
- Improve output buffer handling for slaves, by not limiting the amount
of writes a slave could receive.
- This release fixes yet more errors present in the 4.0.5 fixes, that
could affect slaves. Moreover another critical issue in quicklists,
when they are used at a massive memory scale, was fixed in this
release. Upgrading from any 4.0.x release, especially if you are
running 4.0.4 or 4.0.5, is highly recommended.
Upgrade urgency CRITICAL: Several PSYNC2 bugs can corrupt the slave
data set after a restart and a successful PSYNC2 handshake.
- Fix the "PSYNC after restart" problem.
- LFU fixes improve the ability of Redis to correctly estimate the
popularity of keys.
- Security fix related to loading a corrupted Cluster state from a
corrupted file.
- Other bugfixes.
Significant bugs fixed:
1. A number of bugs were fixed in the area of PSYNC2 replication in
thecspecific area of restarting an instance with an RDB file having
the repliacation meta-data to continue without a full
resynchronization.
2. AOF flush on SHUTDOWN did not cared to really write the AOF buffers
(not in the kernel but in the Redis process memory) to disk before
exiting. Calling SHUTDOWN during traffic resulted into not every
operation to be persisted on disk.
3. The SLOWLOG could reference values inside string objects stored at
keys, creating a race condition during FLUSHALL ASYNC while the DB is
reclaimed in another thread.
Bug fixes:
- Loading two or more modules exporting native data types resulted
into the inability to reload the RDB file.
- Crash in modules when calling from Lua scripts module commands that
would block.
- A Redis Cluster crash due to mis-handling of the "migrate-to"
internal flag.
- Other smaller fixes not worth of a release per se, but nice to add
here.
Redis 4.0.0
Major features
- Redis modules system. Redis now allows developers to write modules
that can extend the Redis functionalities and implement new data
types.
- Partial Replication (PSYNC) version 2.
- Cache eviction improvements. Redis 4.0 implements LFU (Least
Frequently Used) as a new eviction algorithm, and improves the
functionality, performances and precision of the existing algorithms.
- Lazy freeing of keys. Redis is now able to delete keys in the
background in a different thread without blocking the server.
- Mixed RDB-AOF format. If enabled the new format is used when
rewriting the AOF file: the rewrite uses the more compact and faster
to generate RDB format, and an AOF stream is appended to the file.
- A new MEMORY command, able to perform memory analysis of different
kinds: troubleshooting of memory issues (with MEMORY DOCTOR, similar
to LATENCY DOCTOR), reporting of the amount of memory used by a single
key, more in-depth reporting of Redis memory usage compared to what
the INFO command offers.
- Redis Cluster support for NAT / Docker.
- Redis uses now less memory in order to store the same amount of
data. The gain depends a lot on the kind of dataset stored.
- Redis is now able to defragment the used memory and reclaim space
incrementally while running.
Smaller features
- Improvements to the RDB format to support 64 bit lengths, binary
sorted set scores, and more.
- SWAPDB command: ability to completely and immediately (no latency)
replace two Redis databases.
- Improvements to `dict.c`, the Redis hash table implementation.
- Security improvements mapping POST and Host: commands to QUIT in
order to prevent cross protocol scripting attacks.
- RPUSHX and LPUSHX now accept a variable number of elements.
- Reporting of additional memory used by copy on write in the INFO
output.
- Serious refactoring of many core parts of Redis.
Migrating from 3.2 to 4.0
- The Redis Cluster bus protocol of 4.0 is no longer compatible with
Redis 3.2.
- Redis Cluster CLUSTER NODES output is now slightly different.
- Writable slaves do not propagate writes to their sub-slaves, so
writes to writable slaves remain just local.
- The RDB format changed. Redis 4.0 is still able to read 3.2 (and all
the past versions) files, but not the other way around.
- Certain log formats and sentences are different in Redis 4.0.
- Certain INFO fields, especially related to replication, are now
different.
- GEODIST, GEOPOS and GEOHASH return values changed for non existing
keys
- The SLOWLOG command entires contain additional two fields: the
client address and name. This is documented in the SLOWLOG command online
documentation.
================================================================================
Redis 3.2.8 Released Sun Feb 12 16:11:18 CET 2017
================================================================================
Two important bug fixes, the first of one is critical:
1. Apparently Jemalloc 4.4.0 may contain a deadlock under particular
conditions. See https://github.com/antirez/redis/issues/3799.
We reverted back to the previously used Jemalloc versions and plan
to upgrade Jemalloc again after having more info about the
cause of the bug.
2. MIGRATE could crash the server after a socket error. See for reference:
https://github.com/antirez/redis/issues/3796.
================================================================================
Redis 3.2.7 Released Tue Jan 31 16:21:41 CET 2017
================================================================================
Main bugs fixes and improvements in this release:
1. MIGRATE could incorrectly move keys between Redis Cluster nodes by turning
keys with an expire set into persisting keys. This bug was introduced with
the multiple-keys migration recently. It is now fixed. Only applies to
Redis Cluster users that use the resharding features of Redis Cluster.
2. As Redis 4.0 beta and the unstable branch already did (for some months at
this point), Redis 3.2.7 also aliases the Host: and POST commands to QUIT
avoiding to process the remaining pipeline if there are pending commands.
This is a security protection against a "Cross Scripting" attack, that
usually involves trying to feed Redis with HTTP in order to execute commands.
Example: a developer is running a local copy of Redis for development
purposes. She also runs a web browser in the same computer. The web browser
could send an HTTP request to http://127.0.0.1:6379 in order to access the
Redis instance, since a specially crafted HTTP requesta may also be partially
valid Redis protocol. However if POST and Host: break the connection, this
problem should be avoided. IMPORTANT: It is important to realize that it
is not impossible that another way will be found to talk with a localhost
Redis using a Cross Protocol attack not involving sending POST or Host: so
this is only a layer of protection but not a definitive fix for this class
of issues.
3. A ziplist bug that could cause data corruption, could crash the server and
MAY ALSO HAVE SECURITY IMPLICATIONS was fixed. The bug looks complex to
exploit, but attacks always get worse, never better (cit). The bug is very
very hard to catch in practice, it required manual analysis of the ziplist
code in order to be found. However it is also possible that rarely it
happened in the wild. Upgrading is required if you use LINSERT and other
in-the-middle list manipulation commands.
4. We upgraded to Jemalloc 4.4.0 since the version we used to ship with Redis
was an early 4.0 release of Jemalloc. This version may have several
improvements including the ability to better reclaim/use the memory of
system.
This release mainly fixes three bugs:
1. A bug with BITFIELD that may cause the bitmap corruption when setting offsets
larger than the current string size.
2. A GEORADIUS bug that may happen when using very large radius lengths, in
the range of 10000km or alike, due to wrong bounding box calculation.
3. A bug with Redis Cluster which crashes when reading a nodes configuration
file with zero bytes at the end, which sometimes happens with certain ext4
configurations after a system crash.
Redis 3.2.5 Released Wed Oct 26 09:16:40 CEST 2016
===========================================================================
Upgrade urgency LOW: This release only fixes a compilation issue due to the
missing -ldl at linking time.
zach shipko in commit 4736407:
BSDs don't have -ldl
1 file changed, 15 insertions(+), 5 deletions(-)
antirez in commit 9ada818:
Fix modules compilation when libc malloc is used.
1 file changed, 2 insertions(+), 2 deletions(-)
This is a Redis critical release in order to fix a security issue
which is documented clearly here:
6d9f8e2462
Thanks to Cory Duplantis of Cisco Talos for reporting the issue.
IMPACT:
The gist is that using CONFIG SET calls (or by manipulating
redis.conf) an attacker is able to compromise certain fields of
the "server" global structure, including the aof filename pointer,
that could be made pointing to something else. In turn the AOF
name is used in different contexts such as logging, rename(2) and
open(2) syscalls, leading to potential problems.
Please note that since having access to CONFIG SET also means to
be able to change the AOF filename (and many other things)
directly, this issue actual real world impact is quite small, so I
would not panik: if you have CONFIG SET level of access, you can
do more and more easily.
AFFECTED VERSIONS:
- All Redis 3.2.x versions are affected.
OTHER CHANGES IN THIS RELEASE:
- TCP binding bug fixed when only certain addresses were available
for a given port.
- A much better crash report that includes part of the Redis binary:
this will allow to fix bugs even when we just have a crash log and
no other help from the original poster oft the issue.
- A fix for Redis Cluster redis-trib displaying of info after
creating a new cluster.
Redis 3.2.3
Bugfixes:
- There was an inverted if statement logic problem in
replication.c causing
a replication delay.
- Redis-cli created the history file with insecure permissions,
allowing reding from the file.
Redis 3.2.2
- There was a bug in the List type implementation, able to cause
the crash of the server under certain (non trivial to replicate)
circumstances when the LSET command was used.
- Redis Sentinel, when monitoring multiple masters, could crash
after a Sentinel address update event.
- Redis Sentinel now checks slaves INFO state more often when
disconnected.
- It was possible, under a variety of conditions, that the AOF and
RDB children process could spawn at the same time. This is known
to trash disk I/O, AOF performances, and to ultimately create
latency in the Redis server.
- Many GEORADIUS bugs are now fixed \o/.
New features:
- Now slaves support the slave-announce-ip and slave-announce-port
options.
- The RDB check utlity is now part of Redis and uses the same RDB
code that Redis uses in order to load the dataset in memory.
Upgrade urgency HIGH: Critical fix to Redis Sentinel, due to 3.2.0
regression compared to 3.0.
Hey, this is Redis 3.2.1, and this release should bring some grain of
maturity to Redis 3.2. The list of commits following this note will tell
you the details, but the main things addressed in this release are the
following:
1. A critical bug in Sentinel was hopefully fixed. During the big 3.2
refactoring of Redis Sentinel, in order to implement connection sharing
to make Sentinel able to scale better (few Sentinels to monitor many
masters), a bug was introduced that mis-counted the number of pending
commands in the Redis link. This in turn resulted into an inability to
talk with certain Redis instances. A common result of this bug was the
inability of Redis Sentinel to reconfigure back the old master, after
a failover, when it is reachable again, as the slave of the new master.
This was due to the inability to talk with the old master at all.
2. BITFIELD bugs fixed.
3. GEO commands fixes on syntax errors and edge cases.
4. RESTORE now accepts dumps generated by older Redis versions.
5. Jemalloc now is really configured to save you memory, for a problem a
change in the jemalloc configuration did not really survived when the
3.2.0 release was finalized.
6. TTL and TYPE command no longer alter the last access time of a key, for
LRU evictions purposes. A new TOUCH command was introduced *just* to
update the access time of a key.
7. A bug was fixed in redis-cli, that connected to the instance running on
the port 6379 if there was one, regardless of what was specified.
8. TCP keep alive is now enabled by default. This should fix most ghost
connections problems without resulting in any practical change in
otherwise sane deployments.
9. A Sentinel crash that could happen during failovers was fixed.
