3712293322
Redis 6.2.4 =========== Upgrade urgency: SECURITY, Contains fixes to security issues that affect authenticated client connections. MODERATE otherwise. Fix integer overflow in STRALGO LCS (CVE-2021-32625) An integer overflow bug in Redis version 6.0 or newer can be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. This is a result of an incomplete fix by CVE-2021-29477. Bug fixes that are only applicable to previous releases of Redis 6.2: * Fix crash after a diskless replication fork child is terminated * Fix redis-benchmark crash on unsupported configs Other bug fixes: * Fix crash in UNLINK on a stream key with deleted consumer groups * SINTERSTORE: Add missing keyspace del event when none of the sources exist * Sentinel: Fix CONFIG SET of empty string sentinel-user/sentinel-pass configs * Enforce client output buffer soft limit when no traffic Improvements: * Hide AUTH passwords in MIGRATE command from slowlog |
||
|---|---|---|
| .. | ||
| files | ||
| patches | ||
| DESCR | ||
| distinfo | ||
| Makefile | ||
| options.mk | ||
| PLIST | ||