diff options
author | adam <adam@pkgsrc.org> | 2022-11-22 19:11:10 +0000 |
---|---|---|
committer | adam <adam@pkgsrc.org> | 2022-11-22 19:11:10 +0000 |
commit | e14e209f59155ea11256f999572e7855c4618110 (patch) | |
tree | 0ac57de4ab416e46ab4cdc7563b9f93615fc9e8a /databases/mongodb3/DESCR | |
parent | f4ef15a5e512fb67e82de5e1842586ee72d39953 (diff) | |
download | pkgsrc-e14e209f59155ea11256f999572e7855c4618110.tar.gz |
redis: updated to 7.0.5
Redis 7.0.5 Released Wed Sep 21 20:00:00 IST 2022
================================================================================
Upgrade urgency: SECURITY, contains fixes to security issues.
Security Fixes:
* (CVE-2022-35951) Executing a XAUTOCLAIM command on a stream key in a specific
state, with a specially crafted COUNT argument, may cause an integer overflow,
a subsequent heap overflow, and potentially lead to remote code execution.
The problem affects Redis versions 7.0.0 or newer
[reported by Xion (SeungHyun Lee) of KAIST GoN].
Module API changes
==================
* Fix RM_Call execution of scripts when used with M/W/S flags to properly
handle script flags
* Fix RM_SetAbsExpire and RM_GetAbsExpire API registration
Bug Fixes
=========
* Fix a hang when eviction is combined with lazy-free and maxmemory-eviction-tenacity is set to 100
* Fix a crash when a replica may attempt to set itself as its master as a result of a manual failover
* Fix a bug where a cluster-enabled replica node may permanently set its master's hostname to '?'
* Fix a crash when a Lua script returns a meta-table
Fixes for issues in previous releases of Redis 7.0
--------------------------------------------------
* Fix redis-cli to do DNS lookup before sending CLUSTER MEET
* Fix crash when a key is lazy expired during cluster key migration
* Fix AOF rewrite to fsync the old AOF file when a new one is created
* Fix some crashes involving a list containing entries larger than 1GB
* Correctly handle scripts with a non-read-only shebang on a cluster replica
* Fix memory leak when unloading a module
* Fix bug with scripts ignoring client tracking NOLOOP
* Fix client-side tracking breaking protocol when FLUSHDB / FLUSHALL / SWAPDB is used inside MULTI-EXEC
* Fix ACL: BITFIELD with GET and also SET / INCRBY can be executed with read-only key permission
* Fix missing sections for INFO ALL when also requesting a module info section
================================================================================
Redis 7.0.4 Released Monday Jul 18 12:00:00 IST 2022
================================================================================
Upgrade urgency: SECURITY, contains fixes to security issues.
Security Fixes:
* (CVE-2022-31144) A specially crafted XAUTOCLAIM command on a stream
key in a specific state may result with heap overflow, and potentially
remote code execution. The problem affects Redis versions 7.0.0 or newer.
================================================================================
Redis 7.0.3 Released Monday Jul 11 12:00:00 IST 2022
================================================================================
Upgrade urgency: MODERATE, specifically if you're using a previous release of
Redis 7.0, contains fixes for bugs in previous 7.0 releases.
Performance and resource utilization improvements
=================================================
* Optimize zset conversion on large ZRANGESTORE
* Optimize the performance of sending PING on large clusters
* Allow for faster restart of Redis in cluster mode
INFO fields and introspection changes
=====================================
* Add missing sharded pubsub keychannel count to CLIENT LIST
* Add missing pubsubshard_channels field in INFO STATS
Module API changes
==================
* Add RM_StringToULongLong and RM_CreateStringFromULongLong
* Add RM_SetClientNameById and RM_GetClientNameById
Changes in CLI tools
====================
* Add missing cluster-port support to redis-cli --cluster
Other General Improvements
==========================
* Account sharded pubsub channels memory consumption
* Allow ECHO in loading and stale modes
* Cluster: Throw -TRYAGAIN instead of -ASK on migrating nodes for multi-key
commands when the node only has some of the keys
Bug Fixes
=========
* TLS: Notify clients on connection shutdown
* Fsync directory while persisting AOF manifest, RDB file, and config file
* Script that made modification will not break with unexpected NOREPLICAS error
* Cluster: Fix a bug where nodes may not acknowledge a CLUSTER FAILOVER TAKEOVER
after a replica reboots
* Cluster: Fix crash during handshake and cluster shards call
Fixes for issues in previous releases of Redis 7.0
--------------------------------------------------
* TLS: Fix issues with large replies
* Correctly report the startup warning for vm.overcommit_memory
* redis-server command line allow passing config name and value in the same argument
* Support --save command line argument with no value for backwards compatibility
* Fix CLUSTER RESET command regression requiring an argument
================================================================================
Redis 7.0.2 Released Sunday Jun 12 12:00:00 IST 2022
================================================================================
Upgrade urgency: MODERATE, specifically if you're using a previous release of
Redis 7.0, contains fixes for bugs in previous 7.0 releases.
Bug Fixes
=========
* Fixed SET and BITFIELD commands being wrongly marked movablekeys
Regression in 7.0 possibly resulting in excessive roundtrip from cluster clients.
* Fix crash when /proc/sys/vm/overcommit_memory is inaccessible
Regression in 7.0.1 resulting in crash on startup on some configurations.
================================================================================
Redis 7.0.1 Released Wed Jun 8 12:00:00 IST 2022
================================================================================
Upgrade urgency: MODERATE, specifically if you're using a previous release of
Redis 7.0, contains some behavior changes for new 7.0 features and important
fixes for bugs in previous 7.0 releases.
Improvements
============
* Add warning for suspected slow system clocksource setting
Add --check-system command line option.
* Allow read-only scripts (*_RO commands, and ones with `no-writes` flag)
during CLIENT PAUSE WRITE
* Add `readonly` flag in COMMAND command for EVAL_RO, EVALSHA_RO and FCALL_RO
* redis-server command line arguments now accept one string with spaces
for multi-arg configs
Potentially Breaking Changes
============================
* Omitting a config option value in command line argument no longer works
* Hide the `may_replicate` flag from the COMMAND command response
Potentially Breaking Changes for new Redis 7.0 features
-------------------------------------------------------
* Protocol: Sharded pubsub publish emits `smessage` instead of `message`
* CLUSTER SHARDS returns slots as RESP integers, not strings
* Block PFCOUNT and PUBLISH in read-only scripts (*_RO commands, and no-writes)
* Scripts that declare the `no-writes` flag are implicitly `allow-oom` too
Changes in CLI tools
====================
* redis-cli --bigkeys, --memkeys, --hotkeys, --scan. Finish nicely after Ctrl+C
Platform / toolchain support related improvements
=================================================
* Support tcp-keepalive config interval on MacOs
* Support RSS metrics on Haiku OS
INFO fields and introspection changes
=====================================
* Add isolated network metrics for replication.
Module API changes
==================
* Add two more new checks to RM_Call script mode
* Add new RM_Call flag to let Redis automatically refuse `deny-oom` commands
* Add module API RM_MallocUsableSize
* Add missing REDISMODULE_NOTIFY_NEW
* Fix cursor type in RedisModuleScanCursor to handle more than 2^31 elements
* Fix RM_Yield bugs and RM_Call("EVAL") OOM check bug
* Fix bugs in enum configs with overlapping bit flags
Bug Fixes
=========
* FLUSHALL correctly resets rdb_changes_since_last_save INFO field
* FLUSHDB is now propagated to replicas / AOF, even if the db is empty
* Replica fail and retry the PSYNC if the master is unresponsive
* Fix ZRANGESTORE crash when zset_max_listpack_entries is 0
Fixes for issues in previous releases of Redis 7.0
--------------------------------------------------
* CONFIG REWRITE could cause a config change to be dropped for aliased configs
* CONFIG REWRITE would omit rename-command and include lines
NOTE: Affected users who used Redis 7.0.0 to rewrite their configuration file
should review and fix the file.
* Fix broken protocol after MISCONF (persistence) error
* Fix --save command line regression
* Fix possible regression around TLS config changes. re-load files even if the
file name didn't change.
* Re-add SENTINEL SLAVES command, missing in redis 7.0
* BZMPOP gets unblocked by non-key args and returns them
* Fix possible memory leak in XADD and XTRIM
================================================================================
Redis 7.0.0 GA Released Wed Apr 27 12:00:00 IST 2022
================================================================================
Upgrade urgency: SECURITY, contains fixes to security issues.
Security Fixes:
* (CVE-2022-24736) An attacker attempting to load a specially crafted Lua script
can cause NULL pointer dereference which will result with a crash of the
redis-server process. This issue affects all versions of Redis.
[reported by Aviv Yahav].
* (CVE-2022-24735) By exploiting weaknesses in the Lua script execution
environment, an attacker with access to Redis can inject Lua code that will
execute with the (potentially higher) privileges of another Redis user.
[reported by Aviv Yahav].
New Features
============
* Keyspace event for new keys
Command replies that have been extended
---------------------------------------
* COMMAND DOCS shows deprecated_since field in command args
* COMMAND DOCS shows module name where applicable
Potentially Breaking Changes
============================
* Replicas panic when they fail writing persistence
* Prevent cross slot operations in functions and scripts with shebang
* Rephrased some error responses about invalid commands or args
* Lua scripts do not have access to the print() function
Performance and resource utilization improvements
=================================================
* Speed optimization in streams
* Speed optimization in command execution pipeline
* Speed optimization in listpack encoded sorted
* Speed optimization in latency tracking at INFO (relevant for 7.0 RCs)
* Speed optimization when there are many replicas (relevant for 7.0 RCs)
New configuration options
=========================
* Allow ignoring disk persistence errors on replicas
* Allow abort with panic when replica fails to execute a command sent by the master
* Allow configuring shutdown flags of SIGTERM and SIGINT
* Allow attaching an operating system-specific identifier to Redis sockets
Module API changes
==================
* Add argument specifying ACL reason for module log entry
Breaking API compatibility with 7.0 RCs
* Add the deprecated_since field in command args of COMMAND DOCS
Breaking API/ABI compatibility with 7.0 RCs
* Add module API flag for using enum configs as bit flags
* Add RM_PublishMessageShard
* Add RM_MallocSizeString, RM_MallocSizeDict
* Add RM_TryAlloc
Bug Fixes
=========
* Replica report disk persistence errors in PING
* Fixes around rejecting commands on replicas and AOF when they must be respected
* Durability fixes for appendfsync=always policy
Fixes for issues in previous release candidates of Redis 7.0
------------------------------------------------------------
* Fix possible crash on CONFIG REWRITE
* Fix regression not aborting transaction on errors
* Fix auto-aof-rewrite-percentage based AOFRW trigger after restart
* Fix bugs when AOF enabled after startup, in case of failure before the first rewrite completes
* Fix RM_Yield module API bug processing future commands of the current client
Diffstat (limited to 'databases/mongodb3/DESCR')
0 files changed, 0 insertions, 0 deletions