| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Redis 7.0.6
===========
Upgrade urgency: MODERATE, Contains fixes for a few non-critical or unlikely bugs,
and some dramatic optimizations to Geo, EVAL, and Sorted sets commands.
Potentially Breaking Bug Fixes for new Redis 7.0 features
=======================================================
* RM_ResetDataset module API should not clear the functions
* RM_Call module API used with the "C" flag to run scripts, would now cause
the commands in the script to check ACL with the designated user
Performance and resource utilization improvements
=================================================
* Geo commands speedups
* Fix EVAL command performance regression from Redis 7.0
* Reduce EXPIRE commands performance regression from Redis 7.0
* Optimize commands returning double values, mainly affecting zset commands
* Optimize Lua parsing of some command responses
* Optimize client memory usage tracking operation while client eviction is disabled
Platform / toolchain support related improvements
=================================================
* Fix compilation on Solaris
Module API changes
==================
* RM_SetContextUser, RM_SetModuleUserACLString, RM_GetModuleUserACLString
* Fix crash in CLIENT_CHANGE event, when the selected database is not 0
Changes in CLI tools
====================
* redis-benchmark avoid aborting on NOPERM from CONFIG GET
Bug Fixes
=========
* Avoid hang of diskless replication fork child when parent crashes
* Fix crash with module API of list iterator and RM_ListDelete
* Fix TLS error handling to avoid connection drops on timeouts
* Fix runtime changes to cluster-announce-*-port to take effect on the local node too
* Fix sentinel function that compares hostnames if failed resolve
* Fix MIGRATE with AUTH set to "keys" is getting wrong key names leading to MOVED or ACL errors
Fixes for issues in previous releases of Redis 7.0
--------------------------------------------------
* Fix command line startup --sentinel problem
* Fis missing FCALL commands in monitor
* Fix CLUSTER SHARDS showing empty hostname
* Replica that asks for rdb-only could have missed the EOF and hang
|
|
pkgsrc changes:
---------------
* "network" is not a requirement provided by pkgtools/rc.d-boot. Use
NETWORKING instead.
|
|
Redis 7.0.5 Released Wed Sep 21 20:00:00 IST 2022
================================================================================
Upgrade urgency: SECURITY, contains fixes to security issues.
Security Fixes:
* (CVE-2022-35951) Executing a XAUTOCLAIM command on a stream key in a specific
state, with a specially crafted COUNT argument, may cause an integer overflow,
a subsequent heap overflow, and potentially lead to remote code execution.
The problem affects Redis versions 7.0.0 or newer
[reported by Xion (SeungHyun Lee) of KAIST GoN].
Module API changes
==================
* Fix RM_Call execution of scripts when used with M/W/S flags to properly
handle script flags
* Fix RM_SetAbsExpire and RM_GetAbsExpire API registration
Bug Fixes
=========
* Fix a hang when eviction is combined with lazy-free and maxmemory-eviction-tenacity is set to 100
* Fix a crash when a replica may attempt to set itself as its master as a result of a manual failover
* Fix a bug where a cluster-enabled replica node may permanently set its master's hostname to '?'
* Fix a crash when a Lua script returns a meta-table
Fixes for issues in previous releases of Redis 7.0
--------------------------------------------------
* Fix redis-cli to do DNS lookup before sending CLUSTER MEET
* Fix crash when a key is lazy expired during cluster key migration
* Fix AOF rewrite to fsync the old AOF file when a new one is created
* Fix some crashes involving a list containing entries larger than 1GB
* Correctly handle scripts with a non-read-only shebang on a cluster replica
* Fix memory leak when unloading a module
* Fix bug with scripts ignoring client tracking NOLOOP
* Fix client-side tracking breaking protocol when FLUSHDB / FLUSHALL / SWAPDB is used inside MULTI-EXEC
* Fix ACL: BITFIELD with GET and also SET / INCRBY can be executed with read-only key permission
* Fix missing sections for INFO ALL when also requesting a module info section
================================================================================
Redis 7.0.4 Released Monday Jul 18 12:00:00 IST 2022
================================================================================
Upgrade urgency: SECURITY, contains fixes to security issues.
Security Fixes:
* (CVE-2022-31144) A specially crafted XAUTOCLAIM command on a stream
key in a specific state may result with heap overflow, and potentially
remote code execution. The problem affects Redis versions 7.0.0 or newer.
================================================================================
Redis 7.0.3 Released Monday Jul 11 12:00:00 IST 2022
================================================================================
Upgrade urgency: MODERATE, specifically if you're using a previous release of
Redis 7.0, contains fixes for bugs in previous 7.0 releases.
Performance and resource utilization improvements
=================================================
* Optimize zset conversion on large ZRANGESTORE
* Optimize the performance of sending PING on large clusters
* Allow for faster restart of Redis in cluster mode
INFO fields and introspection changes
=====================================
* Add missing sharded pubsub keychannel count to CLIENT LIST
* Add missing pubsubshard_channels field in INFO STATS
Module API changes
==================
* Add RM_StringToULongLong and RM_CreateStringFromULongLong
* Add RM_SetClientNameById and RM_GetClientNameById
Changes in CLI tools
====================
* Add missing cluster-port support to redis-cli --cluster
Other General Improvements
==========================
* Account sharded pubsub channels memory consumption
* Allow ECHO in loading and stale modes
* Cluster: Throw -TRYAGAIN instead of -ASK on migrating nodes for multi-key
commands when the node only has some of the keys
Bug Fixes
=========
* TLS: Notify clients on connection shutdown
* Fsync directory while persisting AOF manifest, RDB file, and config file
* Script that made modification will not break with unexpected NOREPLICAS error
* Cluster: Fix a bug where nodes may not acknowledge a CLUSTER FAILOVER TAKEOVER
after a replica reboots
* Cluster: Fix crash during handshake and cluster shards call
Fixes for issues in previous releases of Redis 7.0
--------------------------------------------------
* TLS: Fix issues with large replies
* Correctly report the startup warning for vm.overcommit_memory
* redis-server command line allow passing config name and value in the same argument
* Support --save command line argument with no value for backwards compatibility
* Fix CLUSTER RESET command regression requiring an argument
================================================================================
Redis 7.0.2 Released Sunday Jun 12 12:00:00 IST 2022
================================================================================
Upgrade urgency: MODERATE, specifically if you're using a previous release of
Redis 7.0, contains fixes for bugs in previous 7.0 releases.
Bug Fixes
=========
* Fixed SET and BITFIELD commands being wrongly marked movablekeys
Regression in 7.0 possibly resulting in excessive roundtrip from cluster clients.
* Fix crash when /proc/sys/vm/overcommit_memory is inaccessible
Regression in 7.0.1 resulting in crash on startup on some configurations.
================================================================================
Redis 7.0.1 Released Wed Jun 8 12:00:00 IST 2022
================================================================================
Upgrade urgency: MODERATE, specifically if you're using a previous release of
Redis 7.0, contains some behavior changes for new 7.0 features and important
fixes for bugs in previous 7.0 releases.
Improvements
============
* Add warning for suspected slow system clocksource setting
Add --check-system command line option.
* Allow read-only scripts (*_RO commands, and ones with `no-writes` flag)
during CLIENT PAUSE WRITE
* Add `readonly` flag in COMMAND command for EVAL_RO, EVALSHA_RO and FCALL_RO
* redis-server command line arguments now accept one string with spaces
for multi-arg configs
Potentially Breaking Changes
============================
* Omitting a config option value in command line argument no longer works
* Hide the `may_replicate` flag from the COMMAND command response
Potentially Breaking Changes for new Redis 7.0 features
-------------------------------------------------------
* Protocol: Sharded pubsub publish emits `smessage` instead of `message`
* CLUSTER SHARDS returns slots as RESP integers, not strings
* Block PFCOUNT and PUBLISH in read-only scripts (*_RO commands, and no-writes)
* Scripts that declare the `no-writes` flag are implicitly `allow-oom` too
Changes in CLI tools
====================
* redis-cli --bigkeys, --memkeys, --hotkeys, --scan. Finish nicely after Ctrl+C
Platform / toolchain support related improvements
=================================================
* Support tcp-keepalive config interval on MacOs
* Support RSS metrics on Haiku OS
INFO fields and introspection changes
=====================================
* Add isolated network metrics for replication.
Module API changes
==================
* Add two more new checks to RM_Call script mode
* Add new RM_Call flag to let Redis automatically refuse `deny-oom` commands
* Add module API RM_MallocUsableSize
* Add missing REDISMODULE_NOTIFY_NEW
* Fix cursor type in RedisModuleScanCursor to handle more than 2^31 elements
* Fix RM_Yield bugs and RM_Call("EVAL") OOM check bug
* Fix bugs in enum configs with overlapping bit flags
Bug Fixes
=========
* FLUSHALL correctly resets rdb_changes_since_last_save INFO field
* FLUSHDB is now propagated to replicas / AOF, even if the db is empty
* Replica fail and retry the PSYNC if the master is unresponsive
* Fix ZRANGESTORE crash when zset_max_listpack_entries is 0
Fixes for issues in previous releases of Redis 7.0
--------------------------------------------------
* CONFIG REWRITE could cause a config change to be dropped for aliased configs
* CONFIG REWRITE would omit rename-command and include lines
NOTE: Affected users who used Redis 7.0.0 to rewrite their configuration file
should review and fix the file.
* Fix broken protocol after MISCONF (persistence) error
* Fix --save command line regression
* Fix possible regression around TLS config changes. re-load files even if the
file name didn't change.
* Re-add SENTINEL SLAVES command, missing in redis 7.0
* BZMPOP gets unblocked by non-key args and returns them
* Fix possible memory leak in XADD and XTRIM
================================================================================
Redis 7.0.0 GA Released Wed Apr 27 12:00:00 IST 2022
================================================================================
Upgrade urgency: SECURITY, contains fixes to security issues.
Security Fixes:
* (CVE-2022-24736) An attacker attempting to load a specially crafted Lua script
can cause NULL pointer dereference which will result with a crash of the
redis-server process. This issue affects all versions of Redis.
[reported by Aviv Yahav].
* (CVE-2022-24735) By exploiting weaknesses in the Lua script execution
environment, an attacker with access to Redis can inject Lua code that will
execute with the (potentially higher) privileges of another Redis user.
[reported by Aviv Yahav].
New Features
============
* Keyspace event for new keys
Command replies that have been extended
---------------------------------------
* COMMAND DOCS shows deprecated_since field in command args
* COMMAND DOCS shows module name where applicable
Potentially Breaking Changes
============================
* Replicas panic when they fail writing persistence
* Prevent cross slot operations in functions and scripts with shebang
* Rephrased some error responses about invalid commands or args
* Lua scripts do not have access to the print() function
Performance and resource utilization improvements
=================================================
* Speed optimization in streams
* Speed optimization in command execution pipeline
* Speed optimization in listpack encoded sorted
* Speed optimization in latency tracking at INFO (relevant for 7.0 RCs)
* Speed optimization when there are many replicas (relevant for 7.0 RCs)
New configuration options
=========================
* Allow ignoring disk persistence errors on replicas
* Allow abort with panic when replica fails to execute a command sent by the master
* Allow configuring shutdown flags of SIGTERM and SIGINT
* Allow attaching an operating system-specific identifier to Redis sockets
Module API changes
==================
* Add argument specifying ACL reason for module log entry
Breaking API compatibility with 7.0 RCs
* Add the deprecated_since field in command args of COMMAND DOCS
Breaking API/ABI compatibility with 7.0 RCs
* Add module API flag for using enum configs as bit flags
* Add RM_PublishMessageShard
* Add RM_MallocSizeString, RM_MallocSizeDict
* Add RM_TryAlloc
Bug Fixes
=========
* Replica report disk persistence errors in PING
* Fixes around rejecting commands on replicas and AOF when they must be respected
* Durability fixes for appendfsync=always policy
Fixes for issues in previous release candidates of Redis 7.0
------------------------------------------------------------
* Fix possible crash on CONFIG REWRITE
* Fix regression not aborting transaction on errors
* Fix auto-aof-rewrite-percentage based AOFRW trigger after restart
* Fix bugs when AOF enabled after startup, in case of failure before the first rewrite completes
* Fix RM_Yield module API bug processing future commands of the current client
|
|
================================================================================
Redis 6.2.7 Released Wed Apr 27 12:00:00 IDT 2022
================================================================================
Upgrade urgency: SECURITY, contains fixes to security issues.
Security Fixes:
* (CVE-2022-24736) An attacker attempting to load a specially crafted Lua script
can cause NULL pointer dereference which will result with a crash of the
redis-server process. This issue affects all versions of Redis.
[reported by Aviv Yahav].
* (CVE-2022-24735) By exploiting weaknesses in the Lua script execution
environment, an attacker with access to Redis can inject Lua code that will
execute with the (potentially higher) privileges of another Redis user.
[reported by Aviv Yahav].
Potentially Breaking Fixes
==========================
* LPOP/RPOP with count against non-existing list return null array (#10095)
* LPOP/RPOP used to produce wrong replies when count is 0 (#9692)
Performance and resource utilization improvements
=================================================
* Speed optimization in command execution pipeline (#10502)
* Fix regression in Z[REV]RANGE commands (by-rank) introduced in Redis 6.2 (#10337)
Platform / toolchain support related improvements
=================================================
* Fix RSS metrics on NetBSD and OpenBSD (#10116, #10149)
* Fix OpenSSL 3.0.x related issues (#10291)
Bug Fixes
=========
* Lua: Add checks for min-slave-* configs when evaluating Lua scripts (#10160)
* Lua: fix crash on a script call with many arguments, a regression in v6.2.6 (#9809)
* Tracking: Make invalidation messages always after command's reply (#9422)
* Fix excessive stream trimming due to an overflow (#10068)
* Add missed error counting for INFO errorstats (#9646)
* Fix geo search bounding box check causing missing results (#10018)
* Improve EXPIRE TTL overflow detection (#9839)
* Modules: Fix thread safety violation when a module thread adds an error reply, broken in 6.2 (#10278)
* Modules: Fix missing and duplicate error stats (#10278)
* Module APIs: release clients blocked on module commands in cluster resharding
and down state (#9483)
* Sentinel: Fix memory leak with TLS (#9753)
* Sentinel: Fix issues with hostname support (#10146)
* Sentinel: Fix election failures on certain container environments (#10197)
|
|
All checksums have been double-checked against existing RMD160 and
SHA512 hashes
The following distfiles could not be fetched (some may be only fetched
conditionally):
./databases/cstore/distinfo D6.data.ros.gz
./databases/cstore/distinfo cstore0.2.tar.gz
./databases/cstore/distinfo data4.tar.gz
|
|
|
|
Redis 6.2.6
Upgrade urgency: SECURITY, contains fixes to security issues.
Security Fixes:
* (CVE-2021-41099) Integer to heap buffer overflow handling certain string
commands and network payloads, when proto-max-bulk-len is manually configured
to a non-default, very large value [reported by yiyuaner].
* (CVE-2021-32762) Integer to heap buffer overflow issue in redis-cli and
redis-sentinel parsing large multi-bulk replies on some older and less common
platforms [reported by Microsoft Vulnerability Research].
* (CVE-2021-32687) Integer to heap buffer overflow with intsets, when
set-max-intset-entries is manually configured to a non-default, very large
value [reported by Pawel Wieczorkiewicz, AWS].
* (CVE-2021-32675) Denial Of Service when processing RESP request payloads with
a large number of elements on many connections.
* (CVE-2021-32672) Random heap reading issue with Lua Debugger [reported by
Meir Shpilraien].
* (CVE-2021-32628) Integer to heap buffer overflow handling ziplist-encoded
data types, when configuring a large, non-default value for
hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries
or zset-max-ziplist-value [reported by sundb].
* (CVE-2021-32627) Integer to heap buffer overflow issue with streams, when
configuring a non-default, large value for proto-max-bulk-len and
client-query-buffer-limit [reported by sundb].
* (CVE-2021-32626) Specially crafted Lua scripts may result with Heap buffer
overflow [reported by Meir Shpilraien].
Bug fixes that involve behavior changes:
* GEO* STORE with empty source key deletes the destination key and return 0
Previously it would have returned an empty array like the non-STORE variant.
* PUBSUB NUMPAT replies with number of patterns rather than number of subscriptions
This actually changed in 6.2.0 but was overlooked and omitted from the release notes.
Bug fixes that are only applicable to previous releases of Redis 6.2:
* Fix CLIENT PAUSE, used an old timeout from previous PAUSE
* Fix CLIENT PAUSE in a replica would mess the replication offset
* Add some missing error statistics in INFO errorstats
Other bug fixes:
* Fix incorrect reply of COMMAND command key positions for MIGRATE command
* Fix appendfsync to always guarantee fsync before reply, on MacOS and FreeBSD (kqueue)
* Fix the wrong mis-detection of sync_file_range system call, affecting performance
CLI tools:
* When redis-cli received ASK response, it didn't handle it
Improvements:
* Add latency monitor sample when key is deleted via lazy expire
* Sanitize corrupt payload improvements
* Delete empty keys when loading RDB file or handling a RESTORE command
|
|
Redis 6.2.5
==========
Upgrade urgency: SECURITY, contains fixes to security issues that affect
authenticated client connections on 32-bit versions. MODERATE otherwise.
Fix integer overflow in BITFIELD on 32-bit versions (CVE-2021-32761).
An integer overflow bug in Redis version 2.2 or newer can be exploited using the
BITFIELD command to corrupt the heap and potentially result with remote code
execution.
Bug fixes that involve behavior changes:
* Change reply type for ZPOPMAX/MIN with count in RESP3 to nested array.
Was using a flat array like in RESP2 instead of a nested array like ZRANGE does.
* Fix reply type for HRANDFIELD and ZRANDMEMBER when key is missing.
Was using a null array instead of an empty array.
* Fix reply type for ZRANGESTORE when source key is missing.
Was using an empty array like ZRANGE instead of 0 (used in the STORE variant).
Bug fixes that are only applicable to previous releases of Redis 6.2:
* ZRANDMEMBER WITHSCORES with negative COUNT may return bad score
* Fix crash after CLIENT UNPAUSE when threaded I/O config is enabled
* Fix XTRIM or XADD with LIMIT may delete more entries than the limit
* Fix build issue with OpenSSL 1.1.0
Other bug fixes:
* Fail EXEC command in case a watched key is expired
* Fix SMOVE not to invalidate dest key (WATCH and tracking) when member already exists
* Fix SINTERSTORE not to delete dest key when getting a wrong type error
* Fix overflows on 32-bit versions in GETBIT, SETBIT, BITCOUNT, BITPOS, and BITFIELD
* Improve MEMORY USAGE on stream keys
* Set TCP keepalive on inbound cluster bus connections
* Fix diskless replica loading to recover from RDB short read on module AUX data
* Fix race in client side tracking
* Fix ziplist length updates on big-endian platforms
CLI tools:
* redis-cli cluster import command may issue wrong MIGRATE command, sending COPY instead of REPLACE
* redis-cli --rdb fixes when using "-" to write to stdout
* redis-cli support for RESP3 set type in CSV and RAW output
Modules:
* Module API for getting current command name
* Fix RM_StringTruncate when newlen is 0
* Fix CLIENT UNBLOCK crashing modules without timeout callback
|
|
Redis 6.2.4
===========
Upgrade urgency: SECURITY, Contains fixes to security issues that affect
authenticated client connections. MODERATE otherwise.
Fix integer overflow in STRALGO LCS (CVE-2021-32625)
An integer overflow bug in Redis version 6.0 or newer can be exploited using the
STRALGO LCS command to corrupt the heap and potentially result with remote code
execution. This is a result of an incomplete fix by CVE-2021-29477.
Bug fixes that are only applicable to previous releases of Redis 6.2:
* Fix crash after a diskless replication fork child is terminated
* Fix redis-benchmark crash on unsupported configs
Other bug fixes:
* Fix crash in UNLINK on a stream key with deleted consumer groups
* SINTERSTORE: Add missing keyspace del event when none of the sources exist
* Sentinel: Fix CONFIG SET of empty string sentinel-user/sentinel-pass configs
* Enforce client output buffer soft limit when no traffic
Improvements:
* Hide AUTH passwords in MIGRATE command from slowlog
|
|
================================================================================
Redis 6.2.3 Released Mon May 3 19:00:00 IST 2021
================================================================================
Upgrade urgency: SECURITY, Contains fixes to security issues that affect
authenticated client connections. LOW otherwise.
Integer overflow in STRALGO LCS command (CVE-2021-29477):
An integer overflow bug in Redis version 6.0 or newer could be exploited using
the STRALGO LCS command to corrupt the heap and potentially result in remote
code execution. The integer overflow bug exists in all versions of Redis
starting with 6.0.
Integer overflow in COPY command for large intsets (CVE-2021-29478):
An integer overflow bug in Redis 6.2 could be exploited to corrupt the heap and
potentially result with remote code execution. The vulnerability involves
changing the default set-max-intset-entries configuration value, creating a
large set key that consists of integer values and using the COPY command to
duplicate it. The integer overflow bug exists in all versions of Redis starting
with 2.6, where it could result with a corrupted RDB or DUMP payload, but not
exploited through COPY (which did not exist before 6.2).
Bug fixes that are only applicable to previous releases of Redis 6.2:
* Fix memory leak in moduleDefragGlobals
* Fix memory leak when doing lazy freeing client tracking table
* Block abusive replicas from sending command that could assert and crash redis
Other bug fixes:
* Use a monotonic clock to check for Lua script timeout
* redis-cli: Do not use unix socket when we got redirected in cluster mode
Modules:
* Fix RM_GetClusterNodeInfo() to correctly populate master id
|
|
Redis 6.2.2
===========
Upgrade urgency: HIGH, if you're using ACL and pub/sub, CONFIG REWRITE, or
suffering from performance regression. see below.
Bug fixes for regressions in previous releases of Redis 6.2:
* Fix BGSAVE, AOFRW, and replication slowdown due to child reporting CoW
* Fix short busy loop when timer event is about to fire
* Fix default user, overwritten and reset users losing pubsub channel permissions
* Fix config rewrite with an empty `save` config resulsing in default `save` values
* Fix not starting on alpine/libmusl without IPv6
* Fix issues with propagation and MULTI/EXEC in modules
Several issues around nested calls and thread safe contexts
Bug fixes that are only applicable to previous releases of Redis 6.2:
* ACL Pub/Sub channels permission handling for save/load scenario
* Fix early rejection of PUBLISH inside MULTI-EXEC transaction
* Fix missing SLOWLOG records for blocked commands
* Allow RESET command during busy scripts
* Fix some error replies were not counted on stats
Bug fixes:
* Add a timeout mechanism for replicas stuck in fullsync
* Process HELLO command even if the default user has no permissions
* Client issuing a long running script and using a pipeline, got disconnected
* Fix script kill to work also on scripts that use `pcall`
* Fix list-compress-depth may compress more node than required
* Fix redis-cli handling of rediss:// URL scheme
* Cluster: Skip unnecessary check which may prevent failure detection
* Cluster: Fix hang manual failover when replica just started
* Sentinel: Fix info-refresh time field before sentinel get first response
* Sentinel: Fix possible crash on failed connection attempt
* Systemd: Send the readiness notification when a replica is ready to accept connections
Command behavior changes:
* ZADD: fix wrong reply when INCR used with GT/LT which blocked the update
It was responding with the incremented value rather than nil
* XAUTOCLAIM: fix response to return the next available id as the cursor
Previous behavior was retuning the last one which was already scanned
* XAUTOCLAIM: fix JUSTID to prevent incrementing delivery_count
New config options:
* Add cluster-allow-replica-migration config option
* Add replica-announced config option
* Add support for plaintext clients in TLS cluster
* Add support for reading encrypted keyfiles
Improvements:
* Fix performance regression in BRPOP on Redis 6.0
* Avoid adding slowlog entries for config with sensitive data
* Improve redis-cli non-binary safe string handling
* Optimize CLUSTER SLOTS reply
* Handle remaining fsync errors
Info fields and introspection changes:
* Strip % sign from current_fork_perc info field
* Fix RSS memory info on FreeBSD
* Fix client_recent_max_input/output_buffer in 'INFO CLIENTS' when all clients drop
* Fix invalid master_link_down_since_seconds in info replication
Platform and deployment-related changes:
* Fix FreeBSD <12.x builds
Modules:
* Add macros for RedisModule_log logging levels
* Add RedisModule_GetAbsExpire / RedisModule_SetAbsExpire
* Add a module type for key space notification
* Set module eviction context flag only in masters
* Fix unusable RedisModule_IsAOFClient API
* Fix missing EXEC on modules propagation after failed EVAL execution
* Fix edge-case when a module client is unblocked
|
|
The previous change for CVE-2016-2121 installed a configuration file that could
not be read by the default redis user. Bump PKGREVISION.
|
|
Redis 6.2.1
Upgrade urgency: LOW.
Bug fixes:
* Fix sanitize-dump-payload for stream with deleted records
* Prevent client-query-buffer-limit config from being set to lower than 1mb
Improvements:
* Make port, tls-port and bind config options modifiable at runtime
Platform and deployment-related changes:
* Fix compilation error on non-glibc systems if jemalloc is not used
* Improved memory consumption and memory usage tracking on FreeBSD
* Fix compilation on ARM64 MacOS with jemalloc
Modules:
* New Module API for getting user name of a client
* Optimize RM_Call by utilizing a shared reusable client
* Fix crash running CLIENT INFO via RM_Call
|
|
Redis 6.2.0 GA Released Tue Feb 22 14:00:00 IST 2021
================================================================================
Upgrade urgency: SECURITY if you use 32bit build of redis (see bellow), MODERATE
if you used earlier versions of Redis 6.2, LOW otherwise.
Integer overflow on 32-bit systems (CVE-2021-21309):
Redis 4.0 or newer uses a configurable limit for the maximum supported bulk
input size. By default, it is 512MB which is a safe value for all platforms.
If the limit is significantly increased, receiving a large request from a client
may trigger several integer overflow scenarios, which would result with buffer
overflow and heap corruption.
Bug fixes:
* Avoid 32-bit overflows when proto-max-bulk-len is set high
* Fix broken protocol in client tracking tracking-redir-broken message
* Avoid unsafe field name characters in INFO commandstats, errorstats, modules
* XINFO able to access expired keys during CLIENT PAUSE WRITE
* Fix allowed length for REPLCONF ip-address, needed due to Sentinel's support for hostnames
* Fix broken protocol in redis-benchmark when used with -a or --dbnum
* XADD counts deleted records too when considering switching to a new listpack
Bug fixes that are only applicable to previous releases of Redis 6.2:
* Fixes in GEOSEARCH bybox (accuracy and mismatch between width and height)
* Fix risk of OOM panic in HRANDFIELD, ZRANDMEMBER commands with huge negative count
* Fix duplicate replicas issue in Sentinel, needed due to hostname support
* Fix Sentinel configuration rewrite
Command behavior changes:
* SRANDMEMBER uses RESP3 array type instead of set type
* EXPIRE, EXPIREAT, SETEX, GETEX: Return error when provided expire time overflows
Other behavior changes:
* Remove ACL subcommand validation if fully added command exists.
Improvements:
* Optimize sorting in GEORADIUS / GEOSEARCH with COUNT
* Optimize HRANDFIELD and ZRANDMEMBER case 4 when ziplist encoded
* Optimize in-place replacement of elements in HSET, HINCRBY, LSET
* Remove redundant list to store pubsub patterns
* Add --insecure option to command line tools
Info fields and introspection changes:
* Add INFO fields to track progress of BGSAVE, AOFRW, replication
Modules:
* RM_ZsetRem: Delete key if empty, the bug could leave empty zset keys
* RM_HashSet: Add COUNT_ALL flag and set errno
Redis 6.2 RC3 Released Tue Feb 1 14:00:00 IST 2021
================================================================================
Upgrade urgency LOW: This is the third Release Candidate of Redis 6.2.
New commands / args:
* Add HRANDFIELD and ZRANDMEMBER commands
* Add FAILOVER command
* Add GETEX, GETDEL commands
* Add PXAT/EXAT arguments to SET command
* Add SYNC arg to FLUSHALL and FLUSHDB, and ASYNC/SYNC arg to SCRIPT FLUSH
Sentinel:
* Add hostname support to Sentinel
* Prevent file descriptors from leaking into Sentinel scripts
* Fix config file line order dependency and config rewrite sequence
New configuration options:
* Add set-proc-title config option to disable changes to the process title
* Add proc-title-template option to control what's shown in the process title
* Add lazyfree-lazy-user-flush config option to control FLUSHALL, FLUSHDB and SCRIPT FLUSH
Bug fixes:
* AOF: recover from last write error by turning on/off appendonly config
* Exit on fsync error when the AOF fsync policy is 'always'
* Avoid assertions (on older kernels) when testing arm64 CoW bug
* CONFIG REWRITE should honor umask settings
* Fix firstkey,lastkey,step in COMMAND command for some commands
Special considerations:
* Fix misleading description of the save configuration directive
Improvements:
* A way to get RDB file via replication without excessive replication buffers
* Optimize performance of clusterGenNodesDescription for large clusters
Info fields and introspection changes:
* SLOWLOG and LATENCY monitor include unblocking time of blocked commands
Modules:
* Add modules API for streams
* Add event for fork child birth and termination
* Add RM_BlockedClientMeasureTime* etc, to track background processing in commandstats
* Fix bug in v6.2, wrong value passed to the new unlink callback
* Fix bug in v6.2, modules blocked on keys unblock on commands like LPUSH
Redis 6.2 RC2 Released Tue Jan 12 16:17:20 IST 2021
================================================================================
Upgrade urgency LOW: This is the second Release Candidate of Redis 6.2.
IMPORTANT: If you're running Redis on ARM64 or a big-endian system, upgrade may
have significant implications. Please be sure to read the notes below.
New commands / args:
* Add the REV, BYLEX and BYSCORE arguments to ZRANGE, and the ZRANGESTORE command
* Add the XAUTOCLAIM command
* Add the MINID trimming strategy and the LIMIT argument to XADD and XTRIM
* Add the ANY argument to GEOSEARCH and GEORADIUS
* Add the CH, NX, XX arguments to GEOADD
* Add the COUNT argument to LPOP and RPOP
* Add the WRITE argument to CLIENT PAUSE for pausing write commands exclusively
* Change the proto-ver argument of HELLO to optional
* Add the CLIENT TRACKINGINFO subcommand
Command behavior changes:
* CLIENT TRACKING yields an error when given overlapping BCAST prefixes
* SWAPDB invalidates WATCHed keys
* SORT command behaves differently when used on a writable replica
Other behavior changes:
* Avoid propagating MULTI/EXEC for read-only transactions
* Remove the read-only flag from TIME, ECHO, ROLE, LASTSAVE
* Fix the command flags of PFDEBUG
* Tracking clients will no longer receive unnecessary key invalidation messages after FLUSHDB
* Sentinel: Fix missing updates to the config file after SENTINEL SET command
Bug fixes with compatibility implications (bugs introduced in Redis 6.0):
* Fix RDB CRC64 checksum on big-endian systems
If you're using big-endian please consider the compatibility implications with
RESTORE, replication and persistence.
* Fix wrong order of key/value in Lua's map response
If your scripts use redis.setresp() or return a map (new in Redis 6.0), please
consider the implications.
Bug fixes that are only applicable to previous releases of Redis 6.2:
* Resolve rare assertions in active defragmentation while loading
Bug fixes:
* Fix the selection of a random element from large hash tables
* Fix an issue where a forked process deletes the parent's pidfile
* Fix crashes when enabling io-threads-do-reads
* Fix a crash in redis-cli after executing cluster backup
* Fix redis-benchmark to use an IP address for the first cluster node
* Fix saving of strings larger than 2GB into RDB files
Additional improvements:
* Improve replication handshake time
* Release client tracking table memory asynchronously in cases where the DB is also freed asynchronously
* Avoid wasteful transient memory allocation in certain cases
* Handle binary string values by the 'requirepass' and 'masterauth' configs
Platform and deployment-related changes:
* Install redis-check-rdb and redis-check-aof as symlinks to redis-server
* Add a check for an ARM64 Linux kernel bug
Due to the potential severity of this issue, Redis will refuse to run on
affected platforms by default.
Info fields and introspection changes:
* Add the errorstats section to the INFO command
* Add the failed_calls and rejected_calls fields INFO's commandstats section
* Report child copy-on-write metrics continuously
Module API changes:
* Add the RedisModule_SendChildCOWInfo API
* Add the may-replicate command flag
Redis 6.2 RC1 Released Mon Dec 14 11:50:00 IST 2020
================================================================================
Upgrade urgency LOW: This is the first Release Candidate of Redis 6.2.
Introduction to the Redis 6.2 release
=====================================
This release is the first significant Redis release managed by the core team
under the new project governance model.
Redis 6.2 includes many new commands and improvements, but no big features. It
mainly makes Redis more complete and addresses issues that have been requested
by many users frequently or for a long time.
Many of these changes were not eligible for 6.0.x for several reasons:
1. They are not backward compatible, which is always the case with new or
extended commands (that cannot be replicated to an older replica).
2. They require a longer release-candidate test cycle.
New commands / args:
* Add SMISMEMBER command that checks multiple members
* Add ZMSCORE command that returns an array of scores
* Add LMOVE and BLMOVE commands that pop and push arbitrarily
* Add RESET command that resets client connection state
* Add COPY command that copies keys
* Add ZDIFF and ZDIFFSTORE commands
* Add ZINTER and ZUNION commands
* Add GEOSEARCH/GEOSEARCHSTORE commands for bounding box spatial queries
* Add GET parameter to SET command, for more powerful GETSET
* Add exclusive range query to XPENDING
* Add exclusive range query to X[REV]RANGE
* Add GT and LT options to ZADD for conditional score updates
* Add CLIENT INFO and CLIENT LIST for specific ids
* Add IDLE argument to XPENDING command
* Add local address to CLIENT LIST, and a CLIENT KILL filter.
* Add NOMKSTREAM option to XADD command
* Add command introspection to Sentinel
* Add SENTINEL MYID subcommand
New features:
* Dump payload sanitization: prevent corrupt payload causing crashes
Has flags to enable full O(N) validation (disabled by default).
* ACL patterns for Pub/Sub channels
* Support ACL for Sentinel mode
* Support getting configuration from both stdin and file at the same time
Lets you avoid storing secrets on the disk.
New features in CLI tools:
* redis-cli RESP3 push support
* redis-cli cluster import support source and target that require auth
* redis-cli URIs able to provide user name in addition to password
* redis-cli/redis-benchmark allow specifying the prefered ciphers/ciphersuites
* redis-cli add -e option to exit with code when command execution fails
Command behavior changes:
* EXISTS should not alter LRU
In Redis 5.0 and 6.0 it would have touched the LRU/LFU of the key.
* OBJECT should not reveal logically expired keys
Will now behave the same TYPE or any other non-DEBUG command.
* Improve db id range check for SELECT and MOVE
Changes the error message text on a wrong db index.
* Modify AUTH / HELLO error message
Changes the error message text when the user isn't found or is disabled.
* BITOPS length limited to proto_max_bulk_len rather than 512MB
The limit is now configurable like in SETRANGE, and APPEND.
* GEORADIUS[BYMEMBER] can fail with -OOM if Redis is over the memory limit
Other behavior changes:
* Optionally (default) fail to start if requested bind address is not available
If you rely on Redis starting successfully even if one of the bind addresses
is not available, you'll need to tune the new config.
* Limit the main db dictionaries expansion to prevent key eviction
In the past big dictionary rehashing could result in massive data eviction.
Now this rehashing is delayed (up to a limit), which can result in performance
loss due to hash collisions.
* CONFIG REWRITE is atomic and safer, but requires write access to the config file's folder
This change was already present in 6.0.9, but was missing from the release
notes.
* A new incremental eviction mechanism that reduces latency on eviction spikes
In pathological cases this can cause memory to grow uncontrolled and may require
specific tuning.
* Not resetting "save" config when Redis is started with command line arguments.
In case you provide command line arguments without "save" and count on it
being disabled, Now the defaults "save" config will kick in.
* Update memory metrics for INFO during loading
* When "supervised" config is enabled, it takes precedence over "daemonize".
* Assertion and panic, print crash log without generating SIGSEGV
* Added crash log report on SIGABRT, instead of silently exiting
* Disable THP (Transparent Huge Pages) if enabled
If you deliberately enabled it, you'll need to config Redis to keep it.
Bug fixes:
* Handle output buffer limits for module blocked clients
Could result in a module sending reply to a blocked client to go beyond the
limit.
* Fix setproctitle related crashes.
Caused various crashes on startup, mainly on Apple M1 chips or under
instrumentation.
* A module doing RM_Call could cause replicas to get nested MULTI
* Backup/restore cluster mode keys to slots map for repl-diskless-load=swapdb
In cluster mode with repl-diskless-load, when loading failed, slot map
wouldn't have been restored.
* Fix oom-score-adj-values range, and bug when used in config file
Enabling setting this in the config file in a line after enabling it, would
have been buggy.
* Reset average ttl when empty databases
Just causing misleading metric in INFO
* Disable rehash when Redis has child process
This could have caused excessive CoW during BGSAVE, replication or AOFRW.
* Further improved ACL algorithm for picking categories
Output of ACL GETUSER is now more similar to the one provided by ACL SETUSER.
* Fix bug with module GIL being released prematurely
Could in theory (and rarely) cause multi-threaded modules to corrupt memory.
* Fix cluster redirect for module command with no firstkey.
* Reduce effect of client tracking causing feedback loop in key eviction
* Kill disk-based fork child when all replicas drop and 'save' is not enabled
* Rewritten commands (modified for propagation) are logged as their original command
* Fix cluster access to unaligned memory (SIGBUS on old ARM)
* If diskless repl child is killed, make sure to reap the child pid
* Broadcast a PONG message when slot's migration is over, may reduce MOVED responses
Other improvements:
* TLS Support in redis-benchmark
* Accelerate diskless master connections, and general re-connections
* Run active defrag while blocked / loading
* Performance and memory reporting improvement - sds take control of its internal fragmentation
* Speedup cluster failover.
Platform / toolchain support related improvements:
* Optionally (not by default) use H/W Monotonic clock for faster time sampling
* Remove the requirements for C11 and _Atomic supporting compiler
This would allow to more easily build and use Redis on older systems and
compilers again.
* Fix crash log registers output on ARM.
* Raspberry build fix.
* Setting process title support for Haiku.
* DragonFlyBSD RSS memory sampling support.
New configuration options:
* Enable configuring OpenSSL using the standard openssl.cnf
* oom-score-adj-values config can now take absolute values (besides relative ones)
* TLS: Add different client cert support.
* Note that a few other changes listed above added their config options.
Info fields and introspection changes:
* Add INFO fields to track diskless and disk-based replication progress
* Add INFO field for main thread cpu time, and scrape system time.
* Add total_forks to INFO STATS
* Add maxclients and cluster_connections to INFO CLIENTS
* Add tracking bcast flag and client redirection in client list
* Fixed INFO client_recent_max_input_buffer includes argv array
* Note that a few other changes listed above added their info fields.
Module API changes:
* Add CTX_FLAGS_DENY_BLOCKING as a unified the way to know if blocking is allowed
* Add data type callbacks for lazy free effort, and unlink
* Add data type callback for COPY command
* Add callbacks for defrag support.
* Add module event for repl-diskless-load swapdb
Module related fixes:
* Moved RMAPI_FUNC_SUPPORTED so that it's usable
* Improve timer accuracy
* Allow '\0' inside of result of RM_CreateStringPrintf
|
|
Redis 6.0.10
============
Upgrade urgency MODERATE: several bugs with moderate impact are fixed,
Here is a comprehensive list of changes in this release compared to 6.0.9.
Command behavior changes:
* SWAPDB invalidates WATCHed keys
* SORT command behaves differently when used on a writable replica
* EXISTS should not alter LRU
In Redis 5.0 and 6.0 it would have touched the LRU/LFU of the key.
* OBJECT should not reveal logically expired keys
Will now behave the same TYPE or any other non-DEBUG command.
* GEORADIUS[BYMEMBER] can fail with -OOM if Redis is over the memory limit
Other behavior changes:
* Sentinel: Fix missing updates to the config file after SENTINEL SET command
* CONFIG REWRITE is atomic and safer, but requires write access to the config file's folder
This change was already present in 6.0.9, but was missing from the release notes.
Bug fixes with compatibility implications (bugs introduced in Redis 6.0):
* Fix RDB CRC64 checksum on big-endian systems
If you're using big-endian please consider the compatibility implications with
RESTORE, replication and persistence.
* Fix wrong order of key/value in Lua's map response
If your scripts use redis.setresp() or return a map (new in Redis 6.0), please
consider the implications.
Bug fixes:
* Fix an issue where a forked process deletes the parent's pidfile
* Fix crashes when enabling io-threads-do-reads
* Fix a crash in redis-cli after executing cluster backup
* Handle output buffer limits for module blocked clients
Could result in a module sending reply to a blocked client to go beyond the limit.
* Fix setproctitle related crashes.
Caused various crashes on startup, mainly on Apple M1 chips or under instrumentation.
* Backup/restore cluster mode keys to slots map for repl-diskless-load=swapdb
In cluster mode with repl-diskless-load, when loading failed, slot map wouldn't
have been restored.
* Fix oom-score-adj-values range, and bug when used in config file
Enabling setting this in the config file in a line after enabling it, would
have been buggy.
* Reset average ttl when empty databases
Just causing misleading metric in INFO
* Disable rehash when Redis has child process
This could have caused excessive CoW during BGSAVE, replication or AOFRW.
* Further improved ACL algorithm for picking categories
Output of ACL GETUSER is now more similar to the one provided by ACL SETUSER.
* Fix bug with module GIL being released prematurely
Could in theory (and rarely) cause multi-threaded modules to corrupt memory.
* Reduce effect of client tracking causing feedback loop in key eviction
* Fix cluster access to unaligned memory (SIGBUS on old ARM)
* Fix saving of strings larger than 2GB into RDB files
Additional improvements:
* Avoid wasteful transient memory allocation in certain cases
Platform / toolchain support related improvements:
* Fix crash log registers output on ARM.
* Add a check for an ARM64 Linux kernel bug
Due to the potential severity of this issue, Redis will print log warning on startup.
* Raspberry build fix.
New configuration options:
* oom-score-adj-values config can now take absolute values (besides relative ones)
Module related fixes:
* Moved RMAPI_FUNC_SUPPORTED so that it's usable
* Improve timer accuracy
* Allow '\0' inside of result of RM_CreateStringPrintf
|
|
|
|
Redis 6.0.9
===========
Upgrade urgency: SECURITY if you use an affected platform (see below).
Otherwise the upgrade urgency is MODERATE.
This release fixes a potential heap overflow when using a heap allocator other
than jemalloc or glibc's malloc. See:
https://github.com/redis/redis/pull/7963
Other fixes in this release:
New:
* Memory reporting of clients argv
* Add redis-cli control on raw format line delimiter
* Add redis-cli support for rediss:// -u prefix
* Get rss size support for NetBSD and DragonFlyBSD
Behavior changes:
* WATCH no longer ignores keys which have expired for MULTI/EXEC
* Correct OBJECT ENCODING response for stream type
* Allow blocked XREAD on a cluster replica
* TLS: Do not require CA config if not used
Bug fixes:
* INFO report real peak memory (before eviction)
* Allow requirepass config to clear the password
* Fix config rewrite file handling to make it really atomic
* Fix excessive categories being displayed from ACLs
* Add fsync in replica when full RDB payload was received
* Don't write replies to socket when output buffer limit reached
* Fix redis-check-rdb support for modules aux data
* Other smaller bug fixes
Modules API:
* Add APIs for version and compatibility checks
* Add RM_GetClientCertificate
* Add RM_GetDetachedThreadSafeContext
* Add RM_GetCommandKeys
* Add Swapdb Module Event
* RM_GetContextFlags provides indication of being in a fork child
* RM_GetContextFlags document missing flags: MULTI_DIRTY, IS_CHILD
* Expose real client on connection events
* Minor improvements to module blocked on keys
|
|
Redis 6.0.8
===========
Upgrade urgency HIGH: Anyone who's using Redis 6.0.7 with Sentinel or
CONFIG REWRITE command is affected and should upgrade ASAP.
Bug fixes:
* CONFIG REWRITE after setting oom-score-adj-values either via CONFIG SET or
loading it from a config file, will generate a corrupt config file that will
cause Redis to fail to start
* Fix issue with redis-cli --pipe on MacOS
* Fix RESP3 response for HKEYS/HVALS on non-existing key
* Various small bug fixes
New features / Changes:
* Remove THP warning when set to madvise
* Allow EXEC with read commands on readonly replica in cluster
* Add masters/replicas options to redis-cli --cluster call command
Module API:
* Add RedisModule_ThreadSafeContextTryLock
|
|
Redis 6.0.7
Upgrade urgency MODERATE: several bugs with moderate impact are fixed,
Specifically the first two listed below which cause protocol errors for clients.
Bug fixes:
* CONFIG SET could hung the client when arrives during RDB/ROF loading (When
processed after another command that was also rejected with -LOADING error)
* LPOS command when RANK is greater than matches responded wiht broken protocol
(negative multi-bulk count)
* UNLINK / Lazyfree for stream type key would have never do async freeing
* PERSIST should invalidate WATCH (Like EXPIRE does)
* EXEC with only read commands could have be rejected when OOM
* TLS: relax verification on CONFIG SET (Don't error if some configs are set
and tls isn't enabled)
* TLS: support cluster/replication without tls-port
* Systemd startup after network is online
* Redis-benchmark improvements
* Various small bug fixes
New features:
* Add oom-score-adj configuration option to control Linux OOM killer
* Show IO threads statistics and status in INFO output
* Add optional tls verification mode (see tls-auth-clients)
Module API:
* Add RedisModule_HoldString
* Add loaded keyspace event
* Fix RedisModuleEvent_LoadingProgress
* Fix RedisModuleEvent_MasterLinkChange hook missing on successful psync
* Fix missing RM_CLIENTINFO_FLAG_SSL
* Refactor redismodule.h for use with -fno-common / extern
|
|
redis does not look in a particular path but wants the config file
path passed on the command line. The SMF script already did this,
but the rc.d script passed configuration on the command line,
causing redis to neither write a log file nor a database by default.
Bump PKGREVISION.
|
|
Bump PKGREVISION.
|
|
|
|
The build infrastructure expects it to be there, and throws weird shell
errors if it isn't.
|
|
The configuration file was installed mode 644, but could contain passwords.
Bump PKGREVISION.
|
|
Redis 6.0.6
===========
Upgrade urgency MODERATE: several bugs with moderate impact are fixed here.
The most important issues are listed here:
* Fix crash when enabling CLIENT TRACKING with prefix
* EXEC always fails with EXECABORT and multi-state is cleared
* RESTORE ABSTTL won't store expired keys into the db
* redis-cli better handling of non-pritable key names
* TLS: Ignore client cert when tls-auth-clients off
* Tracking: fix invalidation message on flush
* Notify systemd on Sentinel startup
* Fix crash on a misuse of STRALGO
* Few fixes in module API
* Fix a few rare leaks (STRALGO error misuse, Sentinel)
* Fix a possible invalid access in defrag of scripts (unlikely to cause real harm)
New features:
* LPOS command to search in a list
* Use user+pass for MIGRATE in redis-cli and redis-benchmark in cluster mode
* redis-cli support TLS for --pipe, --rdb and --replica options
* TLS: Session caching configuration support
|
|
Redis 6.0.5
Upgrade urgency MODERATE: several bugs with moderate impact are fixed here.
The most important issues are listed here:
* Fix handling of speical chars in ACL LOAD.
* Make Redis Cluster more robust about operation errors that may lead
to two clusters to mix together.
* Revert the sendfile() implementation of RDB transfer. It causes some delay.
* Fix TLS certificate loading for chained certificates.
* Fix AOF rewirting of KEEPTTL SET option.
* Fix MULTI/EXEC behavior during -BUSY script errors.
|
|
Redis 6.0.4
===========
Upgrade urgency CRITICAL: this release fixes a severe replication bug.
Redis 6.0.4 fixes a critical replication bug caused by a new feature introduced
in Redis 6. The feature, called "meaningful offset" and strongly wanted by
myself (antirez) was an improvement that avoided that masters were no longer
able, during a failover where they were demoted to replicas, to partially
synchronize with the new master. In short the feature was able to avoid full
synchronizations with RDB. How did it work? By trimming the replication backlog
of the final "PING" commands the master was sending in the replication channel:
this way the replication offset would no longer go "after" the one of the
promoted replica, allowing the master to just continue in the same replication
history, receiving only a small data difference.
However after the introduction of the feature we (the Redis core team) quickly
understood there was something wrong: the apparently harmless feature had
many bugs, and the last bug we discovered, after a joined effort of multiple
people, we were not even able to fully understand after fixing it. Enough was
enough, we decided that the complexity cost of this feature was too high.
So Redis 6.0.4 removes the feature entirely, and fixes the data corruption that
it was able to cause.
However there are two facts to take in mind.
Fact 1: Setups using chained replication, that means that certain replicas
are replicating from other replicas, up to Redis 6.0.3 can experience data
corruption. For chained replication we mean that:
+--------+ +---------+ +-------------+
| master |--------->| replica |-------->| sub-replica |
+--------+ +---------+ +-------------+
People using chained replication SHOULD UPGRADE ASAP away from Redis 6.0.0,
6.0.1, 6.0.2 or 6.0.3 to Redis 6.0.4.
To be clear, people NOT using this setup, but having just replicas attached
directly to the master, SHOUDL NOT BE in danger of any problem. But we
are no longer confident on 6.0.x replication implementation complexities
so we suggest to upgrade to 6.0.4 to everybody using an older 6.0.3 release.
We just so far didn't find any bug that affects Redis 6.0.3 that does not
involve chained replication.
People starting with Redis 6.0.4 are fine. People with Redis 5 are fine.
People upgrading from Redis 5 to Redis 6.0.4 are fine.
TLDR: The problem is with users of 6.0.0, 6.0.1, 6.0.2, 6.0.3.
Fact 2: Upgrading from Redis 6.0.x to Redis 6.0.4, IF AND ONLY IF you
use chained replication, requires some extra care:
1. Once you attach your new Redis 6.0.4 instance as a replica of the current
Redis 6.0.x master, you should wait for the first full synchronization,
then you should promote it right away, if your setup involves chained
replication. Don't give it the time to do a new partial synchronization
in the case the link between the master and the replica will break in
the mean time.
2. As an additional care, you may want to set the replication ping period
to a very large value (for instance 1000000) using the following command:
CONFIG SET repl-ping-replica-period 1000000
Note that if you do "1" with care, "2" is not needed.
However if you do it, make sure to later restore it to its default:
CONFIG SET repl-ping-replica-period 10
So this is the main change in Redis 6. Later we'll find a different way in
order to achieve what we wanted to achieve with the Meaningful Offset feature,
but without the same complexity.
Other changes in this release:
* PSYNC2 tests improved.
* Fix a rare active defrag edge case bug leading to stagnation
* Fix Redis 6 asserting at startup in 32 bit systems.
* Redis 6 32 bit is now added back to our testing environments.
* Fix server crash for STRALGO command,
* Implement sendfile for RDB transfer.
* TLS fixes.
* Make replication more resistant by disconnecting the master if we
detect a protocol error. Basically we no longer accept inline protocol
from the master.
* Other improvements in the tests.
|
|
|
|
Redis 6.0.3:
Upgrade urgency CRITICAL: a crash introduced in 6.0.2 is now fixed.
Redis 6.0.2:
Upgrade urgency MODERATE: many not critical bugfixes in different areas.
Critical fix to client side caching when
keys are evicted from the tracking table but
no notifications are sent.
The following are the most serious fix:
* XPENDING should not update consumer's seen-time
* optimize memory usage of deferred replies - fixed
* Fix CRC64 initialization outside the Redis server itself.
* stringmatchlen() should not expect null terminated strings.
* Cluster nodes availability checks improved when there is
high Pub/Sub load on the cluster bus.
* Redis Benchmark: Fix coredump because of double free
* Tracking: send eviction messages when evicting entries.
* rax.c updated from upstream antirez/rax.
* fix redis 6.0 not freeing closed connections during loading.
New features:
dd
* Support setcpuaffinity on linux/bsd
* Client Side Caching: Add Tracking Prefix Number Stats in Server Info
* Add --user argument to redis-benchmark.c (ACL)
|
|
|
|
Redis 6.0.1
===========
Upgrade urgency HIGH: This release fixes a crash when builiding against
Libc malloc.
Here we revert 8110ba888, an optimization that causes a crash due to a
bug in the code. It does not happen with the default allocator because of
differences between Jemalloc and libc malloc, so this escaped all our
testing but was reported by a user. We'll add back the original optimization
that was reverted here later, after checking what happens: it is not a
critical optimization.
Redis 6.0.0 GA
==============
Upgrade urgency CRITICAL: many bugs fixed compared to the last release
candidate. Better to upgrade if you see things
affecting your environment in the changelog.
Hi all, finally we have Redis 6.0.0 GA! Enjoy this new Redis release.
Most of the documentation was updated today so that you can likely
find what you are looking for about the new features at redis.io.
This is the list of what changed compared to the previoius release candidate:
* XCLAIM AOF/replicas propagation fixed.
* Client side caching: new NOLOOP option to avoid getting notified about
changes performed by ourselves.
* ACL GENPASS now uses HMAC-SHA256 and have an optional "bits" argument.
It means you can use it as a general purpose "secure random strings"
primitive!
* Cluster "SLOTS" subcommand memory optimization.
* The LCS command is now a subcommand of STRALGO.
* Meaningful offset for replicas as well. More successful partial
resynchronizations.
* Optimize memory usage of deferred replies.
* Faster CRC64 algorithm for faster RDB loading.
* XINFO STREAM FULL, a new subcommand to get the whole stream state.
* CLIENT KILL USER <username>.
* MIGRATE AUTH2 option, for ACL style authentication support.
* Other random bugfixes.
|
|
Redis 5.0.8:
Upgrade urgency HIGH: This release fixes security issues.
This is a list of fixes in this release:
Fix Pi building needing -latomic, backport
fix impl of aof-child whitelist SIGUSR1 feature.
fix ThreadSafeContext lock/unlock function names
XREADGROUP should propagate XCALIM/SETID in MULTI/EXEC
Fix client flags to be int64 in module.c
Fix small bugs related to replica and monitor ambiguity
Fix lua related memory leak.
Free allocated sds in pfdebugCommand() to avoid memory leak.
Jump to right label on AOF parsing error.
Free fakeclient argv on AOF error.
Fix potential memory leak of rioWriteBulkStreamID().
Fix potential memory leak of clusterLoadConfig().
Fix bug on KEYS command where pattern starts with * followed by \x00 (null char).
Blocking XREAD[GROUP] should always reply with valid data (or timeout)
XCLAIM: Create the consumer only on successful claims.
Stream: Handle streamID-related edge cases
Fix ip and missing mode in RM_GetClusterNodeInfo().
Inline protocol: handle empty strings well.
Mark extern definition of SDS_NOINIT in sds.h
[FIX] revisit CVE-2015-8080 vulnerability
avoid sentinel changes promoted_slave to be its own replica.
|
|
Hi all, Redis 5.0.7 fixes a number of bugs, none is very critical, however
there are a few that may have an impact. It's a good idea to upgrade.
There are fixes in the area of replication from modules commands and
callbacks, AOF fsync (non critical issue), memory leaks (very rare and small),
streams beahvior (non critical), and a potential crash in commands
processing multiple keys at the same time that is there for years, and happens
very rarely, but is not impossible to trigger.
|
|
Redis 5.0.6
Upgrade urgency CRITICAL: Only in case of exposed instances to untrusted users.
This Redis release, 5.0.6, is a bugfix and enhancement release. The most
important bugfix is a corruption related to the HyperLogLog. A malformed
HyperLogLog string could cause an invalid access to the memory. At a first
glance the vulnerability appears to be not exploitable but just a DoS. The
way to trigger the issue is complex, we'll not provide any information about
how to do that for the users safety.
Other significant changes in this release:
* New modules APIs merged from Redis unstable to Redis 5.
* Some memory optimization related to objects creation.
* Fixes to flushSlaveOutputBuffer() that make sure that SHUTDOWN will
transfer pending buffers to replicas.
|
|
pkglint -Wall -F --only aligned -r
No manual corrections.
|
|
Redis 5.0.5:
Upgrade urgency CRITICAL: This release fixes an important AOF fysnc bug
and other less critical issues.
Dear user,
Redis 5.0.5 fixes an important issue with AOF and adds multiple very useful
modules APIs. Moreover smaller bugs in other parts of Redis are fixed in
this release.
The AOF bug
The AOF bug happens when the fsync policy is set to "everysec", which is the
default: if the write load in the server drops immediately, the commands
executed in the latest second may not be fsync-ed to disk as it should.
This may lead to data loss in case the write load drops immediately and
successively a server crash happens.
Other things in this release
* Streams: a bug in the iterator could prevent certain items to be returned in
range queries under specific conditions.
* Memleak in bitfieldCommand fixed.
* Modules API: Preserve client->id for blocked clients.
* Fix memory leak when rewriting config file in case of write errors.
* New modules API: RedisModule_GetKeyNameFromIO().
* Fix non critical bugs in diskless replication.
* New mdouels API: command filtering. See RedisModule_RegisterCommandFilter();
* Tests improved to be more deterministic.
* Fix a Redis Cluster bug, manual failover may abort because of the master
sending PINGs to the replicas.
|
|
Redis 5.0.4
Upgrade urgency HIGH: This release fixes several Redis stability issues.
Dear Redis users, this release includes a number of fixes for bugs that may
result in Redis crashing in special conditions (not normal usage, but specific
artificial conditions), fixes to certain Redis behaviors especially around
Redis streams, and finally a set of new APIs for Redis Modules.
Specifically:
* Hyperloglog different coding errors leading to potential crashes were fixed.
* A replication bug leading to a potential crash in case of plain misuse of handshake commands was fixed.
* XCLAIM command incrementing of number of deliveries was fixed.
* LFU field management in objects was improved.
* A potential overflow in the redis-check-aof was fixed.
* A memory leak in case of API misuse was fixed.
* ZPOP* behavior when count is 0 is fixed.
* A few redis-cli --cluster bugs were fixed, plus a few improvements.
* Many other smaller bugs.
|
|
|
|
|
|
Redis 5.0.3
===========
Upgrade urgency HIGH: Redis 5 is consolidating, upgrading is a good idea.
However there is nothing very critical here, but certain
issues resolved could lead to very rare crashes.
Welcome to Redis 5.0.3, several interesting bug fixes here:
* Redis no longer panics when you send data to a replica-mode connection that
is in MONITOR or SYNC mode.
* Fixes to certain sorted set edge cases. You are unlikely to ever notice those
issues, but now it is more correct.
* Certain BSD variants now are better supported: build & register logging
on crash.
* The networking core now recovers if an IPv6 address is listed in bind but
is actually not able to work because there is no such protocol in the
system.
* redis-cli cluster mode improved in many ways. Especially the fix subcommand
work was enhanced to cover other edge cases that were still not covered
after the work done for Redis 5.
* MEMORY USAGE is now more accurate.
* DEBUG DIGEST-VALUE added in case you want to make sure a given set of keys
(and not the whole DB) are excatly the same between two instances.
* Fix a potential crash in the networking code related to recent changes
to the way the reply is consumed.
* Reject EXEC containing write commands against an instance that changed role
from master to replica during our transaction.
* Fix a crash in KEYS and other commands using pattern matching, in an edge
case where the pattern contains a zero byte.
* Fix eviction during AOF loading due to maxmemory triggered by commands
executed in loading state.
Redis 5.0.2
===========
Upgrade urgency: CRITICAL if you use streams and consumer groups.
HIGH if you use redis-cli with Redis Cluster.
LOW otherwise.
Welcome to Redis 5.0.2. This release fixes two issues with Streams consumer
groups, where items could be returned duplicated by XREADGROUP when accessing
the history, and another bug where XREADGROUP can report some history even
if the comsumer pending list is empty. Both problems were addressed and unit
tests to avoid regressions implemented. Moreover this release fixes some
issue with redis-cli when in cluster mode. Finally some FreeBSD and DragonFly
build problems are now resolved. The list of the commits is below.
Redis 5.0.1
===========
Upgrade urgency: URGENT if you use Redis Streams. MODERATE otherwise.
Hi all, this is the first patch level release of Redis 5. It contains
both fixes and improvements. Here there is a list of the major ones, however
read the commit messages at the end of the changelog if you want to know
more about the smaller things. Let's start with the new features:
* Sentinel now supports authentication! Check the Sentinel official doc
for more info.
* Redis-cli cluster "fix" is now able to fix a big number of clusters put
in a bad condition. Previously many corner cases were not covered.
Now the critical fixes:
1. Fix RESTORE mismatch reply when certain keys already expired.
2. Fix an XCLAIM non trivial issue: sometimes the command returned a wrong
entry or desynchronized the protocol.
And now the other fixes:
3. Stack trace generation on the Raspberry PI (and 32bit ARM) fixed.
4. Don't evict expired keys when the KEYS command is called, in order to
avoid a mass deletion event. However expired keys are not displayed
by KEYS as usually.
5. Improvements in the computation of the memory used, when estimating
the AOF buffers.
6. XRANGE COUNT of 0 fixed.
7. "key misses" stats accounting fixed. Many cache misses were not counted.
8. When in MULTI state, return OOM while accumulating commands and there
is no longer memory available.
9. Fix build on FreeBSD and possibly others.
10. Fix a crash in Redis modules, thread safe context reply accumulation.
11. Fix a race condition when producing the RDB file for full SYNC.
12. Disable protected mode in Sentinel.
13. More commands now have the HELP subcommand.
14. Fixed an issue about adaptive server HZ timer.
15. Fix cluster-replica-no-failover option name.
Redis 5.0.0
===========
Upgrade urgency CRITICAL: Several fixes to streams AOF and replication.
1. The new Stream data type. https://redis.io/topics/streams-intro
2. New Redis modules APIs: Timers, Cluster and Dictionary APIs.
3. RDB now store LFU and LRU information.
4. The cluster manager was ported from Ruby (redis-trib.rb) to C code
inside redis-cli. Check `redis-cli --cluster help` for more info.
5. New sorted set commands: ZPOPMIN/MAX and blocking variants.
6. Active defragmentation version 2.
7. Improvemenets in HyperLogLog implementations.
8. Better memory reporting capabilities.
9. Many commands with sub-commands now have an HELP subcommand.
10. Better performances when clients connect and disconnect often.
11. Many bug fixes and other random improvements.
12. Jemalloc was upgraded to version 5.1
13. CLIENT UNBLOCK and CLIENT ID.
14. The LOLWUT command was added. http://antirez.com/news/123
15. We no longer use the "slave" word if not for API backward compatibility.
16. Differnet optimizations in the networking layer.
17. Lua improvements:
- Better propagation of Lua scripts to replicas / AOF.
- Lua scripts can now timeout and get in -BUSY state in the replica as well.
18. Dynamic HZ to balance idle CPU usage with responsiveness.
19. The Redis core was refactored and improved in many ways.
|
|
Redis 4.0.11:
Upgrade urgency HIGH: not critical but very important bugs fixed.
Dear users, this is just a bugfix release of Redis 4. All new work
is now focused on Redis 5, however we backported a number of bug fixes here:
* The disconnection time between the master and slave was reset in an
incorrect place, sometimes a good slave will not be able to failover
because it claims it was disconnected for too much time from the master.
* A replication bug, rare to trigger but non impossible, is in Redis for
years. It was lately discovered at Redis Labs and fixed by Oran Agra.
It may cause disconnections, desynchronizations and other issues.
* RANDOMKEY may go in infinite loop on rare situations. Now fixed.
* EXISTS now works in a more consistent way on slaves.
* Sentinel: backport of an option to deny a potential security problem
when the SENTINEL command is used to configure an arbitrary script
to execute.
|
|
Redis 4.0.10 fixes a number of important issues:
* Important security issues related to the Lua scripting engine.
Please check https://github.com/antirez/redis/issues/5017
for more information.
* A bug with SCAN, SSCAN, HSCAN and ZSCAN, that may not return all the elements.
We also add a regression test that can trigger the issue often when present, and
may in theory be able to find unrelated regressions.
* A PSYNC2 bug is fixed: Redis should not expire keys when saving RDB files
because otherwise it is no longer possible to use such RDB file as a base
for partial resynchronization. It no longer represents the right state.
* Compatibility of AOF with RDB preamble when the RDB checksum is disabled.
* Sentinel bug that in some cases prevented Sentinel to detect that the master
was down immediately. A delay was added to the detection.
* Other minor issues.
|
|
(netbsd defaults to i486 and doesn't provide magic to hide this)
Fixes PR pkg/53451
|
|
|
|
- Fix a critical AOF bug when fsync policy set to "always"
- Latency monitor could report wrong latencies under certain conditions.
- AOF rewriting could fail when a backgronud rewrite is triggered and
at the same time the AOF is switched on/off.
- Redis Cluster crash-recovery safety improved.
- Other smaller fixes (check commnits).
- Redis Cluster has now the ability to configure certain slaves so that
they'll never attempt a failover.
- Keyspace notifications API in modules.
- RM_Call() is now faster by reusing the same client.
- Tracking of the percentage of keys already logically expired but yet
not evicted.
|
|
- Redis 4.0.8 fixes a single critical bug in the radix tree data
structure used for Redis Cluster keys slot tracking.
|
|
- Many 32 bit overflows were addressed in order to allow to use Redis with
a very significant amount of data, memory size permitting.
- MEMORY USAGE fixed for the list type.
- Allow read-only scripts in Redis Cluster.
- Fix AOF pipes setup in edge case.
- AUTH option for MIGRATE.
- HyperLogLogs are no longer converted from sparse to dense in order
to be merged.
- Fix AOF rewrite dead loop under edge cases.
- Fix processing of large bulk strings (>= 2GB).
- Added RM_UnlinkKey in modules API.
- Fix Redis Cluster crashes when certain commands with a variable number
of arguments are called in an improper way.
- Fix memory leak in lazyfree engine.
- Fix many potentially successful partial synchronizations that end
doing a full SYNC, because of a bug destroying the replication
backlog on the slave. So after a failover the slave was often not able
to PSYNC with masters, and a full SYNC was triggered. The bug only
happened after 1 hour of uptime so escaped the unit tests.
- Improve anti-affinity in master/slave allocation for Redis Cluster
when the cluster is created.
- Improve output buffer handling for slaves, by not limiting the amount
of writes a slave could receive.
|
|
- This release fixes yet more errors present in the 4.0.5 fixes, that
could affect slaves. Moreover another critical issue in quicklists,
when they are used at a massive memory scale, was fixed in this
release. Upgrading from any 4.0.x release, especially if you are
running 4.0.4 or 4.0.5, is highly recommended.
|
|
- Redis 4.0.4 fix for PSYNC2 was broken, causing the slave to crash when
receiving an RDB file from the master that contained a duplicated Lua
script.
|
|
Upgrade urgency CRITICAL: Several PSYNC2 bugs can corrupt the slave
data set after a restart and a successful PSYNC2 handshake.
- Fix the "PSYNC after restart" problem.
- LFU fixes improve the ability of Redis to correctly estimate the
popularity of keys.
- Security fix related to loading a corrupted Cluster state from a
corrupted file.
- Other bugfixes.
|
