Update dependency redis/redis to v7.0.9
This MR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
redis/redis | ironbank-github | patch |
7.0.8 -> 7.0.9
|
redis/redis | patch |
7.0.8 -> 7.0.9
|
Release Notes
redis/redis
v7.0.9
Upgrade urgency: SECURITY, contains fixes to security issues.
Security Fixes:
- (CVE-2023-25155) Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process.
- (CVE-2022-36021) String matching commands (like SCAN or KEYS) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time.
Bug Fixes
- Fix a crash when reaching the maximum invalidations limit of client-side tracking (#11814)
- Fix a crash when SPUBLISH is used after passing the cluster-link-sendbuf-limit (#11752)
- Fix possible memory corruption in FLUSHALL when a client watches more than one key (#11854)
- Fix cluster inbound link keepalive time (#11785)
- Flush propagation list in active-expire of writable replicas to fix an assertion (#11615)
- Avoid propagating DEL of lazy expire from SCAN and RANDOMKEY as MULTI-EXEC (#11788)
Performance and resource utilization improvements
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.