UNCLASSIFIED - NO CUI

Skip to content

Update dependency redis/redis to v7.0.9

renovate requested to merge renovate/redis-redis-7.0.x into development

This MR contains the following updates:

Package Type Update Change
redis/redis ironbank-github patch 7.0.8 -> 7.0.9
redis/redis patch 7.0.8 -> 7.0.9

Release Notes

redis/redis

v7.0.9

Compare Source

Upgrade urgency: SECURITY, contains fixes to security issues.

Security Fixes:

  • (CVE-2023-25155) Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process.
  • (CVE-2022-36021) String matching commands (like SCAN or KEYS) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time.

Bug Fixes

  • Fix a crash when reaching the maximum invalidations limit of client-side tracking (#​11814)
  • Fix a crash when SPUBLISH is used after passing the cluster-link-sendbuf-limit (#​11752)
  • Fix possible memory corruption in FLUSHALL when a client watches more than one key (#​11854)
  • Fix cluster inbound link keepalive time (#​11785)
  • Flush propagation list in active-expire of writable replicas to fix an assertion (#​11615)
  • Avoid propagating DEL of lazy expire from SCAN and RANDOMKEY as MULTI-EXEC (#​11788)

Performance and resource utilization improvements

  • Avoid realloc to reduce size of strings when it is unneeded (#​11766)
  • Improve CLUSTER SLOTS reply efficiency for non-continuous slots (#​11745)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about these updates again.

  • If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

Merge request reports

UNCLASSIFIED - NO CUI