This is a maintenance release for Redis Stack Server 7.4.0.

Update urgency: SECURITY: there are security fixes in the release.

Docker | Download

Headlines:

This version includes security fixes for the Redis server, addressing potential vulnerabilities such as an RCE when using Lua library components, and a denial-of-service (DoS) risk due to malformed ACL selectors or unbounded pattern matching.
Additionally, this maintenance release includes the latest version of Redis Insight.

Details:

Security and privacy

• Redis:
  • (CVE-2024-31449) Lua library commands may lead to stack overflow and potential RCE.
  • (CVE-2024-31227) Potential Denial-of-service due to malformed ACL selectors.
  • (CVE-2024-31228) Potential Denial-of-service due to unbounded pattern matching.

Redis version:

• Redis 7.4.1

Module versions

• RediSearch 2.10.5
• RedisJSON 2.8.3
• RedisTimeSeries 1.12.2
• RedisBloom 2.8.2

Recommended Client Libraries

• Java
  • Jedis 5.2.0 or later
  • Lettuce 6.4.0 or later
• Python
  • redis-py 5.1.0 or later
• NodeJS
  • node-redis 4.7.0 or later
• Go
  • go-redis 9.6.1 or later

Compatible with Redis Insight. The docker image redis/redis-stack for this version is bundled with Redis Insight 2.58.

Note: version numbers follow the following pattern:
x.y.z-b

• x.y Redis Major version
• z increases with even numbers as a module x.y version increases.
• b denotes a patch to Redis or a module (any z of Redis or Modules). b will consist of a v + numeric value.

Downloads

• macOS: x86_64, arm64
• AppImage: x86_64
• Ubuntu: Bionic x86_64, Bionic arm64, Focal x86_64, Focal arm64, Snap x86_64, Snap arm64, Jammy x86_64, Jammy arm64
• Debian: Bullseye x86_64
• RHEL 8/CentOS Linux 8: x86_64
• RHEL 9/Rocky Linux 9/CentOS Linux 9: x86_64
• Redis Stack on Dockerhub: x86_64 and arm64
• Redis Stack server on Dockerhub: x86_64 and arm64