Skip to content

Redis Stack Server 7.4.0-v2
Compare
Choose a tag to compare
@ViktarStarastsenka ViktarStarastsenka released this 08 Jan 08:54
· 2 commits to 7.4 since this release
v7.4.0-v2
c892c5e
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

This is a maintenance release for Redis Stack Server 7.4.0.

Update urgency: SECURITY: there are security fixes in the release.

Docker | Download

Headlines:

This version introduces security updates for the Redis server, Redis Query Engine, time series, and probabilistic data structures, addressing vulnerabilities related to potential out-of-bound writes.

Additionally, it includes improvements to the Redis Query Engine, time series, and probabilistic data structures, as well as bug fixes for the Redis Query Engine, JSON, and probabilistic data structures, ensuring enhanced stability and reliability.

This maintenance release also includes the latest version of Redis Insight.

Details:

Security and privacy

  • Redis:

    • (CVE-2024-46981) Lua script commands may lead to remote code execution
    • (CVE-2024-51741) Denial-of-service due to malformed ACL selectors

  • Redis Query Engine:

    • #5459 (CVE-2024-51737) Query: potential out-of-bounds write (MOD-8486)

  • Time series

    • #1674 (CVE-2024-51480) TS.QUERYINDEX, TS.MGET, TS.MRANGE, TS.MREVRANGE - potential integer overflow leading to an out-of-bounds write (MOD-7548)

  • Probabilistic data structures:

    • #843 (CVE-2024-53993) CMS: potential out-of-bounds write (MOD-6970)

Improvements

  • Redis Query Engine:

    • #5257 Optimising index consumed memory with the creation only upon write operations (MOD-8125)

  • JSON:

    • #1262 Support active memory defragmentation (MOD-7888)

  • Probabilistic data structures:

    • #801 Support active memory defragmentation (MOD-7890)

Bug Fixes

  • Redis:

    • #13627 Crash on module memory defragmentation
    • #13338 Streams: XINFO lag field is wrong when tombstone is after the last_id of the consumer group
    • #13473 Streams: XTRIM does not update the maximal tombstone, leading to an incorrect lag
    • #13470 INFO after HDEL show wrong number of hash keys with expiration
    • #13476 Fix a race condition in the cache_memory of functionsLibCtx
      #13626 Memory leak on failed RDB loading
    • #13539 Hash: fix key ref for a hash that no longer has fields with expiration on RENAME/MOVE/SWAPDB/RESTORE
    • #13443 Cluster: crash when loading cluster config
    • #13422 Cluster: CLUSTER SHARDS returns empty array
    • #13465 Cluster: incompatibility with older node versions
    • #13608 Cluster: SORT ... GET #: incorrect error message

  • Redis Query Engine:

    • #5392 NOSTEM option does not work on quer just on tokenisation - index creation (MOD-7634)
    • #5300 Prefix/Infix/Suffix queries longer than 1024 chars could cause a crash (MOD-7882)
    • #5294 Expired keys while background indexing could cause cross slot error when using replicaof (MOD-7949)
    • #5282 FT.CURSOR READ retrieving deleted TAG fields cause a crash (MOD-8011)
    • #5424 FT.AGGREGATE on numeric fields lead to failed_calls count increase on clustered DBs (MOD-8058)
    • #5241 Memory count on bytes_collected by the index sanitiser with missing values (MOD-8097, MOD-8114)
    • #4941 Adjusting the module configuration to avoid routing overload on the first shard in a clustered database (MOD-7505)
    • #4950 FT.PROFILE on AGGREGATE numeric queries could cause a crash due to reusing internal CURSOR in a large range of numeric values (MOD-7454)
    • #4916 Union query, similar to "is|the", starting with 2 stopwords could cause a crash (MOD-7495)
    • #4895 FT.AGGREGATE with VERBATIM option is not handled by the shards in cluster mode (MOD-7463)
    • #4922 Counting twice the field statistics at #search section of INFO response (MOD-7339)

  • JSON

    • #1313 (Redis Enterprise A-A only) Potential crash on JSON.DEBUG MEMORY (MOD-8412)
    • #1225 Crash on SET commands with recursive overlapping paths (MOD-7279)
    • HDT#261 (Redis Enterprise A-A only) Crash when a JSON contains an EOF character (MOD-7464)

  • Probabilistic data structures:

    • #843 CMS.MERGE crashes or hangs on negative number of keys (MOD-6964)
    • #699 BF.RESERVE crashes (OOM) on huge initialization values (MOD-7057)
    • #843 CF.RESERVE crashes (OOM) on huge initialization values (MOD-7058)
    • #843 TOPK.RESERVE crashes (OOM) on huge initialization values (MOD-7059)
    • #843 CMS.INITBYDIM and CMS.INITBYPROB crash (OOM) on huge initialization values (MOD-7060)

Redis version:

Module versions

Recommended Client Libraries

Compatible with Redis Insight. The docker image redis/redis-stack for this version is bundled with Redis Insight 2.64.1.

Note

Redis Stack 7.4 no longer includes Triggers & Functions (RedisGears 2) preview.
As a result, commands such as TFCALL, TFCALLASYNC, and TFUNCTION are no longer supported.
Any JavaScript functions stored in Redis will be removed, and JavaScript-based triggers will be disabled. However, Lua functions and scripts remain unaffected by this change.
If you used Triggers & Functions (T&F), you must delete all T&F functions before upgrading to Redis Stack 7.4. To do this:

  • Execute TFUNCTION LIST to retrieve all library names.
  • Use TFUNCTION DELETE for each library name.
    Failure to delete these functions will prevent Redis Stack 7.4 (or newer) from loading your RDB file.

Note: version numbers follow the following pattern:
x.y.z-b

  • x.y Redis Major version
  • z increases with even numbers as a module x.y version increases.
  • b denotes a patch to Redis or a module (any z of Redis or Modules). b will consist of a v + numeric value.

Downloads

Assets 2
Loading