Redis 6.0 release notes
Upgrade urgency levels:
LOW: No need to upgrade unless there are new features you want to use. MODERATE: Program an upgrade of the server, but it’s not urgent. HIGH: There is a critical bug that may affect a subset of users. Upgrade! CRITICAL: There is a critical bug affecting MOST USERS. Upgrade ASAP. SECURITY: There are security fixes in the release.
升级紧要级别 LOW : 不需要升级,除非你想要使用新的功能。 MODERATE : 程序升级,但不是紧迫。 HIGH : 有一个严重的bug,可能会影响一些用户。升级! CRITICAL : 有一个严重的bug,影响大多数用户。立即升级! SECURITY : 在此版本中有安全修复。
Redis 6.0.16 Released Mon Oct 4 12:00:00 IDT 2021
Upgrade urgency: SECURITY, contains fixes to security issues.
Security Fixes: * (CVE-2021-41099) Integer to heap buffer overflow handling certain string commands and network payloads, when proto-max-bulk-len is manually configured to a non-default, very large value [reported by yiyuaner]. * (CVE-2021-32762) Integer to heap buffer overflow issue in redis-cli and redis-sentinel parsing large multi-bulk replies on some older and less common platforms [reported by Microsoft Vulnerability Research]. * (CVE-2021-32687) Integer to heap buffer overflow with intsets, when set-max-intset-entries is manually configured to a non-default, very large value [reported by Pawel Wieczorkiewicz, AWS]. * (CVE-2021-32675) Denial Of Service when processing RESP request payloads with a large number of elements on many connections. * (CVE-2021-32672) Random heap reading issue with Lua Debugger [reported by Meir Shpilraien]. * (CVE-2021-32628) Integer to heap buffer overflow handling ziplist-encoded data types, when configuring a large, non-default value for hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries or zset-max-ziplist-value [reported by sundb]. * (CVE-2021-32627) Integer to heap buffer overflow issue with streams, when configuring a non-default, large value for proto-max-bulk-len and client-query-buffer-limit [reported by sundb]. * (CVE-2021-32626) Specially crafted Lua scripts may result with Heap buffer overflow [reported by Meir Shpilraien].
升级紧急级别,包含安全修复。 安全修复: * (CVE-2021-41099) 当手动设置proto-max-bulk-len为非默认值,并且为大值时,整数到堆缓冲区溢出处理某些字符串命令和网络负载,[报告于 yiyuaner]。 * (CVE-2021-32762) 在redis-cli和redis-sentinel上,在某些老年和更低频率的平台上,整数到堆缓冲区溢出的问题,[报告于 Microsoft Vulnerability Research]。 * (CVE-2021-32687) 当手动设置set-max-intset-entries为非默认值,并且为非常大的值时,整数到堆缓冲区溢出的问题,[报告于 Pawel Wieczorkiewicz, AWS]。 * (CVE-2021-32675) 在大量连接上处理RESP请求负载时,DoS拒绝服务攻击。 * (CVE-2021-32672) Lua调试器的随机堆读取问题[报告于 Meir Shpilraien]。 * (CVE-2021-32628) 当手动设置hash-max-ziplist-entries、hash-max-ziplist-value、zset-max-ziplist-entries或zset-max-ziplist-value为非默认值,并且为非常大的值时,处理压缩列表编码的数据类型出现整数到堆缓冲区溢出,[报告于 sundb]。 * (CVE-2021-32627) 当手动设置proto-max-bulk-len和client-query-buffer-limit为非默认值,并且为非常大的值时,整数到堆缓冲区溢出的问题,[报告于 sundb]。 * (CVE-2021-32626) 特制的Lua脚本可能导致堆缓冲区溢出[报告于 Meir Shpilraien]。
Other bug fixes: * Fix appendfsync to always guarantee fsync before reply, on MacOS and FreeBSD (kqueue) (#9416) * Fix the wrong mis-detection of sync_file_range system call, affecting performance (#9371) * Fix replication issues when repl-diskless-load is used (#9280)
其他bug修复: * 修复appendfsync在MacOS和FreeBSD上确保fsync在回复之前,[#9416] * 修复错误的mis-detection of sync_file_range系统调用,影响性能[#9371] * 修复复制问题,当repl-diskless-load使用时[#9280]
Redis 6.0.15 Released Wed Jul 21 16:32:19 IDT 2021
Upgrade urgency: SECURITY, contains fixes to security issues that affect authenticated client connections on 32-bit versions. MODERATE otherwise.
Fix integer overflow in BITFIELD on 32-bit versions (CVE-2021-32761). An integer overflow bug in Redis version 2.2 or newer can be exploited using the BITFIELD command to corrupt the heap and potentially result with remote code execution.
Bug fixes that involve behavior changes: * Change reply type for ZPOPMAX/MIN with count in RESP3 to nested array (#8981). Was using a flat array like in RESP2 instead of a nested array like ZRANGE does.
Bug fixes: * Fail EXEC command in case a watched key is expired (#9194) * Fix SMOVE not to invalidate dest key (WATCH and tracking) when member already exists (#9244) * Fix SINTERSTORE not to delete dest key when getting a wrong type error (#9032) * Fix overflows on 32-bit versions in GETBIT, SETBIT, BITCOUNT, BITPOS, and BITFIELD (#9191) * Set TCP keepalive on inbound cluster bus connections (#9230) * Fix ziplist length updates on big-endian platforms (#2080) * Fix diskless replica loading to recover from RDB short read on module AUX data (#9199) * Fix race in client side tracking (#9116) * If diskless repl child is killed, make sure to reap the child pid (#7742) * Add a timeout mechanism for replicas stuck in fullsync (#8762)
CLI tools: * redis-cli cluster import support source and target that require auth (#7994) * redis-cli cluster import command may issue wrong MIGRATE command, sending COPY instead of REPLACE (#8945) * redis-cli support for RESP3 set type in CSV and RAW output (#7338)
升级紧急度:SECURITY, 包含修复32位版本上的身份验证客户端连接的安全问题。其余的是MODERATE。
修复32位版本上的BITFIELD中的整数溢出(CVE-2021-32761)。 一个整数溢出bug在Redis版本2.2或更新版本可以通过BITFIELD命令来损坏堆并可能导致远程代码执行。
变化行为的bug修复: * 修复ZPOPMAX/MIN在RESP3中设置count的回复类型为嵌套数组(#8981)。使用ZRANGE的嵌套数组而不是RESP2的平面数组。
Bug修复: * 修复EXEC命令在监视的键过期时失败(#9194) * 修复SMOVE不要在目标键(WATCH和跟踪)已经存在时失效(#9244) * 修复SINTERSTORE不要在获取错误类型错误时删除目标键(#9032) * 修复32位版本上的GETBIT,SETBIT,BITCOUNT,BITPOS,和BITFIELD(#9191) * 设置TCP保持连接在入站集群总线上的连接(#9230) * 修复ziplist长度在大端平台上更新(#2080) * 修复磁盘无磁备复制子进程加载RDB短读取模块AUX数据(#9199) * 如果磁盘无磁备复制子进程被杀死,请确保重新启动子进程(#7742) * 为复制增加一个超时机制(#8762)
CLI工具: * redis-cli集群导入支持来源和目标需要身份验证(#7994) * redis-cli集群导入命令可能发送错误的MIGRATE命令,而不是REPLACE(#8945) * redis-cli支持RESP3设置类型的CSV和RAW输出(#7338)
Redis 6.0.14 Released Tue June 1 12:00:00 IST 2021
Upgrade urgency: SECURITY, Contains fixes to security issues that affect authenticated client connections. MODERATE otherwise.
Fix integer overflow in STRALGO LCS (CVE-2021-32625) An integer overflow bug in Redis version 6.0 or newer can be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. This is a result of an incomplete fix by CVE-2021-29477.
Other bug fixes: * Fix crash in UNLINK on a stream key with deleted consumer groups (#8932) * SINTERSTORE: Add missing keyspace del event when none of the sources exist (#8949)
升级紧急度:SECURITY, 包含修复身份验证客户端连接的安全问题。其余的是MODERATE。
修复整数溢出在STRALGO LCS(CVE-2021-32625)。 一个整数溢出bug在Redis版本6.0或更新版本可以通过STRALGO LCS命令来损坏堆并可能导致远程代码执行。这是由于一个不完整的修复CVE-2021-29477。
其他bug修复: * 修复在带有删除消费者组的Stream Key(流键)上的使用UNLINK命令造成崩溃的问题(#8932) * SINTERSTORE: 当没有源时,添加缺少的键空间删除事件(#8949)
Redis 6.0.13 Released Mon May 3 19:00:00 IST 2021
Upgrade urgency: SECURITY, Contains fixes to security issues that affect authenticated client connections. LOW otherwise.
Integer overflow in STRALGO LCS command (CVE-2021-29477): An integer overflow bug in Redis version 6.0 or newer could be exploited using the STRALGO LCS command to corrupt the heap and potentially result in remote code execution. The integer overflow bug exists in all versions of Redis starting with 6.0.
Integer overflow in COPY command for large intsets (CVE-2021-29478): An integer overflow bug in Redis 6.2 could be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves changing the default set-max-intset-entries configuration value, creating a large set key that consists of integer values and using the COPY command to duplicate it. The integer overflow bug exists in all versions of Redis starting with 2.6, where it could result with a corrupted RDB or DUMP payload, but not exploited through COPY (which did not exist before 6.2).
Bug fixes: * Cluster: Skip unnecessary check which may prevent failure detection (#8585) * Fix not starting on alpine/libmusl without IPv6 (#8655)
Improvements: * Fix performance regression in BRPOP on Redis 6.0 (#8689)
Modules: * Fix edge-case when a module client is unblocked (#8618)
升级紧急度:SECURITY, 包含修复身份验证客户端连接的安全问题。其余的是LOW。
修复整数溢出在STRALGO LCS命令(CVE-2021-29477): 一个整数溢出bug在Redis版本6.0或更新版本可以通过STRALGO LCS命令来损坏堆并可能导致远程代码执行。这是由于一个不完整的修复CVE-2021-29478。这个bug存在于所有版本的Redis,从6.0开始。
修复整数溢出在COPY命令中的大intsets(CVE-2021-29478): 一个整数溢出bug在Redis 6.2可以通过COPY命令来损坏堆并可能导致远程代码执行。这个漏洞由于改变默认的set-max-intset-entries配置值,创建一个大的集合键,其中包含整数值,并使用COPY命令来复制它来引发。这个bug存在于所有版本的Redis,从2.6开始,它可能导致一个已损坏的RDB或DUMP负载,但不通过COPY(#8618)。
修复bug: Cluster: 跳过不必要的检查,这可能会导致故障检测失败(#8585) 修复不启动alpine/libmusl没有IPv6(#8655)
改进: * 修复BRPOP在Redis 6.0上的性能下降(#8689)
模块: * 修复一个模块客户端被解除阻塞的边缘情况(#8618)
Redis 6.0.12 Released Mon Mar 1 17:29:52 IST 2021
Upgrade urgency: LOW, fixes a compilation issue.
Bug fixes: * Fix compilation error on non-glibc systems if jemalloc is not used (#8533)
升级紧急度:LOW, 修复编译错误。
修复bug: * 修复在非glibc系统上,如果没有使用jemalloc,则编译错误(#8533)
Redis 6.0.11 Released Mon Feb 22 16:13:23 IST 2021
Upgrade urgency: SECURITY if you use 32bit build of redis (see bellow), LOW otherwise.
Integer overflow on 32-bit systems (CVE-2021-21309): Redis 4.0 or newer uses a configurable limit for the maximum supported bulk input size. By default, it is 512MB which is a safe value for all platforms. If the limit is significantly increased, receiving a large request from a client may trigger several integer overflow scenarios, which would result with buffer overflow and heap corruption.
Bug fixes: * Avoid 32-bit overflows when proto-max-bulk-len is set high (#8522) * Fix handling of threaded IO and CLIENT PAUSE (failover), could lead to data loss or a crash (#8520) * Fix the selection of a random element from large hash tables (#8133) * Fix broken protocol in client tracking tracking-redir-broken message (#8456) * XINFO able to access expired keys on a replica (#8436) * Fix broken protocol in redis-benchmark when used with -a or –dbnum (#8486) * Avoid assertions (on older kernels) when testing arm64 CoW bug (#8405) * CONFIG REWRITE should honor umask settings (#8371) * Fix firstkey,lastkey,step in COMMAND command for some commands (#8367)
Modules: * RM_ZsetRem: Delete key if empty, the bug could leave empty zset keys (#8453)
升级紧急度:如果您使用32位编译的redis,则SECURITY,否则LOW。
修复整数溢出在32位系统上(CVE-2021-21309): Redis 4.0或更新版本可以通过配置来限制最大的批量输入大小。默认情况下,它是512MB,这是一个安全值对所有平台。如果限制被增大,接收一个客户端的大请求可能会触发几个整数溢出情况,这可能会导致缓冲区溢出和堆垃圾。
修复bug: * 避免32位溢出,当proto-max-bulk-len设置高(#8522) * 修复处理线程IO和CLIENT PAUSE (failover),可能导致数据丢失或崩溃(#8520) * 修复选择随机元素的大哈希表(#8133) * 修复客户端跟踪trace-redir-broken消息的协议(#8456) * XINFO能访问过期键的副本(#8436) * 修复redis-benchmark使用-a或–dbnum时的协议(#8486) * 避免断言(on older kernels),当测试arm64 CoW bug(#8405) * CONFIG REWRITE应该遵循umask设置(#8371) * 修复firstkey,lastkey,step在COMMAND命令中的某些命令(#8367)
模块: * RM_ZsetRem: 如果空,删除键,这个bug可能会留下空zset键(#8453)
Redis 6.0.10 Released Tue Jan 12 16:20:20 IST 2021
Upgrade urgency MODERATE: several bugs with moderate impact are fixed, Here is a comprehensive list of changes in this release compared to 6.0.9.
Command behavior changes: * SWAPDB invalidates WATCHed keys (#8239) * SORT command behaves differently when used on a writable replica (#8283) * EXISTS should not alter LRU (#8016) In Redis 5.0 and 6.0 it would have touched the LRU/LFU of the key. * OBJECT should not reveal logically expired keys (#8016) Will now behave the same TYPE or any other non-DEBUG command. * GEORADIUS[BYMEMBER] can fail with -OOM if Redis is over the memory limit (#8107)
Other behavior changes: * Sentinel: Fix missing updates to the config file after SENTINEL SET command (#8229) * CONFIG REWRITE is atomic and safer, but requires write access to the config file’s folder (#7824, #8051) This change was already present in 6.0.9, but was missing from the release notes.
Bug fixes with compatibility implications (bugs introduced in Redis 6.0): * Fix RDB CRC64 checksum on big-endian systems (#8270) If you’re using big-endian please consider the compatibility implications with RESTORE, replication and persistence. * Fix wrong order of key/value in Lua’s map response (#8266) If your scripts use redis.setresp() or return a map (new in Redis 6.0), please consider the implications.
Bug fixes: * Fix an issue where a forked process deletes the parent’s pidfile (#8231) * Fix crashes when enabling io-threads-do-reads (#8230) * Fix a crash in redis-cli after executing cluster backup (#8267) * Handle output buffer limits for module blocked clients (#8141) Could result in a module sending reply to a blocked client to go beyond the limit. * Fix setproctitle related crashes. (#8150, #8088) Caused various crashes on startup, mainly on Apple M1 chips or under instrumentation. * Backup/restore cluster mode keys to slots map for repl-diskless-load=swapdb (#8108) In cluster mode with repl-diskless-load, when loading failed, slot map wouldn’t have been restored. * Fix oom-score-adj-values range, and bug when used in config file (#8046) Enabling setting this in the config file in a line after enabling it, would have been buggy. * Reset average ttl when empty databases (#8106) Just causing misleading metric in INFO * Disable rehash when Redis has child process (#8007) This could have caused excessive CoW during BGSAVE, replication or AOFRW. * Further improved ACL algorithm for picking categories (#7966) Output of ACL GETUSER is now more similar to the one provided by ACL SETUSER. * Fix bug with module GIL being released prematurely (#8061) Could in theory (and rarely) cause multi-threaded modules to corrupt memory. * Reduce effect of client tracking causing feedback loop in key eviction (#8100) * Fix cluster access to unaligned memory (SIGBUS on old ARM) (#7958) * Fix saving of strings larger than 2GB into RDB files (#8306)
Additional improvements: * Avoid wasteful transient memory allocation in certain cases (#8286, #5954)
Platform / toolchain support related improvements: * Fix crash log registers output on ARM. (#8020) * Add a check for an ARM64 Linux kernel bug (#8224) Due to the potential severity of this issue, Redis will print log warning on startup. * Raspberry build fix. (#8095)
New configuration options: * oom-score-adj-values config can now take absolute values (besides relative ones) (#8046)
Module related fixes: * Moved RMAPI_FUNC_SUPPORTED so that it’s usable (#8037) * Improve timer accuracy (#7987) * Allow ‘\0’ inside of result of RM_CreateStringPrintf (#6260)
升级紧急 MODERATE: 修复了几个有中级影响的bug,与6.0.9版本相比,这次的升级有一些综合的变更。
命令行为变更: *
SWAPDB
命令作废 WATCHed 键 (#8239) *SORT
命令行为变更,当使用在可写副本上时 (#8283) *EXISTS
不会改变 LRU (#8016) 在 Redis 5.0 和 6.0 中,它会对键的LRU/LFU
进行修改。 * OBJECT 不会展示逻辑过期的键 (#8016) 将会行为与任何非DEBUG命令相同。 * GEORADIUS[BYMEMBER] 可能会在oom时失败 (#8107) 其他行为变更: * Sentinel: 修复使用SENTINEL SET
命令后未对配置文件的更新的问题(#8229) * CONFIG REWRITE 是原子的和安全的,但是需要写入配置文件的文件夹 (#7824, #8051) 这次的升级已经在6.0.9中存在,但是在发布日志中没有出现。兼容性bug修复(Redis 6.0中新增的bug): * 修复RDB CRC64校验和在big-endian大端系统上的问题 (#8270) 如果你使用big-endian大端系统,请考虑兼容性问题与备份、复制和持久化。 * 修复Lua的map回复中的键值顺序 (#8266) 如果你的脚本使用redis.setresp()或返回一个map(新在Redis 6.0中),请考虑兼容性问题。
Bug修复: * 修复forked进程删除父进程的pid文件的问题 (#8231) * 修复io-threads-do-reads的问题 (#8230) * 修复redis-cli执行cluster backup后崩溃的问题 (#8267) * 修复模块的输出缓冲区限制(#8141) 可能导致模块发送回复给阻止客户端的缓冲区超过限制。 * 修复setproctitle(设置进程名的python模块)相关的崩溃(#8150,#8088) 导致多种启动崩溃,主要是在Apple M1芯片或者设备上。 * 备份/恢复 cluster模式的keys到槽位map Backup/restore cluster mode keys to slots map for repl-diskless-load=swapdb (#8108) In cluster mode with repl-diskless-load, when loading failed, slot map wouldn’t have been restored.
Redis 6.0.9 Released Mon Oct 26 10:37:47 IST 2020
Upgrade urgency: SECURITY if you use an affected platform (see below). Otherwise the upgrade urgency is MODERATE.
This release fixes a potential heap overflow when using a heap allocator other than jemalloc or glibc’s malloc. See: https://github.com/redis/redis/pull/7963
Other fixes in this release:
New: * Memory reporting of clients argv (#7874) * Add redis-cli control on raw format line delimiter (#7841) * Add redis-cli support for rediss:// -u prefix (#7900) * Get rss size support for NetBSD and DragonFlyBSD
Behavior changes: * WATCH no longer ignores keys which have expired for MULTI/EXEC (#7920) * Correct OBJECT ENCODING response for stream type (#7797) * Allow blocked XREAD on a cluster replica (#7881) * TLS: Do not require CA config if not used (#7862)
Bug fixes: * INFO report real peak memory (before eviction) (#7894) * Allow requirepass config to clear the password (#7899) * Fix config rewrite file handling to make it really atomic (#7824) * Fix excessive categories being displayed from ACLs (#7889) * Add fsync in replica when full RDB payload was received (#7839) * Don’t write replies to socket when output buffer limit reached (#7202) * Fix redis-check-rdb support for modules aux data (#7826) * Other smaller bug fixes
Modules API: * Add APIs for version and compatibility checks (#7865) * Add RM_GetClientCertificate (#7866) * Add RM_GetDetachedThreadSafeContext (#7886) * Add RM_GetCommandKeys (#7884) * Add Swapdb Module Event (#7804) * RM_GetContextFlags provides indication of being in a fork child (#7783) * RM_GetContextFlags document missing flags: MULTI_DIRTY, IS_CHILD (#7821) * Expose real client on connection events (#7867) * Minor improvements to module blocked on keys (#7903)
================================================================================
Redis 6.0.8 Released Wed Sep 09 23:34:17 IDT 2020
Upgrade urgency HIGH: Anyone who’s using Redis 6.0.7 with Sentinel or CONFIG REWRITE command is affected and should upgrade ASAP, see #7760.
Bug fixes:
- CONFIG REWRITE after setting oom-score-adj-values either via CONFIG SET or loading it from a config file, will generate a corrupt config file that will cause Redis to fail to start
- Fix issue with redis-cli –pipe on MacOS
- Fix RESP3 response for HKEYS/HVALS on non-existing key
- Various small bug fixes
New features / Changes:
- Remove THP warning when set to madvise
- Allow EXEC with read commands on readonly replica in cluster
- Add masters/replicas options to redis-cli –cluster call command
Module API:
- Add RedisModule_ThreadSafeContextTryLock
================================================================================
Redis 6.0.7 Released Fri Aug 28 11:05:09 IDT 2020
Upgrade urgency MODERATE: several bugs with moderate impact are fixed, Specifically the first two listed below which cause protocol errors for clients.
Bug fixes:
- CONFIG SET could hung the client when arrives during RDB/ROF loading (When processed after another command that was also rejected with -LOADING error)
- LPOS command when RANK is greater than matches responded wiht broken protocol (negative multi-bulk count)
- UNLINK / Lazyfree for stream type key would have never do async freeing
- PERSIST should invalidate WATCH (Like EXPIRE does)
- EXEC with only read commands could have be rejected when OOM
- TLS: relax verification on CONFIG SET (Don’t error if some configs are set and tls isn’t enabled)
- TLS: support cluster/replication without tls-port
- Systemd startup after network is online
- Redis-benchmark improvements
- Various small bug fixes
New features:
- Add oom-score-adj configuration option to control Linux OOM killer
- Show IO threads statistics and status in INFO output
- Add optional tls verification mode (see tls-auth-clients)
Module API:
- Add RedisModule_HoldString
- Add loaded keyspace event
- Fix RedisModuleEvent_LoadingProgress
- Fix RedisModuleEvent_MasterLinkChange hook missing on successful psync
- Fix missing RM_CLIENTINFO_FLAG_SSL
- Refactor redismodule.h for use with -fno-common / extern
================================================================================
Redis 6.0.6 Released Mon Jul 20 09:31:30 IDT 2020
Upgrade urgency MODERATE: several bugs with moderate impact are fixed here.
The most important issues are listed here:
- Fix crash when enabling CLIENT TRACKING with prefix
- EXEC always fails with EXECABORT and multi-state is cleared
- RESTORE ABSTTL won’t store expired keys into the db
- redis-cli better handling of non-pritable key names
- TLS: Ignore client cert when tls-auth-clients off
- Tracking: fix invalidation message on flush
- Notify systemd on Sentinel startup
- Fix crash on a misuse of STRALGO
- Few fixes in module API
- Fix a few rare leaks (STRALGO error misuse, Sentinel)
- Fix a possible invalid access in defrag of scripts (unlikely to cause real harm)
New features:
- LPOS command to search in a list
- Use user+pass for MIGRATE in redis-cli and redis-benchmark in cluster mode
- redis-cli support TLS for –pipe, –rdb and –replica options
- TLS: Session caching configuration support
================================================================================
Redis 6.0.5 Released Tue Jun 09 11:56:08 CEST 2020
Upgrade urgency MODERATE: several bugs with moderate impact are fixed here.
The most important issues are listed here:
- Fix handling of speical chars in ACL LOAD.
- Make Redis Cluster more robust about operation errors that may lead to two clusters to mix together.
- Revert the sendfile() implementation of RDB transfer. It causes some delay.
- Fix TLS certificate loading for chained certificates.
- Fix AOF rewirting of KEEPTTL SET option.
- Fix MULTI/EXEC behavior during -BUSY script errors.
================================================================================
Redis 6.0.4 Released Thu May 28 11:36:45 CEST 2020
Upgrade urgency CRITICAL: this release fixes a severe replication bug.
Redis 6.0.4 fixes a critical replication bug caused by a new feature introduced in Redis 6. The feature, called “meaningful offset” and strongly wanted by myself (antirez) was an improvement that avoided that masters were no longer able, during a failover where they were demoted to replicas, to partially synchronize with the new master. In short the feature was able to avoid full synchronizations with RDB. How did it work? By trimming the replication backlog of the final “PING” commands the master was sending in the replication channel: this way the replication offset would no longer go “after” the one of the promoted replica, allowing the master to just continue in the same replication history, receiving only a small data difference.
However after the introduction of the feature we (the Redis core team) quickly understood there was something wrong: the apparently harmless feature had many bugs, and the last bug we discovered, after a joined effort of multiple people, we were not even able to fully understand after fixing it. Enough was enough, we decided that the complexity cost of this feature was too high. So Redis 6.0.4 removes the feature entirely, and fixes the data corruption that it was able to cause.
However there are two facts to take in mind.
Fact 1: Setups using chained replication, that means that certain replicas are replicating from other replicas, up to Redis 6.0.3 can experience data corruption. For chained replication we mean that:
+--------+ +---------+ +-------------+
| master |--------->| replica |-------->| sub-replica |
+--------+ +---------+ +-------------+
People using chained replication SHOULD UPGRADE ASAP away from Redis 6.0.0, 6.0.1, 6.0.2 or 6.0.3 to Redis 6.0.4.
To be clear, people NOT using this setup, but having just replicas attached directly to the master, SHOUDL NOT BE in danger of any problem. But we are no longer confident on 6.0.x replication implementation complexities so we suggest to upgrade to 6.0.4 to everybody using an older 6.0.3 release. We just so far didn’t find any bug that affects Redis 6.0.3 that does not involve chained replication.
People starting with Redis 6.0.4 are fine. People with Redis 5 are fine. People upgrading from Redis 5 to Redis 6.0.4 are fine. TLDR: The problem is with users of 6.0.0, 6.0.1, 6.0.2, 6.0.3.
Fact 2: Upgrading from Redis 6.0.x to Redis 6.0.4, IF AND ONLY IF you use chained replication, requires some extra care:
Once you attach your new Redis 6.0.4 instance as a replica of the current Redis 6.0.x master, you should wait for the first full synchronization, then you should promote it right away, if your setup involves chained replication. Don’t give it the time to do a new partial synchronization in the case the link between the master and the replica will break in the mean time.
As an additional care, you may want to set the replication ping period to a very large value (for instance 1000000) using the following command:
CONFIG SET repl-ping-replica-period 1000000
Note that if you do “1” with care, “2” is not needed. However if you do it, make sure to later restore it to its default:
CONFIG SET repl-ping-replica-period 10
So this is the main change in Redis 6. Later we’ll find a different way in order to achieve what we wanted to achieve with the Meaningful Offset feature, but without the same complexity.
Other changes in this release:
- PSYNC2 tests improved.
- Fix a rare active defrag edge case bug leading to stagnation
- Fix Redis 6 asserting at startup in 32 bit systems.
- Redis 6 32 bit is now added back to our testing environments.
- Fix server crash for STRALGO command,
- Implement sendfile for RDB transfer.
- TLS fixes.
- Make replication more resistant by disconnecting the master if we detect a protocol error. Basically we no longer accept inline protocol from the master.
- Other improvements in the tests.
================================================================================
Redis 6.0.3 Released Sat May 16 18:10:21 CEST 2020
Upgrade urgency CRITICAL: a crash introduced in 6.0.2 is now fixed.
1eab62f7e Remove the client from CLOSE_ASAP list before caching the master.
================================================================================
Redis 6.0.2 Released Fri May 15 22:24:36 CEST 2020
Upgrade urgency MODERATE: many not critical bugfixes in different areas. Critical fix to client side caching when keys are evicted from the tracking table but no notifications are sent.
The following are the most serious fix:
- XPENDING should not update consumer’s seen-time
- optimize memory usage of deferred replies - fixed
- Fix CRC64 initialization outside the Redis server itself.
- stringmatchlen() should not expect null terminated strings.
- Cluster nodes availability checks improved when there is high Pub/Sub load on the cluster bus.
- Redis Benchmark: Fix coredump because of double free
- Tracking: send eviction messages when evicting entries.
- rax.c updated from upstream antirez/rax.
- fix redis 6.0 not freeing closed connections during loading.
New features:
- Support setcpuaffinity on linux/bsd
- Client Side Caching: Add Tracking Prefix Number Stats in Server Info
- Add –user argument to redis-benchmark.c (ACL)
================================================================================
Redis 6.0.1 Released Sat May 02 00:06:07 CEST 2020
Upgrade urgency HIGH: This release fixes a crash when builiding against Libc malloc.
Here we revert 8110ba888, an optimization that causes a crash due to a bug in the code. It does not happen with the default allocator because of differences between Jemalloc and libc malloc, so this escaped all our testing but was reported by a user. We’ll add back the original optimization that was reverted here later, after checking what happens: it is not a critical optimization.
================================================================================
Redis 6.0.0 GA Released Thu Apr 30 14:55:02 CEST 2020
Upgrade urgency CRITICAL: many bugs fixed compared to the last release candidate. Better to upgrade if you see things affecting your environment in the changelog.
Hi all, finally we have Redis 6.0.0 GA! Enjoy this new Redis release. Most of the documentation was updated today so that you can likely find what you are looking for about the new features at redis.io. This is the list of what changed compared to the previoius release candidate:
- XCLAIM AOF/replicas propagation fixed.
- Client side caching: new NOLOOP option to avoid getting notified about changes performed by ourselves.
- ACL GENPASS now uses HMAC-SHA256 and have an optional “bits” argument. It means you can use it as a general purpose “secure random strings” primitive!
- Cluster “SLOTS” subcommand memory optimization.
- The LCS command is now a subcommand of STRALGO.
- Meaningful offset for replicas as well. More successful partial resynchronizations.
- Optimize memory usage of deferred replies.
- Faster CRC64 algorithm for faster RDB loading.
- XINFO STREAM FULL, a new subcommand to get the whole stream state.
- CLIENT KILL USER
. - MIGRATE AUTH2 option, for ACL style authentication support.
- Other random bugfixes.
================================================================================
Redis 6.0-rc4 Released Thu Apr 16 16:10:35 CEST 2020
Upgrade urgency LOW: If you are using RC3 without issues, don’t rush.
Hi all, this the latest release candidate of Redis 6. This is likely to be very similar to what you’ll see in Redis 6 GA. Please test it and report any issue :-)
Main changes in this release:
* Big INFO speedup when using a lot of of clients.
* Big speedup on all the blocking commands: now blocking
on the same key is O(1) instead of being O(N).
* Stale replicas now allow MULTI/EXEC.
* New command: LCS (Longest Common Subsequence).
* Add a new configuration to make DEL like UNLINK.
* RDB loading speedup.
* Many bugs fixed (see the commit messages at the end of this node)
================================================================================
Redis 6.0-rc3 Released Tue Mar 31 17:42:39 CEST 2020
Upgrade urgency CRITICAL: A connection management bug introduced with the SSL implementation can crash Redis easily.
Dear users, this is a list of the major changes in this release, please check the list of commits for detail:
- Fix crash due to refactoring for SSL, for the connection code.
- Precise timeouts for blocking commands. Now the timeouts have HZ resolution regardless of the number of connected clinets. New timeouts are stored in a radix tree and sorted by expire time.
- Fix rare crash when resizing the event loop because of CONFIG maxclients.
- Fix systemd readiness after successful partial resync.
- Redis-cli ask password mode to be prompted at startup (for additional safety).
- Keyspace notifications added to MIGRATE / RESTORE.
- Threaded I/O bugs fixed.
- Implement new ACL style AUTH in Sentinel.
- Make ‘requirepass’ more backward compatible with Redis <= 5.
- ACL: Handle default user as disabled if it’s off regardless of “nopass”.
- Fix a potential inconsistency when upgrading an instance in Redis Cluster and restarting it. The instance will act as a replica but will actually be set as a master immediately. However the choice of what to do with already expired keys, on loading, was made from the POV of replicas.
- Abort transactions after -READONLY error.
- Many different fixes to module APIs.
- BITFIELD_RO added to call the command on read only replicas.
- PSYNC2: meaningful offset implementation. Allow the disconnected master that is still sending PINGs to replicas, to be able to successfully PSYNC incrementally to new slaves, discarding the last part of the replication backlog consisting only of PINGs.
- Fix pipelined MULTI/EXEC during Lua scripts are in BUSY state.
- Re-fix propagation API in modules, broken again after other changes.
================================================================================
Redis 6.0 RC1 Released Thu Dec 19 09:58:24 CEST 2019
Upgrade urgency LOW: This is the first RC of Redis 6.
Introduction to the Redis 6 release
Redis 6 improves Redis in a number of key areas and is one of the largest Redis releases in the history of the project, so here we’ll list only the biggest features in this release:
- The modules system now has a number of new APIs that allow module authors to make things otherwise not possible in the past. It is possible to store arbitrary module private data in RDB files, to hook on different server events, capture and rewrite commands executions, block clients on keys, and so forth.
- The Redis active expire cycle was rewritten for much faster eviction of keys that are already expired. Now the effort is tunable.
- Redis now supports SSL on all channels.
- ACL support, you can define users that can run only certain commands and/or can only access only certain keys patterns.
- Redis now supports a new protocol called RESP3, which returns more semantical replies: new clients using this protocol can understand just from the reply what type to return to the calling program.
- There is server-side support for client-side caching of key values. This feature is still experimental and will get more changes during the next release candidates, but you can already test it and read about it here: https://redis.io/topics/client-side-caching
- Redis can now optionally use threads to handle I/O, allowing to serve 2 times as much operations per second in a single instance when pipelining cannot be used.
- Diskless replication is now supported even on replicas: a replica is now able, under certain conditions the user can configure, to load the RDB in the first synchronization directly from the socket to the memory.
- Redis-benchmark now supports a Redis Cluster mode.
- SRANDMEMBER and similar commands have a better distribution.
- Redis-cli improvements.
- Systemd support rewritten.
- A Redis Cluster proxy was released here: https://github.com/artix75/redis-cluster-proxy
- A Disque module for Redis was released here: https://github.com/antirez/disque-module
Redis 6.0 is mostly a strict superset of 5.0, you should not have any problem upgrading your application from 5.0 to 6.0. However this is a list of small non-backward compatible changes introduced in the 6.0 release:
- The SPOP
command no longer returns null when the set key does not exist. Now it returns the empty set as it should and as happens when it is called with a 0 argument. This is technically a fix, however it changes the old behavior.
Credits: For each release, a list of changes with the relative author is provided. Where not specified the implementation and design is done by Salvatore Sanfilippo. Thanks to Redis Labs for making all this possible. Also many thanks to all the other contributors and the amazing community we have.