Redis 6.2.6

00-RELEASENOTES

@@ -11,6 +11,60 @@ CRITICAL: There is a critical bug affecting MOST USERS. Upgrade ASAP.
 SECURITY: There are security fixes in the release.
 --------------------------------------------------------------------------------
 
+================================================================================
+Redis 6.2.6 Released Mon Oct 4 12:00:00 IDT 2021
+================================================================================
+
+Upgrade urgency: SECURITY, contains fixes to security issues.
+
+Security Fixes:
+* (CVE-2021-41099) Integer to heap buffer overflow handling certain string
+  commands and network payloads, when proto-max-bulk-len is manually configured
+  to a non-default, very large value [reported by yiyuaner].
+* (CVE-2021-32762) Integer to heap buffer overflow issue in redis-cli and
+  redis-sentinel parsing large multi-bulk replies on some older and less common
+  platforms [reported by Microsoft Vulnerability Research].
+* (CVE-2021-32687) Integer to heap buffer overflow with intsets, when
+  set-max-intset-entries is manually configured to a non-default, very large
+  value [reported by Pawel Wieczorkiewicz, AWS].
+* (CVE-2021-32675) Denial Of Service when processing RESP request payloads with
+  a large number of elements on many connections.
+* (CVE-2021-32672) Random heap reading issue with Lua Debugger [reported by
+  Meir Shpilraien].
+* (CVE-2021-32628) Integer to heap buffer overflow handling ziplist-encoded
+  data types, when configuring a large, non-default value for
+  hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries
+  or zset-max-ziplist-value [reported by sundb].
+* (CVE-2021-32627) Integer to heap buffer overflow issue with streams, when
+  configuring a non-default, large value for proto-max-bulk-len and
+  client-query-buffer-limit [reported by sundb].
+* (CVE-2021-32626) Specially crafted Lua scripts may result with Heap buffer
+  overflow [reported by Meir Shpilraien].
+
+Bug fixes that involve behavior changes:
+* GEO* STORE with empty source key deletes the destination key and return 0 (#9271)
+  Previously it would have returned an empty array like the non-STORE variant.
+* PUBSUB NUMPAT replies with number of patterns rather than number of subscriptions (#9209)
+  This actually changed in 6.2.0 but was overlooked and omitted from the release notes.
+
+Bug fixes that are only applicable to previous releases of Redis 6.2:
+* Fix CLIENT PAUSE, used an old timeout from previous PAUSE (#9477)
+* Fix CLIENT PAUSE in a replica would mess the replication offset (#9448)
+* Add some missing error statistics in INFO errorstats (#9328)
+
+Other bug fixes:
+* Fix incorrect reply of COMMAND command key positions for MIGRATE command (#9455)
+* Fix appendfsync to always guarantee fsync before reply, on MacOS and FreeBSD (kqueue) (#9416)
+* Fix the wrong mis-detection of sync_file_range system call, affecting performance (#9371)
+
+CLI tools:
+* When redis-cli received ASK response, it didn't handle it (#8930)
+
+Improvements:
+* Add latency monitor sample when key is deleted via lazy expire (#9317)
+* Sanitize corrupt payload improvements (#9321, #9399)
+* Delete empty keys when loading RDB file or handling a RESTORE command (#9297, #9349)
+
 ================================================================================
 Redis 6.2.5 Released Wed Jul 21 16:32:19 IDT 2021
 ================================================================================

src/version.h

@@ -1,2 +1,2 @@
-#define REDIS_VERSION "6.2.5"
-#define REDIS_VERSION_NUM 0x00060205
+#define REDIS_VERSION "6.2.6"
+#define REDIS_VERSION_NUM 0x00060206