Redis 6.0.20

2023-07-09 15:30:55 +03:00 · 2023-07-09 15:30:55 +03:00 · de0d9632b5
parent a1589c3769
commit de0d9632b5
2 changed files with 21 additions and 2 deletions
--- a/19
+++ b/19
@ -12,6 +12,25 @@ SECURITY: There are security fixes in the release.
 --------------------------------------------------------------------------------


+================================================================================
+Redis 6.0.20   Released Mon July 10 12:00:00 IDT 2023
+================================================================================
+
+Upgrade urgency SECURITY: See security fixes below.
+
+Security Fixes:
+* (CVE-2022-24834) A specially crafted Lua script executing in Redis can trigger
+  a heap overflow in the cjson and cmsgpack libraries, and result in heap
+  corruption and potentially remote code execution. The problem exists in all
+  versions of Redis with Lua scripting support, starting from 2.6, and affects
+  only authenticated and authorized users.
+
+Bug Fixes
+=========
+
+* Re-enable downscale rehashing while there is a fork child (#12276)
+
+
 ================================================================================
 Redis 6.0.19 Released Mon Apr 17 16:00:00 IST 2023
 ================================================================================
--- a/src/version.h
+++ b/src/version.h
@ -1,2 +1,2 @@
-#define REDIS_VERSION "6.0.19"
-#define REDIS_VERSION_NUM 0x00060013
+#define REDIS_VERSION "6.0.20"
+#define REDIS_VERSION_NUM 0x00060014