7.4-rc1

Note: License changed - see LICENSE.txt

Upgrade urgency LOW: This is the first Release Candidate for Redis 7.4.

Here is a comprehensive list of changes in this release compared to 7.2.5.

New Features

• #13303 Hash - expiration of individual fields. 9 commands were introduced:
  • HEXPIRE and HPEXPIRE set the remaining time to live for specific fields
  • HEXPIREAT and HPEXPIREAT set the expiration time to a UNIX timestamp for specific fields
  • HPERSIST removes the expiration for specific fields
  • HEXPIRETIME and HPEXPIRETIME get the expiration time for specific fields
  • HTTL and HPTTL get the remaining time to live for specific fields
• #13117 XREAD: new id value + to start reading from the last message
• #12765 HSCAN: new [NOVALUES] flag to report only field names
• #12728 SORT, SORT_RO: allow BY and GET options in cluster mode when the pattern maps to the same slot as the key
• #12299 CLIENT KILL: new optional filter: MAXAGE maxage - retain connections older than maxage seconds
• #12971 Lua: expose os.clock() API for getting the elapsed time of Lua code execution
• #13276 Allow SPUBLISH command within MULTI ... EXEC transactions on replica

Bug fixes

• #12898 XREADGROUP: fix entries-read inconsistency between master and replicas
• #13042 SORT ... STORE: fix created lists to respect list compression and packing configs
• #12817, #12905 Fix race condition issues between the main thread and module threads
• #12577 Unsubscribe all clients from replica for shard channel if the master ownership changes
• #12622 WAITAOF could timeout or hang if used after a module command that propagated effects only to replicas and not to AOF
• #11734 BITCOUNT and BITPOS with nonexistent key and illegal arguments return an error, not 0
• #12394 BITCOUNT: check for wrong argument before checking if key exists
• #12961 Allow execution of read-only transactions when out of memory
• #13274 Fix crash when a client performs ACL change that disconnects itself
• #13311 Cluster: Fix crash due to unblocking client during slot migration

Security improvements

• #13108 Lua: LRU eviction for scripts generated with EVAL *** BEHAVIOR CHANGE ***
• #12961 Restrict the total request size of MULTI ... EXEC transactions
• #12860 Redact ACL username information and mark '*-key-file-pass configs' as sensitive

Performance and resource utilization improvements

• #12838 Improve performance when many clients call PUNSUBSCRIBE / SUNSUBSCRIBE simultaneously
• #12627 Reduce lag when waking WAITAOF clients and there is not much traffic
• #12754 Optimize KEYS when pattern includes hashtag and implies a single slot
• #11695 Reduce memory and improve performance by replacing cluster metadata with slot specific dictionaries
• #13087 SCRIPT FLUSH ASYNC now does not block the main thread
• #12996 Active memory defragmentation efficiency improvements
• #12899 Improve performance of read/update operation during rehashing
• #12536 SCAN ... MATCH: Improve performance when the pattern implies cluster slot
• #12450 ZRANGE ... LIMIT: improved performance

Other general improvements

• #13133 Lua: allocate VM code with jemalloc instead of libc and count it as used memory *** BEHAVIOR CHANGE ***
• #12171 ACL LOAD: do not disconnect all clients *** BEHAVIOR CHANGE ***
• #13020 Allow adjusting defrag configurations while active defragmentation is running
• #12949 Increase the accuracy of avg_ttl (the average keyspace keys TTL)
• #12977 Allow running WAITAOF in scripts
• #12782 Implement TCP Keep-Alives across most Unix-like systems
• #12707 Improved error codes when rejecting scripts in cluster mode
• #12596 Support XREAD ... BLOCK in scripts; rejected only if it ends up blocking

New metrics

• #12849 INFO: pubsub_clients - number of clients in Pub/Sub mode
• #12966 INFO: watching_clients - number of clients that are watching keys
• #12966 INFO: total_watched_keys - number of watched keys
• #12476 INFO: client_query_buffer_limit_disconnections - count client input buffer OOM events
• #12476 INFO: client_output_buffer_limit_disconnections - count client output buffer OOM events
• #12996 INFO: allocator_muzzy - memory returned to the OS but still shows as RSS until the OS reclaims it
• #13108 INFO: evicted_scripts - number of evicted eval scripts. Users can check it to see if they are abusing EVAL
• #12996 MEMORY STATS: allocator.muzzy - memory returned to the OS but still shows as RSS until the OS reclaims it
• #12913 INFO MEMORY mem_overhead_db_hashtable_rehashing - memory resharding overhead (only the memory that will be released soon)
• #12913 MEMORY STATS': overhead.db.hashtable.lut` - total overhead of dictionary buckets in databases
• #12913 MEMORY STATS': overhead.db.hashtable.rehashing` - temporary memory overhead of database dictionaries currently being rehashed
• #12913 MEMORY STATS': db.dict.rehashing.count` - number of top level dictionaries currently being rehashed
• #12966 CLIENT LIST: watch - number of keys each client is currently watching

Modules API

• #12985 New API calls: RM_TryCalloc and RM_TryRealloc - allow modules to handle memory allocation failures gracefully
• #13069 New API call: RM_ClusterKeySlot - which slot a key will hash to
• #13069 New API call: RM_ClusterCanonicalKeyNameInSlot - get a consistent key that will map to a slot
• #12486 New API call: RM_AddACLCategory - allow modules to declare new ACL categories

Configuration parameters

• #12178 New configuration parameters: max-new-connections-per-cycle and max-new-tls-connections-per-cycle to limit the number of new client connections per event-loop cycle
• #7351 Rename some CPU configuration parameters for style alignment. Added alias to the old names to avoid breaking change

CLI tools

• #10609 redis-cli: new -t <timeout> argument: specify server connection timeout in seconds
• #11315 redis-cli: new -4 and -6 flags to prefer IPV4 or IPV6 on DNS lookup
• #12862 redis-cli: allows pressing up arrow to return any command (including sensitive commands which are still not persisted)
• #12543 redis-cli: add reverse history search (like Ctrl+R in terminals)
• #12826 redis-cli: add --keystats and --keystats-samples to combines --memkeys and --bigkeys with additional distribution data
• #12735 redis-cli: fix: --bigkeys and --memkeys now work on cluster replicas
• #9411 redis-benchmark: add support for binary strings
• #12986 redis-benchmark: fix: pick random slot for a node to distribute operation across slots

7.2.5

Upgrade urgency MODERATE: Program an upgrade of the server, but it's not urgent.

Bug fixes

• A single shard cluster leaves failed replicas in CLUSTER SLOTS instead of removing them (#12824)
• Crash in LSET command when replacing small items and exceeding 4GB (#12955)
• Blocking commands timeout is reset due to re-processing command (#13004)
• Conversion of numbers in Lua args to redis args can fail. Bug introduced in 7.2.0 (#13115)

Bug fixes in CLI tools

• redis-cli: --count (for --scan, --bigkeys, etc) was ignored unless --pattern was also used (#13092)
• redis-check-aof: incorrectly considering data in manifest format as MP-AOF (#12958)

7.2.4

Upgrade urgency SECURITY: See security fixes below.

Security fixes

• (CVE-2023-41056) In some cases, Redis may incorrectly handle resizing of memory
  buffers which can result in incorrect accounting of buffer sizes and lead to
  heap overflow and potential remote code execution.

Bug fixes

• Fix crashes of cluster commands clusters with mixed versions of 7.0 and 7.2 (#12805, #12832)
• Fix slot ownership not being properly handled when deleting a slot from a node (#12564)
• Fix atomicity issues with the RedisModuleEvent_Key module API event (#12733)

7.0.15

Upgrade urgency SECURITY: See security fixes below.

Security fixes

• (CVE-2023-41056) In some cases, Redis may incorrectly handle resizing of memory
  buffers which can result in incorrect accounting of buffer sizes and lead to
  heap overflow and potential remote code execution.

7.2.3

Upgrade urgency: HIGH, Fixes critical bugs affecting most users.

Bug fixes

• Fix file descriptor leak preventing deleted files from freeing disk space on
  replicas (#12693)
• Fix a possible crash after cluster node removal (#12702)

7.2.2

Upgrade urgency SECURITY: See security fixes below.

Security fixes

• (CVE-2023-45145) The wrong order of listen(2) and chmod(2) calls creates a
  race condition that can be used by another process to bypass desired Unix
  socket permissions on startup.

Platform / toolchain support related changes

• Fix compilation error on MacOS 13 (#12611)

Bug fixes

• WAITAOF could timeout in the absence of write traffic in case a new AOF is
  created and an AOF rewrite can't immediately start (#12620)

Redis cluster

• Fix crash when running rebalance command in a mixed cluster of 7.0 and 7.2
  nodes (#12604)
• Fix the return type of the slot number in cluster shards to integer, which
  makes it consistent with past behavior (#12561)
• Fix CLUSTER commands are called from modules or scripts to return TLS info
  appropriately (#12569)

Changes in CLI tools

• redis-cli, fix crash on reconnect when in SUBSCRIBE mode (#12571)

Module API changes

• Fix overflow calculation for next timer event (#12474)

7.0.14

Upgrade urgency SECURITY: See security fixes below.

Security fixes

• (CVE-2023-45145) The wrong order of listen(2) and chmod(2) calls creates a
  race condition that can be used by another process to bypass desired Unix
  socket permissions on startup.

6.2.14

Upgrade urgency SECURITY: See security fixes below.

Security fixes

• (CVE-2023-45145) The wrong order of listen(2) and chmod(2) calls creates a
  race condition that can be used by another process to bypass desired Unix
  socket permissions on startup.

7.2.1

Upgrade urgency SECURITY: See security fixes below.

Security Fixes

• (CVE-2023-41053) Redis does not correctly identify keys accessed by SORT_RO and,
  as a result, may grant users executing this command access to keys that are not
  explicitly authorized by the ACL configuration.

Bug Fixes

• Fix crashes when joining a node to an existing 7.0 Redis Cluster (#12538)
• Correct request_policy and response_policy command tips on for some admin /
  configuration commands (#12545, #12530)

7.0.13

Upgrade urgency SECURITY: See security fixes below.

Security Fixes

• (CVE-2023-41053) Redis does not correctly identify keys accessed by SORT_RO and
  as a result may grant users executing this command access to keys that are not
  explicitly authorized by the ACL configuration.

Bug Fixes

• Cluster: fix a race condition where a slot migration may revert on a
  subsequent failover or node joining (#12344)
• Ensure that the function load timeout is disabled during loading from RDB/AOF
  and on replicas. (#12451)
• Fix the assertion when script timeout occurs after it signaled a blocked client (#12459)