Upgrade urgency SECURITY: This release includes security fixes we
recommend you apply as soon as possible.
Security fixes
- (CVE-2025-67733) RESP Protocol Injection via Lua error_reply
- (CVE-2026-21863) Remote DoS with malformed Valkey Cluster bus
message
- (CVE-2026-27623) Reset request type after handling empty
requests
Bug fixes
- Avoids crash during MODULE UNLOAD when ACL rules reference a
module command and subcommand (#3160)
- Fix server assert on ACL LOAD when current user loses
permission to channels (#3182)
- Fix bug causing no response flush sometimes when IO threads are
busy (#3205)
OBS-URL: https://build.opensuse.org/package/show/server:database/valkey?expand=0&rev=45
- Update to 8.1.2:
- Security fixes
* CVE-2025-27151 Check length of AOF file name in valkey-check-aof (#2146)
- Bug fixes
* Properly escape double quotes and backslash in MONITOR command (#2036)
* Fix high CPU usage when fetching a random element in skewed sparse hash
table (#2085)
* Fix a bug that allowed clients to process commands when the server has
paused command processing (#2109)
* Fix a crash where the wrong slot is used when processing sharded pubsub
unsubscribe events (#2137)
* Fix a crash when a module attempts to write auxiliary data with AOF
enabled (#2132)
* Fix a bug where the engine may crash when establishing new outbound TLS
connections (#2140)
* Fix a bug where a cluster bus packet may be incorrectly marked as
invalid (#2144)
* Fix a bug where CLUSTER SLOTS/NODES information can be stale after
updating node port/tls-port (#2186)
* Fix a bug where replica in cluster mode can't finish failover when
config epoch is outdated (#2178)
* Fix a bug to avoid CLIENT UNBLOCK command to unblock paused clients
(#2117)
- Drop valkey-ssl_new-null-return.patch, CVE-2025-27151.patch
* Included in upstream release
- Provide redis 7.2.9 instead of valkey version due to lack of
features provided by redis 7.4 (boo#1243605)
OBS-URL: https://build.opensuse.org/request/show/1284958
OBS-URL: https://build.opensuse.org/package/show/server:database/valkey?expand=0&rev=30
- Update to 8.0.2:
- Security fixes
* (CVE-2024-46981, bsc#1235387) Lua script commands may lead to remote code execution. (#1513)
* (CVE-2024-51741, bsc#1235386) Denial-of-service due to malformed ACL selectors. (#1514)
- Bug fixes
* Fix an uncommon crash when using TLS with dual channel replication. (#1173)
* Make sure repl_down_since is correctly reset when dual channel replication
fails. (#1149)
* Fix a performance regression where a replica does not properly initialize
the database size when loading a snapshot during replication. (#1199)
* Make sure the last accessed time is correctly updated when using the TOUCH
command with the CLIENT NO-TOUCH option.
* Fix a bug where total_net_repl_output_bytes may report the wrong. (#1486)
* Fix a bug where used_memory_scripts may report the wrong value. (#1255)
* Fix a bug where server might crash when using active defrag when scripts
are evicted from the script cache. (#1310)
* Fix a bug where extra memory would be used when storing strings in the
inline protocol. (#1213)
* Fix a bug where the SORT command may throw a cross slot error. (#1182)
* Fix a bug where the RANDOMKEY command may omit returning keys in cluster
mode. (#1155)
* Send the correct error message when FUNCTION KIlL is used to kill an
ongoing script. (#1171)
* Fix a potential memory corruption when databases are emptied, such as
through FLUSHDB, when during active defrag is running. (#1512)
- Behavior changes
* Revert an unintended breaking change when sending an unsubuscribe command
when a client is not subscribed to any channels. (#1265)
OBS-URL: https://build.opensuse.org/request/show/1236225
OBS-URL: https://build.opensuse.org/package/show/server:database/valkey?expand=0&rev=22
- Update to 8.0.1:
- Bug fixes
* Fix a build issue with RDMA when using additional make parameters. (#1074)
* Fix an issue where `CLUSTER SLOTS` might return the wrong tcp or tls port
when called from inside a script or from a module. (#1072)
* Fix a crash when `CLUSTER SLOTS` or `CLUSTER SHARDS` is called from inside
a script or from a module. (#1063)
* Fix a build issue on systems where `<threads.h>` is unavailable. (#1053)
* Fix an issue with the default `sentinel.conf` being invalid. (#1040)
- Security fixes
* (CVE-2024-31449, bsc#1231264) Lua library commands may lead to stack
overflow and potential RCE.
* (CVE-2024-31227, bsc#1231266) Potential Denial-of-service due to malformed
ACL selectors.
* (CVE-2024-31228, bsc#1231265) Potential Denial-of-service due to unbounded
pattern matching.
- 8.0.0 changelog:
* See https://github.com/valkey-io/valkey/blob/8.0.1/00-RELEASENOTES
- Drop ppc-atomic.patch
- Refresh valkey-conf.patch
OBS-URL: https://build.opensuse.org/request/show/1205728
OBS-URL: https://build.opensuse.org/package/show/server:database/valkey?expand=0&rev=15
- Update to 7.2.6:
- Bug Fixes - Core
* Fix typo in REGISTER_API macro to prevent segfaults when loading Redis
modules (#608)
* Fix the command duration reset issue when clients are blocked and commands
are reprocessed (#526)
* Fix the data type conversion error in zrangeResultBeginStore (Redis#13148)
* Fix a crash caused by quicklist node merges (Redis#13040)
* Fix crashes in module blocking client timeout cases (Redis#13011)
* Fix conversion of numbers in Lua args to Redis args
(Redis#13115, Fixes Redis#13113)
* Fix crash in LSET command when replacing small list items with larger ones,
creating listpacks larger than 4GB (Redis#12955, Fixes Redis#12864)
* Fix blocking command timeout reset issue during reprocessing (Redis#13004)
- Bug Fixes - Cluster
* Fix the CLUSTER SHARDS command to display accurate slot information even
if a primary node fails (#790, Fixes#784)
* Fix an issue where module authentication failed when the cluster was down
(#693, Fixes#619)
* Ensure only primary nodes with slots can mark another node as failed (#634)
* Improve MEET command reliability under link failures to maintain cluster
membership symmetry (#461)
* Allow single primary node to mark potentially failed replica as FAIL in
single-shard cluster (Redis#12824)
- Bug Fixes - Sentinel
* Accept redis-sentinel to start Valkey in sentinel mode (#731, Fixes#719)
- Bug Fixes - CLI
* Ensure the --count option in redis-cli works correctly even without
--pattern (Redis#13092)
* Fix redis-check-aof misidentifying data in manifest format as MP-AOF
OBS-URL: https://build.opensuse.org/request/show/1197174
OBS-URL: https://build.opensuse.org/package/show/server:database/valkey?expand=0&rev=13
