------------------------------------------------------------------- Tue Dec 9 20:31:50 UTC 2025 - Andreas Stieger - Update to 9.0.1: * Authenticate slot migration client on source node to internal user * Bug fix: reset io_last_written on c->buf resize to prevent stale pointers * Sentinel: fix regression requiring "+failover" ACL in failover path * Cluster: Avoid usage of light weight messages to nodes with not ready bidirectional links * Send duplicate multi meet packet only for node which supports it in mixed clusters * Fix: LTRIM should not call signalModifiedKey when no elements are removed * Fix build on some 32-bit ARM by only using NEON on AArch64 * Fix deadlock in IO-thread shutdown during panic * Fix COMMANDLOG large-reply when using reply copy avoidance * Fix CLUSTER SLOTS crash when called from module timer callback ------------------------------------------------------------------- Sat Nov 29 02:18:38 UTC 2025 - Marcus Rueckert - update valkey-conf.patch instead of copying the whole default example config we can also have it as include file and start out with a very minimal configuration for each instance. ------------------------------------------------------------------- Tue Oct 21 19:47:52 UTC 2025 - Antonio Teixeira - Update to 9.0.0: - Changes since last major version: * https://valkey.io/blog/introducing-valkey-9/ * https://github.com/valkey-io/valkey/releases/tag/9.0.0-rc1 * https://github.com/valkey-io/valkey/releases/tag/9.0.0-rc2 * https://github.com/valkey-io/valkey/releases/tag/9.0.0-rc3 - Bug fixes * HSETEX with FXX should not create an object if it does not exist * Fix crash when aborting a slot migration while child snapshot is active * Fix double MOVED reply on unblock at failover * Fix memory leak with CLIENT LIST/KILL duplicate filters * Fix incorrect accounting after completed atomic slot migration * Fix Lua VM crash after FUNCTION FLUSH ASYNC + FUNCTION LOAD * Fix invalid memory address caused by hashtable shrinking during safe iteration ------------------------------------------------------------------- Sun Oct 5 10:07:38 UTC 2025 - Andreas Stieger - Update to 8.1.4: - Security fixes (boo#1250995): * CVE-2025-49844: A Lua script may lead to remote code execution * CVE-2025-46817: A Lua script may lead to integer overflow and potential RCE * CVE-2025-46818: A Lua script can be executed in the context of another user * CVE-2025-46819: LUA out-of-bound read - Bug fixes: * Fix accounting for dual channel RDB bytes in replication stats * Fix EVAL to report unknown error when empty error table is provided * Fix use-after-free when active expiration triggers hashtable to shrink * Fix MEMORY USAGE to account for embedded keys * Fix memory leak when shrinking a hashtable without entries * Prevent potential assertion in active defrag handling large allocations * Prevent bad memory access when NOTOUCH client gets unblocked * Converge divergent shard-id persisted in nodes.conf to primary's shard id * Fix client tracking memory overhead calculation * Fix RDB load per slot memory pre-allocation when loading from RDB snapshot * Don't use AVX2 instructions if the CPU doesn't support it * Fix bug where active defrag may be unable to defrag sparsely filled pages - drop CVE-2025-49112.patch, included ------------------------------------------------------------------- Tue Jul 15 21:47:08 UTC 2025 - Antonio Teixeira - Update to 8.1.3: - Security fixes * CVE-2025-32023 prevent out-of-bounds write during hyperloglog operations (boo#1246059) * CVE-2025-48367 retry accept on transient errors (#2315) (boo#1246058) - Bug fixes * Fix missing response when AUTH is errored inside a transaction (#2287) ------------------------------------------------------------------- Thu Jun 12 01:21:10 UTC 2025 - Antonio Teixeira - Update to 8.1.2: - Security fixes * CVE-2025-27151 Check length of AOF file name in valkey-check-aof (#2146) - Bug fixes * Properly escape double quotes and backslash in MONITOR command (#2036) * Fix high CPU usage when fetching a random element in skewed sparse hash table (#2085) * Fix a bug that allowed clients to process commands when the server has paused command processing (#2109) * Fix a crash where the wrong slot is used when processing sharded pubsub unsubscribe events (#2137) * Fix a crash when a module attempts to write auxiliary data with AOF enabled (#2132) * Fix a bug where the engine may crash when establishing new outbound TLS connections (#2140) * Fix a bug where a cluster bus packet may be incorrectly marked as invalid (#2144) * Fix a bug where CLUSTER SLOTS/NODES information can be stale after updating node port/tls-port (#2186) * Fix a bug where replica in cluster mode can't finish failover when config epoch is outdated (#2178) * Fix a bug to avoid CLIENT UNBLOCK command to unblock paused clients (#2117) - Drop valkey-ssl_new-null-return.patch, CVE-2025-27151.patch * Included in upstream release ------------------------------------------------------------------- Wed Jun 11 22:08:53 UTC 2025 - Antonio Teixeira - Provide redis 7.2.9 instead of valkey version due to lack of features provided by redis 7.4 (boo#1243605) ------------------------------------------------------------------- Tue Jun 3 17:55:25 UTC 2025 - Antonio Teixeira - Fix crash on SSL_new() returning NULL in outgoing connections (bsc#1243061) * valkey-ssl_new-null-return.patch ------------------------------------------------------------------- Mon Jun 2 12:12:59 UTC 2025 - Antonio Teixeira - Fix CVE-2025-27151, absence of filename size check may cause a stack overflow (bsc#1243804) * CVE-2025-27151.patch - Fix CVE-2025-49112, setDeferredReply integer underflow (bsc#1243913) * CVE-2025-49112.patch ------------------------------------------------------------------- Mon May 5 14:41:28 UTC 2025 - Andreas Stieger - Update to 8.1.1: * 8.1.x branch with enhanced performance, reliability, observability and usability over Valkey 8.0 * compatible with all previous Valkey releases as well as Redis OSS 7.2.4 * Updated configuration options and functionality as listed in https://github.com/valkey-io/valkey/releases/tag/8.1.1 https://github.com/valkey-io/valkey/releases/tag/8.1.0 ------------------------------------------------------------------- Thu Apr 24 16:52:15 UTC 2025 - Andreas Stieger - Update to 8.0.3: * CVE-2025-21605: Limit output buffer for unauthenticated clients (boo#1241708) * Optimize RDB load performance and fix cluster mode resizing on replica side * Fix memory leak in forgotten node ping ext code path * Fix cluster info sent stats for message with light header * Fix module LatencyAddSample still work when latency-monitor-threshold is 0 * Fix potential crash in radix tree recompression of huge keys * Fix error "SSL routines::bad length" when connTLSWrite is called second time with smaller buffer * Fix temp file leak druing replication error handling * Fix ACL LOAD crash on replica since the primary client don't has a user * Fix RANDOMKEY infinite loop during CLIENT PAUSE * fix: add samples to stream object consumer trees * Fix cluster slot stats assertion during promotion of replica * Fix panic in primary when blocking shutdown after previous block with timeout * Ignore stale gossip packets that arrive out of order * Fix incorrect lag reported in XINFO GROUPS * Avoid shard id update of replica if not matching with primary shard id ------------------------------------------------------------------- Wed Jan 8 17:22:51 UTC 2025 - Antonio Teixeira - Update to 8.0.2: - Security fixes * (CVE-2024-46981, bsc#1235387) Lua script commands may lead to remote code execution. (#1513) * (CVE-2024-51741, bsc#1235386) Denial-of-service due to malformed ACL selectors. (#1514) - Bug fixes * Fix an uncommon crash when using TLS with dual channel replication. (#1173) * Make sure repl_down_since is correctly reset when dual channel replication fails. (#1149) * Fix a performance regression where a replica does not properly initialize the database size when loading a snapshot during replication. (#1199) * Make sure the last accessed time is correctly updated when using the TOUCH command with the CLIENT NO-TOUCH option. * Fix a bug where total_net_repl_output_bytes may report the wrong. (#1486) * Fix a bug where used_memory_scripts may report the wrong value. (#1255) * Fix a bug where server might crash when using active defrag when scripts are evicted from the script cache. (#1310) * Fix a bug where extra memory would be used when storing strings in the inline protocol. (#1213) * Fix a bug where the SORT command may throw a cross slot error. (#1182) * Fix a bug where the RANDOMKEY command may omit returning keys in cluster mode. (#1155) * Send the correct error message when FUNCTION KIlL is used to kill an ongoing script. (#1171) * Fix a potential memory corruption when databases are emptied, such as through FLUSHDB, when during active defrag is running. (#1512) - Behavior changes * Revert an unintended breaking change when sending an unsubuscribe command when a client is not subscribed to any channels. (#1265) ------------------------------------------------------------------- Wed Dec 4 20:05:34 UTC 2024 - Antonio Teixeira - Fix redis and sentinel units lookup in migration script (bsc#1226986) * Look for units in /etc/systemd/system/redis.target.wants - Fix sentinel config files permissions in migration script ------------------------------------------------------------------- Tue Oct 22 09:03:52 UTC 2024 - Dirk Müller - fix requires for compat-redis package ------------------------------------------------------------------- Fri Oct 4 12:43:51 UTC 2024 - Antonio Teixeira - Update to 8.0.1: - Bug fixes * Fix a build issue with RDMA when using additional make parameters. (#1074) * Fix an issue where `CLUSTER SLOTS` might return the wrong tcp or tls port when called from inside a script or from a module. (#1072) * Fix a crash when `CLUSTER SLOTS` or `CLUSTER SHARDS` is called from inside a script or from a module. (#1063) * Fix a build issue on systems where `` is unavailable. (#1053) * Fix an issue with the default `sentinel.conf` being invalid. (#1040) - Security fixes * (CVE-2024-31449, bsc#1231264) Lua library commands may lead to stack overflow and potential RCE. * (CVE-2024-31227, bsc#1231266) Potential Denial-of-service due to malformed ACL selectors. * (CVE-2024-31228, bsc#1231265) Potential Denial-of-service due to unbounded pattern matching. - 8.0.0 changelog: * See https://github.com/valkey-io/valkey/blob/8.0.0/00-RELEASENOTES - Drop ppc-atomic.patch - Refresh valkey-conf.patch ------------------------------------------------------------------- Tue Aug 27 18:04:07 UTC 2024 - Antonio Teixeira - Update to 7.2.6: - Bug Fixes - Core * Fix typo in REGISTER_API macro to prevent segfaults when loading Redis modules (#608) * Fix the command duration reset issue when clients are blocked and commands are reprocessed (#526) * Fix the data type conversion error in zrangeResultBeginStore (Redis#13148) * Fix a crash caused by quicklist node merges (Redis#13040) * Fix crashes in module blocking client timeout cases (Redis#13011) * Fix conversion of numbers in Lua args to Redis args (Redis#13115, Fixes Redis#13113) * Fix crash in LSET command when replacing small list items with larger ones, creating listpacks larger than 4GB (Redis#12955, Fixes Redis#12864) * Fix blocking command timeout reset issue during reprocessing (Redis#13004) - Bug Fixes - Cluster * Fix the CLUSTER SHARDS command to display accurate slot information even if a primary node fails (#790, Fixes #784) * Fix an issue where module authentication failed when the cluster was down (#693, Fixes #619) * Ensure only primary nodes with slots can mark another node as failed (#634) * Improve MEET command reliability under link failures to maintain cluster membership symmetry (#461) * Allow single primary node to mark potentially failed replica as FAIL in single-shard cluster (Redis#12824) - Bug Fixes - Sentinel * Accept redis-sentinel to start Valkey in sentinel mode (#731, Fixes #719) - Bug Fixes - CLI * Ensure the --count option in redis-cli works correctly even without --pattern (Redis#13092) * Fix redis-check-aof misidentifying data in manifest format as MP-AOF (Redis#12951) * Update redis-check-rdb types to replace stream-v2 with stream-v3 (Redis#12969) ------------------------------------------------------------------- Tue Jul 9 14:21:33 UTC 2024 - Antonio Teixeira - migrate_redis_to_valkey.bash fixes (boo#1227139) * Also set group owner for /var/lib/valkey * Change logdir option in copied conf files to /var/log/valkey * Change owner of copied conf files to root:valkey ------------------------------------------------------------------- Tue Jul 2 07:52:48 UTC 2024 - Andreas Schwab - valkey.logrotate: fix owner of logfiles ------------------------------------------------------------------- Sat Jun 29 17:32:13 UTC 2024 - Neal Gompa - Add legacy symlinks for "redis" executables in sbin to fix running valkey in other package test suites using absolute paths ------------------------------------------------------------------- Wed Jun 26 06:25:23 UTC 2024 - Georg Pfuetzenreuter - Repair Redis instance detection (boo#1226986) ------------------------------------------------------------------- Sat Jun 22 08:42:19 UTC 2024 - Neal Gompa - Enable automatic replacement of redis with valkey ------------------------------------------------------------------- Thu Jun 6 18:26:19 UTC 2024 - Neal Gompa - Initial package based on the redis package and Fedora valkey package - Ported over patch from redis package + Added valkey-conf.patch - Backport patch from upstream submission + Added ppc-atomic.patch