gvsafronov/futriix
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

Update release notes with final security information

Browse Source 
Signed-off-by: Madelyn Olson <madelyneolson@gmail.com>
This commit is contained in:
Madelyn Olson 2025-01-06 14:03:36 -08:00
parent cff4d56772
commit d6a2f561e2
3 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
00-RELEASENOTES
View File

@ -36,12 +36,19 @@ Bug fixes
mode. (#1155) mode. (#1155)
* Send the correct error message when `FUNCTION KIlL` is used to kill an * Send the correct error message when `FUNCTION KIlL` is used to kill an
ongoing script. (#1171) ongoing script. (#1171)
* Fix a potential memory corruption when databases are emptied, such as
through `FLUSHDB`, when during active defrag is running. (#1512)
Behavior changes Behavior changes
================ ================
* Revert an unintended breaking change when sending an unsubuscribe command * Revert an unintended breaking change when sending an unsubuscribe command
when a client is not subscribed to any channels. (#1265) when a client is not subscribed to any channels. (#1265)
Security fixes
==============
* (CVE-2024-46981) Lua script commands may lead to remote code execution. (#1513)
* (CVE-2024-51741) Denial-of-service due to malformed ACL selectors. (#1514)
================================================================================ ================================================================================
Valkey 8.0.1 - Released Tue 1 Oct 2024 Valkey 8.0.1 - Released Tue 1 Oct 2024
================================================================================ ================================================================================

2
src/eval.c
View File

@ -282,7 +282,7 @@ void scriptingInit(int setup) {
void freeLuaScriptsSync(dict *lua_scripts, list *lua_scripts_lru_list, lua_State *lua) { void freeLuaScriptsSync(dict *lua_scripts, list *lua_scripts_lru_list, lua_State *lua) {
dictRelease(lua_scripts); dictRelease(lua_scripts);
listRelease(lua_scripts_lru_list); listRelease(lua_scripts_lru_list);
lua_gc(lctx.lua, LUA_GCCOLLECT, 0); lua_gc(lua, LUA_GCCOLLECT, 0);
lua_close(lua); lua_close(lua);
#if !defined(USE_LIBC) #if !defined(USE_LIBC)

2
src/sort.c
View File

@ -262,7 +262,7 @@ void sortCommandGeneric(client *c, int readonly) {
/* If GET is specified with a real pattern, we can't accept it in cluster mode, /* If GET is specified with a real pattern, we can't accept it in cluster mode,
* unless we can make sure the keys formed by the pattern are in the same slot * unless we can make sure the keys formed by the pattern are in the same slot
* as the key to sort. */ * as the key to sort. */
if (server.cluster_enabled && if (server.cluster_enabled && !isReturnSubstPattern(c->argv[j + 1]->ptr) &&
!isReturnSubstPattern(c->argv[j + 1]->ptr) && !isReturnSubstPattern(c->argv[j + 1]->ptr) &&
patternHashSlot(c->argv[j + 1]->ptr, sdslen(c->argv[j + 1]->ptr)) != getKeySlot(c->argv[1]->ptr)) { patternHashSlot(c->argv[j + 1]->ptr, sdslen(c->argv[j + 1]->ptr)) != getKeySlot(c->argv[1]->ptr)) {
addReplyError(c, "GET option of SORT denied in Cluster mode when " addReplyError(c, "GET option of SORT denied in Cluster mode when "