Redis Release Notes

Update urgency: HIGH: There are critical bugs that may affect a subset of users.

Bug fixes

• #15175, RediSearch/RediSearch#9262 Redis fails to start on AArch64
• #15163 MULTI queue memory incorrect memory accounting
• #15115 Under-copy in the Lua debugger
• #15094 Cluster crash when CLIENT KILL unsubscribes SSUBSCRIBE client inside EXEC
• #14963 XREADGROUP: consumer replication inconsistency
• #14934 Client output buffer memory tracking not accounting for copy-avoided bulk string references
• #14970 Sentinel config injection via SENTINEL SET
• #14982 SCAN commands: integer overflow in COUNT parameter
• #15073 CLIENT TRACKING: self-overlap returning non-zero loop index
• #15059 Use-after-free
• #15037 XINFO STREAM: wrong value in the per-slot memory tracking
• #15034, #15081 Issues processing corrupt RDB data
• #15021 HEXPIRE: overflow on fields count
• #14942 Fix COMMAND GETKEYS for PFMERGE with no source keys
• #15188 cluster-announce-ip rejecting hostnames (regression)
• #14667, #14886 Potential TCP stalls/deadlocks
• RediSearch/RediSearch#9484 Shard crash during background index scan of JSON documents with vector fields on Active-Active (CRDT) databases (MOD-15542)
• RediSearch/RediSearch#9635 Severe latency spikes and shard unresponsiveness when EXPIRE or EXPIREAT operations run concurrently with queries on large indexes (MOD-14930)

Original source

Update urgency: HIGH

There are critical bugs that may affect a subset of users.

Bug fixes

• #15175, RediSearch/RediSearch#9262 Redis fails to start on AArch64
• #15163 MULTI queue memory incorrect memory accounting
• #14581 Rare server hang at shutdown
• #14545 ACL: AOF loading fails if ACL rules are changed and don't allow some commands in MULTI-EXEC
• #14537 SCAN: restore original filter order (revert change introduced in 8.2)
• #14816 setModuleEnumConfig() passing prefixed name to module callbacks
• #14659 ACL: Key-pattern bypass in MSETEX
• #14623 Streams: XTRIM/XADD with approx mode (~) don’t delete entries for DELREF/ACKED strategies
• #14552 Streams: Incorrect behavior when using XDELEX...ACKEDafterXGROUP DESTROY`
• #14848 Crash during command processing on replicas performing full synchronization
• #15188 cluster-announce-ip rejecting hostnames (regression)
• #14667, #14886 Potential TCP stalls/deadlocks
• RediSearch/RediSearch#9484 Shard crash during background index scan of JSON documents with vector fields on Active-Active (CRDT) databases (MOD-15542)
• RediSearch/RediSearch#9635 Severe latency spikes and shard unresponsiveness when EXPIRE or EXPIREAT operations run concurrently with queries on large indexes (MOD-14930)

Original source

Update urgency

HIGH: There are critical bugs that may affect a subset of users.

Bug fixes

• #15175, RediSearch/RediSearch#9262 Redis fails to start on AArch64
• #14537 SCAN: restore original filter order (revert change introduced in 8.2)
• #14816 setModuleEnumConfig() passing prefixed name to module callbacks
• #14623 Streams: XTRIM/XADD with approx mode (~) don’t delete entries for DELREF/ACKED strategies
• #14552 Streams: Incorrect behavior when using XDELEX...ACKEDafterXGROUP DESTROY`
• #14420 Shutdown blocked client not being properly reset after shutdown cancellation
• #14415 Potential crash in lookupKey() when executing_client is NULL
• #14417 CLUSTER FORGET - heap-buffer-overflow
• #15188 cluster-announce-ip rejecting hostnames (regression)
• #14667, #14886 Potential TCP stalls/deadlocks
• RediSearch/RediSearch#9484 Shard crash during background index scan of JSON documents with vector fields on Active-Active (CRDT) databases (MOD-15542)
• RediSearch/RediSearch#9635 Severe latency spikes and shard unresponsiveness when EXPIRE or EXPIREAT operations run concurrently with queries on large indexes (MOD-14930)

Original source

Redis Software 8!

The most performant, most secure, and richest version so far. Built for performance, scale, and reliability to power modern ML and AI applications.

Redis Software version 8.0 is now available!

Highlights

This version offers:

• Redis 8.0, 8.2, 8.4, and 8.6 feature set versions
• Performance improvements and memory reduction
• New vector set data structure
• Redis Flex revamped engine
• Redis Search upgrades
• Lag-aware availability API
• Metrics stream engine (General Availability)
• Simplified module management
• New REST API fields for database and cluster configuration
• Customer-managed certificates for internode encryption
• Smart client handoffs

Detailed release notes

For more detailed release notes, select a build version from the following table:

8.0.20-19 (May 2026)

Certificate-based authentication with LDAP group-based authorization. Amazon Linux 2023 support. API enhancements for Active-Active databases and identifying manually stopped database traffic. New search metrics.

Redis 8.6.2, 8.4.0, 8.2.1, 8.0.2, 7.4.3, 7.2.7, 6.2.13

Version changes

• POST /v1/cluster/actions/change_master REST API requests will no longer allow a node that exists but is not finished bootstrapping to become the primary node. Such requests will now return the status code 406 Not Acceptable.
• Node status now returns the actual provisional RAM and flash values even when the maximum number of shards on the node (max_redis_servers) is reached. Previously, the API returned 0 for provisional_ram_of_node and provisional_flash_of_node when a node reached its shard limit. This change affects REST API node status requests and the rladmin status nodes command's output.
• crdb_controller is enabled by default as of Redis Software version 8.0.18.

Breaking changes

• Upgrading to Redis Software version 8.0.10 through 8.0.16-29 can cause LDAP authentication to fail with "certificate signed by unknown authority" errors if your cluster currently uses LDAP authentication. This issue was fixed in Redis Software version 8.0.16-33.
• For Redis Software versions 8.0.2 through 8.0.10, LDAP filters for user_dn_query and dn_group_query strictly require parentheses to function correctly. Filters that previously worked without parentheses will no longer work after upgrading to these versions. For example, you must include the parentheses in (sAMAccountName=%u). As of version 8.0.16, this breaking change no longer applies, and both (sAMAccountName=%u) and sAMAccountName=%u are valid filters.
• Redis Software installation script changes:
  • Changed the --skip-updating-env-path option to --update-env-path when running install.sh.
  • Changed the skip_updating_env_path parameter to update_env_path in the installation answers file.

Redis database version 8 breaking changes

When new major versions of Redis Open Source change existing commands, upgrading your database to a new version can potentially break some functionality. Before you upgrade, read the provided list of breaking changes that affect Redis Software and update any applications that connect to your database to handle these changes.

ACL behavior changes

Before Redis 8, the existing ACL categories @read, @write, @dangerous, @admin, @slow, and @fast did not include commands for Redis Search and the JSON, time series, and probabilistic data structures.
Starting with Redis 8, Redis includes all Query Engine, JSON, time series, Bloom filter, cuckoo filter, top-k, count-min sketch, and t-digest commands in these existing ACL categories.

As a result:

• Existing ACL rules such as +@read +@write will allow access to more commands than in previous versions of Redis. Here are some examples:
  • A user with +@read access will be able to execute FT.SEARCH.
  • A user with +@write access will be able to execute JSON.SET.
• ACL rules such as +@all -@write will allow access to fewer commands than previous versions of Redis.
  • For example, a user with +@all -@write will not be able to execute JSON.SET.
  • Explicit inclusion of new command categories is required to maintain access. The new categories are: @search, @json, @timeseries, @bloom, @cuckoo, @topk, @cms, and @tdigest.
• ACL rules such as +@read +JSON.GET can now be simplified as +@read because JSON.GET is included in the @read category.

Note that the @all category did not change, as it always included all the commands.

Redis Search changes

The following changes affect behavior and validation in Redis Search:

• Enforces validation for LIMIT arguments (offset must be 0 if limit is 0).
• Enforces parsing rules for FT.CURSOR READ and FT.ALIASADD.
• Parentheses are now required for exponentiation precedence in APPLY expressions.
• Invalid input now returns errors instead of empty results.
• Default values revisited for reducers like AVG, COUNT, SUM, STDDEV, QUANTILE, and others.
• Updates to scoring (BM25 is now the default instead of TF-IDF).
• Improved handling of expired records, memory constraints, and malformed fields.

Reserved ports

Make sure the following ports are open before upgrading Redis Software.

Ports reserved as of Redis Software version 8.0.18:

• Port 3357 - reconciliation_tree_grpc - Internal communication

Deprecations

API deprecations

• Deprecated the policy field for bootstrap REST API requests. Use PUT /v1/cluster/policy to change cluster policies after cluster creation instead.
• Deprecated the module_args field for database REST API requests. Use the new module configuration objects search, timeseries, and probabilistic instead.
• Deprecated event_archive_cleanup_task_settings for job_scheduler REST API requests.

Redis Search deprecations

• Deprecated commands: FT.ADD, FT.SAFEADD, FT.DEL, FT.GET, FT.MGET, FT.SYNADD, FT.DROP, FT._DROPIFX, and FT.CONFIG.
• Deprecated FT.SEARCH options: GEOFILTER, FILTER, and NOSTOPWORDS.
• Deprecated vector search options: INITIAL_CAP and BLOCK_SIZE.
• Deprecated configuration parameters: WORKER_THREADS, MT_MODE, PRIVILEGED_THREADS_NUM, and GCSCANSIZE.
• Deprecated dialects: DIALECT 1, DIALECT 3, and DIALECT 4.

Internal monitoring and v1 Prometheus metrics deprecation

The existing internal monitoring engine is deprecated. We recommend transitioning to the new metrics stream engine for improved performance, enhanced integration capabilities, and modernized metrics streaming.
V1 Prometheus metrics are deprecated but still available. To transition to the new metrics stream engine, either migrate your existing dashboards using this guide or use new preconfigured dashboards.
As part of the transition to the metrics stream engine, some internal cluster manager alerts were deprecated in favor of external monitoring solutions. See the alerts transition plan for guidance.

Supported platforms

The following table provides a snapshot of supported platforms as of this Redis Software release. See the supported platforms reference for more details about operating system compatibility.
✅ Supported – The platform is supported for this version of Redis Software and Redis Stack modules.
⚠️ Deprecation warning – The platform is still supported for this version of Redis Software, but support will be removed in a future release.

Known issues

• RS196225: After upgrading to Redis Software version 8.0.x, previously working LDAP filters that use an OR clause to match multiple attributes can fail to find a unique DN for some users.
• RS193156: Active Directory LDAP authentication can fail in the Cluster Manager UI after upgrading to Redis Software version 8.0.16-33 due to an issue with LDAP TLS client certificate handling. Users previously authenticated through Active Directory can no longer sign in to the Cluster Manager UI after the upgrade.
  As a workaround, configure an LDAP client certificate using an update cluster certificates REST API request.
  PUT https://:/v1/cluster/certificates
  {
  "certificates": [
  {
  "name": "ldap_client",
  "certificate": "",
  "key": ""
  }
  ]
  }
  See Create certificates and Update certificates for more detailed instructions.
  This issue was fixed in Redis Software version 8.0.18.
• RS180550: You cannot set up SSO when the Cluster Manager UI is exposed through an IPv6-based load balancer or gateway.
  As a workaround, use an IPv4-based address for the SSO service base address, or register a DNS name that resolves to the IPv6 address.
  This issue was fixed in Redis Software version 8.0.10.
• RS131972: Creating an ACL that contains a line break in the Cluster Manager UI can cause shard migration to fail due to ACL errors. This issue was fixed in Redis Software version 8.0.6.
• RS155734: Endpoint availability metrics do not work as expected due to a calculation error.

Known limitations

Trim ACKED not supported for Active-Active 8.4 databases

For Active-Active databases running Redis database version 8.4, the ACKED option is not supported for trimming commands.

Rolling upgrade limitation for clusters with custom or deprecated modules

Due to module handling changes introduced in Redis Software version 8.0, upgrading a cluster that contains custom or deprecated modules, such as RedisGraph and RedisGears v2, can become stuck when adding a new node to the cluster during a rolling upgrade.

Module commands limitation during Active-Active database upgrades to Redis 8.0

When upgrading an Active-Active database to Redis version 8.0, you cannot use module commands until all Active-Active database instances have been upgraded. Currently, these commands are not blocked automatically.

Redis 8.0 database cannot be created with flash

You cannot create a Redis 8.0 database with flash storage enabled. Create a Redis 8.0 database with RAM-only storage instead, or use Redis 8.2 for flash-enabled (Redis Flex) databases.

New Cluster Manager UI limitations

The following legacy UI features are not yet available in the new Cluster Manager UI:

• Purge an Active-Active instance.
  Use crdb-cli crdb purge-instance instead.
• Search and export the log.

Original source

This is the General Availability release of Redis 8.8 in Redis Open Source.

Major changes compared to 8.6

• New data structure: Array (@antirez)
• Subkey notification for hash fields - field-level notifications
• INCREX: a window counter rate limiter combining INCR, INCRBY, INCRBYFLOAT, bounds, and expiration (@raffertyyu + Redis team)
• XNACK: a new streams command - allow consumers to explicitly release pending messages
• ZUNION, ZINTER, ZUNIONSTORE, ZINTERSTORE: new COUNT aggregator
• JSON.SET: new FPHA argument to specify the FP type for homogeneous FP arrays
• TS.RANGE, TS.REVRANGE, TS.MRANGE, TS.MREVRANGE: multiple aggregators in a single command
• FT.HYBRID KNN clause: new argument to request fewer candidates per shard
• FT.PROFILE HYBRID: profiling support for FT.HYBRID
• Performance improvements

Binary distributions

• Alpine and Debian Docker images - https://hub.docker.com/_/redis
• Install using snap - see https://github.com/redis/redis-snap
• Install using brew - see https://github.com/redis/homebrew-redis
• Install using RPM - see https://github.com/redis/redis-rpm
• Install using Debian APT - see https://github.com/redis/redis-debian

Operating systems we test Redis 8.8 on

• Ubuntu 22.04 (Jammy Jellyfish), 24.04 (Noble Numbat), 26.04 (Resolute Raccoon)
• Rocky Linux 8.10, 9.7, 10.1
• AlmaLinux 8.10, 9.7, 10.1
• Debian 12.13 (Bookworm), Debian 13.4 (Trixie)
• Alpine 3.23
• macOS 14.8.4 (Sonoma), 15.7.4 (Sequoia), 26.3 (Tahoe) - for both Intel and ARM

Bug fixes (compared to 8.8-RC1)

• #15237 INCREX syntax update
• #15005 Memory tracking can be enabled at runtime in non-clustered mode
• RedisTimeSeries/RedisTimeSeries#1930 Cluster topology changes during a multi-shard command are not handled (MOD-14439)
• RedisBloom/RedisBloom#1007 Memory leak on RDB load (MOD-15418)

Original source

Role-based LDAP integration. Enhanced client mutual authentication. Active-Active improvements for eviction policies, migration, and the BITFIELD data type.

Redis Enterprise Software version 6.0.20 is now available! This version includes the following new features and improvements:

• A new integration for LDAP authentication and authorization into RS role-based access controls (RBAC). You can now use LDAP to authorize access to the admin console and to authorize database access.
• An enhanced clients mutual authentication mechanism, adding the ability to authenticate client connections using a Certificate Authority (CA).
• Support of Redis eviction policies on Active-Active Redis databases.
• A new migration process for Active-Active Redis database using the Active-Passive (Replica Of) mechanism.
• Support for the BITFIELD data type on Active-Active Redis databases.

And other functional and stability improvements.

Version information

Upgrade instructions

• Follow these instructions for upgrading to Redis Software 6.0.20 from Redis Software 5.6.0 and above.
  • Note that upgrades from earlier Redis Software versions are not supported.
• For Active-Active deployments, this release requires that you upgrade the CRDB featureset version.
• Upgrades of Active-Active databases to Redis Software 6.0.20, will require all their instances to run with protocol version 1 and featureset version 1 or above. Active-Active databases running on protocol version 0 and/or featureset version 0 will block the upgrade.

Product lifecycle information

• End of Life (EOL) for Redis Enterprise Software 6.0 and earlier versions, can be found here.
• EOL for Redis modules can be found here.

Deprecation Notice

• Upgrades to the next Redis Software will be enabled from version 6.0 and above.
• Support for the SASL-based LDAP mechanism was deprecated in v6.0.20. As of v6.2.12, support has been removed and the feature is obsolete.
• Starting with Redis Software version 6.0.12, Envoy replaces Nginx for internal cluster administration. Support for Nginx is considered deprecated, it will be removed in a future version.

New Features

New LDAP integration

Redis Enterprise Software integrates Lightweight Directory Access Protocol (LDAP) authentication and authorization into its role-based access controls (RBAC). You can now use LDAP to authorize access to the admin console and to manage database access.

Clients Mutual TLS authentication using a Certificate Authority (CA)

Redis Enterprise Software adds the ability to use a Certificate Authority (CA) for client authentications, allowing clients to rotate their certificates without the need to load new certificates to your database.

Redis eviction policies on Active-Active Redis databases

All Redis eviction policies are now supported on Active-Active Redis databases. You can create new Active-Active databases or edit existing ones using the UI console to enable it.

• Note that eviction is not supported yet for Active-Active Redis databases running with Auto Tiering.

Migration to an Active-Active Redis database

Redis Enterprise Software adds the ability to easily migrate your Redis database to an Active-Active Redis database using the Active-Passive (Replica Of) mechanism.

BITFIELD on Active-Active Redis databases

Redis Enterprise Software adds the ability to use the BITFIELD data type on Active-Active Redis databases. Please read more about developing for Active-Active with BITFIELD to understand the conflict resolution and limitations.

Redis modules

The following GA releases of Redis modules are bundled with Redis Software 6.0.20: (Please read the below updates for 6.0.20-97)

• RediSearch, version 2.0.6
• RedisJSON, version 1.0.7
• RedisGraph, version 2.2.14
• RedisTimeSeries, version 1.4.8
• RedisBloom, version 2.2.4

To use the updated modules with a database, you must upgrade the module on the database.

Additional capabilities

• Redis Software 6.0.20 includes open source Redis 6.0.9. For more information about Redis 6.0.9, check out the release notes.
• Redis Software 6.0.20 adds new rladmin commands for setting Ciphers suites and minimal TLS version for:
  • Control plane: setting Envoy
  • Data plane: setting the Proxy for clients connections
  • Sentinel discovery service
• Starting with Redis Software 6.0.20, new clusters will be set with minimal TLS version v1.2
  All known bugs around setting ciphers were fixed. To learn more, see Configure cipher suites.
• Starting with Redis Software 6.0.20, the syncer process was improved to automatically recover and resume synchronisation after reaching out-of-memory.
• Envoy updated and verified with multiple security headers.
• Starting with Redis Software 6.0.20:
  • The replication backlog size of new databases is allocated dynamically according to shard size.
  • The Active-Active replication backlog size of new Active-Active databases is allocated dynamically according to shard size.

Important fixes

• RS50905, RS54809, 54940 - Fix in Redis preventing missing process PID
• RS53639 - Fix to avoid stuck state machine when assigning incorrect Redis ACL with the allkeys alias or ~* and also with ~
• RS47983 - Fixed dependencies with installation using custom directories
• RS54382 - Fixed missing API documentation
• RS52433, RS53417, RS42195, RS42194, RS30526, RS46821, RS48928 - Fixed security headers for Envoy

Starting 6.0.20-69

• RS55504 - Fixed issue that caused RediSearch cursor to break.

Starting 6.0.20-97

• RS57659 - Fixed force removing an Active-Active instance which is hosted on an inaccessible cluster
• RS57315 - Fixed creation and editing of an Active-Active database with LDAP users of the new RBAC LDAP integration. This applies to UI access and REST API and does not apply to LDAP users for database access via Redis Clients
• RS57073 - Fixed a bug caused in the shard migration process which could leave unattended shards on the node
• RS56508 - Fixed backwards compatibility of client certificate when upgrading from earlier versions and using a certificate chain with Extended Key Usage extension being set to "TLS Web Server Authentication" instead of "TLS Web Client Authentication"
• RS49289 - Fixed updating the log rotation config file according to the custom config path that was set during the installation
• The bundled RedisGraph module was upgraded to v2.4.6
• The bundled RedisTimeSeries module was upgraded to v1.4.9
• The bundled RediSearch module was upgraded to v2.0.8

Known limitations

• RS81463 - A shard may crash when resharding an Active-Active database with Auto Tiering. Specifically, the shard will crash when volatile keys or Active-Active tombstone keys reside in Flash memory.
• RS59983 - Clients may get disconnected by the proxy when one client sends an UNSUBSCRIBE command without being subscribed to any channel and disconnect before the response returns back from the server (from the proxy).
• RS60068 - The pdns might not resolve the master node after master node change. Restarting the pdns service is required in this case.
• RS61114 - Active-Active synchronization will fail in the following scenario: a new syncer connection is established AND a partial sync (psync) was initiated AND a cron job runs before the first ACK of the psync was received.
• RS55504 - Bug RS6.0.20-66 (Build #66) causes RediSearch cursor to break. Please upgrade to a higher build when running with RediSearch.

Installation limitations

Several Redis Enterprise Software installation reference files are installed to the directory /etc/opt/redislabs/ even if you use custom installation directories.

As a workaround to install Redis Enterprise Software without using any root directories, do the following before installing Redis Enterprise Software:

1. Create all custom, non-root directories you want to use with Redis Enterprise Software.
2. Mount /etc/opt/redislabs to one of the custom, non-root directories.

Upgrade

• Redis Software 5.4.2 introduced new Active-Active Redis Database capabilities that improve its compatibility with open source Redis. Now the string data-type in Active-Active Redis Database is implicitly and dynamically typed, just like open source Redis. To use the new capabilities on nodes that are upgraded from version RS 5.4.2 or lower, you must upgrade the Active-Active Redis Database protocol.
• When you upgrade an Active-Active Redis with active AOF from Redis Software 5.4.2 or earlier to version Redis Software 5.4.4 or later:
  • If replication is enabled, you must run the BGREWRITEAOF command on all replica shards after the upgrade.
  • If replication is not enabled, you must run the BGREWRITEAOF command on all shards after the upgrade.
• Node upgrade fails if the SSL certificates were configured in version 5.0.2 or above by manually updating the certificates on the disk instead of updating them through the API. For help with this issue, contact Support.
• Starting from Redis Software 5.4.2, to preserve the current Redis major.minor version during database upgrade you must use the keep_redis_version option instead of keep_current_version.

Redis commands

• The capability of disabling specific Redis commands does not work on commands specific to Redis modules.
• CLIENT UNBLOCK command is not supported in RS 5.4 and above
• Starting from RS 5.4.2 and after upgrading the CRDB, TYPE commands for string data-type in CRDBs return "string" (OSS Redis standard).

Security

• As part of Redis commitment to security, the following Open Source Redis CVE's have been addressed in Redis Enterprise 6.0.20:
  • CVE-2021-32626 - Lua scripts can overflow the heap-based Lua stack. This has been addressed in Redis Enterprise 6.0.20-62
  • CVE-2021-32627 - Integer overflow issue with Streams. This has been addressed in Redis Enterprise 6.0.20-1
  • CVE-2021-32628 - Vulnerability in handling large ziplists. This has been addressed in Redis Enterprise 6.0.20-1
  • CVE-2021-32687 - Integer overflow issue with intsets. This has been addressed in Redis Enterprise 6.0.20-89
• The following Open Source Redis CVE's do not affect Redis Enterprise:
  • CVE-2021-32625 - Redis Enterprise is not impacted by the CVE that was found and fixed in open source Redis since Redis Enterprise does not implement LCS. Additional information about the open source Redis fix is on the Redis GitHub page (Redis 6.2.4, Redis 6.0.14)
  • CVE-2021-32672 - Redis Enterprise is not impacted by the CVE that was found and fixed in open source Redis because the LUA debugger is unsupported in Redis Enterprise. Additional information about the open source Redis fix is on the Redis GitHub page (Redis 6.2.6, Redis 6.0.16)
  • CVE-2021-32675 - Redis Enterprise is not impacted by the CVE that was found and fixed in open source Redis because the proxy in Redis Enterprise does not forward unauthenticated requests. Additional information about the open source Redis fix is on the Redis GitHub page (Redis 6.2.6, Redis 6.0.16)
  • CVE-2021-32762 - Redis Enterprise is not impacted by the CVE that was found and fixed in open source Redis because the memory allocator used in Redis Enterprise is not vulnerable. Additional information about the open source Redis fix is on the Redis GitHub page (Redis 6.2.6, Redis 6.0.16)
  • CVE-2021-41099 - Redis Enterprise is not impacted by the CVE that was found and fixed in open source Redis because the proto-max-bulk-len CONFIG is blocked in Redis Enterprise. Additional information about the open source Redis fix is on the Redis GitHub page (Redis 6.2.6, Redis 6.0.16)

Original source

Distribute synchronization across nodes for Active-Active and Active-Passive databases. Disable internal services to free memory. User accounts support password rotation. Module depdencies automatically installed. Syncer process recovery.

Redis Enterprise Software (RS) 6.0.12 is now available! This version includes the following new features and improvements:

• Synchronization can now be distributed across the nodes of Active-Active or Active-Passive databases
• You can disable several internal RS services to free up more memory
• User accounts can have multiple passwords to allow for password rotation
• Dependencies are automatically installed when you add modules to a cluster
• Envoy replaces NGINX for internal cluster administration
• Automatic recovery of the syncer process from out-of-memory (preview mode)

And other functional and stability improvements.

Version information

Upgrade instructions

• Follow these instructions for upgrading to RS 6.0.12 from RS 5.4.0 and above.
• For Active-Active deployments, this release requires that you upgrade the CRDB featureset version.

Product lifecycle information

• End of Life (EOL) for Redis Enterprise Software 6.0 and previous RS versions, can be found here.
• EOL for Redis modules can be found here.

Deprecation Notice

• Support for RS 5.4.X ended on December 31, 2020.
• Support for Red Hat Enterprise Linux 6 and Oracle Linux 6 and Ubuntu 14.04 (Trusty) operating systems platforms ended on November 30, 2020.
• This is the last RS version that supports direct upgrades from versions below 5.6.0.
• This is the last RS version that supports Active-Active protocol version below 1 and featureset version below 1.

New Features

Distributed Syncer

The syncer process now supports running in a distributed mode. This option can improve the latency for Active-Active databases with a very high throughput profile. You can configure a replicated database to use distributed synchronization so that any available proxy endpoint can manage synchronization traffic.

Disabling RS services to free memory

Redis Software users can now use the REST API to disable the following services:

• cm_server
• mdns_server
• pdns_server
• stats_archiver
• saslauthd
• crdb_coordinator
• crdb_worker

Once disabled, services are not monitored and controlled by the supervisord.

Warning: This feature can cause unintended results if the cluster relies on the disabled services. To make sure you understand the impact of disabled services, test the system in a lab environment before you deploy in production.

Support for multiple passwords

For users of Redis 6 and RS 6.0 and above, you can now add more security to your password management by maintaining multiple passwords for a user to allow seamless password rotation.

As of RS 6.0, you can assign specific data access permissions (Redis ACLs) and cluster administration permissions to users. Password rotation is especially helpful so that you can do a rolling update of the passwords in the application clients that connect to the Redis databases.

In this version, you can only configure multiple passwords using the REST API.

Redis Modules dependencies management

RedisGears GA and RedisAI GA require Redis Software to fetch and manage external dependencies. Modules declare dependencies at release time in their ramp file.

In this version of RS, these dependencies are installed by Redis Software when the module is added to the cluster. The master node downloads the required dependencies and prompts the other nodes to copy the dependencies from the master node. When all dependency requirements are satisfied, the module installation is complete. New nodes to the cluster also automatically install the dependencies.

Syncer automatic recovery from out-of-memory (Preview mode)

For Active-Active databases, the syncer process gracefully recovers from an out of memory (OOM) state.

Although Active-Active synchronization is bi-directional, in each direction we can define a source instance and a destination instance. When a destination instance (that is, the instance running the syncer process) gets OOM, the syncer process attempts to automatically recover the data synchronization when memory becomes available.

This is a configurable option and currently under preview mode. This behavior will be GA and set as default in the next RS version.

To enable the syncer automatic recovery, do these steps on each participating cluster:

1. Upgrade the featureset version to 3.
2. Enable the syncer automatic recovery using the REST API:

curl -v -k -u <username>:<password> -X PUT -H "Content-Type: application/json" -d ‘{"crdt_syncer_auto_oom_unlatch":true}’ http://<cluster_address>:8080/v1/bdbs/<database_ID>

The syncer process restarts to with automatic recovery on.

Redis modules

The following GA releases of Redis modules are bundled with RS 6.0.12:

• RediSearch, version 2.0.6
• RedisJSON, version 1.0.4
• RedisGraph, version 2.2.11
• RedisTimeSeries, version 1.4.7
• RedisBloom, version 2.2.4

To use the updated modules with a database, you must upgrade the module on the database.

Additional capabilities

• RS 6.0.12 includes open source Redis 6.0.6. For more information about Redis 6.0.6, check out the release notes.
• The bundled Nginx version was updated from version 1.16.0 to 1.18.0.
• The crdb-cli syntax to remove an instance is changed from remove-instance [--ordered|--unordered] to remove-instance [--force|--no-force].

Important fixes

• RS45627, RS47382 - Fixed bugs causing clients to disconnect when using XREAD and XREADGROUP commands in blocking mode on other clients’ connections.
• RS44656 - Fixed a bug causing TLS mode for clients connections to toggle between ‘all communication’ to ‘for crdb communication only’ when performing a global configuration change.
• RS42587 - Fixed a bug in the web UI console if the FQDN of the cluster is a substring of the FQDN of a participating cluster
• RS49404 - Fixed a bug in for upgrades with custom directories that prevent users from creating databases via the web UI console.
• RS43961 - bigkeys command fixed to handle non-printable key names
• RS45707 - Fixed a bug that caused RCP (Redis Cloud Pro) databases to reject connections while resharding the database.
• RS51144 - Fixed a bug in the syncer process that was stopping synchronization between all instances in some scenarios of network disconnection of one or more participating clusters.

with 6.0.12-58:

• RS50865 - Fixed a bug causing rladmin change master node to fail when performed after a prior successful master change.
• RS51359 - Fixed a memory leak on replica shards in Active-Active databases with replication and AOF for persistence.
• RS52363 - Updated PUB/SUB max message value size from 64KB to 512MB

Known limitations

• RS81463 - A shard may crash when resharding an Active-Active database with Auto Tiering . Specifically, the shard will crash when volatile keys or Active-Active tombstone keys reside in Flash memory.

Installation limitations

Several Redis Enterprise Software installation reference files are installed to the directory /etc/opt/redislabs/ even if you use custom installation directories.

As a workaround to install Redis Enterprise Software without using any root directories, do the following before installing Redis Enterprise Software:

1. Create all custom, non-root directories you want to use with Redis Enterprise Software.
2. Mount /etc/opt/redislabs to one of the custom, non-root directories.

Upgrade

• RS 5.4.2 introduced new Active-Active Redis Database capabilities that improve its compatibility with open source Redis. Now the string data-type in Active-Active Redis Database is implicitly and dynamically typed, just like open source Redis. To use the new capabilities on nodes that are upgraded from version RS 5.4.2 or lower, you must upgrade the Active-Active Redis Database protocol.
• When you upgrade an Active-Active Redis with active AOF from version RS 5.4.2 or earlier to version RS 5.4.4 or later:
  • If replication is enabled, you must run the BGREWRITEAOF command on all replica shards after the upgrade.
  • If replication is not enabled, you must run the BGREWRITEAOF command on all shards after the upgrade.
• Node upgrade fails if the SSL certificates were configured in version 5.0.2 or above by manually updating the certificates on the disk instead of updating them through the API. For assistance with this issue, contact Support.
• Starting from RS 5.4.2, to preserve the current Redis major.minor version during database upgrade you must use the keep_redis_version option instead of keep_current_version.

Redis commands

• The capability of disabling specific Redis commands does not work on commands specific to Redis modules.
• CLIENT UNBLOCK command is not supported in RS 5.4 and above
• Starting from RS 5.4.2 and after upgrading the CRDB, TYPE commands for string data-type in CRDBs return "string" (OSS Redis standard).

Original source

RediSearch 2.0 support. Improved rladmin support for module upgrades.

Redis Enterprise Software (RS) 6.0.8 is now available! This version includes the new RediSearch 2.0 module, open source Redis 6.0.5, changes the rladmin tool for upgrading modules, and includes bug fixes.

Version information

Upgrade instructions

Follow these instructions for upgrading to RS 6.0.8 from RS 5.4.0 and above. For Active-Active deployments, this release requires that you upgrade the CRDB featureset version.

End of life

End of Life (EOL) for Redis Enterprise Software 6.0 and previous RS versions, can be found here. EOL for Redis Modules can be found here.

• Support for Red Hat Enterprise Linux 6 and Oracle Linux 6 operating systems platforms will end on November 30, 2020.
• Support for Ubuntu 14.04 (Trusty Tahr) operating systems platforms will end on November 30, 2020.

New features

Open source Redis 6

RS 6.0 includes open source Redis 6.0.5. For more information about Redis 6.0.5, check out the release notes.

Upgrading Redis modules via rladmin

The rladmin CLI introduces several updates to the commands for upgrading modules. It is now easier to upgrade your modules to the latest module version. Find out more here.

Redis modules

The following GA releases of Redis Modules are bundled in RS 6.0:

• RediSearch, version 2.0 (updated)
• RedisJSON, version 1.0.4
• RedisGraph, version 2.0.19 (updated)
• RedisTimeSeries, version 1.2.7 (updated)
• RedisBloom, version 2.2.4 (updated)

To use the updated modules with a database, you must upgrade the module on the database.

Additional capabilities

• Shard level metrics have been added to the metrics_exporter and are now available from Prometheus. You can find all of the metrics here.
• RS DEB packages (for Ubuntu) and RPM packages (for RHEL) are now signed with a GPG key so customers can verify that the package is authentic and has not been tampered with. You can access the GPG on the installaion page.
• The crdb-cli history log is now being added to support packages.

Important fixes

• RS33193 - Improved log files handling in the proxy for large files.
• RS43572 - Fixed a bug causing the UI to fail when enabling SMTP STARTLS.
• RS46062 - Fixed missing metrics of Active-Active databases in Grafana.
• RS44758 - Fixed non responding button for saving a new user via the UI. With build 6.0.8-32:
• RS45627, RS47382 - Fixed bugs causing clients to disconnect when using XREAD and XREADGROUP commands in blocking mode on other clients’ connections.

Known limitations

• RS81463 - A shard may crash when resharding an Active-Active database with Auto Tiering . Specifically, the shard will crash when volatile keys or Active-Active tombstone keys reside in Flash memory.

Active-Active databases

• RS44656 - A bug causing TLS mode for clients connections to toggle between ‘all communication’ to ‘for crdb communication only’ when performing a global configuration change. TBD
• RS51359 - Active-Active databases, using replication and Append Only File (AOF) for Database persistence, are suffering from memory leaks on replica shards, causing them to grow bigger than the master shards. Customers are advised to upgrade to RS 6.0.12 TBD. Meanwhile you can use snapshots for database persistence or restart the replica shards TBD.

Installation limitations

Several Redis Enterprise Software installation reference files are installed to the directory /etc/opt/redislabs/ even if you use custom installation directories.

As a workaround to install Redis Enterprise Software without using any root directories, do the following before installing Redis Enterprise Software:

1. Create all custom, non-root directories you want to use with Redis Enterprise Software.
2. Mount /etc/opt/redislabs to one of the custom, non-root directories.

Upgrade

• RS 5.4.2 introduced new Active-Active Redis Database capabilities that improve its compatibility with open source Redis. Now the string data-type in Active-Active Redis Database is implicitly and dynamically typed, just like open source Redis. To use the new capabilities on nodes that are upgraded from version RS 5.4.2 or lower, you must upgrade the Active-Active Redis Database protocol.
• When you upgrade an Active-Active Redis with active AOF from version RS 5.4.2 or lower to version RS 5.4.2 or higher:
  • If replication is enabled, you must run the BGREWRITEAOF command on all replica shards after the upgrade.
  • If replication is not enabled, you must run the BGREWRITEAOF command on all shards after the upgrade.
• Node upgrade fails if the SSL certificates were configured in version 5.0.2 or above by manually updating the certificates on the disk instead of updating them through the API. For assistance with this issue, contact Support.
• Starting from RS 5.4.2, to preserve the current Redis major.minor version during database upgrade you must use the keep_redis_version option instead of keep_current_version.

Redis commands

• The capability of disabling specific Redis commands does not work on commands specific to Redis Modules.
• Starting from RS 5.4.2 and after you upgrade an Active-Active database, TYPE commands for string data-type in Active-Active databases return "string" (OSS Redis standard).

Original source

ACL and RBAC improvements for database access. Active-Active databases support Redis Streams.

Redis Enterprise Software (RS) 6.0 is now available! This new version bundles open-source Redis 6, implements enhanced Access Control List (ACL) capabilities using Role-Based Access Control (RBAC) for database access, and adds the support of Redis Streams on Active-Active databases.

Version information

Upgrade instructions

Follow these instructions for upgrading to RS 6.0 from RS 5.4.0 and above. For Active-Active deployments, this release requires that you upgrade the CRDB featureset version.

End of life

End of Life (EOL) for Redis Enterprise Software 6.0 and previous RS versions, can be found here. EOL for Redis Modules can be found here.

• Support for Red Hat Enterprise Linux 6 and Oracle Linux 6 operating systems platforms will end on November 30, 2020.
• Support for Ubuntu 14.04 (Trusty Tahr) operating systems platforms will end on November 30, 2020.

New features

Open source Redis 6

RS 6.0 bundles latest open source Redis 6. For more information, check out the Diving into Redis 6 article.

Access control list (ACL)

Based on OSS Redis 6, RS 6.0 offers the ability to manage and control connections to your databases using users and their data access permissions in terms of commands they can execute and keys they can access.

In OSS Redis, the ACLs are managed separately per user for each database. In Redis Enterprise Software, Redis ACLs are managed for the databases at the cluster. For more information, check out the Redis Enterprise Software user management documentation.

Role-based access control (RBAC)

RS 6.0 leverages Redis ACLs to implement role-based access control that easily scale and manage data access permissions. Using roles minimizes the overhead involved in managing a cluster with many databases, multiple users, and various access control lists. For more information, check out the Redis Enterprise Software user management documentation.

Active-Active support for Redis Streams

RS 6.0 adds support for Redis streams on Active-Active geo-distributed databases using conflict-free replicated data type (CRDT). You can now use all Redis streams commands including consumer groups on Active-Active databases. To enable it, upgrade your Active-Active database featureset version to the latest (featureset version = 2) as part of the upgrade process. For more information, check out Redis Streams on Active Active databases.

Redis modules

The following GA releases of Redis Modules are bundled in RS 6.0:

• RedisBloom, version 2.2.2 (updated)
• RedisGraph, version 2.0.11 (updated)
• RedisJson, version 1.0.4
• RediSearch, version 1.6.12 (updated)
• RedisTimeSeries, version 1.2.5 (updated)

To use the updated modules with a database, you must upgrade the module on the database.

Additional capabilities

• Added the ability to configure a storage service that uses the S3 protocol. Configuration for backup location and for import and export locations of RDB files is possible. The storage service must have a valid SSL certificate. To connect to an S3-compatible storage location, run:

  rladmin cluster config s3_url <url>
  

• The crdb-cli tool was updated so it is now displaying the Active-Active database’s featureset version and the protocol version per instance.

• Added REST API and rladmin commands to modify the timeout for automatically disconnecting an inactive admin console session.

• Added no_of_expires metrics for database metrics and for shard metrics. You can access this metric from the REST API:

  no_of_expires shows the current number of volatile keys in the database.

  expired_objects shows the rate of keys expired in DB (expirations/sec).

• Added the ability to customize the welcome message on the login page in the admin console.

Important fixes

• RS39121, RS35335 - Optimized the XREAD and XREADGROUP commands so when using them in a non blocking fashion (without BLOCK keyword) they use the shared connection instead of a dedicated connection.
• RS26448 - Fixed ‘ram overhead’ metric calculation for ROF databases using AOF.
• RS31190 - Fixed a bug that causes databases with OSS Cluster API enabled to override the ‘preferred IP type’ attribute from ‘external’ to ‘internal’ (the default value).
• RS34009 - Updated the modules loading procedure for clusters with FIPS compliance enabled.
• RS38233 - Improved the Redis cleanup job handling the persistent directory.
• RS39228 - Fixed a bug in the WAIT command that in some cases was released after a longer period than requested.
• RS39749 - Fixed a bug that blocked eviction while LUA scripts were in progress.
• RS43996 - Fixed a bug when aborting an upgrade to RS 6.0.

Known limitations

• RS81463 - A shard may crash when resharding an Active-Active database with Auto Tiering. Specifically, the shard will crash when volatile keys or Active-Active tombstone keys reside in Flash memory.

Active-Active databases

• RS51359 - Active-Active databases, using replication and Append Only File (AOF) for database persistence, are suffering from memory leaks on replica shards, causing them to grow bigger than the master shards. Customers are advised to upgrade to RS 6.0.12 TBD. Meanwhile you can use snapshots for database persistence or restart the replica shards TBD.

Installation limitations

Several Redis Enterprise Software installation reference files are installed to the directory /etc/opt/redislabs/ even if you use custom installation directories.

As a workaround to install Redis Enterprise Software without using any root directories, do the following before installing Redis Enterprise Software:

1. Create all custom, non-root directories you want to use with Redis Enterprise Software.
2. Mount /etc/opt/redislabs to one of the custom, non-root directories.

Upgrade

• RS 5.4.2 introduced new Active-Active Redis Database capabilities that improve its compatibility with open source Redis. Now the string data-type in Active-Active Redis Database is implicitly and dynamically typed, just like open source Redis. To use the new capabilities on nodes that are upgraded from version RS 5.4.2 or lower, you must upgrade the Active-Active Redis Database protocol.
• When you upgrade an Active-Active Redis with active AOF from version RS 5.4.2 or lower to version RS 5.4.4 or higher:
  • If replication is enabled, you must run the BGREWRITEAOF command on all replica shards after the upgrade.
  • If replication is not enabled, you must run the BGREWRITEAOF command on all shards after the upgrade.
• Starting from RS 5.4.2, to preserve the current Redis major.minor version during database upgrade you must use the keep_redis_version option instead of keep_current_version.
• Dynatrace agent installed on the cluster nodes can hamper the working on Envoy process leading to failure of UI and REST API. Prior upgrading we recommend removing Dynatrace completely or try upgrading to newer versions.

Redis commands

• The capability of disabling specific Redis commands does not work on commands specific to Redis Modules.
• Starting from RS 5.4.2 and after you upgrade an Active-Active database, TYPE commands for string data-type in Active-Active databases return "string" (OSS Redis standard).

Original source

This is the first Release Candidate of Redis 8.8 in Redis Open Source.

Release Candidates are feature-complete pre-releases. Pre-releases are not suitable for production use.

Headlines:

Redis 8.8 introduces new features and performance improvements.

Operating systems we test Redis 8.8 on

Ubuntu 22.04 (Jammy Jellyfish), 24.04 (Noble Numbat), 26.04 (Resolute Raccoon)

Rocky Linux 8.10, 9.7, 10.1

AlmaLinux 8.10, 9.7, 10.1

Debian 12.13 (Bookworm), Debian 13.4 (Trixie)

Alpine 3.23

macOS 14.8.4 (Sonoma), 15.7.4 (Sequoia), 26.3 (Tahoe) - for both Intel and ARM

Security fixes (compared to 8.8-M03)

(CVE-2026-23479) Use-After-Free in unblock client flow may lead to Remote Code Execution.

(CVE-2026-25243) Invalid memory access in RESTORE may lead to Remote Code Execution

(CVE-2026-23631) Lua Use-After-Free may lead to remote code execution

(CVE-2026-25588) Invalid memory access in RESTORE may lead to Remote Code Execution (Time Series)

(CVE-2026-25589) Invalid memory access in RESTORE may lead to Remote Code Execution (Probabilistic)

New Features (compared to 8.8-M03)

#15162 New data structure: Array (@antirez)

#15045 INCREX: a window counter rate limiter combining INCR,INCRBY,INCRBYFLOAT, bounds, and expiration (@raffertyyu + Redis team)

In group sorting new reducer, allowing unwind grouped documents (after GROUPBY) and sort them

Removed Features (compared to 8.8-M03)

#15191 Remove GCRA rate limiter

Bug fixes (compared to 8.8-M03)

SUBSCRIBE, PSUBSCRIBE, SSUBSCRIBE: crash on OOM (RED-167788)

CONFIG SET: some settings allow invalid characters (RED-167787)

SCRIPT DEBUG: potential crash on scripts (RED-175507)

VADD: crash or buffer overflow on large REDUCE value (RED-170921)

VSET: crash on huge allocations (MOD-12678)

#15188 cluster-announce-ip rejecting hostnames (regression)

#15095 Double free when loading streams with duplicate consumer PEL entries

#15124 Issues processing corrupt Streams RDB data

#15111 fast_float_strtod rounding mismatch

#15190 vecClear reset the logical size without releasing element ownership

#15163 MULTI queue memory incorrect memory accounting

#15094 Cluster crash when CLIENT KILL unsubscribes SSUBSCRIBE client inside EXEC

#15151 Listpack backlength encoding thresholds off-by-one

#15115 Under-copy in the Lua debugger

#14970 Sentinel config injection via SENTINEL SET

#14934 Client output buffer memory tracking not accounting for copy-avoided bulk string references

RediSearch/RediSearch#9182 FT.PROFILE HYBRID returns an empty reply (MOD-14778)

RediSearch/RediSearch#9079 FT.SPELLCHECK treats PARAMS placeholders as literal terms instead of resolving them (MOD-10596)

RediSearch/RediSearch#9047 FT.PROFILE output is inconsistent when a profiled value is missing (MOD-10560)

RediSearch/RediSearch#9078 FT.CREATE now rejects schema definitions with invalid option combinations at creation time (MOD-14655)

RediSearch/RediSearch#9012 PERSIST and HPERSIST notifications are not reflected in index expiration tracking (MOD-14800)

RediSearch/RediSearch#9066 Race condition in FT.HYBRID causes intermittent failures under concurrent hybrid query load (MOD-14732)

RediSearch/RediSearch#9163 Crash on FT.SEARCH when topology validation fails (for example, some nodes unreachable) (MOD-14475)

RediSearch/RediSearch#9031, RediSearch/RediSearch#9473 Coordinator deadlock under mixed FT.SEARCH and FT.AGGREGATE load (MOD-14268)

RediSearch/RediSearch#9028 Memory leak when FT.DROPINDEX runs concurrently with in-flight hybrid queries (MOD-14135)

RediSearch/RediSearch#9310, RediSearch/RediSearch#9350 FT.CURSOR READ timeout and ON_TIMEOUT FAIL not enforced on coordinator and shard (MOD-14284, MOD-14998)

RediSearch/RediSearch#9425 Cursors not cleaned up after MAXIDLE, causing resource exhaustion (MOD-6430)

RediSearch/RediSearch#9234, RediSearch/RediSearch#9404 Coordinator RETURN_STRICT returns wrong data on partial results, including SORTBY pipeline (MOD-13617)

RediSearch/RediSearch#9382 MAXPREFIXEXPANSION warnings not propagated to clients in cluster mode (MOD-13804)

RediSearch/RediSearch#9218 Search commands fail when no worker thread is available instead of falling back to main thread (MOD-14921)

RediSearch/RediSearch#9448 RDB load missing validation of FT.CREATE arguments, allowing corrupt index state on load (MOD-13118)

RediSearch/RediSearch#9377 Use-after-move in Indexer_Process causes crash during indexing (MOD-14980)

RediSearch/RediSearch#9408 Deadlock between background query and main-thread writer (MOD-15364)

RediSearch/RediSearch#9114 FT.PROFILE prints output using wrong iterator type (MOD-14678)

RediSearch/RediSearch#9421 Confusing error returned when DEBUG_PARAMS_COUNT is zero (MOD-15118)

RediSearch/RediSearch#9045 Stack-smashing error in coordinator code path (MOD-14649)

RedisJSON/RedisJSON#1554 Trailing chars are ignored (MOD-7266); Fixes RedisJSON/RedisJSON#976

RedisJSON/RedisJSON#1543 Wrong mutation ordering for array commands with recursive paths (MOD-6722)

RedisJSON/RedisJSON#1542 JSONPath evaluation issues (MOD-14664); Fixes RedisJSON/RedisJSON#968 (MOD-7264), RedisJSON/RedisJSON#962 (MOD-7272), RedisJSON/RedisJSON#963 (MOD-7270), RedisJSON/RedisJSON#1089 (MOD-7268)

RedisTimeSeries/RedisTimeSeries#2003 Potential crash on disconnections and TLS failures (MOD-14850)

RedisTimeSeries/RedisTimeSeries#2013 count, countNaN, countAll reducers return NaN when all values are NaN (MOD-14420)

Performance and resource utilization improvements (compared to 8.8-M03)

#15049 Hyperloglog: 4 independent accumulators that are merged at the end

#15133 Batched prefetch for MGET and MSET

#14988 Batched prefetch for HGETALL on hashtable-encoded hashes

#15071 Pass size hint to jemalloc for faster deallocation

#15096 Reduces allocator and accounting overhead by adding compile-time jemalloc tuning

RediSearch/RediSearch#9197 Vector index hot path (HNSW and brute-force) devirtualized, reducing per-query latency (MOD-14916)

RediSearch/RediSearch#9262, RediSearch/RediSearch#9476 Inline LSE atomics enabled on AArch64, improving atomic operation throughput on ARM64 (MOD-14916, MOD-15419)

RediSearch/RediSearch#9293 Expiration handling overhead reduced when many keys expire simultaneously (MOD-14916)

RediSearch/RediSearch#9017 LTO (link-time optimization) enabled for x86_64 release builds (MOD-14700)

RediSearch/RediSearch#8765 Shard-level timeout adjusted to coordinator dispatch time for more accurate accounting (MOD-13189)

RediSearch/RediSearch#8790, RediSearch/RediSearch#8900, RediSearch/RediSearch#8827, RediSearch/RediSearch#8971, RediSearch/RediSearch#8966, RediSearch/RediSearch#8762, RediSearch/RediSearch#8678, RediSearch/RediSearch#8915, RediSearch/RediSearch#8653, RediSearch/RediSearch#9085, RediSearch/RediSearch#8751, RediSearch/RediSearch#8692, RediSearch/RediSearch#9224 Iterators ported to Rust, reducing FFI overhead

RediSearch/RediSearch#9500 numRecords no longer updated for vector fields, removing unnecessary write overhead on ingest (MOD-15487)

VecSim SVS thread pool integrated with the worker pool for better thread utilization (MOD-9881)

Configuration parameters

#15182 Slowlog entry truncation limits:

slowlog-entry-max-argc: maximum number of command arguments kept in a slowlog entry

slowlog-entry-max-string-len: maximum length of a command argument in a slowlog entry

RediSearch/RediSearch#8876, RediSearch/RediSearch#8960 Default maximum worker threads value updated; MAX_WORKER_THREADS is now a string config (MOD-14486, MOD-14763)

Metrics (compared to 8.8-M03)

RediSearch/RediSearch#8210, RediSearch/RediSearch#8231 FT.PROFILE: added queue time tracking (MOD-13602)

CLI tools

#15150 Memory leak on malformed legacy help entry in redis-cli

Original source

Update urgency

SECURITY: There are security fixes in the release.

Security fixes

(CVE-2026-23479) Use-After-Free in unblock client flow may lead to Remote Code Execution

(CVE-2026-25243) Invalid memory access in RESTORE may lead to Remote Code Execution

(CVE-2026-23631) Lua Use-After-Free may lead to remote code execution

(CVE-2026-25588) Invalid memory access in RESTORE may lead to Remote Code Execution (Time Series)

(CVE-2026-25589) Invalid memory access in RESTORE may lead to Remote Code Execution (Probabilistic)

Bug fixes

SUBSCRIBE, PSUBSCRIBE, SSUBSCRIBE: crash on OOM (RED-167788)

CONFIG SET: some settings allow invalid characters (RED-167787)

SCRIPT DEBUG: potential crash on scripts (RED-175507)

VADD: crash or buffer overflow on large REDUCE value (RED-170921)

VSET: crash on huge allocations (MOD-12678)

Potential crash on disconnections and TLS failures (Time Series) (MOD-14850)

RediSearch/RediSearch#8745 Crash when many keys receive expirations under heavy TTL activity (MOD-14500)

RediSearch/RediSearch#8848 HNSW vector index memory growth under high-churn workloads until shard restart (MOD-13761)

RediSearch/RediSearch#8205, RediSearch/RediSearch#8259 FT.HYBRID VSIM RANGE + FILTER incorrectly returns zero results (MOD-12370, MOD-13884)

RediSearch/RediSearch#9182 FT.PROFILE HYBRID returns an empty reply (MOD-14778)

RediSearch/RediSearch#8129, RediSearch/RediSearch#8140 FT.PROFILE reports an incorrect shard total profile time (MOD-13735, MOD-13181)

RediSearch/RediSearch#9047 FT.PROFILE output is inconsistent when a profiled value is missing (MOD-10560)

RediSearch/RediSearch#8791 FT.EXPLAIN does not lock, causing a race with concurrent index changes (MOD-14461)

RediSearch/RediSearch#8382 Crash when indexing negative zero (-0.0) (MOD-13904)

RediSearch/RediSearch#8590 FILTER returns inconsistent results with multiple indexes sharing field aliases (MOD-14063)

RediSearch/RediSearch#8660 FILTER behavior depends on property order in the expression (MOD-14065)

RediSearch/RediSearch#8593 Filter expressions are evaluated for indexes that do not match the document type (MOD-14064)

RediSearch/RediSearch#8591 Documents are inconsistently included or excluded depending on the indexing path taken (MOD-13948)

RediSearch/RediSearch#8589 RENAME notification handler loads the wrong key, causing stale index entries after a rename (MOD-14328)

RediSearch/RediSearch#9012 PERSIST and HPERSIST notifications are not reflected in index expiration tracking (MOD-14800)

RediSearch/RediSearch#9079 FT.SPELLCHECK treats PARAMS placeholders as literal terms instead of resolving them (MOD-10596)

RediSearch/RediSearch#8462 GC out-of-memory on replica shards leaves the replica in an inconsistent state (MOD-14066)

RediSearch/RediSearch#9066 Race condition in FT.HYBRID causes intermittent failures under concurrent hybrid query load (MOD-14732)

RediSearch/RediSearch#8109, RediSearch/RediSearch#8149 Configuration registration omits module parameters, causing them to be unexposed or misapplied (RED-171841)

RediSearch/RediSearch#9163 Crash on FT.SEARCH when topology validation fails (for example, some nodes unreachable) (MOD-14475)

RediSearch/RediSearch#8395 FT.SEARCH fails with "Query requires unavailable slots" after shard restart or failover (MOD-13828)

RediSearch/RediSearch#8451 FT.INFO-style output no longer reports zero-index summary data when no indices exist (MOD-14079)

RediSearch/RediSearch#9078 FT.CREATE now rejects schema definitions with invalid option combinations at creation time (MOD-14655)

RediSearch/RediSearch#8051, RediSearch/RediSearch#8114 Crash diagnostics now include the IndexSpec of the index the failing thread was working on (MOD-7574)

Metrics

RediSearch/RediSearch#8210, RediSearch/RediSearch#8231 FT.PROFILE: added queue time tracking (MOD-13602)

Original source

Update urgency

SECURITY: There are security fixes in the release.

Security fixes

(CVE-2026-23479) Use-After-Free in unblock client flow may lead to Remote Code Execution.

(CVE-2026-25243) Invalid memory access in RESTORE may lead to Remote Code Execution

(CVE-2026-23631) Lua Use-After-Free may lead to remote code execution

(CVE-2026-25588) Invalid memory access in RESTORE may lead to Remote Code Execution (Time Series)

(CVE-2026-25589) Invalid memory access in RESTORE may lead to Remote Code Execution (Probabilistic)

Bug fixes

SUBSCRIBE, PSUBSCRIBE, SSUBSCRIBE: crash on OOM (RED-167788)

CONFIG SET: some settings allow invalid characters (RED-167787)

SCRIPT DEBUG: potential crash on scripts (RED-175507)

VADD: crash or buffer overflow on large REDUCE value (RED-170921)

VSET: crash on huge allocations (MOD-12678)

Potential crash on disconnections and TLS failures (Time Series) (MOD-14850)

RediSearch/RediSearch#8744 Crash when many keys receive expirations under heavy TTL activity (MOD-14500)

RediSearch/RediSearch#8849 HNSW vector index memory growth under high-churn workloads until shard restart (MOD-13761)

RediSearch/RediSearch#8258 FT.HYBRID VSIM RANGE + FILTER incorrectly returns zero results (MOD-13885)

RediSearch/RediSearch#9183 FT.PROFILE HYBRID returns an empty reply (MOD-14778)

RediSearch/RediSearch#9048 FT.PROFILE output is inconsistent when a profiled value is missing (MOD-10560)

RediSearch/RediSearch#8792 FT.EXPLAIN does not lock, causing a race with concurrent index changes (MOD-14461)

RediSearch/RediSearch#8384 Crash when indexing negative zero (-0.0) (MOD-13904)

RediSearch/RediSearch#8596 FILTER returns inconsistent results with multiple indexes sharing field aliases (MOD-14063)

RediSearch/RediSearch#8661 FILTER behavior depends on property order in the expression (MOD-14065)

RediSearch/RediSearch#8598 Filter expressions are evaluated for indexes that do not match the document type (MOD-14064)

RediSearch/RediSearch#8597 Documents are inconsistently included or excluded depending on the indexing path taken (MOD-13948)

RediSearch/RediSearch#8595 RENAME notification handler loads the wrong key, causing stale index entries after a rename (MOD-14062)

RediSearch/RediSearch#9011 PERSIST and HPERSIST notifications are not reflected in index expiration tracking (MOD-14800)

RediSearch/RediSearch#9080 FT.SPELLCHECK treats PARAMS placeholders as literal terms instead of resolving them (MOD-10596)

RediSearch/RediSearch#8461 GC out-of-memory on replica shards leaves the replica in an inconsistent state (MOD-14066)

RediSearch/RediSearch#9091 Race condition in FT.HYBRID causes intermittent failures under concurrent hybrid query load (MOD-14732)

RediSearch/RediSearch#9161 Coordinator deadlock under mixed FT.SEARCH and FT.AGGREGATE load (MOD-14268)

RediSearch/RediSearch#9165 Crash on FT.SEARCH when topology validation fails (for example, some nodes unreachable) (MOD-14475)

RediSearch/RediSearch#8394 FT.SEARCH fails with "Query requires unavailable slots" after shard restart or failover (MOD-13828)

RediSearch/RediSearch#8452 FT.INFO-style output no longer reports zero-index summary data when no indices exist (MOD-14080)

RediSearch/RediSearch#9077 FT.CREATE now rejects schema definitions with invalid option combinations at creation time (MOD-14655)

Metrics

RediSearch/RediSearch#8210, RediSearch/RediSearch#8231 FT.PROFILE: added queue time tracking (MOD-13602)

Original source

Update urgency: SECURITY: There are security fixes in the release.

Security fixes

(CVE-2026-23479) Use-After-Free in unblock client flow may lead to Remote Code Execution.

(CVE-2026-25243) Invalid memory access in RESTORE may lead to Remote Code Execution

(CVE-2026-23631) Lua Use-After-Free may lead to remote code execution

(CVE-2026-25588) Invalid memory access in RESTORE may lead to Remote Code Execution (Time Series)

(CVE-2026-25589) Invalid memory access in RESTORE may lead to Remote Code Execution (Probabilistic)

Bug fixes

SUBSCRIBE, PSUBSCRIBE, SSUBSCRIBE: crash on OOM (RED-167788)

CONFIG SET: some settings allow invalid characters (RED-167787)

SCRIPT DEBUG: potential crash on scripts (RED-175507)

VADD: crash or buffer overflow on large REDUCE value (RED-170921)

VSET: crash on huge allocations (MOD-12678)

Potential crash on disconnections and TLS failures (Time Series) (MOD-14850)

RediSearch/RediSearch#8743 Crash when many keys receive expirations under heavy TTL activity (MOD-14500)

RediSearch/RediSearch#8850 HNSW vector index memory growth under high-churn workloads until shard restart (MOD-13761)

RediSearch/RediSearch#9178 Coordinator deadlock under mixed FT.SEARCH and FT.AGGREGATE load (MOD-14268)

RediSearch/RediSearch#9049 FT.PROFILE output is inconsistent when a profiled value is missing (MOD-10560)

RediSearch/RediSearch#8793 FT.EXPLAIN does not lock, causing a race with concurrent index changes (MOD-14461)

RediSearch/RediSearch#8600 FILTER returns inconsistent results with multiple indexes sharing field aliases (MOD-14063)

RediSearch/RediSearch#8662 FILTER behavior depends on property order in the expression (MOD-14342)

RediSearch/RediSearch#8602 Filter expressions are evaluated for indexes that do not match the document type (MOD-14064)

RediSearch/RediSearch#8601 Documents are inconsistently included or excluded depending on the indexing path taken (MOD-13948)

RediSearch/RediSearch#8599 RENAME notification handler loads the wrong key, causing stale index entries after a rename (MOD-14062)

RediSearch/RediSearch#9019 PERSIST and HPERSIST notifications are not reflected in index expiration tracking (MOD-14800)

RediSearch/RediSearch#9081 FT.SPELLCHECK treats PARAMS placeholders as literal terms instead of resolving them (MOD-10596)

RediSearch/RediSearch#8464 GC out-of-memory on replica shards leaves the replica in an inconsistent state (MOD-14066)

RediSearch/RediSearch#8888 FT.CURSOR enters an infinite loop when the ACL user lacks specific permissions (MOD-14479)

RediSearch/RediSearch#9166 Crash on FT.SEARCH when topology validation fails (for example, some nodes unreachable) (MOD-14475)

RediSearch/RediSearch#8453 FT.INFO-style output no longer reports zero-index summary data when no indices exist (MOD-14081)

RediSearch/RediSearch#9076 FT.CREATE now rejects schema definitions with invalid option combinations at creation time (MOD-14655)

Metrics

RediSearch/RediSearch#8235 FT.PROFILE: added queue time tracking (MOD-13602)

Original source

Update urgency: SECURITY: There are security fixes in the release.

Security fixes

• (CVE-2026-23479) Use-After-Free in unblock client flow may lead to Remote Code Execution.
• (CVE-2026-25243) Invalid memory access in RESTORE may lead to Remote Code Execution
• (CVE-2026-23631) Lua Use-After-Free may lead to remote code execution

Bug fixes

• SUBSCRIBE, PSUBSCRIBE, SSUBSCRIBE: crash on OOM (RED-167788)
• CONFIG SET: some settings allow invalid characters (RED-167787)
• SCRIPT DEBUG: potential crash on scripts (RED-175507)

Original source