- Security patches address multiple Lua RCE vulnerabilities (CVE‑2025‑49844, 46817‑46819) and other critical issues.
- Adds new VSIM EPSILON argument for max distance and enables Intel‑optimised SVS build flag.
- Fixes numerous stability bugs (Lua defrag crashes, memory usage reporting, XGROUP entry limits, JSON.DEL, TDigest OOM, shard restart, ACL crashes) and improves RESP3 serialization performance.
No matching updates in this bucket.
Django updates in 2025-w40
- Critical security updates addressing multiple CVEs in Lua scripting (remote code execution, integer overflow, context execution, out‑of‑bounds read)
- Added VSIM EPSILON argument to specify maximum distance
- Fixed numerous stability issues including use‑after‑free, pub/sub crashes, client unblock behavior, vector set endian compatibility, and replication/TTL handling
- Fix multiple critical Lua‑related security vulnerabilities (CVE‑2025‑49844, CVE‑2025‑46817/46818/46819).
- Resolve use‑after‑free and crash bugs in pubsub, Lua defragmentation, and EVAL error handling.
- Correct HINCRBYFLOAT replication issue that stripped field expiration on replicas.
- Patched several critical Lua script vulnerabilities (CVE-2025-49844, CVE-2025-46817, CVE-2025-46818, CVE-2025-46819).
- Fixed an out-of-bounds read issue in the Lua engine.
- Fix multiple Lua script vulnerabilities (CVE‑2025‑49844, CVE‑2025‑46817‑46819)
- Patch integer overflow and remote code execution paths in Lua engine
- Resolve out‑of‑bounds read issue affecting Lua script execution