- Security patches address multiple Lua RCE vulnerabilities (CVE‑2025‑49844, 46817‑46819) and other critical issues.
- Adds new VSIM EPSILON argument for max distance and enables Intel‑optimised SVS build flag.
- Fixes numerous stability bugs (Lua defrag crashes, memory usage reporting, XGROUP entry limits, JSON.DEL, TDigest OOM, shard restart, ACL crashes) and improves RESP3 serialization performance.
FastAPI changelog digest
Sep 29 - Oct 5, 2025. Useful releases, risky migrations, and noisy updates from the FastAPI channel.
No matching updates in this bucket.
FastAPI updates in 2025-w40
- Critical security updates addressing multiple CVEs in Lua scripting (remote code execution, integer overflow, context execution, out‑of‑bounds read)
- Added VSIM EPSILON argument to specify maximum distance
- Fixed numerous stability issues including use‑after‑free, pub/sub crashes, client unblock behavior, vector set endian compatibility, and replication/TTL handling
- Fix multiple critical Lua‑related security vulnerabilities (CVE‑2025‑49844, CVE‑2025‑46817/46818/46819).
- Resolve use‑after‑free and crash bugs in pubsub, Lua defragmentation, and EVAL error handling.
- Correct HINCRBYFLOAT replication issue that stripped field expiration on replicas.
- Patched several critical Lua script vulnerabilities (CVE-2025-49844, CVE-2025-46817, CVE-2025-46818, CVE-2025-46819).
- Fixed an out-of-bounds read issue in the Lua engine.
- Fix multiple Lua script vulnerabilities (CVE‑2025‑49844, CVE‑2025‑46817‑46819)
- Patch integer overflow and remote code execution paths in Lua engine
- Resolve out‑of‑bounds read issue affecting Lua script execution