- Add http1Options and strictSingleValueFields options to http2 for HTTP/1 fallback and relaxed header validation
- Enable ESM entry‑point support in SEA and promote sqlite to a release‑candidate module
- Rename Duplex.toWeb() option to readableType, add fast‑path stream APIs, improve test runner SIGINT handling, and update Windows build tools and GitHub‑Actions runners
No matching updates in this bucket.
Redis updates in 2026-w09
- Add new options and APIs: async_hooks.trackPromises, fs.watch ignore, http.setGlobalProxyFromEnv, module subpath imports starting with '/', stream.bytes() consumer, and test runner env and fail‑expectation options.
- Enable ESM support in the embedder API and set SQLite defensive mode and prepare options as defaults.
- Update dependencies (e.g., LIEF, npm 11.9.0, undici 7.21.0) and improve documentation across events, security, and deprecations.
- Fixed a security vulnerability where crafted CRLF sequences in Redis error replies could be used to manipulate data read by a connection.
- Improved handling of Redis error messages to sanitize injected newline characters.
- Fix a vulnerability where CR\r\n sequences could be injected into Redis error replies, allowing data manipulation by a malicious user.
- Apply a security patch to sanitize error responses, preventing manipulation of connection data.
- Fix prevents data manipulation by injecting CRLF sequences into Redis error replies
- Ensures connections cannot be tricked into reading tampered data
- Fix for CRLF injection in Redis error replies
- Prevents malicious manipulation of data read by connections
- Fixed a security issue where injected CRLF sequences could manipulate data read from Redis error replies.
- Added the missing HOTKEYS HELP subcommand and ensured INFO correctly displays module information.
- Resolved an RDB loading bug that prevented hash table expansion, reducing load times.