Redis Enterprise Software release notes 6.2.12 (August 2022)
Redis Enterprise Software version 6.2.12 is now available!
This version of Redis Enterprise Software offers:
- OCSP stapling of the server proxy certificate
- Password and session configuration settings via the admin console
- Compatibility with open source Redis v6.2.6
- Support for Red Hat Enterprise Linux (RHEL) v8.6
- Additional enhancements and fixes
The following table shows the MD5 checksums for the available packages.
|RedHat Enterprise Linux (RHEL) 7
Oracle Enterprise Linux (OL) 7
|RedHat Enterprise Linux (RHEL) 8
Oracle Enterprise Linux (OL) 8
Features and enhancements
Server side OCSP Stapling
Online Certificate Status Protocol (OCSP) helps verify the status of certificates managed by a third-party certificate authority (CA). It tells you whether certificates are valid, revoked, or unknown.
Redis Enterprise Software v6.2.12 implements OCSP stapling, which allows clients to validate the status of a server proxy certificate. When OCSP is enabled, the Redis Enterprise server regularly polls the CA OCSP responder to determine a certificate’s status. The response is cached until the next polling attempt; the cached value is served to clients during the TLS handshake.
To learn more, see Enable OCSP stapling.
Session and security attributes in the admin console
Mount point import enhancement
When importing data, Redis Enterprise copies files to a temporary directory on the node. For mount point import sources only, Redis Enterprise now reads files directly from the mount point. Because this import method does not copy files to a temporary directory, nodes do not require extra disk space. This new behavior is enabled by default and does not require configuration.
Prerequisites and notes
You can upgrade to v6.2.12 from Redis Enterprise Software v6.0 and later.
Refer to v6.2.4 release notes for important notes regarding changes made to the upgrade policy and how those changes might impct your experience.
Upgrades from versions earlier than v6.0 are not supported.
If you are using the earlier cluster-based LDAP mechanism, you must migrate to the role-based mechanism before upgrading to v6.2.12. For details, see Migrate to role-based LDAP.
If you plan to upgrade your cluster to RHEL 8, see the v6.2.8 release notes for known limitations.
Future deprecation notice
TLS 1.0 and TLS 1.1
TLS 1.0 and TLS 1.1 connections are considered deprecated in favor of TLS 1.2 or later.
Please verify that all clients, apps, and connections support TLS 1.2. Support for the earlier protocols will be removed in a future release.
Certain operating systems, such as RHEL 8, have already removed support for the earlier protocols. Redis Enterprise Software cannot support connection protocols that are not supported by the underlying operating system.
Product lifecycle updates
Redis Enterprise Software v6.0.x will reach end of life (EOL) on May 31, 2022.
To learn more, see the Redis Enterprise Software product lifecycle, which details the release number and the end-of-life schedule for Redis Enterprise Software.
For Redis modules information and lifecycle, see Module lifecycle.
Redis Enterprise Software v6.2.12 includes the following Redis modules:
For help upgrading a module, see Add a module to a cluster.
- Allow creation and editing of sharded databases with a single shard. This lets you prepare for future scaling by ensuring your apps work in clustering mode, regardless of the actual number of configured shards
- Enhanced the slowlog in the UI to display unprintable characters in RESTORE commands
- Added support for custom paths when bootstrapping the cluster via the UI
- Improve readability of geo-distributed log entries in the UI
- Added support for the MODULE LIST command on Active-Active databases
- Enhanced validity checks of the input parameters of the CRDB-CLI tool
- RS38320 A failed task leaves the nodes list outdated in the UI
- RS73768, RS72082 Increased certificate rotation timeout to allow it to finish
- RS72466, RS68668 Fix false positive alerts for certification expiration
- RS69256 Change pre-bootstrap default TLS version to 1.2
- RS67133 Fixed replication for command RESTOREMODAUX
- RS66468 Fixed “Test regex keys” in the UI
- RS58156 Fixed the installation to abort and alert when encountering issues in NTP
- RS67935 Fixed releasing 30MB of memory when deleting an Active-Active database
- RS64276 Fixed high memory consumption of the DMC output buffers when running CLIENT LIST
RS81463 A shard may crash when resharding an Active-Active database with Auto Tiering . Specifically, the shard will crash when volatile keys or Active-Active tombstone keys reside in Flash memory.
RS54131 Returning +OK reply from the QUIT command on a TLS enabled database
RS40641 - API requests are redirected to an internal IP in case the request arrives from a node which is not the master. To avoid this issue, use
rladmin cluster configto configure
Several Redis Enterprise Software installation reference files are installed to the directory
/etc/opt/redislabs/ even if you use custom installation directories.
As a workaround to install Redis Enterprise Software without using any root directories, do the following before installing Redis Enterprise Software:
Create all custom, non-root directories you want to use with Redis Enterprise Software.
/etc/opt/redislabsto one of the custom, non-root directories.
Open Source Redis Security fixes compatibility
As part of Redis commitment to security, Redis Enterprise Software implements the latest security fixes available with open source Redis. The following Open Source Redis CVEs do not affect Redis Enterprise:
CVE-2022-24834 - Redis Enterprise versions 6.2.12 and later are not impacted by the CVE that was found and fixed in open source Redis. A fix to prevent Lua scripts from causing heap overflow was implemented in Redis Enterprise version 6.2.12. Additional information about the open source Redis fix is on the Redis GitHub page (Redis 7.0.12, Redis 6.2.13, Redis 6.0.20)
CVE-2021-32625 - Redis Enterprise is not impacted by the CVE that was found and fixed in open source Redis since Redis Enterprise does not implement LCS. Additional information about the open source Redis fix is on the Redis GitHub page (Redis 6.2.4, Redis 6.0.14)
CVE-2021-32672 - Redis Enterprise is not impacted by the CVE that was found and fixed in open source Redis because the LUA debugger is unsupported in Redis Enterprise. Additional information about the open source Redis fix is on the Redis GitHub page (Redis 6.2.6, Redis 6.0.16)
CVE-2021-32675 - Redis Enterprise is not impacted by the CVE that was found and fixed in open source Redis because the proxy in Redis Enterprise does not forward unauthenticated requests. Additional information about the open source Redis fix is on the Redis GitHub page (Redis 6.2.6, Redis 6.0.16)
CVE-2021-32762 - Redis Enterprise is not impacted by the CVE that was found and fixed in open source Redis because the memory allocator used in Redis Enterprise is not vulnerable. Additional information about the open source Redis fix is on the Redis GitHub page (Redis 6.2.6, Redis 6.0.16)
CVE-2021-41099 - Redis Enterprise is not impacted by the CVE that was found and fixed in open source Redis because the proto-max-bulk-len CONFIG is blocked in Redis Enterprise. Additional information about the open source Redis fix is on the Redis GitHub page (Redis 6.2.6, Redis 6.0.16) security fixes for recent CVEs.
Redis Enterprise has already included the fixes for the relevant CVEs. Some CVEs announced for open source Redis do not affect Redis Enterprise due to different and additional functionality available in Redis Enterprise that is not available in open source Redis.