Redis Enterprise Software version 6.2.12 is now available!

This version of Redis Enterprise Software offers:

  • OCSP stapling of the server proxy certificate
  • Password and session configuration settings via the admin console
  • Compatibility with open source Redis v6.2.6
  • Support for Red Hat Enterprise Linux (RHEL) v8.6
  • Additional enhancements and fixes

The following table shows the MD5 checksums for the available packages.

Package MD5 Checksum
Ubuntu 16 e702c906f200940e06ef031e6b8006d9
Ubuntu 18 7ea70067e8828b59336380df087fe03d
RedHat Enterprise Linux (RHEL) 7
Oracle Enterprise Linux (OL) 7
8ffda6186f70354b9d10c1ce43938c3c
RedHat Enterprise Linux (RHEL) 8
Oracle Enterprise Linux (OL) 8
334fe7979a7376b28fcf48913403bfb7

Features and enhancements

  • Server side OCSP Stapling

    Online Certificate Status Protocol (OCSP) helps verify the status of certificates managed by a third-party certificate authority (CA). It tells you whether certificates are valid, revoked, or unknown.

    Redis Enterprise Software v6.2.12 implements OCSP stapling, which allows clients to validate the status of a server proxy certificate. When OCSP is enabled, the Redis Enterprise server regularly polls the CA OCSP responder to determine a certificate’s status. The response is cached until the next polling attempt; the cached value is served to clients during the TLS handshake.

    To learn more, see Enable OCSP stapling.

  • Session and security attributes in the admin console

    You can now use the admin console to configure password complexity rules, user login lockout, and session timeout.

Version changes

Prerequisites and notes

  • You can upgrade to v6.2.12 from Redis Enterprise Software v6.0 and later.

  • Refer to v6.2.4 release notes for important notes regarding changes made to the upgrade policy and how those changes might impct your experience.

  • Upgrades from versions earlier than v6.0 are not supported.

  • If you are using the earlier cluster-based LDAP mechanism, you must migrate to the role-based mechanism before upgrading to v6.2.12. For details, see Migrate to role-based LDAP.

  • If you plan to upgrade your cluster to RHEL 8, see the v6.2.8 release notes for known limitations.

Future deprecation notice

TLS 1.0 and TLS 1.1

TLS 1.0 and TLS 1.1 connections are considered deprecated in favor of TLS 1.2 or later.

Please verify that all clients, apps, and connections support TLS 1.2. Support for the earlier protocols will be removed in a future release.

Certain operating systems, such as RHEL 8, have already removed support for the earlier protocols. Redis Enterprise Software cannot support connection protocols that are not supported by the underlying operating system.

Product lifecycle updates

Redis Enterprise Software v6.0.x will reach end of life (EOL) on May 31, 2022.

To learn more, see the Redis Enterprise Software product lifecycle, which details the release number and the end-of-life schedule for Redis Enterprise Software.

For Redis modules information and lifecycle, see Module lifecycle.

Redis modules

Redis Enterprise Software v6.2.12 includes the following Redis modules:

For help upgrading a module, see Add a module to a cluster.

Interface enhancements

  • Allow creation and editing of sharded databases with a single shard. This lets you prepare for future scaling by ensuring your apps work in clustering mode, regardless of the actual number of configured shards
  • Enhanced the slowlog in the UI to display unprintable characters in RESTORE commands
  • Added support for custom paths when bootstrapping the cluster via the UI
  • Improve readability of geo-distributed log entries in the UI

Additional enhancements

  • Added support for the MODULE LIST command on Active-Active databases
  • Enhanced validity checks of the input parameters of the CRDB-CLI tool

Resolved issues

  • RS38320 A failed task leaves the nodes list outdated in the UI
  • RS73768, RS72082 Increased certificate rotation timeout to allow it to finish
  • RS72466, RS68668 Fix false positive alerts for certification expiration
  • RS69256 Change pre-bootstrap default TLS version to 1.2
  • RS67133 Fixed replication for command RESTOREMODAUX
  • RS66468 Fixed “Test regex keys” in the UI
  • RS58156 Fixed the installation to abort and alert when encountering issues in NTP
  • RS67935 Fixed releasing 30MB of memory when deleting an Active-Active database
  • RS64276 Fixed high memory consumption of the DMC output buffers when running CLIENT LIST

Known limitations

  • RS81463 A shard may crash when resharding an Active-Active database with Redis on Flash (RoF). Specifically, the shard will crash when volatile keys or Active-Active tombstone keys reside in Flash memory.

  • RS54131 Returning +OK reply from the QUIT command on a TLS enabled database

Security

Open Source Redis Security fixes compatibility

As part of Redis commitment to security, Redis Enterprise Software implements the latest security fixes available with open source Redis. The following Open Source Redis CVEs do not affect Redis Enterprise:

  • CVE-2021-32625 - Redis Enterprise is not impacted by the CVE that was found and fixed in open source Redis since Redis Enterprise does not implement LCS. Additional information about the open source Redis fix is on the Redis GitHub page (Redis 6.2.4, Redis 6.0.14)

  • CVE-2021-32672 - Redis Enterprise is not impacted by the CVE that was found and fixed in open source Redis because the LUA debugger is unsupported in Redis Enterprise. Additional information about the open source Redis fix is on the Redis GitHub page (Redis 6.2.6, Redis 6.0.16)

  • CVE-2021-32675 - Redis Enterprise is not impacted by the CVE that was found and fixed in open source Redis because the proxy in Redis Enterprise does not forward unauthenticated requests. Additional information about the open source Redis fix is on the Redis GitHub page (Redis 6.2.6, Redis 6.0.16)

  • CVE-2021-32762 - Redis Enterprise is not impacted by the CVE that was found and fixed in open source Redis because the memory allocator used in Redis Enterprise is not vulnerable. Additional information about the open source Redis fix is on the Redis GitHub page (Redis 6.2.6, Redis 6.0.16)

  • CVE-2021-41099 - Redis Enterprise is not impacted by the CVE that was found and fixed in open source Redis because the proto-max-bulk-len CONFIG is blocked in Redis Enterprise. Additional information about the open source Redis fix is on the Redis GitHub page (Redis 6.2.6, Redis 6.0.16) security fixes for recent CVEs. Redis Enterprise has already included the fixes for the relevant CVEs. Some CVEs announced for Open Source Redis do not affect Redis Enterprise due to different and additional functionality available in Redis Enterprise that is not available in Open Source Redis.