Redis Enterprise Software version 6.2.8 is now available!

Features and enhancements

This version features:

Version changes

Prerequisites and notes

  • You can upgrade to v6.2.8 from Redis Enterprise Software v6.0 and later.

  • Refer to the v6.2.4 release notes for important notes regarding the upgrade process.

  • Upgrades from versions earlier than v6.0 are not supported

Product lifecycle updates

As of 31 October 2021, Redis Enterprise Software v5.6.0 is end of life (EOF).

To learn more, see the Redis Enterprise Software product lifecycle, which details the release number and the end-of-life schedule for Redis Enterprise Software.

Redis Enterprise modules have individual release numbers and lifecycles.

Redis modules

Redis Enterprise Software v6.2.8 includes the following Redis modules:

To learn more, see Upgrade the module for a database.

Resolved issues

User interface fixes

  • RS58804 - Display an error message in case of a login attempt with an LDAP user
  • RS56680 - Notify that SASLAUTHD should be disabled prior to enabling LDAP
  • RS55844 - Use the correct password and mask it on LDAP password update
  • RS60877 - Fixed reset of Active-Active database compression level, in cases where the compression level wasn’t set to default, when changing any other configuration via the DB configuration page
  • RS43999 - Fixed UI database configuration to allow changes when SFTP SSH key is customized
  • RS59861 - Fixed the UI to display an explanation error message when password complexity does not meet requirements
  • RS57734 - Fixed inaccessible UI after cluster upgrade due to missing certificate
  • RS43041 - Mask secret keys for backup destination for view and edit in the UI

Additional fixes

  • RS60068 / RS59146 - Fixed unresolved endpoint due to PDNS issues
  • RS52812 - Expand API wrapper to return API 405 errors as JSON/XML
  • RS57666 - Fixed false shard migration message when the shard fails to bind the port
  • RS57444, RS55294, RS4903 - Fixed false “backup finished successfully” message when the backup failed due to restricted access to the backup destination

Known limitations

  • RS63258 - Redis Enterprise Software 6.2.8 is not supported on RHEL 8 with FIPS enabled.

    FIPS changes system-generated keys, which can limit secure access to the cluster or the admin console via port 8443.

  • RS63375 - RHEL 7 clusters cannot be directly upgraded to RHEL 8 when hosting databases using modules.

    Due to binary differences in modules between the two operating systems, you cannot directly update RHEL 7 clusters to RHEL 8 when those clusters host databases using modules. Instead, you need to create a new cluster on RHEL 8 and then migrate existing data from your RHEL 7 cluster. This does not apply to clusters that do not use modules.

All known limitations from v6.2.4 have been fixed.

Security

Open source Redis security fix compatibility

As part of its commitment to security, Redis Enterprise Software implements the latest security fixes available with open source Redis.

The following open source Redis CVEs do not affect Redis Enterprise:

  • CVE-2021-32625 - Redis Enterprise is not impacted by the CVE that was found and fixed in open source Redis since Redis Enterprise does not implement LCS. Additional information about the open source Redis fix is on the Redis GitHub page (Redis 6.2.4, Redis 6.0.14)

  • CVE-2021-32672 - Redis Enterprise is not impacted by the CVE that was found and fixed in open source Redis because the LUA debugger is unsupported in Redis Enterprise. Additional information about the open source Redis fix is on the Redis GitHub page (Redis 6.2.6, Redis 6.0.16)

  • CVE-2021-32675 - Redis Enterprise is not impacted by the CVE that was found and fixed in open source Redis because the proxy in Redis Enterprise does not forward unauthenticated requests. Additional information about the open source Redis fix is on the Redis GitHub page (Redis 6.2.6, Redis 6.0.16)

  • CVE-2021-32762 - Redis Enterprise is not impacted by the CVE that was found and fixed in open source Redis because the memory allocator used in Redis Enterprise is not vulnerable. Additional information about the open source Redis fix is on the Redis GitHub page (Redis 6.2.6, Redis 6.0.16)

  • CVE-2021-41099 - Redis Enterprise is not impacted by the CVE that was found and fixed in open source Redis because the proto-max-bulk-len CONFIG is blocked in Redis Enterprise. Additional information about the open source Redis fix is on the Redis GitHub page (Redis 6.2.6, Redis 6.0.16)

Some CVEs announced for Open Source Redis do not affect Redis Enterprise due to functionality that is either different from (or not available in) open source Redis.