Redis Enterprise Software release notes 6.4.2
Pub/sub ACLs & default permissions. Validate client certificates by subject attributes. Ubuntu 20.04 support.
Redis Enterprise Software version 6.4.2 is now available!
This version offers:
-
Extended validation of client certificates via mTLS (mutual TLS) full subject support
-
Support for default restrictive permissions when using publish/subscribe commands and access control lists (ACLs)
-
Enhanced TLS performance when Redis returns large arrays in responses
-
Compatibility with open source Redis 6.2.7 and 6.2.10.
-
Additional enhancements and bug fixes
Detailed release notes
For more detailed release notes, select a build version from the following table:
| Version (Release date) | Major changes | OSS Redis compatibility |
|---|---|---|
| 6.4.2-103 (October 2023) | RHEL 8.8 support. RediSearch v2.6.12. RedisGraph v2.10.12. RedisTimeSeries v1.8.11 Log when CCS schema changes. Bug fixes. | Redis 6.2.10 |
| 6.4.2-94 (July 2023) | Look-ahead mechanism for planner attempts. Package OS compatibility validation. | Redis 6.2.10 |
| 6.4.2-81 (June 2023) | Email alerts for database backup failures and replica high availability shard relocation failures. | Redis 6.2.10 |
| 6.4.2-69 (May 2023) | Amazon Linux 2 support. Configure envoy ports using rladmin. Added option to avoid specific nodes when using the optimized shards placement API. Added failure_detection_sensitivity to replace watchdog_profile. | Redis 6.2.10 |
| 6.4.2-61 (April 2023) | Amazon Linux 2 support. Fixed known limitations for custom installation on RHEL 7 and RHEL 8, running rl_rdbconvert manually, and resharding rack-aware databases with no replication. | Redis 6.2.10 |
| 6.4.2-43 (March 2023) | Ubuntu 20.04 support. Safe node removal. Allow gossip_envoy port configuration. | Redis 6.2.10 |
| 6.4.2-30 (February 2023) | Pub/sub ACLs & default permissions. Validate client certificates by subject attributes. | Redis 6.2.7 |
Deprecations
Ubuntu 16.04
Ubuntu 16 support is considered deprecated and will be removed in a future release. Ubuntu 16.04 LTS (Xenial) has reached the end of its free initial five-year security maintenance period as of April 30, 2021.
Active-Active database persistence
The RDB snapshot option for Active-Active database persistence is deprecated and will be removed in a future release.
Please plan to reconfigure any Active-Active databases to use append-only file (AOF) persistence with the following command:
crdb-cli crdb update --crdb-guid <CRDB_GUID> \
--default-db-config '{"data_persistence": "aof", "aof_policy":"appendfsync-every-sec"}'
TLS 1.0 and TLS 1.1
TLS 1.0 and TLS 1.1 connections are considered deprecated in favor of TLS 1.2 or later. Please verify that all clients, apps, and connections support TLS 1.2. Support for the earlier protocols will be removed in a future release. Certain operating systems, such as RHEL 8, have already removed support for the earlier protocols. Redis Enterprise Software cannot support connection protocols that are not supported by the underlying operating system.
3DES encryption cipher
The 3DES encryption cipher is considered deprecated in favor of stronger ciphers like AES. Please verify that all clients, apps, and connections support the AES cipher. Support for 3DES will be removed in a future release. Certain operating systems, such as RHEL 8, have already removed support for 3DES. Redis Enterprise Software cannot support cipher suites that are not supported by the underlying operating system.
Known limitations
Feature limitations
-
RS97971 - Resharding fails for rack-aware databases with no replication (fixed and resolved as part of v6.4.2-61).
-
RS101204 - High memory consumption caused by the
persistence_mgrservice when AOF persistence is configured for every second (fixed and resolved as part of v6.4.2-81). -
RS40641 - API requests are redirected to an internal IP in case the request arrives from a node which is not the master. To avoid this issue, use
rladmin cluster configto configurehandle_redirectsorhandle_metrics_redirects. -
RS51144, RS102128 - Active-Active: To start successfully, the syncer (
crdt-syncer) must connect to all sources. In multi-cluster configurations (more than 2 A-A clusters participating), in some cases, if one or more of the clusters is not available, A-A replication will be down.
Resharding fails for rack-aware databases with no replication
When a database is configured as rack-aware and replication is turned off, the resharding operation fails.
RS97971 - This limitation was fixed and resolved as part of v6.4.2-61.
Workaround:
Before resharding your database, turn off rack awareness:
curl -k -u "<user>:<password>" -H "Content-type: application/json" -d '{"rack_aware": false}' -X PUT "https://localhost:9443/v1/bdbs/<bdb_uid>"
After the resharding process is complete, you can re-enable rack awareness:
curl -k -u "<user>:<password>" -H "Content-type: application/json" -d '{"rack_aware": true}' -X PUT "https://localhost:9443/v1/bdbs/<bdb_uid>"
Installation limitations
Several Redis Enterprise Software installation reference files are installed to the directory /etc/opt/redislabs/ even if you use custom installation directories.
As a workaround to install Redis Enterprise Software without using any root directories, do the following before installing Redis Enterprise Software:
-
Create all custom, non-root directories you want to use with Redis Enterprise Software.
-
Mount
/etc/opt/redislabsto one of the custom, non-root directories.
Upgrade limitations
Before you upgrade a cluster that hosts Active-Active databases with modules to v6.4.2-30, perform the following steps:
-
Use
crdb-clito verify that the modules (modules) and their versions (inmodule_list) are as they appear in the database configuration and in the default database configuration:crdb-cli crdb get --crdb-guid <crdb-guid> -
From the admin console's redis modules tab, validate that these modules with their specific versions are loaded to the cluster.
-
If one or more of the modules/versions are missing or if you need help, contact Redis support before taking additional steps.
This limitation has been fixed and resolved as of v6.4.2-43.
Operating system limitations
RHEL 7 and RHEL 8
RS95344 - CRDB database will not start on Redis Enterprise v6.4.2 with a custom installation path.
For a workaround, use the following commands to add the relevant CRDB files to the Redis library:
$ yum install -y chrpath
$ find $installdir -name "crdt.so" | xargs -n1 -I {} /bin/bash -c 'chrpath -r ${libdir} {}'
This limitation has been fixed and resolved as of v6.4.2-61.
RHEL 8
Due to module binary differences between RHEL 7 and RHEL 8, you cannot upgrade RHEL 7 clusters to RHEL 8 when they host databases using modules. Instead, you need to create a new cluster on RHEL 8 and then migrate existing data from your RHEL 7 cluster. This does not apply to clusters that do not use modules.
Ubuntu 20.04
By default, you cannot use the SHA1 hash algorithm (OpenSSL’s default security level is set to 2). The operating system will reject SHA1 certificates even if the mtls_allow_weak_hashing option is enabled. You need to replace SHA1 certificates with newer certificates that use SHA-256. Note that the certificates provided with Redis Enterprise Software use SHA-256.
Modules not supported for Amazon Linux 2 release candidate
A database with modules cannot reside on an Amazon Linux 2 (release candidate) node. Support was added as part of v6.4.2-69.