Skip to content

Commit d6a2f56

Browse files
madolsonmadolson
committed
Update release notes with final security information
Signed-off-by: Madelyn Olson <[email protected]>
1 parent cff4d56 commit d6a2f56

File tree

3 files changed

+9
-2
lines changed

3 files changed

+9
-2
lines changed

00-RELEASENOTES

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -36,12 +36,19 @@ Bug fixes
3636
mode. (#1155)
3737
* Send the correct error message when `FUNCTION KIlL` is used to kill an
3838
ongoing script. (#1171)
39+
* Fix a potential memory corruption when databases are emptied, such as
40+
through `FLUSHDB`, when during active defrag is running. (#1512)
3941

4042
Behavior changes
4143
================
4244
* Revert an unintended breaking change when sending an unsubuscribe command
4345
when a client is not subscribed to any channels. (#1265)
4446

47+
Security fixes
48+
==============
49+
* (CVE-2024-46981) Lua script commands may lead to remote code execution. (#1513)
50+
* (CVE-2024-51741) Denial-of-service due to malformed ACL selectors. (#1514)
51+
4552
================================================================================
4653
Valkey 8.0.1 - Released Tue 1 Oct 2024
4754
================================================================================

src/eval.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -282,7 +282,7 @@ void scriptingInit(int setup) {
282282
void freeLuaScriptsSync(dict *lua_scripts, list *lua_scripts_lru_list, lua_State *lua) {
283283
dictRelease(lua_scripts);
284284
listRelease(lua_scripts_lru_list);
285-
lua_gc(lctx.lua, LUA_GCCOLLECT, 0);
285+
lua_gc(lua, LUA_GCCOLLECT, 0);
286286
lua_close(lua);
287287

288288
#if !defined(USE_LIBC)

src/sort.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -262,7 +262,7 @@ void sortCommandGeneric(client *c, int readonly) {
262262
/* If GET is specified with a real pattern, we can't accept it in cluster mode,
263263
* unless we can make sure the keys formed by the pattern are in the same slot
264264
* as the key to sort. */
265-
if (server.cluster_enabled &&
265+
if (server.cluster_enabled && !isReturnSubstPattern(c->argv[j + 1]->ptr) &&
266266
!isReturnSubstPattern(c->argv[j + 1]->ptr) &&
267267
patternHashSlot(c->argv[j + 1]->ptr, sdslen(c->argv[j + 1]->ptr)) != getKeySlot(c->argv[1]->ptr)) {
268268
addReplyError(c, "GET option of SORT denied in Cluster mode when "

0 commit comments

Comments
 (0)