redis

v7.4.9 Security

This release includes 3 security fixes for security teams reviewing exposed deployments.

Published 29d Caching

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 3 known CVEs

Topics

cache database distributed-systems in-memory in-memory-database json

+11 more

key-value key-value-store messaging no-sql nosql real-time realtime redis time-series vector-databases vector-db

Summary

AI summary

(CVE-2026-23479, CVE-2026-25243, CVE-2026-23631) — Use‑after‑free vulnerabilities may lead to Remote Code Execution.

Full changelog

Update urgency: SECURITY: There are security fixes in the release.

Security fixes

(CVE-2026-23479) Use-After-Free in unblock client flow may lead to Remote Code Execution.
(CVE-2026-25243) Invalid memory access in RESTORE may lead to Remote Code Execution
(CVE-2026-23631) Lua Use-After-Free may lead to remote code execution

Bug fixes

SUBSCRIBE, PSUBSCRIBE, SSUBSCRIBE: crash on OOM (RED-167788)
CONFIG SET: some settings allow invalid characters (RED-167787)
SCRIPT DEBUG: potential crash on scripts (RED-175507)

Security Fixes

CVE-2026-23479 — Use‑after‑free in unblock client flow may lead to Remote Code Execution
CVE-2026-25243 — Invalid memory access in `RESTORE` may lead to Remote Code Execution
CVE-2026-23631 — Lua Use‑after‑free may lead to remote code execution

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track redis

Get notified when new releases ship.

About redis

For developers, who are building real-time data-driven applications, Redis is the preferred, fastest, and most feature-rich cache, data structure server, and document and vector query engine.

All releases →

Related context

Related tools

valkey
geode