valkey

v8.1.8 Bugfix

This release fixes issues for SREs watching stability and regressions.

Published 1d Caching

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

cache database key-value key-value-store nosql redis

+2 more

valkey valkey-client

ReleasePort's take

Moderate signal

editorial:auto 1d

Valkey 8.1.8 resolves a heap-use-after-free vulnerability in ACL LOAD when client free is deferred, preventing potential exploitation.

Why it matters: Severity 90 security fix eliminates heap‑use‑after‑free risk in ACL LOAD; upgrade to Valkey 8.1.8 immediately if using ACL management features.

Summary

AI summary

Fix heap-use-after-free in ACL LOAD when client free is deferred.

Changes in this release

Type	Severity	Summary	CVE
Security
Security	Critical	Fix double free in stream consumer PEL loading with corrupt RDB data Fix double free in stream consumer PEL loading with corrupt RDB data Source: llm_adapter@2026-06-02 Confidence: high	—
Security	Critical	Fix heap-use-after-free in ACL LOAD when client free is deferred Fix heap-use-after-free in ACL LOAD when client free is deferred Source: llm_adapter@2026-06-02 Confidence: high	—
Security	Medium	Redact customer information from logs when hide_user_data_from_log is true Redact customer information from logs when hide_user_data_from_log is true Source: granite4.1:30b@2026-06-02-audit Confidence: low	—
Security	Medium	Harden SENTINEL commands and config rewrite against control-character injection Harden SENTINEL commands and config rewrite against control-character injection Source: granite4.1:30b@2026-06-02-audit Confidence: low	—
Bugfix
Bugfix	Critical	Fix race condition during async client freeing with IO threading enabled Fix race condition during async client freeing with IO threading enabled Source: llm_adapter@2026-06-02 Confidence: high	—
Bugfix	High	Fix ZDIFF algorithm 2 memory leak on early exit Fix ZDIFF algorithm 2 memory leak on early exit Source: llm_adapter@2026-06-02 Confidence: high	—
Bugfix	High	Strictly check CRLF when parsing querybuf Strictly check CRLF when parsing querybuf Source: llm_adapter@2026-06-02 Confidence: high	—
Bugfix	High	Fix incorrect memory overhead calculation for watched keys Fix incorrect memory overhead calculation for watched keys Source: llm_adapter@2026-06-02 Confidence: high	—
Bugfix	High	Fix `valkey-cli --cluster del-node` for unreachable nodes Fix `valkey-cli --cluster del-node` for unreachable nodes Source: llm_adapter@2026-06-02 Confidence: high	—
Bugfix	High	Fixes server crash when RDMA benchmark clients disconnect Fixes server crash when RDMA benchmark clients disconnect Source: llm_adapter@2026-06-02 Confidence: high	—
Bugfix	High	Fix misleading log "I/O error reading bulk count from PRIMARY: Success" Fix misleading log "I/O error reading bulk count from PRIMARY: Success" Source: llm_adapter@2026-06-02 Confidence: high	—
Bugfix	High	Handle NULL pointer in streamTrim listpack delta calculation Handle NULL pointer in streamTrim listpack delta calculation Source: llm_adapter@2026-06-02 Confidence: high	—
Bugfix	High	Fix use-after-free in VM_RegisterClusterMessageReceiver Fix use-after-free in VM_RegisterClusterMessageReceiver Source: granite4.1:30b@2026-06-02-audit Confidence: low	—
Bugfix	High	Fix CLUSTER SLOTS crash when called from module timer callback Fix CLUSTER SLOTS crash when called from module timer callback Source: granite4.1:30b@2026-06-02-audit Confidence: low	—
Bugfix	Medium	Fix Deferred Reply Placeholders in Active Deferred Buffers Fix Deferred Reply Placeholders in Active Deferred Buffers Source: granite4.1:30b@2026-06-02-audit Confidence: low	—
Bugfix	Medium	Add NULL check in updateSSLPendingFlag Add NULL check in updateSSLPendingFlag Source: granite4.1:30b@2026-06-02-audit Confidence: low	—

Full changelog

Upgrade urgency HIGH: There is a critical bug that may affect a subset of users.

Bug fixes

Fix ZDIFF algorithm 2 memory leak on early exit (#3342)
Strictly check CRLF when parsing querybuf (#2872)
Fix incorrect memory overhead calculation for watched keys (#3359)
Fix valkey-cli --cluster del-node for unreachable nodes (#3209)
Fix race condition during async client freeing with IO threading enabled (#3458)
Fix double free in stream consumer PEL loading with corrupt RDB data (#3498)
Fixes server crash when RDMA benchmark clients disconnect (#3448)
Fix misleading log "I/O error reading bulk count from PRIMARY: Success" (#3580)
Handle NULL pointer in streamTrim listpack delta calculation (#3591)
Fix Deferred Reply Placeholders in Active Deferred Buffers (#3578)
Add NULL check in updateSSLPendingFlag (#3641)
Fix heap-use-after-free in ACL LOAD when client free is deferred (#3800)
Redacting customer information when hide_user_data_from_log is true in rdb.c, networking.c, debug.c and t_hash (#3872)
Fix use-after-free in VM_RegisterClusterMessageReceiver (#3846)
Harden SENTINEL commands and config rewrite against control-character injection (#3847)
Fix CLUSTER SLOTS crash when called from module timer callback (#2915)

Full Changelog: https://github.com/valkey-io/valkey/compare/8.1.7...8.1.8

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track valkey

Get notified when new releases ship.

About valkey

A flexible distributed key-value database that is optimized for caching and other realtime workloads.

All releases →

Related context

Related tools

geode
redis