Skip to content

Release history

valkey releases

A flexible distributed key-value database that is optimized for caching and other realtime workloads.

Back to tool Latest release

All releases

12 shown

Upgrade now
8.1.8 Bug fix

ACL LOAD use‑after‑free fix

Open
Review required
9.1.0 Mixed

Security fixes + bug fixes

Open
7.2.13 Security relevant
Security fixes
  • CVE-2026-23479 — Use‑After‑Free in unblock client flow
  • CVE-2026-25243 — Invalid Memory Access in RESTORE command
  • CVE-2026-23631 — Use‑after‑free when full sync occurs during a yielding Lua/function execution
Full changelog

Upgrade urgency SECURITY: This release includes security fixes we recommend you
apply as soon as possible.

Security fixes

  • (CVE-2026-23479) Use-After-Free in unblock client flow
  • (CVE-2026-25243) Invalid Memory Access in RESTORE command
  • (CVE-2026-23631) Use-after-free when full sync occurs during a yielding Lua/function execution
View release on GitHub
8.0.8 Security relevant
Security fixes
  • CVE-2026-23479 – Use‑After‑Free in unblock client flow
  • CVE-2026-25243 – Invalid Memory Access in RESTORE command
  • CVE-2026-23631 – Use‑after‑free when full sync occurs during yielding Lua/function execution
Full changelog

Upgrade urgency SECURITY: This release includes security fixes we recommend you
apply as soon as possible.

Security fixes

  • (CVE-2026-23479) Use-After-Free in unblock client flow
  • (CVE-2026-25243) Invalid Memory Access in RESTORE command
  • (CVE-2026-23631) Use-after-free when full sync occurs during a yielding Lua/function execution
View release on GitHub
8.1.7 Security relevant
Security fixes
  • CVE-2026-23479 — Use-After-Free in unblock client flow
  • CVE-2026-25243 — Invalid Memory Access in RESTORE command
  • CVE-2026-23631 — Use-after-free when full sync occurs during yielding Lua/function execution
Full changelog

Upgrade urgency SECURITY: This release includes security fixes we recommend you
apply as soon as possible.

Security fixes

  • (CVE-2026-23479) Use-After-Free in unblock client flow
  • (CVE-2026-25243) Invalid Memory Access in RESTORE command
  • (CVE-2026-23631) Use-after-free when full sync occurs during a yielding Lua/function execution
View release on GitHub
9.0.4 Security relevant
Security fixes
  • CVE-2026-23479 — Use‑After‑Free in unblock client flow
  • CVE-2026-25243 — Invalid Memory Access in RESTORE command
  • CVE-2026-23631 — Use‑after‑free when full sync occurs during yielding Lua/function execution
Full changelog

Upgrade urgency SECURITY: This release includes security fixes we recommend you
apply as soon as possible.

Security fixes

  • (CVE-2026-23479) Use-After-Free in unblock client flow
  • (CVE-2026-25243) Invalid Memory Access in RESTORE command
  • (CVE-2026-23631) Use-after-free when full sync occurs during a yielding Lua/function execution
View release on GitHub
9.0.3 Security relevant
Security fixes
  • CVE-2025-67733 RESP Protocol Injection via Lua error_reply
  • CVE-2026-21863 Remote DoS with malformed cluster bus message
  • CVE-2026-27623 Reset request type after handling empty requests
View release on GitHub
8.1.6 Security relevant
Security fixes
  • CVE-2026-21863 Remote DoS with malformed cluster bus message
  • CVE-2025-67733 RESP Protocol Injection via Lua error_reply
View release on GitHub
8.0.7 Security relevant
Security fixes
  • CVE-2026-21863 Remote DoS with malformed cluster bus message
  • CVE-2025-67733 RESP Protocol Injection via Lua error_reply
View release on GitHub
7.2.12 Security relevant
Security fixes
  • CVE-2026-21863 Remote DoS with malformed cluster bus message
  • CVE-2025-67733 RESP Protocol Injection via Lua error_reply
View release on GitHub
9.0.2 Bug fix

Critical bug fixes for hash field expiration memory leaks and numerous hash operation corrections including HINCRBY tracking

View release on GitHub

Beta — feedback welcome: [email protected]