--- Title: Redis Enterprise Software release notes 7.2.4-52 (August 2023) alwaysopen: false categories: - docs - operate - rs compatibleOSSVersion: Redis 7.2.0, 6.2.13, 6.0.20 description: Redis 7.0 and 7.2 features. Auto Tiering (enhanced successor to Redis on Flash). RESP3 support. Sharded pub/sub. Preview of the new Cluster Manager UI. Redis Stack 7.2 features. Three Redis database versions. License file structure updates. Redis ACL selectors and enhanced key-based permissions. New INFO fields. Log rotation enhancements. Multi-OS upgrade support for clusters with modules. linkTitle: 7.2.4-52 (August 2023) weight: 72 --- [Redis Enterprise Software version 7.2.4](https://redis.io/downloads/#software) is now available! ## Highlights This version offers: - Redis 7.0 and 7.2 features - Auto Tiering (enhanced successor to Redis on Flash) - RESP3 support - Sharded pub/sub - A preview of the new Cluster Manager UI (admin console) - Redis Stack 7.2 features - Three Redis database versions: 7.2, 6.2, 6.0 - License file structure updates - Redis ACL selectors and enhanced key-based permissions - New INFO fields - Log rotation enhancements - Multi-OS upgrade support for clusters with modules ## New in this release ### New features #### Redis 7.0 features The following Redis 7.0 features are now supported: - [Redis functions]({{< relref "/develop/programmability/functions-intro" >}}) In Redis Enterprise Software, [`FUNCTION STATS`]({{< relref "/commands/function-stats" >}}) returns an extra parameter, an array called `all_running_scripts`, to reflect multiple functions running at the same time. - [Multipart AOF]({{< relref "/operate/oss_and_stack/management/persistence" >}}#append-only-file) (append-only files) - New commands - Sharded `PUBSUB` (see [Sharded pub/sub](#sharded-pubsub) for details) #### Redis 7.2 features The following Redis 7.2 features are now supported: - Various performance improvements - `CONFIG SET` for locale - Connection layer modularization - Encoding improvements: listpack for sets and lists - Observability: authentication metrics (exposed by `INFO` command) - Stream consumer group improvements - Commands: `ZRANK`, `ZREVRANK` new `WITHSCORE` option - Shard IDs in cluster shards topology - Introduce shard ID to Redis cluster - Support `CLIENT NO-TOUCH` command - `WAIT AOF` #### Auto Tiering - Redis on Flash evolution doubles throughput and reduces latency {#auto-tiering} Redis Enterprise version 7.2 introduces Auto Tiering as an enhanced successor to Redis on Flash, which allows you to provision larger databases at a lower cost by extending the RAM with flash drives. Redis Enterprise Auto Tiering replaces RocksDB with [Speedb](https://www.speedb.io/) as its storage engine, doubling the throughput and reducing latencies, achieved using the same infrastructure resources. For example, a 1 TB database with 50K ops/sec can now serve 100K ops/sec based on the same infrastructure. To switch existing databases to use Speedb for Auto Tiering and improve performance: 1. Upgrade the cluster to Redis Enterprise Software version 7.2.4. 1. Upgrade each database with Auto Tiering enabled to Redis database version 7.2. For more information about Auto Tiering, see: - [Auto Tiering overview]({{< relref "/operate/rs/databases/flash" >}}) - [Auto Tiering quick start]({{< relref "/operate/rs/databases/flash/quickstart" >}}) #### RESP3 support Support for RESP3 and the [`HELLO`]({{< relref "/commands/hello" >}}) command was added in Redis Enterprise 7.2. To use RESP3 with Redis Enterprise: 1. Upgrade Redis servers to version 7.2 or later. For Active-Active and Replica Of databases: 1. Upgrade all participating clusters to Redis Enterprise version 7.2.x or later. 1. Upgrade all databases to version 7.x or later. 1. Enable RESP3 support for your database (`enabled` by default): ```sh rladmin tune db db: resp3 enabled ``` If you run Redis Stack commands with Redis clients [Go-Redis](https://redis.uptrace.dev/) version 9 or [Lettuce](https://redis.github.io/lettuce/) versions 6 and later, see [client prerequisites](#client-prerequisites-for-redis-72-upgrade) before you upgrade to Redis 7.2 to learn how to prevent potential application issues due to RESP3 breaking changes. #### Sharded pub/sub [Sharded pub/sub]({{< relref "/develop/pubsub" >}}#sharded-pubsub) is now supported. You cannot use sharded pub/sub if you [deactivate RESP3 support]({{< relref "/operate/rs/references/compatibility/resp#deactivate-resp3" >}}). #### New Cluster Manager UI preview A preview of the new Cluster Manager UI (admin console) is available in Redis Enterprise Software version 7.2.4. To try out the new UI: - On the sign-in screen: 1. Enter your credentials. 1. Select **Sign in the new interface**. - Sign in directly from the new UI's sign-in screen at `https://:8443/new` - If you are currently signed in to the legacy UI: 1. Select **Switch to the new Admin Console** to expand the banner at the top of the screen. 1. Click the **Try it now** button to open the new UI in another tab. ##### New UI benefits - User-driven design - Provides full functionality to complete tasks entirely in the UI - New attributes and improved feature visibility - Provides configuration flexibility while highlighting the recommended path - Addresses the needs of different personas and use cases - Quicker troubleshooting and easier maintenance ##### New UI highlights - More configurable database attributes, including replica high availability, shards placement, and proxy policy. - Nodes indicate whether it’s a primary or secondary node. - Modules show the databases that are using them. - Certificates show expiration and validity, and you can upload and copy certificates. - Cluster license displays the number of shards that are used out of the number of shards that are licensed to the cluster. The new UI allows you to paste or upload a new license. - Role-based access control (RBAC) has explanations to improve clarity. - Access Control List (ACLs) now support defining ACLs for modules. - The databases screen has more information per database for faster troubleshooting. It also allows you to filter databases and compare database metrics. - The cluster name, user, and user role are shown in the upper right for quickly identifying the cluster from any screen. You can also **Change user password** from the dropdown menu. - Auto Tiering licensing and a toggle for the storage engine used in Auto Tiering enabled databases (available only in the new UI). - Input validations. ##### New UI limitations The following features are not supported in this preview but will be added in future releases. Until then, temporarily switch to the legacy UI to do the following: - Provision and configure Active-Active databases (viewing is available). - Search and export the event log. - Remove a node from the UI. Additional limitations: - Although Redis supports memcached databases, the new UI only allows view and delete. Memcached users are advised to migrate to Redis to enjoy the full benefits of Redis and its UI. To open the legacy admin console when signed in to the new UI, select your username, then select **Switch to legacy Admin Console** from the list: {{ Select switch to legacy admin console from the dropdown.

Select switch to legacy admin console from the dropdown.

}} ##### Future UI enhancements - Configure default database settings and database upgrade settings - Security preferences related to password and login management - LDAP improvements - IPv6 support - ACL improvements, such as ACLv2 smart validations - And more {{}} With the release of the new Cluster Manager UI, the legacy UI is considered deprecated and will eventually be phased out. New functionality will only be implemented in the new Cluster Manager UI, and the old UI will no longer be maintained except for critical bug fixes. {{}} #### Redis Stack 7.2 features Redis Enterprise Software version 7.2.4 supports features included in Redis Stack version 7.2. The following sections include a few highlights. For more details, see the [Redis Stack 7.2 release notes](https://github.com/redis-stack/redis-stack/releases/tag/v7.2.0-v0). ##### Search and query - Introduces [Geo Polygon]({{< relref "commands/ft.search#examples" >}}) Search. Geo range queries now accept the [`GEOSHAPE`]({{< relref "commands/ft.create#required-arguments" >}}) field type, which supports polygon shapes using [WKT notation](https://en.wikipedia.org/wiki/Well-known_text_representation_of_geometry). `GEOSHAPE` supports `POLYGON` and `POINT` as shape formats and polygon operations. - Performance improvements for `SORT BY` operations using [`FT.SEARCH`]({{< relref "commands/ft.search#optional-arguments" >}}) and [`FT.AGGREGATE`]({{< relref "commands/ft.aggregate#optional-arguments" >}}). - New `FORMAT` for improved readability and future support for better error handling responses on `FT.SEARCH` and `FT.AGGREGATE` in RESP3 only. ##### JSON JSON introduces two new commands: - [JSON.MERGE]({{< relref "commands/json.merge" >}}) merges a given JSON value into matching paths to update, delete, or expand the JSON values at the matching paths. - [JSON.MSET]({{< relref "commands/json.mset" >}}) sets or updates one or more JSON values according to specified key-path-value triplets. ##### Triggers and functions preview A preview of triggers and functions is available. Triggers and functions provide support for running JavaScript functions inside the Redis process. These functions can be executed on-demand, by an event-driven trigger, or by a stream processing trigger. Try it out with the [triggers and functions quick start]({{< relref "operate/oss_and_stack/stack-with-enterprise/deprecated-features/triggers-and-functions/quick_start_ri" >}}). {{}} - The preview version of triggers and functions is not intended for production use since the API might change in the future and potentially cause application issues when upgrading to a later version. - During preview, triggers and functions are not supported for databases with Auto Tiering enabled (previously known as Redis on Flash). {{}} ##### Module versions Redis Enterprise Software version 7.2.4 includes the following Redis Stack modules: - [RediSearch 2.8.4](https://github.com/RediSearch/RediSearch/releases/tag/v2.8.4) - [RedisJSON 2.6.6](https://github.com/RedisJSON/RedisJSON/releases/tag/v2.6.6) - [RedisTimeSeries 1.10.4](https://github.com/RedisTimeSeries/RedisTimeSeries/releases/tag/v1.10.4) - [RedisBloom 2.6.3](https://github.com/RedisBloom/RedisBloom/releases/tag/v2.6.3) - [RedisGears 2.0.11](https://github.com/RedisGears/RedisGears/releases/tag/v2.0.11-m12) See [Upgrade modules]({{< relref "/operate/oss_and_stack/stack-with-enterprise/install/upgrade-module" >}}) to learn how to upgrade a module for a database. ### Enhancements #### Three Redis database versions Redis Enterprise Software version 6.x includes two Redis database versions: 6.0 and 6.2. As of version 7.2, Redis Enterprise Software includes three Redis database versions: 6.0, 6.2, and 7.2. To view available Redis database versions: - In the Cluster Manager UI, see **Redis database versions** on the **Cluster > Configuration** screen. - Send a [`GET /nodes` REST API request]({{< relref "/operate/rs/references/rest-api/requests/nodes" >}}) and see `supported_database_versions` in the response. The default Redis database version, which is used when you upgrade an existing database or create a new one, differs between Redis Enterprise releases as follows: | Redis
Enterprise | Bundled Redis
DB versions | Default DB version
(upgraded/new databases) | |-------|----------|-----| | 7.2 | 6.0, 6.2, 7.2 | 7.2 | | 6.4.2 | 6.0, 6.2 | 6.2 | | 6.2.x | 6.0, 6.2 | 6.0 | For Redis Enterprise Software version 7.2.4, `default_redis_version` is 7.2 for both `major` and `latest` upgrade policies. #### Updated Redis Enterprise license format Redis Enterprise Software version 7.2.4 includes updates to its license format, which add separate shard limits for RAM and flash shards used for Auto Tiering. For more information, see [Cluster license keys]({{< relref "/operate/rs/clusters/configure/license-keys" >}}). #### Redis ACL selectors and key-based permissions Redis ACLs in Redis Enterprise version 7.2 support key permissions and selectors. Key permissions: - `%R~`: Grants read access to keys that match the given pattern. - `%W~`: Grants write access to keys that match the given pattern. - `%RW~`: Alias for `~`. Grants read and write access to keys that match the given pattern. See [key permissions]({{< relref "/operate/oss_and_stack/management/security/acl" >}}#key-permissions) for more information. Selectors let you define multiple sets of rules in a single Redis ACL (only supported for databases with Redis version 7.2 or later). A command is allowed if it matches the base rule or any selector in the Redis ACL. See [selectors]({{< relref "/operate/oss_and_stack/management/security/acl" >}}#selectors) for more information. - `()`: Creates a new selector. - `clearselectors`: Deletes all existing selectors for a user. This action does not delete the base ACL rule. Redis ACLs have the following differences in Redis Enterprise Software: - Nested selectors are not supported. For example, the following selectors are not valid in Redis Enterprise: `+GET ~key1 (+SET (+SET ~key2) ~key3)` - Key and pub/sub patterns do not allow the following characters: `'(', ')'` - The following password syntax is not supported: `'>', '<', '#!', 'resetpass'` To change passwords in Redis Enterprise Software, use one of the following methods: - Cluster Manager UI (admin console) - [`rladmin cluster reset_password`]({{< relref "/operate/rs/references/cli-utilities/rladmin/cluster/reset_password" >}}): ```sh rladmin cluster reset_password ``` - REST API [`PUT /v1/users`]({{< relref "/operate/rs/references/rest-api/requests/users#put-user" >}}) request and provide `password` - The **ACL builder** does not support selectors and key permissions. Use **Free text command** to manually define them instead. #### New INFO fields The [`INFO`]({{< relref "/commands/info" >}}) command includes new fields: - Under the `STATS` section: - `current_eviction_exceeded_time` - Redis Enterprise reply is always "0" - `total_eviction_exceeded_time` - Redis Enterprise reply is always "0" - `current_active_defrag_time` - Redis Enterprise reply is always "0" - `total_active_defrag_time` - Redis Enterprise reply is always "0" - Under the `MEMORY` section: - `maxmemory_policy` - The value of the `maxmemory-policy` configuration directive The `INFO` command can now accept multiple section arguments (requires Redis database version 7 or later). #### Log rotation enhancements - The `logrotate` tool rotates logs that exceed 200 MB. - `logrotate` runs every five minutes instead of once a day. - The job scheduler runs `logrotate` instead of the OS. - Every cluster upgrade overwrites the log rotation configuration. - You can edit the log rotation configuration at `$pkgconfdir/logrotate.conf` (`pkgconfdir` is `/opt/redislabs/config` by default, but can be changed in a custom installation). Note that the configuration file moved since last version. - You can change how often the `logrotate` tool runs using the job scheduler REST API request `PUT /v1/job_scheduler`. #### Multi-OS upgrade support for clusters with modules {#os-upgrades-with-modules} Starting from Redis Enterprise version 7.2, all future 7.2.x upgrades are supported for clusters containing databases with modules in combination with Operating System (OS) upgrades. ### Resolved issues - RS54131 - `+OK` reply not received on TLS-enabled database - RS101525 - Cluster provides wrong number of database connections on Grafana - RS104028 - Fix the self-signed certificate script: error generating certificates with multiple FQDNs - RS87920 - Proxy log is full of the warning message "Failed to check status of running child syncer process 0 : No child processes" - RS99916 - Fixed the UI log to include the names of LDAP users at login - RS84273 - When an LDAP user with a Redis `admin` role viewed the log in the UI, they received `db_viewer` permissions instead of `admin`, which limited log visibility - RS62552 - Fixed database authentication failures for LDAP users when the password contains the `%` character ## Version changes ### Breaking changes - Differences when using the `UNWATCH` command within a `MULTI` command sequence: - Redis Enterprise: `UNWATCH` is not allowed within a `MULTI` command sequence and returns an error. - OSS: `UNWATCH` is allowed within a `MULTI` sequence but has no effect. - When sending a `PUBSUB SHARDNUMSUB` command in OSS Cluster mode in Redis Enterprise, Redis Enterprise checks the hash slots of the requested channels. Redis Enterprise responds with a `CROSSSLOT` error if the channels don’t hash to the same slot, or a `MOVED` error if the channels hash to a different node. {{}} #### Client prerequisites for Redis 7.2 upgrade The Redis clients [Go-Redis](https://redis.uptrace.dev/) version 9 and [Lettuce](https://redis.github.io/lettuce/) versions 6 and later use RESP3 by default. If you use either client to run Redis Stack commands, you should set the client's protocol version to RESP2 before upgrading your database to Redis version 7.2 to prevent potential application issues due to RESP3 breaking changes. For applications using Go-Redis v9.0.5 or later, set the protocol version to RESP2: ```go client := redis.NewClient(&redis.Options{ Addr: "", Protocol: 2, // Pin the protocol version }) ``` To set the protocol version to RESP2 with Lettuce v6 or later: ```java import io.lettuce.core.*; import io.lettuce.core.api.*; import io.lettuce.core.protocol.ProtocolVersion; // ... RedisClient client = RedisClient.create(""); client.setOptions(ClientOptions.builder() .protocolVersion(ProtocolVersion.RESP2) // Pin the protocol version .build()); // ... ``` If you are using [LettuceMod](https://github.com/redis-developer/lettucemod/), you need to upgrade to [v3.6.0](https://github.com/redis-developer/lettucemod/releases/tag/v3.6.0). ### Deprecations #### Command deprecations - [`CLUSTER SLOTS`]({{< relref "/commands/cluster-slots" >}}) is deprecated as of Redis 7.0 - [`JSON.RESP`]({{< relref "commands/json.resp" >}}) is deprecated as of Redis Stack 7.2. - [`QUIT`]({{< relref "/commands/quit" >}}) is deprecated as of Redis 7.2 #### API deprecations Fields deprecated as of Redis Enterprise v4.3.3: - `smtp_use_tls` (replaced with `smtp_tls_mode`) - `dns_address_master` - `endpoint_node` - `endpoint_ip` - `public_addr` (replaced with `external_addr`) Fields deprecated as of Redis Enterprise v4.4.2: - `default_shards_overbooking` (replaced with `shards_overbooking`) Fields deprecated as of Redis Enterprise v6.4.2: - `use_ipv6` (replaced with `use_external_ipv6`) - `redis_cleanup_job_settings` (replaced with `persistence_cleanup_scan_interval`) Fields deprecated as of Redis Enterprise v5.0.1: - `bdb_high_syncer_lag` (replaced with `replica_src_high_syncer_lag` and `crdt_src_high_syncer_lag`) - `bdb_syncer_connection_error` - `bdb_syncer_general_error` - `sync_sources` (replaced with `replica_sources` and `crdt_sources`) - `sync` (replaced with `replica_sync` and `crdt_sync`) - `ssl` (replaced with `tls_mode`) Fields deprecated as of Redis Enterprise v7.2.4: - `node.bigstore_driver` (replaced with `cluster.bigstore_driver`) - `auth_method` - `authentication_redis_pass` (replaced with multiple passwords feature in version 6.0.X) - `slave_ha` cluster policy Other deprecated fields: - `import/rdb_url` (deprecated as of Redis Enterprise v4.X) - `logrotate_dir` (to be replaced with `logrotate_config` or removed) Deprecated CLI commands: - `rlutil change_master` (deprecated as of Redis Enterprise v6.2.18, replaced with `rladmin change_master`) - `rlutil reserved_ports` (deprecated as of Redis Enterprise v7.2, replaced with `rladmin cluster config reserved_ports`) REST API requests deprecated as of Redis Enterprise v7.2: - `POST /v1/modules` (replaced with `POST /v2/modules`) - `DELETE /v1/modules` (replaced with `DELETE /v2/modules`) #### Access control deprecations - The following predefined roles and Redis ACLs are no longer available for new Redis Enterprise Software version 7.2.4 clusters: - Custom roles (not management roles): Cluster Member, Cluster Viewer, DB Member, DB Viewer, None. - Redis ACLs: Not Dangerous and Read Only. - In upcoming maintenance releases, the deprecated roles and ACLs will be removed automatically when you upgrade to Redis Enterprise Software version 7.2.4, unless they are associated with any users or databases in the cluster. - A deprecation notice for SASL-based LDAP was included in [previous Redis Enterprise Software release notes]({{< relref "/operate/rs/release-notes/rs-6-2-4-august-2021" >}}#deprecation-notices). When you upgrade to Redis Enterprise Software version 7.2.4, all existing "external" users (previously used to support SASL-based LDAP) will be removed. #### Legacy UI With the release of the new Cluster Manager UI, the legacy UI is considered deprecated and will eventually be phased out. New functionality will only be implemented in the new Cluster Manager UI, and the old UI will no longer be maintained except for critical bug fixes. #### RedisGraph Redis has announced the end of life for RedisGraph. Redis will continue to support all RedisGraph customers, including releasing patch versions until January 31, 2025. See the [RedisGraph end-of-life announcement](https://redis.com/blog/redisgraph-eol/) for more details. #### RHEL and CentOS 7.0-7.9 Support for RHEL and CentOS 7.0-7.9 is considered deprecated and will be removed in a future release. #### Oracle Linux 7 Oracle Linux 7 support is considered deprecated and will be removed in a future release. #### Amazon Linux 1 Amazon Linux 1 support is considered deprecated and will be removed in a future release. #### Ubuntu 16.04 The deprecation of Ubuntu 16.04 was announced in the [Redis Enterprise Software 6.4.2 release notes]({{< relref "/operate/rs/release-notes/rs-6-4-2-releases#deprecations" >}}). As of Redis Enterprise Software 7.2.4, Ubuntu 16.04 is no longer supported. #### RC4 encryption cipher The RC4 encryption cipher is considered deprecated in favor of stronger ciphers. Support for RC4 by the [discovery service]({{< relref "/operate/rs/databases/durability-ha/discovery-service" >}}) will be removed in a future release. #### 3DES encryption cipher The 3DES encryption cipher is considered deprecated in favor of stronger ciphers like AES. Please verify that all clients, apps, and connections support the AES cipher. Support for 3DES will be removed in a future release. Certain operating systems, such as RHEL 8, have already removed support for 3DES. Redis Enterprise Software cannot support cipher suites that are not supported by the underlying operating system. #### TLS 1.0 and TLS 1.1 TLS 1.0 and TLS 1.1 connections are considered deprecated in favor of TLS 1.2 or later. Please verify that all clients, apps, and connections support TLS 1.2. Support for the earlier protocols will be removed in a future release. Certain operating systems, such as RHEL 8, have already removed support for the earlier protocols. Redis Enterprise Software cannot support connection protocols that are not supported by the underlying operating system. ### Upcoming changes #### Prepare for restrictive pub/sub permissions Redis database version 6.2 introduced pub/sub ACL rules that determine which [pub/sub channels]({{< relref "/develop/pubsub" >}}) a user can access. The configuration option `acl-pubsub-default`, added in Redis Enterprise Software version 6.4.2, determines the cluster-wide default level of access for all pub/sub channels. Redis Enterprise Software uses the following pub/sub permissions by default: - For versions 6.4.2 and 7.2, `acl-pubsub-default` is permissive (`allchannels` or `&*`) by default to accommodate earlier Redis versions. - In future versions, `acl-pubsub-default` will change to restrictive (`resetchannels`). Restrictive permissions block all pub/sub channels by default, unless explicitly permitted by an ACL rule. If you use ACLs and pub/sub channels, you should review your databases and ACL settings and plan to transition your cluster to restrictive pub/sub permissions in preparation for future Redis Enterprise Software releases. When you change the cluster's default pub/sub permissions to restrictive, `&*` is added to the **Full Access** ACL. Before you make this change, consider the following: - Because pub/sub ACL syntax was added in Redis 6.2, you can't associate the **Full Access** ACL with database versions 6.0 or lower after this change. - The **Full Access** ACL is not reverted if you change `acl-pubsub-default` to permissive again. - Every database with the default user enabled uses the **Full Access** ACL. To secure pub/sub channels and prepare your cluster for future Redis Enterprise Software releases that default to restrictive pub/sub permissions: 1. Upgrade Redis databases: - For Redis Enterprise Software version 6.4.2, upgrade all databases in the cluster to Redis DB version 6.2. - For Redis Enterprise Software version 7.2.4, upgrade all databases in the cluster to Redis DB version 7.2 or 6.2. 1. Create or update ACLs with permissions for specific channels using the `resetchannels &channel` format. 1. Associate the ACLs with relevant databases. 1. Set default pub/sub permissions (`acl-pubsub-default`) to restrictive. See [Change default pub/sub permissions](#change-default-pubsub-permissions) for details. 1. If any issues occur, you can temporarily change the default pub/sub setting back to permissive. Resolve any problematic ACLs before making pub/sub permissions restrictive again. #### Upcoming command request and reponse changes Open source Redis version 7.2 changes the request and response policies for several commands. Because the GA release of Redis Enterprise version 7.2 does not include these policy changes, commands might behave differently from open source Redis. However, these changes will be included in a future Redis Enterprise maintenance release: - [`RANDOMKEY`]({{< relref "/commands/randomkey" >}}) and [`SCAN`]({{< relref "/commands/scan" >}}) will change from no response policy to a `SPECIAL` response policy. - [`MSETNX`]({{< relref "/commands/msetnx" >}}) currently has a `MULTI_SHARD` request policy and `AGG_MIN` response policy. Both will change to no policy. For more information about request and response policies, see [Redis command tips]({{< relref "/develop/reference/command-tips" >}}). ### Supported platforms The following table provides a snapshot of supported platforms as of this Redis Enterprise Software release. See the [supported platforms reference]({{< relref "/operate/rs/references/supported-platforms" >}}) for more details about operating system compatibility. ✅ Supported – The platform is supported for this version of Redis Enterprise Software. ⚠️ Deprecated – The platform is still supported for this version of Redis Enterprise Software, but support will be removed in a future release. ❌ End of life – Platform support ended in this version of Redis Enterprise Software. | Redis Enterprise | 7.2.4 | 6.4.2 | 6.2.18 | 6.2.12 | 6.2.10 | 6.2.8 | 6.2.4 | |------------------|-------|-------|--------|--------|--------|--------|-------| | **Ubuntu**^{[1](#table-note-1)} | | 20.04 | ✅ | ✅^{[6](#table-note-6)} | – | – | – | – | – | | 18.04 | ⚠️ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | | 16.04 | ❌ | ⚠️ | ✅ | ✅ | ✅ | ✅ | ✅ | | **RHEL & CentOS**^{[2](#table-note-2)} | 8.8 | ✅ | – | – | – | – | – | – | | 8.7 | ✅ | ✅ | – | – | – | – | – | | 8.5-8.6 | ✅ | ✅ | ✅ | ✅ | ✅ | – | – | | 8.0-8.4 | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | – | | 7.0-7.9 | ⚠️ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | | **Oracle Linux**^{[3](#table-note-3)} | | 8 | ✅ | ✅ | ✅ | ✅ | ✅ | – | – | | 7 | ⚠️ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | | **Rocky Linux**^{[3](#table-note-3)} | | 8 | ✅ | ✅ | ✅ | – | – | – | – | | **Amazon Linux** | | 2 | ✅ | ✅^{[7](#table-note-7)} | – | – | – | – | – | | 1 | ⚠️ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | | **Docker**^{[4](#table-note-4)} | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | | **Kubernetes**^{[5](#table-note-5)} | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | 1. The server version of Ubuntu is recommended for production installations. The desktop version is only recommended for development deployments. 2. RHEL and CentOS deployments require OpenSSL 1.0.2 and [firewall configuration]({{< relref "/operate/rs/installing-upgrading/configuring/centos-rhel-firewall" >}}). 3. Based on the corresponding RHEL version. 4. [Docker images]({{< relref "/operate/rs/installing-upgrading/quickstarts/docker-quickstart" >}}) of Redis Enterprise Software are certified for development and testing only. 5. See the [Redis Enterprise for Kubernetes documentation]({{< relref "/operate/kubernetes" >}}). 6. Ubuntu 20.04 support was added in Redis Enterprise Software [6.4.2-43]({{< relref "/operate/rs/release-notes/rs-6-4-2-releases/rs-6-4-2-43" >}}). 7. A release candidate for Amazon Linux 2 support was added in Redis Enterprise Software [6.4.2-61]({{< relref "/operate/rs/release-notes/rs-6-4-2-releases/rs-6-4-2-61" >}}). Official support for Amazon Linux 2 was added in Redis Enterprise Software [6.4.2-69]({{< relref "/operate/rs/release-notes/rs-6-4-2-releases/rs-6-4-2-69" >}}). ## Downloads The following table shows the MD5 checksums for the available packages: | Package | MD5 checksum (7.2.4-52 August release) | |---------|---------------------------------------| | Ubuntu 18 | 7c7e465c8e129a03ee9f585137b2a1d9 | | Ubuntu 20 | 631f27311b19806955fde012953ff9c9 | | RedHat Enterprise Linux (RHEL) 7
Oracle Enterprise Linux (OL) 7 | ae76798b1b7243313b4f4cba6ede88d7 | | RedHat Enterprise Linux (RHEL) 8
Oracle Enterprise Linux (OL) 8
Rocky Enterprise Linux | 48936b25aefa2921d38aea84ad06134d | | Amazon Linux 2 | 3e8180d7a9ebc3784ab6080234edefd5 | ## Known issues #### Legacy UI known issues When using the legacy UI, you cannot update and save your changes on the **settings > preferences** tab even though these settings are visible. This issue will be fixed in the next maintenance release. As a workaround, use the new Cluster Manager UI to update these settings from the **Cluster > Security > Preferences** tab. #### Pub/sub channel ACL limitations In Redis Enterprise Software version 6.4.2, you could use `&channel` syntax in Redis ACL rules to allow access to specific pub/sub channels even when default pub/sub permissions were permissive (`&allchannels` or `&*`), allowing all channels by default. However, `&allchannels &channel` is not valid syntax. As of Redis Enterprise Software version 7.2.4, you cannot create Redis ACLs with this combination of rules. You can only use `&channel` to allow access to specific channels if the default pub/sub permissions are restrictive (`resetchannels`). Associating an ACL that contains the invalid syntax `&allchannels &channel` (created before version 7.2) with a user and database might leave the database in a pending state, unable to function. To prevent this issue: 1. Review all existing ACL rules. 1. For each rule containing `&channel`, either: - Add the `resetchannels` prefix to restrict access to all channels by default. - Delete the rule if not needed. ## Known limitations #### Command limitations - [`CLIENT NO-TOUCH`]({{< relref "/commands/client-no-touch" >}}) might not run correctly in the following cases: - The Redis database version is earlier than 7.2.0. - The `CLIENT NO-TOUCH` command is forbidden by ACL rules. Before sending this command, clients should verify the database version is 7.2.0 or later and that using this command is allowed. - You cannot use [`SUNSUBSCRIBE`]({{< relref "/commands/sunsubscribe" >}}) to unsubscribe from a shard channel if the regex changed while subscribed. - Using [`XREADGROUP BLOCK`]({{< relref "/commands/xreadgroup" >}}) with `>` to return all new streams will cause the Redis database to freeze until the shard is restarted. ([#12031](https://github.com/redis/redis/pull/12301)) - Because a rejected command does not record the duration for command stats, an error will appear after it is reprocessed that will cause the Redis database to freeze until the shard is restarted. ([#12247](https://github.com/redis/redis/pull/12247)) #### Modules cannot load in Oracle Linux 7 & 8 Databases hosted on Oracle Linux 7 & 8 cannot load modules. As a temporary workaround, you can change the node's `os_name` in the Cluster Configuration Store (CCS): ```sh ccs-cli hset node: os_name rhel ``` #### Cluster recovery with manually uploaded modules For clusters containing databases with manually uploaded modules, [cluster recovery]({{< relref "/operate/rs/clusters/cluster-recovery" >}}) requires an extra step. After installing Redis Enterprise Software on the cluster nodes, upload compatible modules to `modulesdir` (`/opt/redislabs/lib/modules`) before continuing the recovery process. This limitation will be removed in a future maintenance release. ## Security #### Open source Redis security fixes compatibility As part of Redis's commitment to security, Redis Enterprise Software implements the latest [security fixes](https://github.com/redis/redis/releases) available with [open source Redis](https://github.com/redis/redis). Redis Enterprise has already included the fixes for the relevant CVEs. Some CVEs announced for open source Redis do not affect Redis Enterprise due to different or additional functionality available in Redis Enterprise that is not available in open source Redis. Redis Enterprise 7.2.4-52 supports open source Redis 7.2, 6.2, and 6.0. Below is the list of open source Redis CVEs fixed by version. Redis 7.2.0 includes all of the CVE fixes from previous versions. Redis 7.0.x: - (CVE-2023-36824) Extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption, and potentially remote code execution. Specifically: using `COMMAND GETKEYS*` and validation of key names in ACL rules. (Redis 7.0.12) - (CVE-2023-28856) Authenticated users can use the `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access. (Redis 7.0.11) - (CVE-2023-28425) Specially crafted `MSETNX` command can lead to assertion and denial-of-service. (Redis 7.0.10) - (CVE-2023-25155) Specially crafted `SRANDMEMBER`, `ZRANDMEMBER`, and `HRANDFIELD` commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. (Redis 7.0.9) - (CVE-2023-22458) Integer overflow in the Redis `HRANDFIELD` and `ZRANDMEMBER` commands can lead to denial-of-service. (Redis 7.0.8) - (CVE-2022-36021) String matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. (Redis 7.0.9) - (CVE-2022-35977) Integer overflow in the Redis `SETRANGE` and `SORT`/`SORT_RO` commands can drive Redis to OOM panic. (Redis 7.0.8) - (CVE-2022-35951) Executing an `XAUTOCLAIM` command on a stream key in a specific state, with a specially crafted `COUNT` argument, may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. The problem affects Redis versions 7.0.0 or newer. (Redis 7.0.5) - (CVE-2022-31144) A specially crafted `XAUTOCLAIM` command on a stream key in a specific state may result in heap overflow and potentially remote code execution. The problem affects Redis versions 7.0.0 or newer. (Redis 7.0.4) - (CVE-2022-24834) A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson and cmsgpack libraries, and result in heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. (Redis 7.0.12) - (CVE-2022-24736) An attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result in a crash of the `redis-server` process. This issue affects all versions of Redis. (Redis 7.0.0) - (CVE-2022-24735) By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis can inject Lua code that will execute with the (potentially higher) privileges of another Redis user. (Redis 7.0.0) Redis 6.2.x: - (CVE-2023-28856) Authenticated users can use the `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access. (Redis 6.2.12) - (CVE-2023-25155) Specially crafted `SRANDMEMBER`, `ZRANDMEMBER`, and `HRANDFIELD` commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. (Redis 6.2.11) - (CVE-2023-22458) Integer overflow in the Redis `HRANDFIELD` and `ZRANDMEMBER` commands can lead to denial-of-service. (Redis 6.2.9) - (CVE-2022-36021) String matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. (Redis 6.2.11) - (CVE-2022-35977) Integer overflow in the Redis `SETRANGE` and `SORT`/`SORT_RO` commands can drive Redis to OOM panic. (Redis 6.2.9) - (CVE-2022-24834) A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson and cmsgpack libraries, and result in heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. (Redis 6.2.13) - (CVE-2022-24736) An attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result in a crash of the `redis-server` process. This issue affects all versions of Redis. (Redis 6.2.7) - (CVE-2022-24735) By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis can inject Lua code that will execute with the (potentially higher) privileges of another Redis user. (Redis 6.2.7) - (CVE-2021-41099) Integer to heap buffer overflow handling certain string commands and network payloads, when `proto-max-bulk-len` is manually configured to a non-default, very large value. (Redis 6.2.6) - (CVE-2021-32762) Integer to heap buffer overflow issue in `redis-cli` and `redis-sentinel` parsing large multi-bulk replies on some older and less common platforms. (Redis 6.2.6) - (CVE-2021-32761) An integer overflow bug in Redis version 2.2 or newer can be exploited using the `BITFIELD` command to corrupt the heap and potentially result with remote code execution. (Redis 6.2.5) - (CVE-2021-32687) Integer to heap buffer overflow with intsets, when `set-max-intset-entries` is manually configured to a non-default, very large value. (Redis 6.2.6) - (CVE-2021-32675) Denial Of Service when processing RESP request payloads with a large number of elements on many connections. (Redis 6.2.6) - (CVE-2021-32672) Random heap reading issue with Lua Debugger. (Redis 6.2.6) - (CVE-2021-32628) Integer to heap buffer overflow handling ziplist-encoded data types, when configuring a large, non-default value for `hash-max-ziplist-entries`, `hash-max-ziplist-value`, `zset-max-ziplist-entries` or `zset-max-ziplist-value`. (Redis 6.2.6) - (CVE-2021-32627) Integer to heap buffer overflow issue with streams, when configuring a non-default, large value for `proto-max-bulk-len` and `client-query-buffer-limit`. (Redis 6.2.6) - (CVE-2021-32626) Specially crafted Lua scripts may result with Heap buffer overflow. (Redis 6.2.6) - (CVE-2021-32625) An integer overflow bug in Redis version 6.0 or newer can be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. This is a result of an incomplete fix by CVE-2021-29477. (Redis 6.2.4) - (CVE-2021-29478) An integer overflow bug in Redis 6.2 could be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves changing the default set-max-intset-entries configuration value, creating a large set key that consists of integer values and using the COPY command to duplicate it. The integer overflow bug exists in all versions of Redis starting with 2.6, where it could result with a corrupted RDB or DUMP payload, but not exploited through COPY (which did not exist before 6.2). (Redis 6.2.3) - (CVE-2021-29477) An integer overflow bug in Redis version 6.0 or newer could be exploited using the STRALGO LCS command to corrupt the heap and potentially result in remote code execution. The integer overflow bug exists in all versions of Redis starting with 6.0. (Redis 6.2.3) Redis 6.0.x: - (CVE-2022-24834) A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson and cmsgpack libraries, and result in heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. (Redis 6.0.20) - (CVE-2023-28856) Authenticated users can use the `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access. (Redis 6.0.19) - (CVE-2023-25155) Specially crafted `SRANDMEMBER`, `ZRANDMEMBER`, and `HRANDFIELD` commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. (Redis 6.0.18) - (CVE-2022-36021) String matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. (Redis 6.0.18) - (CVE-2022-35977) Integer overflow in the Redis `SETRANGE` and `SORT`/`SORT_RO` commands can drive Redis to OOM panic. (Redis 6.0.17)