Redis Enterprise Software release notes 6.2.12 (August 2022)

OCSP Support. Password & session configuration changes. RHEL 8.6 support.

Redis Enterprise Software version 6.2.12 is now available!

This version of Redis Enterprise Software offers:

  • OCSP stapling of the server proxy certificate
  • Password and session configuration settings via the admin console
  • Compatibility with open source Redis v6.2.6
  • Support for Red Hat Enterprise Linux (RHEL) v8.6
  • Additional enhancements and fixes

The following table shows the MD5 checksums for the available packages.

Package MD5 Checksum
Ubuntu 16 e702c906f200940e06ef031e6b8006d9
Ubuntu 18 7ea70067e8828b59336380df087fe03d
RedHat Enterprise Linux (RHEL) 7
Oracle Enterprise Linux (OL) 7
8ffda6186f70354b9d10c1ce43938c3c
RedHat Enterprise Linux (RHEL) 8
Oracle Enterprise Linux (OL) 8
334fe7979a7376b28fcf48913403bfb7

Features and enhancements

  • Server side OCSP Stapling

    Online Certificate Status Protocol (OCSP) helps verify the status of certificates managed by a third-party certificate authority (CA). It tells you whether certificates are valid, revoked, or unknown.

    Redis Enterprise Software v6.2.12 implements OCSP stapling, which allows clients to validate the status of a server proxy certificate. When OCSP is enabled, the Redis Enterprise server regularly polls the CA OCSP responder to determine a certificate's status. The response is cached until the next polling attempt; the cached value is served to clients during the TLS handshake.

    To learn more, see Enable OCSP stapling.

  • Session and security attributes in the admin console

    You can now use the admin console to configure password complexity rules, user login lockout, and session timeout.

  • Mount point import enhancement

    When importing data, Redis Enterprise copies files to a temporary directory on the node. For mount point import sources only, Redis Enterprise now reads files directly from the mount point. Because this import method does not copy files to a temporary directory, nodes do not require extra disk space. This new behavior is enabled by default and does not require configuration.

Version changes

Prerequisites and notes

  • You can upgrade to v6.2.12 from Redis Enterprise Software v6.0 and later.

  • Refer to v6.2.4 release notes for important notes regarding changes made to the upgrade policy and how those changes might impct your experience.

  • Upgrades from versions earlier than v6.0 are not supported.

  • If you are using the earlier cluster-based LDAP mechanism, you must migrate to the role-based mechanism before upgrading to v6.2.12. For details, see Migrate to role-based LDAP.

  • If you plan to upgrade your cluster to RHEL 8, see the v6.2.8 release notes for known limitations.

Future deprecation notice

TLS 1.0 and TLS 1.1

TLS 1.0 and TLS 1.1 connections are considered deprecated in favor of TLS 1.2 or later.

Please verify that all clients, apps, and connections support TLS 1.2. Support for the earlier protocols will be removed in a future release.

Certain operating systems, such as RHEL 8, have already removed support for the earlier protocols. Redis Enterprise Software cannot support connection protocols that are not supported by the underlying operating system.

Product lifecycle updates

Redis Enterprise Software v6.0.x will reach end of life (EOL) on May 31, 2022.

To learn more, see the Redis Enterprise Software product lifecycle, which details the release number and the end-of-life schedule for Redis Enterprise Software.

For Redis modules information and lifecycle, see Module lifecycle.

Redis modules

Redis Enterprise Software v6.2.12 includes the following Redis modules:

For help upgrading a module, see Add a module to a cluster.

Interface enhancements

  • Allow creation and editing of sharded databases with a single shard. This lets you prepare for future scaling by ensuring your apps work in clustering mode, regardless of the actual number of configured shards
  • Enhanced the slowlog in the UI to display unprintable characters in RESTORE commands
  • Added support for custom paths when bootstrapping the cluster via the UI
  • Improve readability of geo-distributed log entries in the UI

Additional enhancements

  • Added support for the MODULE LIST command on Active-Active databases
  • Enhanced validity checks of the input parameters of the CRDB-CLI tool

Resolved issues

  • RS38320 A failed task leaves the nodes list outdated in the UI
  • RS73768, RS72082 Increased certificate rotation timeout to allow it to finish
  • RS72466, RS68668 Fix false positive alerts for certification expiration
  • RS69256 Change pre-bootstrap default TLS version to 1.2
  • RS67133 Fixed replication for command RESTOREMODAUX
  • RS66468 Fixed “Test regex keys” in the UI
  • RS58156 Fixed the installation to abort and alert when encountering issues in NTP
  • RS67935 Fixed releasing 30MB of memory when deleting an Active-Active database
  • RS64276 Fixed high memory consumption of the DMC output buffers when running CLIENT LIST

Known limitations

  • RS81463 A shard may crash when resharding an Active-Active database with Auto Tiering . Specifically, the shard will crash when volatile keys or Active-Active tombstone keys reside in Flash memory.

  • RS54131 Returning +OK reply from the QUIT command on a TLS enabled database

  • RS40641 - API requests are redirected to an internal IP in case the request arrives from a node which is not the master. To avoid this issue, use rladmin cluster config to configure handle_redirects or handle_metrics_redirects.

Installation limitations

Several Redis Enterprise Software installation reference files are installed to the directory /etc/opt/redislabs/ even if you use custom installation directories.

As a workaround to install Redis Enterprise Software without using any root directories, do the following before installing Redis Enterprise Software:

  1. Create all custom, non-root directories you want to use with Redis Enterprise Software.

  2. Mount /etc/opt/redislabs to one of the custom, non-root directories.

Security

Open Source Redis Security fixes compatibility

As part of Redis commitment to security, Redis Enterprise Software implements the latest security fixes available with open source Redis. The following Open Source Redis CVEs do not affect Redis Enterprise:

  • CVE-2022-24834 - Redis Enterprise versions 6.2.12 and later are not impacted by the CVE that was found and fixed in open source Redis. A fix to prevent Lua scripts from causing heap overflow was implemented in Redis Enterprise version 6.2.12. Additional information about the open source Redis fix is on the Redis GitHub page (Redis 7.0.12, Redis 6.2.13, Redis 6.0.20)

  • CVE-2021-32625 - Redis Enterprise is not impacted by the CVE that was found and fixed in open source Redis since Redis Enterprise does not implement LCS. Additional information about the open source Redis fix is on the Redis GitHub page (Redis 6.2.4, Redis 6.0.14)

  • CVE-2021-32672 - Redis Enterprise is not impacted by the CVE that was found and fixed in open source Redis because the LUA debugger is unsupported in Redis Enterprise. Additional information about the open source Redis fix is on the Redis GitHub page (Redis 6.2.6, Redis 6.0.16)

  • CVE-2021-32675 - Redis Enterprise is not impacted by the CVE that was found and fixed in open source Redis because the proxy in Redis Enterprise does not forward unauthenticated requests. Additional information about the open source Redis fix is on the Redis GitHub page (Redis 6.2.6, Redis 6.0.16)

  • CVE-2021-32762 - Redis Enterprise is not impacted by the CVE that was found and fixed in open source Redis because the memory allocator used in Redis Enterprise is not vulnerable. Additional information about the open source Redis fix is on the Redis GitHub page (Redis 6.2.6, Redis 6.0.16)

  • CVE-2021-41099 - Redis Enterprise is not impacted by the CVE that was found and fixed in open source Redis because the proto-max-bulk-len CONFIG is blocked in Redis Enterprise. Additional information about the open source Redis fix is on the Redis GitHub page (Redis 6.2.6, Redis 6.0.16) security fixes for recent CVEs.

Redis Enterprise has already included the fixes for the relevant CVEs. Some CVEs announced for open source Redis do not affect Redis Enterprise due to different and additional functionality available in Redis Enterprise that is not available in open source Redis.

RATE THIS PAGE
Back to top ↑