Redis Enterprise Software release notes 6.2.18-43 (September 2022)
Database auditing. Private key encryption. Active-Active database support for MEMORY USAGE command. Improvements to crdb-cli.
Redis Enterprise Software version 6.2.18 is now available!
This version of Redis Enterprise Software offers:
- RedisJSON on Active-Active General Availability
- Database connection auditing
- Private key encryption
- Active-Active support for
memory usage
command crdb-cli
improvements- Compatibility with open source Redis v6.2.6
- Additional enhancements and fixes
The following table shows the MD5 checksums for the available packages:
Package | MD5 checksum (6.2.18-43 September release) |
---|---|
Ubuntu 16 | 055973eb7009073b0c199ec1dfd81018 |
Ubuntu 18 | 8c37c6ae10b0ae4956e3c11db80d18ce |
RedHat Enterprise Linux (RHEL) 7 Oracle Enterprise Linux (OL) 7 |
c770a66d9bfdd8734f1208d64aa67784 |
RedHat Enterprise Linux (RHEL) 8 Oracle Enterprise Linux (OL) 8 |
85eb6339f837205d83f215e32c1d028f |
New features and enhancements
General Availability of Active-Active databases with RedisJSON
Active-Active databases now support Index, query, and full-text search of nested JSON documents when combining RedisJSON with RediSearch.
Database connection auditing
You can now audit database connection and authentication events to track and troubleshoot activity. Administrators can now use third-party systems to track and analyze connection events in realtime.
Private key encryption
When enabled, private key encryption encrypts private keys stored in the cluster configuration store (CCS). Private keys are encrypted using a secure, self-contained internal process. Databases must be at least version 6.2.2 or later to use this feature.
Active-Active support for MEMORY USAGE command
Redis Enterprise Active-Active databases now support the MEMORY USAGE command, which simplifies troubleshooting and lets applications detect anomalous behavior and dangerous trends.
To learn more, see Active-Active with RedisJSON
.
MEMORY USAGE reports the RAM memory use, in bytes, of a key and its value. The result includes the memory allocated for the data value and the administrative overhead associated with the key.
crdb-cli
improvements
The crdb-cli
utility used to manage Active-Active databases now allows greater visibility into management operations to make it easier to investigate and troubleshoot problems. You can now use:
-
crdb-cli task list
to retrieve details about current and previous tasks for all Active-Active databases on a cluster -
crdb-cli task --task-id <task-id>
to get detailed information about a specific task.
To learn more, see crdb-cli
Redis modules
Redis Enterprise Software v6.2.18-43 (September release) includes the following Redis modules:
See Upgrade modules to learn how to upgrade a module for a database.
Additional enhancements
-
Added support for the MODULE LIST command on Active-Active databases
-
Enhanced validity checks of the input parameters of the CRDB-CLI tool
-
The Syncer lag calculation has been improved and fixes multiple miscalculations
-
Support package includes additional information for Active-Active databases
-
Added the ability to retrieve the syncer mode (centralized / distributed) by running
rladmin info db [{db:<id> | <name>}]
To learn more, see Distributed sychronization
Version changes
Breaking changes
RS84006 - When using the REST API to create a database, this specific set of conditions can lead to an error:
- sharding is enabled
- oss_sharding and implicit_shard_key are both deactivated
- A shard_key_regex is not defined
If this occurs, the database endpoint returns (error) ERR key "test" does not match any rule
.
To address this issue, do one of the following:
- Explicitly define shard_key_regex
- Enable oss_sharding or implicit_shard_key (enabling both also works)
Prerequisites and notes
-
You can upgrade to v6.2.18 from Redis Enterprise Software v6.0 and later.
-
Refer to v6.2.4 release notes for important notes regarding changes made to the upgrade policy and how those changes might impact your experience.
-
Upgrades from versions earlier than v6.0 are not supported.
-
If you plan to upgrade your cluster to RHEL 8, see the v6.2.8 release notes for known limitations.
Deprecations
Active-Active database persistence
The snapshot option for data persistence on Active-Active databases will be deprecated in a future version of Redis Enterprise Software. If you have an Active-Active database using snapshot persistence, we strongly encourage you to switch to AOF persistence. Use crdb-cli
to do so:
crdb-cli crdb update --crdb-guid <CRDB_GUID> --default-db-config '{"data_persistence": "aof", "aof_policy":"appendfsync-every-sec"}'
TLS 1.0 and TLS 1.1
TLS 1.0 and TLS 1.1 connections are considered deprecated in favor of TLS 1.2 or later.
Please verify that all clients, apps, and connections support TLS 1.2. Support for the earlier protocols will be removed in a future release.
Certain operating systems, such as RHEL 8, have already removed support for the earlier protocols. Redis Enterprise Software cannot support connection protocols that are not supported by the underlying operating system.
3DES encryption cipher
The 3DES encryption cipher is considered deprecated in favor of stronger ciphers like AES.
Please verify that all clients, apps, and connections support the AES cipher. Support for 3DES will be removed in a future release.
Certain operating systems, such as RHEL 8, have already removed support for 3DES. Redis Enterprise Software cannot support cipher suites that are not supported by the underlying operating system.
Product lifecycle updates
Redis Enterprise Software v6.0.x reached end-of-life (EOL) on May 31, 2022.
EOL of Redis Enterprise Software 6.2.x was reset to occur 18 months after the release of version 6.4, in accordance with the updated EOL policy. The new EOL date is August 31, 2024.
To learn more, see the Redis Enterprise Software product lifecycle, which details the release number and the end-of-life schedule for Redis Enterprise Software.
For Redis modules information and lifecycle, see Module lifecycle.
Resolved issues
- RS64002 - Fixes email alerts for LDAP mappings.
- RS79519 - fixes a bug that prevented Administrators from editing an Active-Active database using the API with username instead of email as their identifier.
- RS78039 - fixes a bug that caused the sync between two shards to pause when resetting a shard's data which can be when performing full sync or importing an RDB.
- RS73454 - Updates internal timeouts to enable faster resharding.
- RS75783 - Fixes failover due to false identification of dead nodes when master node goes down.
- RS75206, RS52686 - Fixes backup_interval_offset in case where the user chose an offset that is higher than backup_interval; Fixes the UI from resetting backup_interval_offset after manual DB configuration.
- RS75176 - Fixes rare case of stuck state machine during “maintenance off”.
- RS57200 - Add an IP address to "failed_authentication_attempt" errors.
- RS56615 - Changed rladmin tune db db_name max_aof_load_time to receive the value in seconds; Added max_aof_load_time option to rladmin help tune.
- RS54745 - Fixes the Rest API to reject BDB creation using negative integers as a uid.
- RS46092 - Fixes rlcheck failure when somaxconn policy is a value other than 1024.
- RS68965, RS80615 - Adds internode encryption ports 3340-3344 to rlcheck connectivity.
- RS63302 - Adds umask validation for root user when installing.
- RS46947 - Fixes removal of old installations in install.sh.
Known limitations
Feature limitations
-
RS81463 A shard might crash when resharding an Active-Active database with Auto Tiering . Specifically, the shard will crash when volatile keys or Active-Active tombstone keys reside in Flash memory.
-
RS54131 Running the
QUIT
command on a TLS connected database closes connection and does not return a+OK
reply
Upgrade limitations
Before you upgrade a cluster that hosts Active-Active databases with modules to v6.2.18, perform the following steps:
-
Use
crdb-cli
to verify that the modules (modules
) and their versions (inmodule_list
) are as they appear in the database configuration and in the default database configuration:crdb-cli crdb get --crdb-guid <crdb-guid>
-
From the admin console's redis modules tab, validate that these modules with their specific versions are loaded to the cluster.
-
If one or more of the modules/versions are missing or if you need help, contact Redis support before taking additional steps.
Security
Open source Redis security fixes compatibility
As part of Redis's commitment to security, Redis Enterprise Software implements the latest security fixes available with open source Redis. The following Open Source Redis CVEs do not affect Redis Enterprise:
-
CVE-2021-32625 - Redis Enterprise is not impacted by the CVE that was found and fixed in open source Redis since Redis Enterprise does not implement LCS. Additional information about the open source Redis fix is on the Redis GitHub page (Redis 6.2.4, Redis 6.0.14)
-
CVE-2021-32672 - Redis Enterprise is not impacted by the CVE that was found and fixed in open source Redis because the LUA debugger is unsupported in Redis Enterprise. Additional information about the open source Redis fix is on the Redis GitHub page (Redis 6.2.6, Redis 6.0.16)
-
CVE-2021-32675 - Redis Enterprise is not impacted by the CVE that was found and fixed in open source Redis because the proxy in Redis Enterprise does not forward unauthenticated requests. Additional information about the open source Redis fix is on the Redis GitHub page (Redis 6.2.6, Redis 6.0.16)
-
CVE-2021-32762 - Redis Enterprise is not impacted by the CVE that was found and fixed in open source Redis because the memory allocator used in Redis Enterprise is not vulnerable. Additional information about the open source Redis fix is on the Redis GitHub page (Redis 6.2.6, Redis 6.0.16)
-
CVE-2021-41099 - Redis Enterprise is not impacted by the CVE that was found and fixed in open source Redis because the proto-max-bulk-len CONFIG is blocked in Redis Enterprise. Additional information about the open source Redis fix is on the Redis GitHub page (Redis 6.2.6, Redis 6.0.16) security fixes for recent CVEs. Redis Enterprise has already included the fixes for the relevant CVEs. Some CVEs announced for Open Source Redis do not affect Redis Enterprise due to different and additional functionality available in Redis Enterprise that is not available in Open Source Redis.