Recently, Redis has been exposed to the CVE-2024-31449, CVE-2024-31228, and CVE-2024-31227 vulnerabilities. The Redis Open-Source Edition and Tair engines provided by Tair (Redis OSS-compatible) have fixed these vulnerabilities. We recommend that you update your instance to the latest minor version at your earliest opportunity.
Vulnerabilities
Suggestions
To ensure the secure and stable operation of your instance, we recommend that you update the instance to one of the following minor versions or to the latest minor version at your earliest opportunity. For more information, see Update the minor version of an instance.
Redis Open-Source Edition 7.0: 7.0.1.13 or later
Redis Open-Source Edition 6.0: 6.0.2.15 or later
Redis Open-Source Edition 5.0: 5.2.15 or later
Redis Open-Source Edition 4.0: 1.9.18 or later
Tair DRAM-based instance (compatible with Redis 7.0): 24.10.0.0 or later
Tair DRAM-based instance (compatible with Redis 6.0): 24.10.0.0 or later
Tair DRAM-based instance (compatible with Redis 5.0): 5.0.55 or later
The Redis open source community has provided vulnerability fixes only for Redis 6.2 or later (excluding versions 5.0 and 6.0). If you use a self-managed Redis database that is built on open-source code, we recommend that you update the minor version of the Redis database to 6.2.16 or later at your earliest opportunity to avoid potential losses due to these vulnerabilities.
References
Release notes for minor versions of Redis Open-Source Edition