Redis Enterprise Software release notes 7.2.4-52 (August 2023)
Redis 7.0 and 7.2 features. Auto Tiering (enhanced successor to Redis on Flash). RESP3 support. Sharded pub/sub. Preview of the new Cluster Manager UI. Redis Stack 7.2 features. Three Redis database versions. License file structure updates. Redis ACL selectors and enhanced key-based permissions. New INFO fields. Log rotation enhancements. Multi-OS upgrade support for clusters with modules.
Redis Enterprise Software version 7.2.4 is now available!
Highlights
This version offers:
-
Redis 7.0 and 7.2 features
-
Auto Tiering (enhanced successor to Redis on Flash)
-
RESP3 support
-
Sharded pub/sub
-
A preview of the new Cluster Manager UI (admin console)
-
Redis Stack 7.2 features
-
Three Redis database versions: 7.2, 6.2, 6.0
-
License file structure updates
-
Redis ACL selectors and enhanced key-based permissions
-
New INFO fields
-
Log rotation enhancements
-
Multi-OS upgrade support for clusters with modules
New in this release
New features
Redis 7.0 features
The following Redis 7.0 features are now supported:
-
In Redis Enterprise Software,
FUNCTION STATS
returns an extra parameter, an array calledall_running_scripts
, to reflect multiple functions running at the same time. -
Multipart AOF (append-only files)
-
New commands
-
Sharded
PUBSUB
(see Sharded pub/sub for details)
Redis 7.2 features
The following Redis 7.2 features are now supported:
-
Various performance improvements
-
CONFIG SET
for locale -
Connection layer modularization
-
Encoding improvements: listpack for sets and lists
-
Observability: authentication metrics (exposed by
INFO
command) -
Stream consumer group improvements
-
Commands:
ZRANK
,ZREVRANK
newWITHSCORE
option -
Shard IDs in cluster shards topology
-
Introduce shard ID to Redis cluster
-
Support
CLIENT NO-TOUCH
command -
WAIT AOF
Auto Tiering - Redis on Flash evolution doubles throughput and reduces latency
Redis Enterprise version 7.2 introduces Auto Tiering as an enhanced successor to Redis on Flash, which allows you to provision larger databases at a lower cost by extending the RAM with flash drives.
Redis Enterprise Auto Tiering replaces RocksDB with Speedb as its storage engine, doubling the throughput and reducing latencies, achieved using the same infrastructure resources. For example, a 1 TB database with 50K ops/sec can now serve 100K ops/sec based on the same infrastructure.
To switch existing databases to use Speedb for Auto Tiering and improve performance:
-
Upgrade the cluster to Redis Enterprise Software version 7.2.4.
-
Upgrade each database with Auto Tiering enabled to Redis database version 7.2.
For more information about Auto Tiering, see:
RESP3 support
Support for RESP3 and the HELLO
command was added in Redis Enterprise 7.2.
To use RESP3 with Redis Enterprise:
-
Upgrade Redis servers to version 7.2 or later.
For Active-Active and Replica Of databases:
-
Upgrade all participating clusters to Redis Enterprise version 7.2.x or later.
-
Upgrade all databases to version 7.x or later.
-
-
Enable RESP3 support for your database (
enabled
by default):rladmin tune db db:<ID> resp3 enabled
If you run Redis Stack commands with Redis clients Go-Redis version 9 or Lettuce versions 6 and later, see client prerequisites before you upgrade to Redis 7.2 to learn how to prevent potential application issues due to RESP3 breaking changes.
Sharded pub/sub
Sharded pub/sub is now supported.
You cannot use sharded pub/sub if you deactivate RESP3 support.
New Cluster Manager UI preview
A preview of the new Cluster Manager UI (admin console) is available in Redis Enterprise Software version 7.2.4.
To try out the new UI:
-
On the sign-in screen:
-
Enter your credentials.
-
Select Sign in the new interface.
-
-
Sign in directly from the new UI's sign-in screen at
https://<hostname or IP address>:8443/new
-
If you are currently signed in to the legacy UI:
-
Select Switch to the new Admin Console to expand the banner at the top of the screen.
-
Click the Try it now button to open the new UI in another tab.
-
New UI benefits
-
User-driven design
-
Provides full functionality to complete tasks entirely in the UI
-
New attributes and improved feature visibility
-
Provides configuration flexibility while highlighting the recommended path
-
Addresses the needs of different personas and use cases
-
Quicker troubleshooting and easier maintenance
New UI highlights
-
More configurable database attributes, including replica high availability, shards placement, and proxy policy.
-
Nodes indicate whether it’s a primary or secondary node.
-
Modules show the databases that are using them.
-
Certificates show expiration and validity, and you can upload and copy certificates.
-
Cluster license displays the number of shards that are used out of the number of shards that are licensed to the cluster. The new UI allows you to paste or upload a new license.
-
Role-based access control (RBAC) has explanations to improve clarity.
-
Access Control List (ACLs) now support defining ACLs for modules.
-
The databases screen has more information per database for faster troubleshooting. It also allows you to filter databases and compare database metrics.
-
The cluster name, user, and user role are shown in the upper right for quickly identifying the cluster from any screen. You can also Change user password from the dropdown menu.
-
Auto Tiering licensing and a toggle for the storage engine used in Auto Tiering enabled databases (available only in the new UI).
-
Input validations.
New UI limitations
The following features are not supported in this preview but will be added in future releases. Until then, temporarily switch to the legacy UI to do the following:
-
Provision and configure Active-Active databases (viewing is available).
-
Search and export the event log.
-
Remove a node from the UI.
Additional limitations:
- Although Redis supports memcached databases, the new UI only allows view and delete. Memcached users are advised to migrate to Redis to enjoy the full benefits of Redis and its UI.
To open the legacy admin console when signed in to the new UI, select your username, then select Switch to legacy Admin Console from the list:
Future UI enhancements
-
Configure default database settings and database upgrade settings
-
Security preferences related to password and login management
-
LDAP improvements
-
IPv6 support
-
ACL improvements, such as ACLv2 smart validations
-
And more
Redis Stack 7.2 features
Redis Enterprise Software version 7.2.4 supports features included in Redis Stack version 7.2.
The following sections include a few highlights. For more details, see the Redis Stack 7.2 release notes.
Search and query
-
Introduces Geo Polygon Search. Geo range queries now accept the
GEOSHAPE
field type, which supports polygon shapes using WKT notation.GEOSHAPE
supportsPOLYGON
andPOINT
as shape formats and polygon operations. -
Performance improvements for
SORT BY
operations usingFT.SEARCH
andFT.AGGREGATE
. -
New
FORMAT
for improved readability and future support for better error handling responses onFT.SEARCH
andFT.AGGREGATE
in RESP3 only.
JSON
JSON introduces two new commands:
-
JSON.MERGE merges a given JSON value into matching paths to update, delete, or expand the JSON values at the matching paths.
-
JSON.MSET sets or updates one or more JSON values according to specified key-path-value triplets.
Triggers and functions preview
A preview of triggers and functions is available.
Triggers and functions provide support for running JavaScript functions inside the Redis process. These functions can be executed on-demand, by an event-driven trigger, or by a stream processing trigger.
Try it out with the triggers and functions quick start.
-
The preview version of triggers and functions is not intended for production use since the API might change in the future and potentially cause application issues when upgrading to a later version.
-
During preview, triggers and functions are not supported for databases with Auto Tiering enabled (previously known as Redis on Flash).
Module versions
Redis Enterprise Software version 7.2.4 includes the following Redis Stack modules:
See Upgrade modules to learn how to upgrade a module for a database.
Enhancements
Three Redis database versions
Redis Enterprise Software version 6.x includes two Redis database versions: 6.0 and 6.2. As of version 7.2, Redis Enterprise Software includes three Redis database versions: 6.0, 6.2, and 7.2.
To view available Redis database versions:
-
In the Cluster Manager UI, see Redis database versions on the Cluster > Configuration screen.
-
Send a
GET /nodes
REST API request and seesupported_database_versions
in the response.
The default Redis database version, which is used when you upgrade an existing database or create a new one, differs between Redis Enterprise releases as follows:
Redis Enterprise |
Bundled Redis DB versions |
Default DB version (upgraded/new databases) |
---|---|---|
7.2 | 6.0, 6.2, 7.2 | 7.2 |
6.4.2 | 6.0, 6.2 | 6.2 |
6.2.x | 6.0, 6.2 | 6.0 |
For Redis Enterprise Software version 7.2.4, default_redis_version
is 7.2 for both major
and latest
upgrade policies.
Updated Redis Enterprise license format
Redis Enterprise Software version 7.2.4 includes updates to its license format, which add separate shard limits for RAM and flash shards used for Auto Tiering.
For more information, see Cluster license keys.
Redis ACL selectors and key-based permissions
Redis ACLs in Redis Enterprise version 7.2 support key permissions and selectors.
Key permissions:
-
%R~<pattern>
: Grants read access to keys that match the given pattern. -
%W~<pattern>
: Grants write access to keys that match the given pattern. -
%RW~<pattern>
: Alias for~<pattern>
. Grants read and write access to keys that match the given pattern.See key permissions for more information.
Selectors let you define multiple sets of rules in a single Redis ACL (only supported for databases with Redis version 7.2 or later). A command is allowed if it matches the base rule or any selector in the Redis ACL. See selectors for more information.
-
(<rule list>)
: Creates a new selector. -
clearselectors
: Deletes all existing selectors for a user. This action does not delete the base ACL rule.
Redis ACLs have the following differences in Redis Enterprise Software:
-
Nested selectors are not supported.
For example, the following selectors are not valid in Redis Enterprise:
+GET ~key1 (+SET (+SET ~key2) ~key3)
-
Key and pub/sub patterns do not allow the following characters:
'(', ')'
-
The following password syntax is not supported:
'>', '<', '#!', 'resetpass'
To change passwords in Redis Enterprise Software, use one of the following methods:
-
Cluster Manager UI (admin console)
-
rladmin cluster reset_password
:rladmin cluster reset_password <user email>
-
REST API
PUT /v1/users
request and providepassword
-
-
The ACL builder does not support selectors and key permissions. Use Free text command to manually define them instead.
New INFO fields
The INFO
command includes new fields:
-
Under the
STATS
section:-
current_eviction_exceeded_time
- Redis Enterprise reply is always “0” -
total_eviction_exceeded_time
- Redis Enterprise reply is always “0” -
current_active_defrag_time
- Redis Enterprise reply is always “0” -
total_active_defrag_time
- Redis Enterprise reply is always “0”
-
-
Under the
MEMORY
section:maxmemory_policy
- The value of themaxmemory-policy
configuration directive
The INFO
command can now accept multiple section arguments (requires Redis database version 7 or later).
Log rotation enhancements
-
The
logrotate
tool rotates logs that exceed 200 MB. -
logrotate
runs every five minutes instead of once a day. -
The job scheduler runs
logrotate
instead of the OS. -
Every cluster upgrade overwrites the log rotation configuration.
-
You can edit the log rotation configuration at
$pkgconfdir/logrotate.conf
(pkgconfdir
is/opt/redislabs/config
by default, but can be changed in a custom installation). Note that the configuration file moved since last version. -
You can change how often the
logrotate
tool runs using the job scheduler REST API request .PUT /v1/job_scheduler
Multi-OS upgrade support for clusters with modules
Starting from Redis Enterprise version 7.2, all future 7.2.x upgrades are supported for clusters containing databases with modules in combination with Operating System (OS) upgrades.
Resolved issues
-
RS54131 -
+OK
reply not received on TLS-enabled database -
RS101525 - Cluster provides wrong number of database connections on Grafana
-
RS104028 - Fix the self-signed certificate script: error generating certificates with multiple FQDNs
-
RS87920 - Proxy log is full of the warning message “Failed to check status of running child syncer process 0 : No child processes“
-
RS99916 - Fixed the UI log to include the names of LDAP users at login
-
RS84273 - When an LDAP user with a Redis
admin
role viewed the log in the UI, they receiveddb_viewer
permissions instead ofadmin
, which limited log visibility -
RS62552 - Fixed database authentication failures for LDAP users when the password contains the
%
character
Version changes
Breaking changes
-
Differences when using the
UNWATCH
command within aMULTI
command sequence:-
Redis Enterprise:
UNWATCH
is not allowed within aMULTI
command sequence and returns an error. -
OSS:
UNWATCH
is allowed within aMULTI
sequence but has no effect.
-
-
When sending a
PUBSUB SHARDNUMSUB
command in OSS Cluster mode in Redis Enterprise, Redis Enterprise checks the hash slots of the requested channels. Redis Enterprise responds with aCROSSSLOT
error if the channels don’t hash to the same slot, or aMOVED
error if the channels hash to a different node.
Redis 7.2 breaking changes
When new major versions of open source Redis change existing commands, upgrading your database to a new version can potentially break some functionality. Before you upgrade, make sure to read the provided list of breaking changes that affect Redis Enterprise and update any applications that connect to your database to handle these changes.
Confirm your Redis database version (redis_version
) using the admin console or run the following INFO
command via redis-cli
:
$ redis-cli -p <port> INFO
"# Server
redis_version:7.0.8
..."
Breaking changes from version 6.2
Upgrading to open source Redis version 7.2 from version 6.2 introduces the following potentially breaking changes to Redis Enterprise.
Programmability
-
Lua scripts no longer have access to the
print()
function (#10651) - Theprint
function was removed from Lua because it can potentially cause the Redis processes to get stuck (if no one reads from stdout). Users should use redis.log. An alternative is to override theprint
implementation and print the message to the log file. -
Block
PFCOUNT
andPUBLISH
in read-only scripts (*_RO commands,no-writes
) (#10744) - ConsiderPFCOUNT
andPUBLISH
as write commands in scripts, in addition toEVAL
; meaning:- They can never be used in scripts with shebang (
#!
) and nono-writes
flag - They are blocked in
EVAL_RO
and_RO
variants, (even in scripts without shebang (#!
) flags) - Allow
no-write
scripts in EVAL (not just in EVAL_RO), even duringCLIENT PAUSE WRITE
- They can never be used in scripts with shebang (
-
Hide the
may_replicate
flag from theCOMMAND
command response (#10744) - As part of the change to treatmay_replicate
commandsPFCOUNT
andPUBLISH
as write commands in scripts, in addition toEVAL
, themay_replicate
flag has been removed from theCOMMAND
response. -
Time sampling is now frozen during command execution and scripts (#10300). While a command or script is running, the keys used by the command or script will not expire. This breaks any script that uses a loop to wait for a key to expire.
-
Blocked commands in scripts now work the same way as when they are used in transactions (#11568).
Error handling
-
Rephrased some error responses about invalid commands or arguments (#10612) -
- Error response for unknown command introduced a case change (
Unknown
tounknown
) - Errors for module commands extended to cover subcommands, updated syntax to match Redis Server syntax
- Arity errors for module commands introduce a case change (
Wrong
towrong
); will consider full command name
- Error response for unknown command introduced a case change (
-
Corrected error codes returned from
EVAL
scripts (#10218, #10329).These examples show changes in behavior:
1: config set maxmemory 1 2: +OK 3: eval "return redis.call('set','x','y')" 0 - 4: -ERR Error running script (call to 71e6319f97b0fe8bdfa1c5df3ce4489946dda479): @user_script:1: @user_script: 1: -OOM command not allowed when used memory > 'maxmemory'. + 4: -ERR Error running script (call to 71e6319f97b0fe8bdfa1c5df3ce4489946dda479): @user_script:1: OOM command not allowed when used memory > 'maxmemory'. 5: eval "return redis.pcall('set','x','y')" 0 - 6: -@user_script: 1: -OOM command not allowed when used memory > 'maxmemory'. + 6: -OOM command not allowed when used memory > 'maxmemory'. 7: eval "return redis.call('select',99)" 0 8: -ERR Error running script (call to 4ad5abfc50bbccb484223905f9a16f09cd043ba8): @user_script:1: ERR DB index is out of range 9: eval "return redis.pcall('select',99)" 0 10: -ERR DB index is out of range 11: eval_ro "return redis.call('set','x','y')" 0 -12: -ERR Error running script (call to 71e6319f97b0fe8bdfa1c5df3ce4489946dda479): @user_script:1: @user_script: 1: Write commands are not allowed from read-only scripts. +12: -ERR Error running script (call to 71e6319f97b0fe8bdfa1c5df3ce4489946dda479): @user_script:1: ERR Write commands are not allowed from read-only scripts. 13: eval_ro "return redis.pcall('set','x','y')" 0 -14: -@user_script: 1: Write commands are not allowed from read-only scripts. +14: -ERR Write commands are not allowed from read-only scripts.
-
ZPOPMIN
/ZPOPMAX
used to produce wrong replies when count is 0 with non-zset #9711):ZPOPMIN
/ZPOPMAX
used to produce an(empty array)
whenkey
was not a sorted set and the optionalcount
argument was set to0
and now produces aWRONGTYPE
error response instead.- The optional
count
argument must be positive. A negative value produces avalue is out of range
error.
These examples show changes in behavior:
1: zadd myzset 1 "one" 2: (integer) 1 3: zadd myzset 2 "two" 4: (integer) 1 5: zadd myzset 3 "three" 6: (integer) 1 7: zpopmin myzset -1 - 8: (empty array) + 8: (error) ERR value is out of range, must be positive 9: 127.0.0.1:6379> set foo bar 10: OK 11: zpopmin foo 0 -12: (empty array) +12: (error) WRONGTYPE Operation against a key holding the wrong kind of value
-
LPOP
/RPOP
with count against a nonexistent list returns a null array instead of(nil)
(#10095). This change was backported to 6.2. -
LPOP
/RPOP
used to produce(nil)
when count is 0, now produces a null array (#9692). This change was backported to 6.2. -
XCLAIM
/XAUTOCLAIM
skips deleted entries instead of replying withnil
and deletes them from the pending entry list (#10227) -XCLAIM
/XAUTOCLAIM
now behaves in the following way:- If you try to claim a deleted entry, it is deleted from the pending entry list (PEL) where it is found (as well as the group PEL). Therefore, such an entry is not claimed, just cleared from PEL (because it doesn't exist in the stream anyway).
- Because deleted entries are not claimed,
X[AUTO]CLAIM
does not return "nil" instead of an entry. - Added an array of all the deleted stream IDs to
XAUTOCLAIM
response.
-
A blocked stream command that is released when a key no longer exists returns a different error code (#11012).
- For newly unblocked streams, lists, and zsets, the old implementation returned
UNBLOCKED
when the stream key was deleted or overwritten with a different type. Now, errors will be the same as if the command was processed after the effect.
- For newly unblocked streams, lists, and zsets, the old implementation returned
-
ACL errors have been unified across Redis. (#11160)
- When using RedisModule_Call module API function, ACL errors return
-NOPERM
instead of-ERR
- When using RedisModule_Call module API function, ACL errors return
-
XREADGROUP
andXAUTOCLAIM
create a consumer regardless of whether it was able to perform reading or claiming (#11012). -
Any float that is Not a Number will return
nan
(#11597).
ACLs
-
ACL GETUSER
reply now uses ACL syntax forkeys
andchannels
(#9974).ACL GETUSER
now uses the ACL DSL (Domain Specific Language) for keys and channels.These examples show changes in behavior:
1: acl setuser foo off resetchannels &channel1 -@all +get 2: OK 3: acl getuser foo 4: 1) "flags" 5: 2) 1) "off" 6: 3) "passwords" 7: 4) (empty array) 8: 5) "commands" 9: 6) "-@all +get" 10: 7) "keys" -11: 8) (empty array) +11: 8) "" 12: 9)"channels" -13 10) 1) "channel1" +13 10) "&channel1"
-
SORT
/SORT_RO
commands reject key access patterns inGET
andBY
if the ACL doesn't grant the command full keyspace access (#10340) - Thesort
andsort_ro
commands can access external keys viaGET
andBY
. In order to make sure the user cannot violate the authorization ACL rules, Redis 7 will reject external keys access patterns unless ACL allowsSORT
full access to all keys. For backwards compatibility,SORT
withGET
/BY
keeps working, but if ACL has restrictions to certain keys, the use of these features will result in a permission denied error.These examples show changes in behavior:
USER FOO (+sort ~* ~mylist) #FOO> sort mylist by w* get v* - is O.K since ~* provides full key access
USER FOO (+sort %R~* ~mylist) #FOO> sort mylist by w* get v* - is O.K since %R~* provides full key READ access**
USER FOO (+sort %W~* ~mylist) #FOO> sort mylist by w* get v* - will now fail since $W~* only provides full key WRITE access
USER FOO (+sort ~v* ~mylist) #FOO> sort mylist by w* get v* - will now fail since ~v* only provides partial key access
-
Fix ACL category for
SELECT
,WAIT
,ROLE
,LASTSAVE
,READONLY
,READWRITE
,ASKING
(#9208):-
SELECT
andWAIT
have been recategorized from@keyspace
to@connection
-
ROLE
,LASTSAVE
have been categorized as@admin
and@dangerous
-
ASKING
,READONLY
,READWRITE
have also been assigned the@connection
category and removed from@keyspace
-
Command categories are explained in ACL documentation
-
When a blocked client is being unblocked, checks for ACLs and OOM condition checks are now re-evaluated (#11012).
- If the ACL rules have changed since the command was executed, the command might fail after the client is unblocked.
-
Command introspection, stats, and configuration
-
COMMAND
reply dropsrandom
andsort-for-scripts
flags, which are now part of command tips (#10104) - Therandom
flag was replaced with thenondeterministic_output
tip; thesort-for-scripts
flag was replaced by thenondeterministic_output_order
tip -
INFO
commandstats
now shows the stats per sub-command (#9504) For example, while previous versions would provide a single entry for all command usage, in Redis 7, each sub command is reported separately:-
Redis 6.2:
cmdstat_acl:calls=4,usec=279,usec_per_call=69.75,rejected_calls=0,failed_calls=2
-
Redis 7:
cmdstat_acl|list:calls=1,usec=4994,usec_per_call=4994.00,rejected_calls=0,failed_calls=0 cmdstat_acl|setuser:calls=2,usec=16409,usec_per_call=8204.50,rejected_calls=0,failed_calls=0 cmdstat_acl|deluser:calls=1,usec=774,usec_per_call=774.00,rejected_calls=0,failed_calls=0 cmdstat_acl|getuser:calls=1,usec=6044,usec_per_call=6044.00,rejected_calls=0,failed_calls=0
-
-
CONFIG REWRITE
,CONFIG RESETSTAT
, and mostCONFIG SET
commands are now allowed during loading (#9878) -
When running
XINFO CONSUMERS
, theidle
time now shows the number of milliseconds that have passed since the last attempted interaction, and theinactive
time shows the number of milliseconds since the last successful interaction (#11099)- Previously,
idle
time showed the number of milliseconds that passed since the last successful interaction and there was noinactive
time.
- Previously,
-
Command stats are only updated when the command executes (#11012).
- Previously, the command stats were updated even if a command was blocked. The command stats are now updated only if and when the command is executed.
Client prerequisites for Redis 7.2 upgrade
The Redis clients Go-Redis version 9 and Lettuce versions 6 and later use RESP3 by default. If you use either client to run Redis Stack commands, you should set the client's protocol version to RESP2 before upgrading your database to Redis version 7.2 to prevent potential application issues due to RESP3 breaking changes.
For applications using Go-Redis v9.0.5 or later, set the protocol version to RESP2:
client := redis.NewClient(&redis.Options{
Addr: "<database_endpoint>",
Protocol: 2, // Pin the protocol version
})
To set the protocol version to RESP2 with Lettuce v6 or later:
import io.lettuce.core.*;
import io.lettuce.core.api.*;
import io.lettuce.core.protocol.ProtocolVersion;
// ...
RedisClient client = RedisClient.create("<database_endpoint>");
client.setOptions(ClientOptions.builder()
.protocolVersion(ProtocolVersion.RESP2) // Pin the protocol version
.build());
// ...
If you are using LettuceMod, you need to upgrade to v3.6.0.
Deprecations
Command deprecations
-
CLUSTER SLOTS
is deprecated as of Redis 7.0 -
JSON.RESP
is deprecated as of Redis Stack 7.2. -
QUIT
is deprecated as of Redis 7.2
API deprecations
Fields deprecated as of Redis Enterprise v4.3.3:
-
smtp_use_tls
(replaced withsmtp_tls_mode
) -
dns_address_master
-
endpoint_node
-
endpoint_ip
-
public_addr
(replaced withexternal_addr
)
Fields deprecated as of Redis Enterprise v4.4.2:
default_shards_overbooking
(replaced withshards_overbooking
)
Fields deprecated as of Redis Enterprise v6.4.2:
-
use_ipv6
(replaced withuse_external_ipv6
) -
redis_cleanup_job_settings
(replaced withpersistence_cleanup_scan_interval
)
Fields deprecated as of Redis Enterprise v5.0.1:
-
bdb_high_syncer_lag
(replaced withreplica_src_high_syncer_lag
andcrdt_src_high_syncer_lag
) -
bdb_syncer_connection_error
-
bdb_syncer_general_error
-
sync_sources
(replaced withreplica_sources
andcrdt_sources
) -
sync
(replaced withreplica_sync
andcrdt_sync
) -
ssl
(replaced withtls_mode
)
Fields deprecated as of Redis Enterprise v7.2.4:
-
node.bigstore_driver
(replaced withcluster.bigstore_driver
) -
auth_method
-
authentication_redis_pass
(replaced with multiple passwords feature in version 6.0.X) -
slave_ha
cluster policy
Other deprecated fields:
-
import/rdb_url
(deprecated as of Redis Enterprise v4.X) -
logrotate_dir
(to be replaced withlogrotate_config
or removed)
Deprecated CLI commands:
-
rlutil change_master
(deprecated as of Redis Enterprise v6.2.18, replaced withrladmin change_master
) -
rlutil reserved_ports
(deprecated as of Redis Enterprise v7.2, replaced withrladmin cluster config reserved_ports
)
REST API requests deprecated as of Redis Enterprise v7.2:
-
POST /v1/modules
(replaced withPOST /v2/modules
) -
DELETE /v1/modules
(replaced withDELETE /v2/modules
)
Access control deprecations
-
The following predefined roles and Redis ACLs are no longer available for new Redis Enterprise Software version 7.2.4 clusters:
-
Custom roles (not management roles): Cluster Member, Cluster Viewer, DB Member, DB Viewer, None.
-
Redis ACLs: Not Dangerous and Read Only.
-
-
In upcoming maintenance releases, the deprecated roles and ACLs will be removed automatically when you upgrade to Redis Enterprise Software version 7.2.4, unless they are associated with any users or databases in the cluster.
-
A deprecation notice for SASL-based LDAP was included in previous Redis Enterprise Software release notes. When you upgrade to Redis Enterprise Software version 7.2.4, all existing "external" users (previously used to support SASL-based LDAP) will be removed.
Legacy UI
With the release of the new Cluster Manager UI, the legacy UI is considered deprecated and will eventually be phased out. New functionality will only be implemented in the new Cluster Manager UI, and the old UI will no longer be maintained except for critical bug fixes.
RedisGraph
Redis has announced the end of life for RedisGraph. Redis will continue to support all RedisGraph customers, including releasing patch versions until January 31, 2025.
See the RedisGraph end-of-life announcement for more details.
RHEL and CentOS 7.0-7.9
Support for RHEL and CentOS 7.0-7.9 is considered deprecated and will be removed in a future release.
Oracle Linux 7
Oracle Linux 7 support is considered deprecated and will be removed in a future release.
Amazon Linux 1
Amazon Linux 1 support is considered deprecated and will be removed in a future release.
Ubuntu 16.04
The deprecation of Ubuntu 16.04 was announced in the Redis Enterprise Software 6.4.2 release notes. As of Redis Enterprise Software 7.2.4, Ubuntu 16.04 is no longer supported.
RC4 encryption cipher
The RC4 encryption cipher is considered deprecated in favor of stronger ciphers. Support for RC4 by the discovery service will be removed in a future release.
3DES encryption cipher
The 3DES encryption cipher is considered deprecated in favor of stronger ciphers like AES. Please verify that all clients, apps, and connections support the AES cipher. Support for 3DES will be removed in a future release. Certain operating systems, such as RHEL 8, have already removed support for 3DES. Redis Enterprise Software cannot support cipher suites that are not supported by the underlying operating system.
TLS 1.0 and TLS 1.1
TLS 1.0 and TLS 1.1 connections are considered deprecated in favor of TLS 1.2 or later. Please verify that all clients, apps, and connections support TLS 1.2. Support for the earlier protocols will be removed in a future release. Certain operating systems, such as RHEL 8, have already removed support for the earlier protocols. Redis Enterprise Software cannot support connection protocols that are not supported by the underlying operating system.
Upcoming changes
Prepare for restrictive pub/sub permissions
Redis database version 6.2 introduced pub/sub ACL rules that determine which pub/sub channels a user can access.
The configuration option acl-pubsub-default
, added in Redis Enterprise Software version 6.4.2, determines the cluster-wide default level of access for all pub/sub channels. Redis Enterprise Software uses the following pub/sub permissions by default:
-
For versions 6.4.2 and 7.2,
acl-pubsub-default
is permissive (allchannels
or&*
) by default to accommodate earlier Redis versions. -
In future versions,
acl-pubsub-default
will change to restrictive (resetchannels
). Restrictive permissions block all pub/sub channels by default, unless explicitly permitted by an ACL rule.
If you use ACLs and pub/sub channels, you should review your databases and ACL settings and plan to transition your cluster to restrictive pub/sub permissions in preparation for future Redis Enterprise Software releases.
When you change the cluster's default pub/sub permissions to restrictive, &*
is added to the Full Access ACL. Before you make this change, consider the following:
-
Because pub/sub ACL syntax was added in Redis 6.2, you can't associate the Full Access ACL with database versions 6.0 or lower after this change.
-
The Full Access ACL is not reverted if you change
acl-pubsub-default
to permissive again. -
Every database with the default user enabled uses the Full Access ACL.
To secure pub/sub channels and prepare your cluster for future Redis Enterprise Software releases that default to restrictive pub/sub permissions:
-
Upgrade Redis databases:
-
For Redis Enterprise Software version 6.4.2, upgrade all databases in the cluster to Redis DB version 6.2.
-
For Redis Enterprise Software version 7.2.4, upgrade all databases in the cluster to Redis DB version 7.2 or 6.2.
-
-
Create or update ACLs with permissions for specific channels using the
resetchannels &channel
format. -
Associate the ACLs with relevant databases.
-
Set default pub/sub permissions (
acl-pubsub-default
) to restrictive. See Change default pub/sub permissions for details. -
If any issues occur, you can temporarily change the default pub/sub setting back to permissive. Resolve any problematic ACLs before making pub/sub permissions restrictive again.
Upcoming command request and reponse changes
Open source Redis version 7.2 changes the request and response policies for several commands. Because the GA release of Redis Enterprise version 7.2 does not include these policy changes, commands might behave differently from open source Redis. However, these changes will be included in a future Redis Enterprise maintenance release:
-
RANDOMKEY
andSCAN
will change from no response policy to aSPECIAL
response policy. -
MSETNX
currently has aMULTI_SHARD
request policy andAGG_MIN
response policy. Both will change to no policy.
For more information about request and response policies, see Redis command tips.
Supported platforms
The following table provides a snapshot of supported platforms as of this Redis Enterprise Software release. See the supported platforms reference for more details about operating system compatibility.
✅ Supported – The platform is supported for this version of Redis Enterprise Software.
⚠️ Deprecated – The platform is still supported for this version of Redis Enterprise Software, but support will be removed in a future release.
❌ End of life – Platform support ended in this version of Redis Enterprise Software.
Redis Enterprise | 7.2.4 | 6.4.2 | 6.2.18 | 6.2.12 | 6.2.10 | 6.2.8 | 6.2.4 |
---|---|---|---|---|---|---|---|
Ubuntu1 | |||||||
20.04 | ✅ | ✅6 | – | – | – | – | – |
18.04 | ⚠️ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
16.04 | ❌ | ⚠️ | ✅ | ✅ | ✅ | ✅ | ✅ |
RHEL & CentOS2 | |||||||
8.8 | ✅ | – | – | – | – | – | – |
8.7 | ✅ | ✅ | – | – | – | – | – |
8.5-8.6 | ✅ | ✅ | ✅ | ✅ | ✅ | – | – |
8.0-8.4 | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | – |
7.0-7.9 | ⚠️ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
Oracle Linux3 | |||||||
8 | ✅ | ✅ | ✅ | ✅ | ✅ | – | – |
7 | ⚠️ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
Rocky Linux3 | |||||||
8 | ✅ | ✅ | ✅ | – | – | – | – |
Amazon Linux | |||||||
2 | ✅ | ✅7 | – | – | – | – | – |
1 | ⚠️ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
Docker4 | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
Kubernetes5 | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
-
The server version of Ubuntu is recommended for production installations. The desktop version is only recommended for development deployments.
-
RHEL and CentOS deployments require OpenSSL 1.0.2 and firewall configuration.
-
Docker images of Redis Enterprise Software are certified for development and testing only.
-
Ubuntu 20.04 support was added in Redis Enterprise Software 6.4.2-43.
-
A release candidate for Amazon Linux 2 support was added in Redis Enterprise Software 6.4.2-61. Official support for Amazon Linux 2 was added in Redis Enterprise Software 6.4.2-69.
Downloads
The following table shows the MD5 checksums for the available packages:
Package | MD5 checksum (7.2.4-52 August release) |
---|---|
Ubuntu 18 | 7c7e465c8e129a03ee9f585137b2a1d9 |
Ubuntu 20 | 631f27311b19806955fde012953ff9c9 |
RedHat Enterprise Linux (RHEL) 7 Oracle Enterprise Linux (OL) 7 |
ae76798b1b7243313b4f4cba6ede88d7 |
RedHat Enterprise Linux (RHEL) 8 Oracle Enterprise Linux (OL) 8 Rocky Enterprise Linux |
48936b25aefa2921d38aea84ad06134d |
Amazon Linux 2 | 3e8180d7a9ebc3784ab6080234edefd5 |
Known issues
Legacy UI known issues
When using the legacy UI, you cannot update and save your changes on the settings > preferences tab even though these settings are visible. This issue will be fixed in the next maintenance release.
As a workaround, use the new Cluster Manager UI to update these settings from the Cluster > Security > Preferences tab.
Pub/sub channel ACL limitations
In Redis Enterprise Software version 6.4.2, you could use &channel
syntax in Redis ACL rules to allow access to specific pub/sub channels even when default pub/sub permissions were permissive (&allchannels
or &*
), allowing all channels by default. However, &allchannels &channel
is not valid syntax.
As of Redis Enterprise Software version 7.2.4, you cannot create Redis ACLs with this combination of rules. You can only use &channel
to allow access to specific channels if the default pub/sub permissions are restrictive (resetchannels
).
Associating an ACL that contains the invalid syntax &allchannels &channel
To prevent this issue:
-
Review all existing ACL rules.
-
For each rule containing
&channel
, either:-
Add the
resetchannels
prefix to restrict access to all channels by default. -
Delete the rule if not needed.
-
Known limitations
Command limitations
-
CLIENT NO-TOUCH
might not run correctly in the following cases:-
The Redis database version is earlier than 7.2.0.
-
The
CLIENT NO-TOUCH
command is forbidden by ACL rules.
Before sending this command, clients should verify the database version is 7.2.0 or later and that using this command is allowed.
-
-
You cannot use
SUNSUBSCRIBE
to unsubscribe from a shard channel if the regex changed while subscribed. -
Using
XREADGROUP BLOCK
with>
to return all new streams will cause the Redis database to freeze until the shard is restarted. (#12031) -
Because a rejected command does not record the duration for command stats, an error will appear after it is reprocessed that will cause the Redis database to freeze until the shard is restarted. (#12247)
Modules cannot load in Oracle Linux 7 & 8
Databases hosted on Oracle Linux 7 & 8 cannot load modules.
As a temporary workaround, you can change the node's os_name
in the Cluster Configuration Store (CCS):
ccs-cli hset node:<ID> os_name rhel
Cluster recovery with manually uploaded modules
For clusters containing databases with manually uploaded modules, cluster recovery requires an extra step.
After installing Redis Enterprise Software on the cluster nodes, upload compatible modules to modulesdir
(/opt/redislabs/lib/modules
) before continuing the recovery process.
This limitation will be removed in a future maintenance release.
Security
Open source Redis security fixes compatibility
As part of Redis's commitment to security, Redis Enterprise Software implements the latest security fixes available with open source Redis. Redis Enterprise has already included the fixes for the relevant CVEs.
Some CVEs announced for open source Redis do not affect Redis Enterprise due to different or additional functionality available in Redis Enterprise that is not available in open source Redis.
Redis Enterprise 7.2.4-52 supports open source Redis 7.2, 6.2, and 6.0. Below is the list of open source Redis CVEs fixed by version.
Redis 7.2.0 includes all of the CVE fixes from previous versions.
Redis 7.0.x:
-
(CVE-2023-36824) Extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption, and potentially remote code execution. Specifically: using
COMMAND GETKEYS*
and validation of key names in ACL rules. (Redis 7.0.12) -
(CVE-2023-28856) Authenticated users can use the
HINCRBYFLOAT
command to create an invalid hash field that will crash Redis on access. (Redis 7.0.11) -
(CVE-2023-28425) Specially crafted
MSETNX
command can lead to assertion and denial-of-service. (Redis 7.0.10) -
(CVE-2023-25155) Specially crafted
SRANDMEMBER
,ZRANDMEMBER
, andHRANDFIELD
commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. (Redis 7.0.9) -
(CVE-2023-22458) Integer overflow in the Redis
HRANDFIELD
andZRANDMEMBER
commands can lead to denial-of-service. (Redis 7.0.8) -
(CVE-2022-36021) String matching commands (like
SCAN
orKEYS
) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. (Redis 7.0.9) -
(CVE-2022-35977) Integer overflow in the Redis
SETRANGE
andSORT
/SORT_RO
commands can drive Redis to OOM panic. (Redis 7.0.8) -
(CVE-2022-35951) Executing an
XAUTOCLAIM
command on a stream key in a specific state, with a specially craftedCOUNT
argument, may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. The problem affects Redis versions 7.0.0 or newer. (Redis 7.0.5) -
(CVE-2022-31144) A specially crafted
XAUTOCLAIM
command on a stream key in a specific state may result in heap overflow and potentially remote code execution. The problem affects Redis versions 7.0.0 or newer. (Redis 7.0.4) -
(CVE-2022-24834) A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson and cmsgpack libraries, and result in heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. (Redis 7.0.12)
-
(CVE-2022-24736) An attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result in a crash of the
redis-server
process. This issue affects all versions of Redis. (Redis 7.0.0) -
(CVE-2022-24735) By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis can inject Lua code that will execute with the (potentially higher) privileges of another Redis user. (Redis 7.0.0)
Redis 6.2.x:
-
(CVE-2023-28856) Authenticated users can use the
HINCRBYFLOAT
command to create an invalid hash field that will crash Redis on access. (Redis 6.2.12) -
(CVE-2023-25155) Specially crafted
SRANDMEMBER
,ZRANDMEMBER
, andHRANDFIELD
commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. (Redis 6.2.11) -
(CVE-2023-22458) Integer overflow in the Redis
HRANDFIELD
andZRANDMEMBER
commands can lead to denial-of-service. (Redis 6.2.9) -
(CVE-2022-36021) String matching commands (like
SCAN
orKEYS
) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. (Redis 6.2.11) -
(CVE-2022-35977) Integer overflow in the Redis
SETRANGE
andSORT
/SORT_RO
commands can drive Redis to OOM panic. (Redis 6.2.9) -
(CVE-2022-24834) A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson and cmsgpack libraries, and result in heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. (Redis 6.2.13)
-
(CVE-2022-24736) An attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result in a crash of the
redis-server
process. This issue affects all versions of Redis. (Redis 6.2.7) -
(CVE-2022-24735) By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis can inject Lua code that will execute with the (potentially higher) privileges of another Redis user. (Redis 6.2.7)
-
(CVE-2021-41099) Integer to heap buffer overflow handling certain string commands and network payloads, when
proto-max-bulk-len
is manually configured to a non-default, very large value. (Redis 6.2.6) -
(CVE-2021-32762) Integer to heap buffer overflow issue in
redis-cli
andredis-sentinel
parsing large multi-bulk replies on some older and less common platforms. (Redis 6.2.6) -
(CVE-2021-32761) An integer overflow bug in Redis version 2.2 or newer can be exploited using the
BITFIELD
command to corrupt the heap and potentially result with remote code execution. (Redis 6.2.5) -
(CVE-2021-32687) Integer to heap buffer overflow with intsets, when
set-max-intset-entries
is manually configured to a non-default, very large value. (Redis 6.2.6) -
(CVE-2021-32675) Denial Of Service when processing RESP request payloads with a large number of elements on many connections. (Redis 6.2.6)
-
(CVE-2021-32672) Random heap reading issue with Lua Debugger. (Redis 6.2.6)
-
(CVE-2021-32628) Integer to heap buffer overflow handling ziplist-encoded data types, when configuring a large, non-default value for
hash-max-ziplist-entries
,hash-max-ziplist-value
,zset-max-ziplist-entries
orzset-max-ziplist-value
. (Redis 6.2.6) -
(CVE-2021-32627) Integer to heap buffer overflow issue with streams, when configuring a non-default, large value for
proto-max-bulk-len
andclient-query-buffer-limit
. (Redis 6.2.6) -
(CVE-2021-32626) Specially crafted Lua scripts may result with Heap buffer overflow. (Redis 6.2.6)
-
(CVE-2021-32625) An integer overflow bug in Redis version 6.0 or newer can be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. This is a result of an incomplete fix by CVE-2021-29477. (Redis 6.2.4)
-
(CVE-2021-29478) An integer overflow bug in Redis 6.2 could be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves changing the default set-max-intset-entries configuration value, creating a large set key that consists of integer values and using the COPY command to duplicate it. The integer overflow bug exists in all versions of Redis starting with 2.6, where it could result with a corrupted RDB or DUMP payload, but not exploited through COPY (which did not exist before 6.2). (Redis 6.2.3)
-
(CVE-2021-29477) An integer overflow bug in Redis version 6.0 or newer could be exploited using the STRALGO LCS command to corrupt the heap and potentially result in remote code execution. The integer overflow bug exists in all versions of Redis starting with 6.0. (Redis 6.2.3)
Redis 6.0.x:
-
(CVE-2022-24834) A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson and cmsgpack libraries, and result in heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. (Redis 6.0.20)
-
(CVE-2023-28856) Authenticated users can use the
HINCRBYFLOAT
command to create an invalid hash field that will crash Redis on access. (Redis 6.0.19) -
(CVE-2023-25155) Specially crafted
SRANDMEMBER
,ZRANDMEMBER
, andHRANDFIELD
commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. (Redis 6.0.18) -
(CVE-2022-36021) String matching commands (like
SCAN
orKEYS
) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. (Redis 6.0.18) -
(CVE-2022-35977) Integer overflow in the Redis
SETRANGE
andSORT
/SORT_RO
commands can drive Redis to OOM panic. (Redis 6.0.17)