Redis 7.0 arrives with performance improvements, bug fixes and more

The new version of the DBMS Redis 7.0 has already been released, Redis provides features for storing data in key/value format, extended with support for structured data formats such as lists, hashes, and sets, as well as the ability to run server-side Lua script drivers.

Unlike in-memory storage systems like Memcached, Redis provides persistent storage of data on disk and ensures database security in the event of an abnormal shutdown. The source texts of the project are distributed under the BSD license.

Client libraries are available for the most popular languages, including Perl, Python, PHP, Java, Ruby, and Tcl. Redis supports transactions that allow you to execute a group of commands in a single step, ensuring consistency and consistency (commands from other requests cannot block) the execution of a given set of commands, and in case of problems, it allows you to roll back the changes. All data is fully cached in RAM.

Redis 7.0 Key New Features

In this new version of the DBMS that is presented added support for server side functions, as unlike previously supported Lua scripts, functions are not application specific and are intended to implement additional logic that expands the capabilities of the server.

The functions are processed inextricably with the data and in relation to the database, and not the application, including replication and persistent storage.

Another novelty that stands out in Redis 7.0 is the ACL second edition, which allows you to control access to data based on keys and allows you to define different sets of access rules for commands with the ability to bind multiple selectors (permission sets) to each user. Each key can be identified with certain permissions, for example you can restrict access to only read or write to a certain subset of keys.

In addition to this, it is noted that Redis 7.0 provides A fragmented implementation of the message distribution paradigm Publish-Subscribe, which runs on a cluster, where a message is sent to a specific node to which the message channel is attached, after which this message is redirected to the remaining nodes included in the hull. Clients can receive messages by subscribing to a channel, both by connecting to the primary node and to the secondary nodes of the section.

It is also highlighted that provided the ability to handle multiple configurations at once in a single CONFIG SET/GET call and that the options “–json”, “-2”, “–scan”, “–functions-rdb” have been added to the redis-cli utility.

By default, access to settings and commands that affect security is disabled for clients (for example, DEBUG and MODULE commands are disabled, changing configurations with the PROTECTED_CONFIG flag is prohibited). Redis-cli stopped sending commands containing sensitive data to the history file.

On the other hand, it stands out thate made a large part of the optimizations aimed at improving performance and reduce memory consumption. For example, memory consumption has been significantly reduced when cluster mode is enabled, when performing copy-on-write operations, and when working with hash and zset keys, plus the logic was improved to flush data to disk (called fsync).

Fixed vulnerability CVE-2022-24735 in the Lua script execution environment, which allows you to override your own Lua code and cause it to run in the context of another user, including those with higher privileges.

Furthermore, we can point to vulnerability (CVE-2022-0543) in packages with Redis for Ubuntu and Debian (the issue is specific to individual assemblies and not related to Redis itself), which allows arbitrary Lua code to be executed on a remote server and bypassing the environment sandbox isolation mechanism for running scripts in Redis.

Addressed vulnerability CVE-2022-24736 that could allow the redis server process to crash due to a null pointer dereference. The attack is carried out by loading specially crafted Lua scripts.

finally if you are interested in knowing more about it, You can check the details in the following link.


Be the first to comment

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.