Redis 7.0 inosvika nekuvandudzwa kwekuita, kugadzirisa mabug nezvimwe

Iyo nyowani vhezheni yeDBMS Redis 7.0 yakatoburitswa, Redis inopa maficha ekuchengetedza data mukiyi / kukosha fomati, yakatambanudzwa nerutsigiro rwemafomati edata akarongwa senge rondedzero, hashes, uye seti, pamwe nekukwanisa kumhanyisa server-side Lua script driver.

Kusiyana ne-mu-memory ekuchengetedza masisitimu seMemcached, Redis inopa kuramba ichichengeterwa data pane dhisiki uye inova nechokwadi chekuchengetedza dhatabhesi kana paine kuvharika kusingaite. Zvinyorwa zvinyorwa zvepurojekiti zvakagoverwa pasi perezinesi reBSD.

Maraibhurari evatengi anowanikwa kumitauro inonyanya kufarirwa, kusanganisira Perl, Python, PHP, Java, Ruby, uye Tcl. Redis inotsigira kutengeserana kunokubvumira kuti uite boka remirairo munhanho imwe chete, kuve nechokwadi chekuenderana uye kusimba (mirairo kubva kune zvimwe zvikumbiro haigone kuvharira) kuitwa kweiyo yakapihwa seti yemirairo, uye kana paine matambudziko, inokutendera kuti udzoke kumashure. shanduko. Yese data yakavharwa zvizere mu RAM.

Redis 7.0 Kiyi Nyowani Zvimiro

Mune iyi vhezheni itsva yeDBMS inoratidzwa yakawedzera tsigiro yeserver side function, sezvakasiyana nezvinyorwa zveLua zvakambotsigirwa, mabasa haasi echishandiso chakanangana uye anoitirwa kuita imwe pfungwa iyo inowedzera kugona kweseva.

Iwo mabasa anogadziriswa zvisingaenzaniswi nedata uye zvine chekuita nedhatabhesi, uye kwete mashandisirwo, kusanganisira kudzokorora uye kuenderera kuchengetedza.

Chimwe chitsva chinomira pachena muRedis 7.0 ndicho ACL yechipiri edition, iyo inokubvumira kuti udzore kupinda kune data zvichienderana nemakiyi uye inokubvumira kuti utsanangure zvakasiyana-siyana zvemitemo yekuwana mirairo nekwanisi yekubatanidza vakawanda vanosarudza (seti yemvumo) kumushandisi wega wega. Kiyi yega yega inogona kucherechedzwa nedzimwe mvumo, semuenzaniso iwe unogona kurambidza kupinda kwekuverenga chete kana kunyora kune imwe subset yemakiyi.

Mukuwedzera kune izvi, zvinoonekwa kuti Redis 7.0 inopa una kuita zvidimbu yeparadigm yekuparadzira meseji Publish-Subscribe, iyo inomhanya pane cluster, iyo meseji inotumirwa kune chaiyo node iyo meseji chiteshi inosungirirwa, mushure meiyo iyi meseji inodzoserwa kune yakasara node inosanganisirwa muhull. Vatengi vanogona kugamuchira mameseji nekunyorera kuchiteshi, zvese nekubatanidza kune yekutanga node uye kune yechipiri node yechikamu.

Izvo zvakare zvakasimbiswa izvo yakapa kugona kubata akawanda magadzirirwo kamwechete mune imwechete CONFIG SET/GET call uye kuti sarudzo "-json", "-2", "-scan", "-functions-rdb" dzakawedzerwa kune redis-cli utility.

Nokusingaperi, kuwana kune zvigadziriso uye mirairo inobata chengetedzo yakadzimwa kune vatengi (semuenzaniso, DEBUG neMODULE mirairo yakadzimwa, kushandura magadzirirwo ane PROTECTED_CONFIG mureza hazvibvumidzwe). Redis-cli yakamira kutumira mirairo ine data inonzwisisika kune iyo nhoroondo faira.

Kune rumwe rutivi, zvinomira pachena kutie akaita chikamu chikuru chekugadzirisa kwakanangana nekuvandudza kushanda uye kuderedza kushandiswa kwendangariro. Semuyenzaniso, kushandiswa kwendangariro kwakadzikiswa zvakanyanya kana cluster mode inogoneswa, pakuita kopi-pa-kunyora mashandiro, uye kana uchishanda nehashi uye zset makiyi, pamwe nehana yakagadziridzwa kuti ibvise data kudhisiki (inonzi fsync).

Fixed vulnerability CVE-2022-24735 muLua script execution environment, iyo inokubvumira kuti uwedzere yako Lua kodhi uye kuita kuti iite mumamiriro emumwe mushandisi, kusanganisira avo vane ropafadzo dzakakwirira.

Uyezve, tinogona kunongedzera kusagadzikana (CVE-2022-0543) mumapakeji ane Redis yeUbuntu uye Debian (iyo nyaya yakanangana nemagungano ega ega uye isina hukama neRedis pachayo), iyo inobvumira kupokana kweLua kodhi kuti iitwe pane iri kure server uye nekunzvenga nharaunda sandbox yekuzviparadzanisa nzira yekumhanyisa zvinyorwa muRedis.

Yakawedzerwa kusazvibata CVE-2022-24736 iyo inogona kubvumira iyo redis server process kuti iparare nekuda kwekushaikwa kweinongedzo. Kurwiswa kwacho kunoitwa nekurodha zvinyorwa zveLua zvakanyatsogadzirwa.

pakupedzisira kana uri kuda kuziva zvakawanda nezvazvo, Iwe unogona kutarisa ruzivo mune zvinotevera link


Izvo zviri muchinyorwa zvinoomerera pamisimboti yedu ye tsika dzekunyora. Kuti utaure chikanganiso tinya pano.

Iva wekutanga kutaura

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa.

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako