Update redis image to 3.2.12
Relates #784
Docker image changes
Redis Changelogs
================================================================================
Redis 3.2.12 Released Wed Jun 13 12:43:01 CEST 2018
================================================================================
Upgrade urgency CRITICAL:
* Multilple security issues fixed.
* Backport of an older AOF fsync=always fix. Check 4.x release notes.
* Backport of a *SCAN bug. Sometimes elements could be missing from the scan.
* Other minor things.
================================================================================
Redis 3.2.11 Released Thu Sep 21 15:47:53 CEST 2017
================================================================================
Upgrade urgency HIGH: Potentially critical bugs fixed.
AOF flush on SHUTDOWN did not cared to really write the AOF buffers
(not in the kernel but in the Redis process memory) to disk before exiting.
Calling SHUTDOWN during traffic resulted into not every operation to be
persisted on disk.
================================================================================
Redis 3.2.10 Released Fri Jul 28 17:49:07 CEST 2017
================================================================================
Upgrade urgency MODERATE: This release contains a number of fixes that are not
critical in the general case, but quite important
in certain use cases. Upgrading is suggested but not
mandatory.
Dear Redis users,
while 4.0.1 is already out, this is a maintenance release of Redis 3.2.
It fixes several bugs, the most interesting ones are the following:
1. INFO server.stat_net_output_bytes field was computed in a wrong way, now
the output is correct.
2. SET with EX/PX options are now propagated correctly in the AOF, using
the absolute times.
3. CLIENT PAUSE was fixed to prevent eviction of keys, so that master and
slave continue to be consistent for the time the pause is active.
4. GEORADIUS(BYMEMBER)_RO variants for read-only operations added.
5. HyperLogLog sanity detection fixed in an edge case.
6. Redis Cluster crash due to mis-handling of hidden node flags fixed.
If you think you may be affected by the above problems, upgrading is a
good idea.
Have a nice day,
Salvatore
================================================================================
Redis 3.2.9 Released Mon May 17 17:35:38 CEST 2017
================================================================================
Upgrade urgency LOW: A few rarely harmful bugs were fixed.
This release just fixes bugs that are unlikely to cause serious problems
so there is no need to update ASAP. Please, see the list of commits
for the details on the bugs fixed and credits:
================================================================================
Redis 3.2.8 Released Sun Feb 12 16:11:18 CET 2017
================================================================================
Upgrade urgency CRITICAL: This release reverts back the Jemalloc upgrade
that is believed to potentially cause a server
deadlock. A MIGRATE crash is also fixed.
Two important bug fixes, the first of one is critical:
1. Apparently Jemalloc 4.4.0 may contain a deadlock under particular
conditions. See https://github.com/antirez/redis/issues/3799.
We reverted back to the previously used Jemalloc versions and plan
to upgrade Jemalloc again after having more info about the
cause of the bug.
2. MIGRATE could crash the server after a socket error. See for reference:
https://github.com/antirez/redis/issues/3796.
================================================================================
Redis 3.2.7 Released Tue Jan 31 16:21:41 CET 2017
================================================================================
Upgrade urgency HIGH: This release fixes important security and correctness
issues. It is especially important to upgrade for Redis
Cluster users and for users running Redis in their laptop
since a cross-scripting attack is fixed in this release.
Main bugs fixes and improvements in this release:
1. MIGRATE could incorrectly move keys between Redis Cluster nodes by turning
keys with an expire set into persisting keys. This bug was introduced with
the multiple-keys migration recently. It is now fixed. Only applies to
Redis Cluster users that use the resharding features of Redis Cluster.
2. As Redis 4.0 beta and the unstable branch already did (for some months at
this point), Redis 3.2.7 also aliases the Host: and POST commands to QUIT
avoiding to process the remaining pipeline if there are pending commands.
This is a security protection against a "Cross Scripting" attack, that
usually involves trying to feed Redis with HTTP in order to execute commands.
Example: a developer is running a local copy of Redis for development
purposes. She also runs a web browser in the same computer. The web browser
could send an HTTP request to http://127.0.0.1:6379 in order to access the
Redis instance, since a specially crafted HTTP requesta may also be partially
valid Redis protocol. However if POST and Host: break the connection, this
problem should be avoided. IMPORTANT: It is important to realize that it
is not impossible that another way will be found to talk with a localhost
Redis using a Cross Protocol attack not involving sending POST or Host: so
this is only a layer of protection but not a definitive fix for this class
of issues.
3. A ziplist bug that could cause data corruption, could crash the server and
MAY ALSO HAVE SECURITY IMPLICATIONS was fixed. The bug looks complex to
exploit, but attacks always get worse, never better (cit). The bug is very
very hard to catch in practice, it required manual analysis of the ziplist
code in order to be found. However it is also possible that rarely it
happened in the wild. Upgrading is required if you use LINSERT and other
in-the-middle list manipulation commands.
4. We upgraded to Jemalloc 4.4.0 since the version we used to ship with Redis
was an early 4.0 release of Jemalloc. This version may have several
improvements including the ability to better reclaim/use the memory of
system.Edited by Jason Plum