Redis: Security Patches and Release Candidate 8.8 RC1

Redis merged critical security fixes addressing three CVEs including remote code execution vulnerabilities, while releasing version 8.8 RC1 and temporarily disabling the GCRA rate limiting feature.

Duration: PT0S

Episode overview

This episode is a short developer briefing from Redis.

It explains recent repository work in plain language.

  • Show: Redis
  • Published: 2026-05-15T10:04:09Z
  • Audio duration: PT0S

Transcript excerpt

This excerpt keeps the crawler page concise. Listen to the episode or use the RSS feed for the full update.

Good morning. This is your Redis development briefing for May 15th, 2026.

YaacovHazan merged a major security update addressing multiple critical vulnerabilities. The patch fixes CVE-2026-23479, a use-after-free bug in the unblock client flow that could lead to remote code execution. It also resolves CVE-2026-25243, an invalid memory access issue in the RESTORE command, and…

The same author also merged Redis 8.8 RC1, a substantial release candidate spanning over 26,000 lines of changes across 167 files. This update includes GitHub Actions workflow improvements and dependency updates.

Mincho Paskalev merged a change to disable the GCRA rate limiting algorithm that was previously introduced. The feature remains in the codebase but is now inaccessible, with commands disabled and AOF/RDB operations turned off, pending a final decision on its inclusion.

Several module updates were integrated. Tom Gabsow updated data type modules to RC1 versions, including RedisJSON 8.7.91 with array command fixes and RedisBloom 8.7.91 with various bug fixes. Omer Shadmi updated RediSearch to version 8.7.91.

Infrastructure improvements include removing an unused post-release automation workflow and fixing…

Nearby episodes from Redis

  1. Diskless Replication Performance Fix
  2. Build System Fixes and RediSearch Configuration
  3. Weekly Recap - 8.8 RC1 Release and Major Security Patches
  4. Memory Tracking Configuration Fix
  5. Array Type Launch and Stability Updates
  6. Performance and Security Hardening
  7. New INCREX Command and Memory Leak Fix
  8. MGET/MSET Performance and Infrastructure Updates