[chart/redis-ha][Request] Update to Redis 7.0
sathieu opened this issue · 1 comments
sathieu commented
Describe the bug
(marking as bug as the release fixes CVEs)
Redis 7.0 was released: https://github.com/redis/redis/blob/7.0/00-RELEASENOTES
It includes the following security fixes:
- (CVE-2022-24736) An attacker attempting to load a specially crafted Lua script
can cause NULL pointer dereference which will result with a crash of the
redis-server process. This issue affects all versions of Redis.
[reported by Aviv Yahav]. - (CVE-2022-24735) By exploiting weaknesses in the Lua script execution
environment, an attacker with access to Redis can inject Lua code that will
execute with the (potentially higher) privileges of another Redis user.
[reported by Aviv Yahav].
DandyDeveloper commented
This still definitely should be done. I'll try a basic upgrade using the latest Redis images and make sure everything seems functionally sound.