Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Redis] Update to 7.08 for Security Fixes #31925

Merged
merged 1 commit into from
Jan 26, 2023
Merged

[Redis] Update to 7.08 for Security Fixes #31925

merged 1 commit into from
Jan 26, 2023

Conversation

ijrsvt
Copy link
Contributor

@ijrsvt ijrsvt commented Jan 25, 2023
edited
Loading

Why are these changes needed?

Upgrade Redis from 7.0.5 -> 7.0.8
Fixes:

(CVE-2022-35977) Integer overflow in the Redis SETRANGE and SORT/SORT_RO
commands can drive Redis to OOM panic
(CVE-2023-22458) Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER
commands can lead to denial-of-service

Related issue number

Checks

  • I've signed off every commit(by using the -s flag, i.e., git commit -s) in this PR.
  • I've run scripts/format.sh to lint the changes in this PR.
  • I've included any doc changes needed for https://docs.ray.io/en/master/.
  • I've made sure the tests are passing. Note that there might be a few flaky tests, see the recent failures at https://flakey-tests.ray.io/
  • Testing Strategy
    • Unit tests
    • Release tests
    • This PR is not tested :(

@ijrsvt
update package and sha
393ac1c 
Signed-off-by: Ian <ian.rodney@gmail.com>
@ijrsvt ijrsvt requested a review from fishbone January 25, 2023 21:09
@ijrsvt ijrsvt merged commit 1455a10 into ray-project:master Jan 26, 2023
@ijrsvt
Copy link
Contributor Author

ijrsvt commented Jan 26, 2023

Merging because MongoDataset test is failing on master:
Screen Shot 2023-01-25 at 4 42 15 PM

@ijrsvt ijrsvt deleted the redis-to-708 branch January 26, 2023 00:42
Toad2186 added a commit to hyperscience/ray that referenced this pull request Jan 17, 2024
@Toad2186
NO_TICKET Pull ray absl fix for Mac ARM
b12e319 
* Technically we only need `absl` because it was using deprecated C++
APIs that were throwing an error, but I decided to pull:
ray-project#31925
No functional changes, still debating whether we should increase
the suffix -- leaving as is for now
* Also update `spdlog`, for the same reason, based on this PR:
ray-project#40852
Toad2186 added a commit to hyperscience/ray that referenced this pull request Jan 23, 2024
@Toad2186
NO_TICKET Pull ray absl fix for Mac ARM
eb21694 
* Technically we only need `absl` because it was using deprecated C++
APIs that were throwing an error, but I decided to pull:
ray-project#31925
No functional changes, still debating whether we should increase
the suffix -- leaving as is for now
* Also update `spdlog`, for the same reason, based on this PR:
ray-project#40852
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fishbone fishbone fishbone approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ijrsvt @fishbone