Redis Open Source 8.2 release notes

===================================

--------------------------------------------------------------------------------

Upgrade urgency levels:

LOW: No need to upgrade unless there are new features you want to use.

MODERATE: Program an upgrade of the server, but it's not urgent.

HIGH: There is a critical bug that may affect a subset of users. Upgrade!

CRITICAL: There is a critical bug affecting MOST USERS. Upgrade ASAP.

SECURITY: There are security fixes in the release.

--------------------------------------------------------------------------------

The release notes contain PRs from multiple repositories:

#n - Redis (https://github.com/redis/redis)

#Qn = Query Engine (https://github.com/RediSearch/RediSearch)

#Jn = JSON (https://github.com/RedisJSON/RedisJSON)

#Tn = Time Series (https://github.com/RedisTimeSeries/RedisTimeSeries)

#Pn = Probabilistic (https://github.com/RedisBloom/RedisBloom)

================================================================================

Redis 8.2.6 Released Tue 5 May 2026 16:00:00 IST

================================================================================

Update urgency: `SECURITY`: There are security fixes in the release.

### Security fixes

- (CVE-2026-23479) Use-After-Free in unblock client flow may lead to Remote Code Execution.

- (CVE-2026-25243) Invalid memory access in `RESTORE` may lead to Remote Code Execution

- (CVE-2026-23631) Lua Use-After-Free may lead to remote code execution

- (CVE-2026-25588) Invalid memory access in `RESTORE` may lead to Remote Code Execution (Time Series)

- (CVE-2026-25589) Invalid memory access in `RESTORE` may lead to Remote Code Execution (Probabilistic)

### Bug fixes

- `SUBSCRIBE`, `PSUBSCRIBE`, `SSUBSCRIBE`: crash on OOM (RED-167788)

- `CONFIG SET`: some settings allow invalid characters (RED-167787)

- `SCRIPT DEBUG`: potential crash on scripts (RED-175507)

- `VADD`: crash or buffer overflow on large `REDUCE` value (RED-170921)

- `VSET`: crash on huge allocations (MOD-12678)

- Potential crash on disconnections and TLS failures (Time Series) (MOD-14850)

- #Q8743 Crash when many keys receive expirations under heavy TTL activity (MOD-14500)

- #Q8850 HNSW vector index memory growth under high-churn workloads until shard restart (MOD-13761)

- #Q9178 Coordinator deadlock under mixed `FT.SEARCH` and `FT.AGGREGATE` load (MOD-14268)

- #Q9049 `FT.PROFILE` output is inconsistent when a profiled value is missing (MOD-10560)

- #Q8793 `FT.EXPLAIN` does not lock, causing a race with concurrent index changes (MOD-14461)

- #Q8600 `FILTER` returns inconsistent results with multiple indexes sharing field aliases (MOD-14063)

- #Q8662 `FILTER` behavior depends on property order in the expression (MOD-14342)

- #Q8602 Filter expressions are evaluated for indexes that do not match the document type (MOD-14064)

- #Q8601 Documents are inconsistently included or excluded depending on the indexing path taken (MOD-13948)

- #Q8599 `RENAME` notification handler loads the wrong key, causing stale index entries after a rename (MOD-14062)

- #Q9019 `PERSIST` and `HPERSIST` notifications are not reflected in index expiration tracking (MOD-14800)

- #Q9081 `FT.SPELLCHECK` treats `PARAMS` placeholders as literal terms instead of resolving them (MOD-10596)

- #Q8464 GC out-of-memory on replica shards leaves the replica in an inconsistent state (MOD-14066)

- #Q8888 `FT.CURSOR` enters an infinite loop when the ACL user lacks specific permissions (MOD-14479)

- #Q9166 Crash on `FT.SEARCH` when topology validation fails (for example, some nodes unreachable) (MOD-14475)

- #Q8453 `FT.INFO`-style output no longer reports zero-index summary data when no indices exist (MOD-14081)

- #Q9076 `FT.CREATE` now rejects schema definitions with invalid option combinations at creation time (MOD-14655)

### Metrics

- #Q8235 `FT.PROFILE`: added queue time tracking (MOD-13602)

================================================================================

Redis 8.2.5 Released Mon 23 Feb 2026 10:00:00 IST

================================================================================

SECURITY: There is a security fix in the release

### Security fixes

- A user can manipulate data read by a connection by injecting \r\n sequences into a Redis error reply

================================================================================

Redis 8.2.4 Released Sun 8 Feb 2026 9:00:00 IST

================================================================================

Update urgency: `SECURITY`: There are security fixes in the release.

### Security fixes

- #T1837, #J1474 Hide Personally Identifiable Information from server log

### Bug fixes

- #J1430 Malformed panic log messages (MOD-9365)

- #P945 Bloom filter: crash on RDB load on large number of filters (MOD-11590)

- #Q6973 Correct empty string token counting in byteOffset calculations to ensure accurate text position tracking (MOD-11233)

- #Q6995 Prevent `FT.INFO` command fanout to replicas to reduce unnecessary cluster traffic

- #Q7034 Correct goto statement handling on RDB load

- #Q7154 Display Background Indexing OOM warning in `FT.AGGREGATE` when memory limits are approached (MOD-11817)

- #Q7219 Resolve concurrency issue in Reducer that caused intermittent errors (MOD-12243)

- #Q7255 Correct `BM25STD` underflow wraparound to prevent incorrect scoring (MOD-12223)

- #Q7264 Ensure accurate `totalDocsLen` updates to maintain correct document statistics (MOD-12234)

- #Q7275 Report used memory as unsigned long to prevent overflow (RED-169833)

- #Q7350 Allow `FT.CREATE` with LeanVec parameters on non-Intel architectures (RED-176382)

- #Q7384 Reduce index load from RDB temporary memory overhead (MOD-12212)

- #Q7435 Ensure full profile output on timeout with `RETURN` policy in `FT.PROFILE` (MOD-12320)

- #Q7446 Remove outdated validation from debug aggregate in cluster mode (MOD-12435)

- #Q7458 Correct GC regression that caused stability issues (MOD-12538)

- #Q7459 Prevent potential double-free in Fork GC error path (MOD-12521)

- #Q7470 Remove draining from Flush callback to avoid blocking

- #Q7499 Propagate `HGETALL` command in HDT mode (MOD-12662)

- #Q7534 Reduce number of worker threads asynchronously to prevent performance degradation (MOD-12252, MOD-11658)

- #Q7554 Handle Coordinator case when `SCORE` is sent alone without extra fields (MOD-12647)

- #Q7561 Prevent memory corruption when freeing searchRequestCtx on error (MOD-12699)

- #Q7685 Resolve cursor logical leak that could lead to resource exhaustion (MOD-12807)

- #Q7710 Add support for `WITHCOUNT` in `FT.AGGREGATE` (MOD-11751)

- #Q7794 Correctly handle binary data with embedded NULLs to prevent crashes (MOD-13010)

- #Q7812 Correct SVS GC for no-workers case (MOD-12983)

- #Q7873 Handle warnings in empty `FT.AGGREGATE` replies in cluster mode (MOD-12640)

- #Q7886 Remove non-TEXT fields from spec's keys dictionary to prevent incorrect field handling (MOD-13150)

- #Q7901 Support multiple warnings in reply to prevent warning loss (MOD-13252)

- #Q8083 Correct `FULLTEXT` field metric count accuracy (MOD-13432)

- #Q8153 Resolve config registration issue (RED-171841)

- #Q7371 Validate `search-min-operation-workers` min value correctly (MOD-12383)

- #Q8151 Correct `FT.PROFILE` shard total profile time calculation (MOD-13735, MOD-13181)

- #Q7165 (Redis Enterprise only) `FT.DROPINDEX` as touches-arbitrary-keys for proper cluster handling causing crash on A-A (MOD-11090)

- #Q7023 (Redis Enterprise only) Ensure all `FT.SUG*` commands are hashslot-aware to prevent cluster routing errors (MOD-11756)

### Performance and resource utilization improvements

- #Q7496 Vector search performance improvements (MOD-12011, MOD-12063, MOD-12629, MOD-12346)

- #Q7694 Use asynchronous jobs in GC for SVS to reduce blocking (MOD-12668)

### Metrics

- #Q7614 Track timeout errors and warnings in info (MOD-12419)

- #Q7646 Track `maxprefixexpansions` errors and warnings in info (MOD-12417)

- #Q7957 Persist query warnings across cursor reads (MOD-12984)

- #Q7341 Rename `FT.PROFILE` counter fields for clarity (MOD-6056)

- #Q7436 Enhance `FT.PROFILE` with vector search execution details (MOD-12263)

- #Q7737 Add `Internal cursor reads` metric to cluster `FT.PROFILE` output (MOD-12414)

- #Q7692 Declare query error struct on `_FT.CURSOR PROFILE` (MOD-12955)

- #Q7552 Add `active_io_threads` metric (MOD-12069, MOD-12695)

- #Q7564 Add `active_worker_threads` metric (MOD-12694, MOD-12069)

- #Q7623 Add `active_coord_threads` metric (MOD-12694, MOD-12069)

- #Q7626 Add `*_pending_jobs` metrics for job queues (MOD-12069)

- #Q7672 Add pending workers admin jobs metric (MOD-12069, MOD-12791)

- #Q7732 Introduce `active_topology_update_threads` metric (MOD-12069, MOD-12790)

- #Q7759 Extend indexing metrics for better observability (MOD-12070)

### Configuration parameters

- #Q7083 Add default scorer configuration option (MOD-10037)

================================================================================

Redis 8.2.3 Released Sun 2 Nov 2025 16:00:00 IST

================================================================================

Update urgency: `SECURITY`: There is a security fix in the release.

### Security fixes

- (CVE-2025-62507) Bug in `XACKDEL` may lead to stack overflow and potential RCE

### Bug fixes

- `HGETEX`: A missing `numfields` argument when `FIELDS` is used can lead to Redis crash

- an overflow in `HyperLogLog` with 2GB+ entries may result in a Redis crash

- Cuckoo filter - Division by zero in Cuckoo filter insertion

- Cuckoo filter - Counter overflow

- Bloom filter - Arbitrary memory read/write with invalid filter

- Bloom filter - Out-of-bounds access with empty chain

- Top-k - Out-of-bounds access

- Bloom filter - Restore invalid filter [We thank AWS security for responsibly disclosing the security bug]

================================================================================

Redis 8.2.2 Released Fri 3 Oct 2025 10:00:00 IST

================================================================================

Update urgency: `SECURITY`: There are security fixes in the release

### Security fixes

- (CVE-2025-49844) A Lua script may lead to remote code execution

- (CVE-2025-46817) A Lua script may lead to integer overflow and potential RCE

- (CVE-2025-46818) A Lua script can be executed in the context of another user

- (CVE-2025-46819) LUA out-of-bound read

### New Features

- #14223 `VSIM`: new `EPSILON` argument to specify maximum distance

- #Q6867,#Q6845 `SVS-VAMANA`: allow use of `BUILD_INTEL_SVS_OPT` flag for Intel optimisations (MOD-10920)

### Bug fixes

- #14319 Potential crash on Lua script defrag

- #14323 Potential crash on streams and HFE defrag

- #14330 Potential use-after-free after pubsub and Lua defrag

- #14288 `MEMORY USAGE`: fix reported value

- #14259 `XGROUP CREATE`, `XGROUP SETID`: limit `ENTRIESREAD` value to the number of entries added to the stream

- #J1374 `JSON.DEL` doesn’t delete all matching object members / array elements (MOD-11032, MOD-11067)

- #P886 `TDIGEST.CREATE` crashes (OOM) on huge initialization values (MOD-10840)

- #Q6787 Potential shard restart while reindexing vectors on RDB loading (MOD-11011)

- #Q6676 Potential crash when using small `CONSTRUCTION_WINDOW_SIZE` on `SVS-VAMANA` (MOD-10771)

- #Q6701 Potential crash (OOM) in heavy updates due a file descriptor leak (MOD-10975)

- #Q6723 Potential crash when using ACL rules (MOD-10748)

- #Q6641 `INFO SEARCH`: `search_used_memory_indexes` vector index memory value incorrect

- #Q6665 `FT.PROFILE`: more accurate execution duration measurements (MOD-10622)

### Performance and resource utilization

- #Q6648 Improve RESP3 serialization performance (MOD-9687)

### Metrics

- #Q6671 `INFO SEARCH`: new `SVS-VAMANA` metrics

=============================================================

8.2.1 (v8.2.1) Committed Mon 18 Aug 2025 12:00:00 IST

=============================================================

Update urgency: `MODERATE`: Program an upgrade of the server, but it's not urgent.

### Bug fixes

- #14240 `INFO KEYSIZES` - potential incorrect histogram updates on cluster mode with modules

- #14274 Disable Active Defrag during flushing replica

- #14276 `XADD` or `XTRIM` can crash the server after loading RDB

- #Q6601 Potential crash when running `FLUSHDB` (MOD-10681)

### Performance and resource utilization

- Query Engine - LeanVec and LVQ proprietary Intel optimizations were removed from Redis Open Source

- #Q6621 Fix regression in `INFO` (MOD-10779)

===========================================================

8.2 GA (v8.2.0) Released Mon 4 Aug 2025 15:00:00 IST

===========================================================

This is the General Availability release of Redis Open Source 8.2.

### Major changes compared to 8.0

- Streams - new commands: `XDELEX` and `XACKDEL`; extension to `XADD` and `XTRIM`

- Bitmap - `BITOP`: new operators: `DIFF`, `DIFF1`, `ANDOR`, and `ONE`

- Query Engine - new SVS-VAMANA vector index type which supports vector compression

- More than 15 performance and resource utilization improvements

- New metrics: per-slot usage metrics, key size distributions for basic data types, and more

### Binary distributions

- Alpine and Debian Docker images - https://hub.docker.com/_/redis

- Install using snap - see https://github.com/redis/redis-snap

- Install using brew - see https://github.com/redis/homebrew-redis

- Install using RPM - see https://github.com/redis/redis-rpm

- Install using Debian APT - see https://github.com/redis/redis-debian

### Operating systems we test Redis 8.2 on

- Ubuntu 22.04 (Jammy Jellyfish), 24.04 (Noble Numbat)

- Rocky Linux 8.10, 9.5

- AlmaLinux 8.10, 9.5

- Debian 12 (Bookworm)

- macOS 13 (Ventura), 14 (Sonoma), 15 (Sequoia)

### Security fixes (compared to 8.2-RC1)

- (CVE-2025-32023) Fix out-of-bounds write in `HyperLogLog` commands

- (CVE-2025-48367) Retry accepting other connections even if the accepted connection reports an error

### New Features (compared to 8.2-RC1)

- #14141 Keyspace notifications - new event types:

- `OVERWRITTEN` - the value of a key is completely overwritten

- `TYPE_CHANGED` - key type change

### Bug fixes (compared to 8.2-RC1)

- #14162 Crash when using evport with I/O threads

- #14163 `EVAL` crash when error table is empty

- #14144 Vector sets - RDB format is not compatible with big endian machines

- #14165 Endless client blocking for blocking commands

- #14164 Prevent `CLIENT UNBLOCK` from unblocking `CLIENT PAUSE`

- #14216 TTL was not removed by the `SET` command

- #14224 `HINCRBYFLOAT` removes field expiration on replica

### Performance and resource utilization improvements (compared to 8.2-RC1)

- #14200 Store iterators on stack instead of on heap

- #14144 Vector set - improve RDB loading / RESTORE speed by storing the worst link info

- #Q6430 More compression variants for the SVS-VAMANA vector index

- #Q6535 `SHARD_K_RATIO` parameter - favor network latency over accuracy for KNN vector query in a Redis cluster (unstable feature) (MOD-10359)

### Modules API

- #14051 `RedisModule_Get*`, `RedisModule_Set*` - allow modules to access Redis configurations

- #14114 `RM_UnsubscribeFromKeyspaceEvents` - unregister a module from specific keyspace notifications

===========================================================

8.2-RC1 (v8.1.240) Committed Thu 3 Jul 2025 20:00:00 IST

===========================================================

This is the first Release Candidate of Redis Open Source 8.0.

Release Candidates are feature-complete pre-releases. Pre-releases are not suitable for production use.

### Headlines

Redis 8.2 introduces major performance and memory footprint improvements, new commands, and command extensions.

8.2-RC1 is available as a Docker image and can be downloaded from [Docker Hub](https://hub.docker.com/_/redis). Additional distributions will be introduced in upcoming pre-releases.

### Security fixes

- (CVE-2025-27151) redis-check-aof may lead to stack overflow and potential RCE

### New Features

- #14130 Streams - new commands: `XDELEX` and `XACKDEL`; extension to `XADD` and `XTRIM`

- #14039 New command: `CLUSTER SLOT-STATS` - get per-slot usage metrics such as key count, CPU time, and network I/O

- #14122 `VSIM` - new `IN` operator for filtering expression

- #Q6329, #Q6329 - Query Engine - new SVS-VAMANA vector index type which supports vector compression (optimized for Intel machines)

### Bug fixes

- #14143 Gracefully handle short read errors for hashes with TTL during full sync

### Performance and resource utilization improvements

- #14103 Optimize `BITCOUNT` by introducing prefetching

- #14121 Optimize `SCAN` by performing expiration checks only on DBs with volatile keys

- #14140 Optimize expiry check in `scanCallback`

- #14131 Optimize `LREM`, `LPOS`, `LINSERT`, `ZRANK`, and more by caching `string2ll` results in `quicklistCompare`

- #14088 Optimize `COPY`, `RENAME`, and `RESTORE` when TTL is used

- #14074 Reduce the overhead associated with tracking `malloc`’s usable memory

- #13900 Optimize the client’s cron to avoid blocking the main thread

- #J1351 JSON - memory footprint improvement by inlining numbers (MOD-9511)

### Metrics

- #14067 `INFO`: `used_memory_peak_time` - time when `used_memory_peak` was hit

- #13990 `INFO`:

- `master_current_sync_attempts` - number of times the replica attempted to sync to a master since last disconnection

- `master_total_sync_attempts` - number of times the replica attempted to sync to a master

- `master_link_up_since_seconds` - number of seconds since the link has been up

- `total_disconnect_time_sec` - total cumulative time we've been disconnected as a replica

===========================================================

8.2-M01 (v8.1.224) Released Thu 19 Jun 2024 10:00:00 IST

===========================================================

This is the first Milestone of Redis Open Source 8.2.

Milestones are non-feature-complete pre-releases. Pre-releases are not suitable for production use.

Once we reach feature-completeness we will release RC1.

### Headlines:

Redis 8.2 introduces major performance and memory footprint improvements, and command extensions.

8.2-M01 is available as a Docker image and can be downloaded from [Docker Hub](https://hub.docker.com/_/redis). Additional distributions will be introduced in upcoming pre-releases.

### New Features

- #13898 `BITOP`: new operators: `DIFF`, `DIFF1`, `ANDOR`, and `ONE` (RED-143607)

- #14065 `VSIM`: Add new `WITHATTRIBS` to return the JSON attribute associated with an element

### Bug fixes (compared to 8.0.2)

- #13984 Memory usage and overhead report not updated when emptying or releasing a dict

- #14081 Cron-based timers run twice as fast when active defrag is enabled

- #14085 A short read may lead to an exit() on a replica

- #14092 db->expires is not defragmented

### Performance and resource utilization improvements (compared to 8.0.2)

- #13806 Keyspace - unify key and value

- #13968 Offload memory release of argv and rewrite objects into I/O threads

- #13969 Make I/O threads and main thread process in parallel and reduce notifications

- #14017 Improve I/O threads performance by using memory prefetching

- #J1351 JSON - Reduce memory footprint of numerical values (MOD-9511)

### Metrics

- #13944 `CLIENT INFO` and `CLIENT LIST`:

- `tot-net-in`: total network bytes read from the client connection

- `tot-net-out`: total network bytes sent to the client connection

- `tot-cmds`: number of commands executed by the client connection

- #13907 `INFO`: `sentinel` section - `sentinel_total_tilt` - number of times entering tilt mode