Package "valkey"

  valkey (7.2.10+dfsg1-0ubuntu0.1) noble; urgency=medium

  * New upstream version 7.2.10 (LP: #2115258)
    - Security fixes:
      + CVE-2025-21605: Allocation of Resources Without Limits or Throttling.
      + CVE-2025-32023: Out-of-bounds write during hyperloglog operations.
      + CVE-2025-48367: IP Protocol errors resulting in DoS.
      + CVE-2025-27151: AOF file name length not checked.
    - Bug fixes:
      + Only mark the client reprocessing flag when unblocked on keys.
      + Free module context even if there was no content written in auxsave2.
      + Fix Detect SSL_new() returning NULL in outgoing connections.
      + Correctly cast the extension lengths.
      + Fix cluster myself CLUSTER SLOTS/NODES wrong port after updating
        port/tls-port.
      + Fix replica can't finish failover when config epoch is outdated.
      + Fix CLIENT UNBLOCK ability to unpause paused clients.
      + Fix defrag crash when using FLUSHDB ASYNC in cluster mode.
      + Fix memory leak in forgotten node ping ext code path.
      + Fix module LatencyAddSample still work when latency-monitor-threshold
        is 0.
      + Fix raxRemove crash at memcpy() due to key size exceeds max Rax size.
      + Fix error "SSL routines::bad length" when connTLSWrite is called second
        time with smaller buffer.
      + Fix RANDOMKEY infinite loop during CLIENT PAUSE.
      + Fix adding samples to stream object consumer trees.
      + Fix panic in primary when blocking shutdown after previous block with
        timeout.
      + Fix incorrect lag reported in XINFO GROUPS.

 -- Lena Voytek <email address hidden> Tue, 24 Jun 2025 15:08:25 -0400

  valkey (7.2.8+dfsg1-0ubuntu0.24.04.3) noble; urgency=medium

  * d/valkey-redis-compat.postinst: Do not migrate on upgrade if redis files
    have already been migrated (LP: #2104217).

 -- Lena Voytek <email address hidden> Wed, 18 Jun 2025 16:58:33 -0400

  valkey (7.2.8+dfsg1-0ubuntu0.24.04.2) noble-security; urgency=medium

  * No-change rebuild in the ~security pocket

 -- Julia Sarris <email address hidden> Mon, 03 Mar 2025 10:25:22 -0500

  valkey (7.2.8+dfsg1-0ubuntu0.24.04.1) noble; urgency=medium

  * New upstream version 7.2.8 (LP: #2097546)
    - Security fixes:
      + CVE-2024-46981: Lua script commands may lead to remote code
        execution.
      + CVE-2024-51741: Denial-of-service due to malformed ACL
        selectors.
    - Bug fixes:
      + Fix extra memory use when storing strings in inline protocol.
      + Fix error message when FUNCTION KILL is used on a script.
      + Fix last accessed time update using TOUCH with CLIENT NO-TOUCH
        option.

 -- Lena Voytek <email address hidden> Thu, 06 Feb 2025 08:58:24 -0500

  valkey (7.2.7+dfsg1-0ubuntu0.24.04.1) noble; urgency=medium

  * New upstream version 7.2.7 (LP: #2091129)
    - Security fixes:
      + CVE-2024-31449: Lua library commands may lead to stack overflow and
        potential RCE.
      + CVE-2024-31227: Potential Denial-of-service due to malformed ACL
        selectors.
      + CVE-2024-31228: Potential Denial-of-service due to unbounded pattern
        matching.
    - Bug fixes:
      + Fix re-enable of Append-Only File flag in RdbLoad module.
      + Fix cluster replica failure to establish replication link in race
        condition.
      + Fix valkeymodule-rs build issues due to typo in REGISTER_API.
      + Fix crash where command duration is not reset when client is blocked.
      + Fix CLUSTER SHARDS empty array return.
      + Fix client auth block when a cluster is down.
      + Fix MEET request reliability during link failure.
      + Ensure the --count option in redis-cli works correctly even without
        --pattern.
      + Fix redis-check-aof misidentifying data in manifest format as MP-AOF.
    - Updates:
      + Add clusterNodeIsVotingPrimary concept to fix issue where nodes outside
        the quorum group could mark nodes as failed.
      + Add compatibility with redis-sentinel for starting sentinel.
      + Update redis-check-rdb types to replace stream-v2 with stream-v3
  * d/watch: Fix repack suffix

 -- Lena Voytek <email address hidden> Thu, 05 Dec 2024 14:44:44 -0700