Skip to content

Bump redis 6.2.20-alpine #3988

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 7, 2025
Merged

Bump redis 6.2.20-alpine #3988

merged 1 commit into from
Oct 7, 2025

Conversation

aminvakil
Copy link
Collaborator

@aminvakil aminvakil commented Oct 7, 2025
edited
Loading

https://redis.io/blog/security-advisory-cve-2025-49844/

[CVE-2025-49844] Lua use-after-free may lead to remote code execution. CVSS Score: 10.0 (Critical)

An authenticated user may use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution.

This may need another release before 25.10.0 .

self-hosted redis is not exposed to outside of docker network though, so whatever security team decides.

Legal Boilerplate

Look, I get it. The entity doing business as "Sentry" was incorporated in the State of Delaware in 2015 as Functional Software, Inc. and is gonna need some rights from me in order to utilize my contributions in this here PR. So here's the deal: I retain all rights, title and interest in and to my contributions, and by keeping this boilerplate intact I confirm that Sentry can use, modify, copy, and redistribute my contributions, under Sentry's choice of terms.

@aminvakil aminvakil requested review from BYK and aldy505 October 7, 2025 13:32
@aldy505 aldy505 requested review from mdtro and oioki October 7, 2025 13:42
@aldy505
Copy link
Collaborator

aldy505 commented Oct 7, 2025

Requested review to security team for visibility

@aldy505 aldy505 requested a review from hubertdeng123 October 7, 2025 14:40
@hubertdeng123 hubertdeng123 merged commit 0ed3569 into getsentry:master Oct 7, 2025
10 checks passed
@aminvakil aminvakil deleted the redis-6.2.20 branch October 7, 2025 22:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@oioki oioki oioki approved these changes

@aldy505 aldy505 aldy505 approved these changes

@hubertdeng123 hubertdeng123 hubertdeng123 approved these changes

@BYK BYK Awaiting requested review from BYK

@mdtro mdtro Awaiting requested review from mdtro

Assignees

No one assigned

Labels

None yet

Projects

Self-hosted Sentry
Archived in project

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@aminvakil @aldy505 @oioki @hubertdeng123