Update urgency: SECURITY: There are security fixes in the release.

Security fixes

• (CVE-2026-23479) Use-After-Free in unblock client flow may lead to Remote Code Execution.
• (CVE-2026-25243) Invalid memory access in RESTORE may lead to Remote Code Execution
• (CVE-2026-23631) Lua Use-After-Free may lead to remote code execution
• (CVE-2026-25588) Invalid memory access in RESTORE may lead to Remote Code Execution (Time Series)
• (CVE-2026-25589) Invalid memory access in RESTORE may lead to Remote Code Execution (Probabilistic)

Bug fixes

• SUBSCRIBE, PSUBSCRIBE, SSUBSCRIBE: crash on OOM (RED-167788)
• CONFIG SET: some settings allow invalid characters (RED-167787)
• SCRIPT DEBUG: potential crash on scripts (RED-175507)
• VADD: crash or buffer overflow on large REDUCE value (RED-170921)
• VSET: crash on huge allocations (MOD-12678)
• Potential crash on disconnections and TLS failures (Time Series) (MOD-14850)
• RediSearch/RediSearch#8745 Crash when many keys receive expirations under heavy TTL activity (MOD-14500)
• RediSearch/RediSearch#8848 HNSW vector index memory growth under high-churn workloads until shard restart (MOD-13761)
• RediSearch/RediSearch#8205, RediSearch/RediSearch#8259 FT.HYBRID VSIM RANGE + FILTER incorrectly returns zero results (MOD-12370, MOD-13884)
• RediSearch/RediSearch#9182 FT.PROFILE HYBRID returns an empty reply (MOD-14778)
• RediSearch/RediSearch#8129, RediSearch/RediSearch#8140 FT.PROFILE reports an incorrect shard total profile time (MOD-13735, MOD-13181)
• RediSearch/RediSearch#9047 FT.PROFILE output is inconsistent when a profiled value is missing (MOD-10560)
• RediSearch/RediSearch#8791 FT.EXPLAIN does not lock, causing a race with concurrent index changes (MOD-14461)
• RediSearch/RediSearch#8382 Crash when indexing negative zero (-0.0) (MOD-13904)
• RediSearch/RediSearch#8590 FILTER returns inconsistent results with multiple indexes sharing field aliases (MOD-14063)
• RediSearch/RediSearch#8660 FILTER behavior depends on property order in the expression (MOD-14065)
• RediSearch/RediSearch#8593 Filter expressions are evaluated for indexes that do not match the document type (MOD-14064)
• RediSearch/RediSearch#8591 Documents are inconsistently included or excluded depending on the indexing path taken (MOD-13948)
• RediSearch/RediSearch#8589 RENAME notification handler loads the wrong key, causing stale index entries after a rename (MOD-14328)
• RediSearch/RediSearch#9012 PERSIST and HPERSIST notifications are not reflected in index expiration tracking (MOD-14800)
• RediSearch/RediSearch#9079 FT.SPELLCHECK treats PARAMS placeholders as literal terms instead of resolving them (MOD-10596)
• RediSearch/RediSearch#8462 GC out-of-memory on replica shards leaves the replica in an inconsistent state (MOD-14066)
• RediSearch/RediSearch#9066 Race condition in FT.HYBRID causes intermittent failures under concurrent hybrid query load (MOD-14732)
• RediSearch/RediSearch#8109, RediSearch/RediSearch#8149 Configuration registration omits module parameters, causing them to be unexposed or misapplied (RED-171841)
• RediSearch/RediSearch#9163 Crash on FT.SEARCH when topology validation fails (for example, some nodes unreachable) (MOD-14475)
• RediSearch/RediSearch#8395 FT.SEARCH fails with "Query requires unavailable slots" after shard restart or failover (MOD-13828)
• RediSearch/RediSearch#8451 FT.INFO-style output no longer reports zero-index summary data when no indices exist (MOD-14079)
• RediSearch/RediSearch#9078 FT.CREATE now rejects schema definitions with invalid option combinations at creation time (MOD-14655)
• RediSearch/RediSearch#8051, RediSearch/RediSearch#8114 Crash diagnostics now include the IndexSpec of the index the failing thread was working on (MOD-7574)

Metrics

• RediSearch/RediSearch#8210, RediSearch/RediSearch#8231 FT.PROFILE: added queue time tracking (MOD-13602)

Update urgency: SECURITY: There are security fixes in the release.

Security fixes

• (CVE-2026-23479) Use-After-Free in unblock client flow may lead to Remote Code Execution.
• (CVE-2026-25243) Invalid memory access in RESTORE may lead to Remote Code Execution
• (CVE-2026-23631) Lua Use-After-Free may lead to remote code execution
• (CVE-2026-25588) Invalid memory access in RESTORE may lead to Remote Code Execution (Time Series)
• (CVE-2026-25589) Invalid memory access in RESTORE may lead to Remote Code Execution (Probabilistic)

Bug fixes

• SUBSCRIBE, PSUBSCRIBE, SSUBSCRIBE: crash on OOM (RED-167788)
• CONFIG SET: some settings allow invalid characters (RED-167787)
• SCRIPT DEBUG: potential crash on scripts (RED-175507)
• VADD: crash or buffer overflow on large REDUCE value (RED-170921)
• VSET: crash on huge allocations (MOD-12678)
• Potential crash on disconnections and TLS failures (Time Series) (MOD-14850)
• RediSearch/RediSearch#8744 Crash when many keys receive expirations under heavy TTL activity (MOD-14500)
• RediSearch/RediSearch#8849 HNSW vector index memory growth under high-churn workloads until shard restart (MOD-13761)
• RediSearch/RediSearch#8258 FT.HYBRID VSIM RANGE + FILTER incorrectly returns zero results (MOD-13885)
• RediSearch/RediSearch#9183 FT.PROFILE HYBRID returns an empty reply (MOD-14778)
• RediSearch/RediSearch#9048 FT.PROFILE output is inconsistent when a profiled value is missing (MOD-10560)
• RediSearch/RediSearch#8792 FT.EXPLAIN does not lock, causing a race with concurrent index changes (MOD-14461)
• RediSearch/RediSearch#8384 Crash when indexing negative zero (-0.0) (MOD-13904)
• RediSearch/RediSearch#8596 FILTER returns inconsistent results with multiple indexes sharing field aliases (MOD-14063)
• RediSearch/RediSearch#8661 FILTER behavior depends on property order in the expression (MOD-14065)
• RediSearch/RediSearch#8598 Filter expressions are evaluated for indexes that do not match the document type (MOD-14064)
• RediSearch/RediSearch#8597 Documents are inconsistently included or excluded depending on the indexing path taken (MOD-13948)
• RediSearch/RediSearch#8595 RENAME notification handler loads the wrong key, causing stale index entries after a rename (MOD-14062)
• RediSearch/RediSearch#9011 PERSIST and HPERSIST notifications are not reflected in index expiration tracking (MOD-14800)
• RediSearch/RediSearch#9080 FT.SPELLCHECK treats PARAMS placeholders as literal terms instead of resolving them (MOD-10596)
• RediSearch/RediSearch#8461 GC out-of-memory on replica shards leaves the replica in an inconsistent state (MOD-14066)
• RediSearch/RediSearch#9091 Race condition in FT.HYBRID causes intermittent failures under concurrent hybrid query load (MOD-14732)
• RediSearch/RediSearch#9161 Coordinator deadlock under mixed FT.SEARCH and FT.AGGREGATE load (MOD-14268)
• RediSearch/RediSearch#9165 Crash on FT.SEARCH when topology validation fails (for example, some nodes unreachable) (MOD-14475)
• RediSearch/RediSearch#8394 FT.SEARCH fails with "Query requires unavailable slots" after shard restart or failover (MOD-13828)
• RediSearch/RediSearch#8452 FT.INFO-style output no longer reports zero-index summary data when no indices exist (MOD-14080)
• RediSearch/RediSearch#9077 FT.CREATE now rejects schema definitions with invalid option combinations at creation time (MOD-14655)

Metrics

• RediSearch/RediSearch#8210, RediSearch/RediSearch#8231 FT.PROFILE: added queue time tracking (MOD-13602)

Update urgency: SECURITY: There are security fixes in the release.

Security fixes

• (CVE-2026-23479) Use-After-Free in unblock client flow may lead to Remote Code Execution.
• (CVE-2026-25243) Invalid memory access in RESTORE may lead to Remote Code Execution
• (CVE-2026-23631) Lua Use-After-Free may lead to remote code execution
• (CVE-2026-25588) Invalid memory access in RESTORE may lead to Remote Code Execution (Time Series)
• (CVE-2026-25589) Invalid memory access in RESTORE may lead to Remote Code Execution (Probabilistic)

Bug fixes

• SUBSCRIBE, PSUBSCRIBE, SSUBSCRIBE: crash on OOM (RED-167788)
• CONFIG SET: some settings allow invalid characters (RED-167787)
• SCRIPT DEBUG: potential crash on scripts (RED-175507)
• VADD: crash or buffer overflow on large REDUCE value (RED-170921)
• VSET: crash on huge allocations (MOD-12678)
• Potential crash on disconnections and TLS failures (Time Series) (MOD-14850)
• RediSearch/RediSearch#8743 Crash when many keys receive expirations under heavy TTL activity (MOD-14500)
• RediSearch/RediSearch#8850 HNSW vector index memory growth under high-churn workloads until shard restart (MOD-13761)
• RediSearch/RediSearch#9178 Coordinator deadlock under mixed FT.SEARCH and FT.AGGREGATE load (MOD-14268)
• RediSearch/RediSearch#9049 FT.PROFILE output is inconsistent when a profiled value is missing (MOD-10560)
• RediSearch/RediSearch#8793 FT.EXPLAIN does not lock, causing a race with concurrent index changes (MOD-14461)
• RediSearch/RediSearch#8600 FILTER returns inconsistent results with multiple indexes sharing field aliases (MOD-14063)
• RediSearch/RediSearch#8662 FILTER behavior depends on property order in the expression (MOD-14342)
• RediSearch/RediSearch#8602 Filter expressions are evaluated for indexes that do not match the document type (MOD-14064)
• RediSearch/RediSearch#8601 Documents are inconsistently included or excluded depending on the indexing path taken (MOD-13948)
• RediSearch/RediSearch#8599 RENAME notification handler loads the wrong key, causing stale index entries after a rename (MOD-14062)
• RediSearch/RediSearch#9019 PERSIST and HPERSIST notifications are not reflected in index expiration tracking (MOD-14800)
• RediSearch/RediSearch#9081 FT.SPELLCHECK treats PARAMS placeholders as literal terms instead of resolving them (MOD-10596)
• RediSearch/RediSearch#8464 GC out-of-memory on replica shards leaves the replica in an inconsistent state (MOD-14066)
• RediSearch/RediSearch#8888 FT.CURSOR enters an infinite loop when the ACL user lacks specific permissions (MOD-14479)
• RediSearch/RediSearch#9166 Crash on FT.SEARCH when topology validation fails (for example, some nodes unreachable) (MOD-14475)
• RediSearch/RediSearch#8453 FT.INFO-style output no longer reports zero-index summary data when no indices exist (MOD-14081)
• RediSearch/RediSearch#9076 FT.CREATE now rejects schema definitions with invalid option combinations at creation time (MOD-14655)

Metrics

• RediSearch/RediSearch#8235 FT.PROFILE: added queue time tracking (MOD-13602)

Update urgency: SECURITY: There are security fixes in the release.

Security fixes

• (CVE-2026-23479) Use-After-Free in unblock client flow may lead to Remote Code Execution.
• (CVE-2026-25243) Invalid memory access in RESTORE may lead to Remote Code Execution
• (CVE-2026-23631) Lua Use-After-Free may lead to remote code execution

Bug fixes

• SUBSCRIBE, PSUBSCRIBE, SSUBSCRIBE: crash on OOM (RED-167788)
• CONFIG SET: some settings allow invalid characters (RED-167787)
• SCRIPT DEBUG: potential crash on scripts (RED-175507)

Update urgency: SECURITY: There are security fixes in the release.

Security fixes

• (CVE-2026-23479) Use-After-Free in unblock client flow may lead to Remote Code Execution.
• (CVE-2026-25243) Invalid memory access in RESTORE may lead to Remote Code Execution
• (CVE-2026-23631) Lua Use-After-Free may lead to remote code execution

Bug fixes

• SUBSCRIBE, PSUBSCRIBE, SSUBSCRIBE: crash on OOM (RED-167788)
• CONFIG SET: some settings allow invalid characters (RED-167787)
• SCRIPT DEBUG: potential crash on scripts (RED-175507)

Update urgency: SECURITY: There is a security fix in the release.

Security fixes

• (CVE-2026-25243) Invalid memory access in RESTORE may lead to Remote Code Execution

Bug fixes

• SUBSCRIBE, PSUBSCRIBE, SSUBSCRIBE: crash on OOM (RED-167788)
• SCRIPT DEBUG: potential crash on scripts (RED-175507)

Redis 8.6 on Redis Cloud Essentials, Metrics resolution updates

This is the third Milestone of Redis 8.8 in Redis Open Source.

Milestones are non-feature-complete pre-releases. Pre-releases are not suitable for production use.

Headlines:

Redis 8.8 introduces new features and performance improvements.

Operating systems we test Redis 8.8 on

• Ubuntu 22.04 (Jammy Jellyfish), 24.04 (Noble Numbat), 26.04 (Resolute Raccoon)
• Rocky Linux 8.10, 9.7, 10.1
• AlmaLinux 8.10, 9.7, 10.1
• Debian 12.13 (Bookworm), Debian 13.4 (Trixie)
• Alpine 3.23
• macOS 14.8.4 (Sonoma), 15.7.4 (Sequoia), 26.3 (Tahoe) - for both Intel and ARM

New Features (compared to 8.8-M02)

• #14958 Subkey notification for hash fields - field-level notifications
• RediSearch/RediSearch#8227 FT.HYBRID KNN clause: new argument to request fewer candidates per shard
• RediSearch/RediSearch#8060 FT.PROFILE HYBRID: profiling support for FT.HYBRID

Bug fixes (compared to 8.8-M02)

• #15034, #15081 Issues processing corrupt RDB data
• #15059 Use-after-free
• #15073 CLIENT TRACKING: self-overlap returning non-zero loop index
• #14982 SCAN commands: integer overflow in COUNT parameter
• #14956 Crash on HSETEX when a field appears more than once and an expiry is specified
• #15015 Change log level for unknown extension types from LL_WARNING to LL_VERBOSE
• #14995 Unnecessary -ERR and \r\n
• RediSearch/RediSearch#8708 Crash when many keys receive expirations under heavy TTL activity
• RediSearch/RediSearch#8774 Coordinator deadlock under mixed FT.SEARCH and FT.AGGREGATE load
• RediSearch/RediSearch#8415 Crash on FT.SEARCH when topology validation fails (for example, some nodes unreachable)
• RediSearch/RediSearch#8322 Crash when indexing negative zero (-0.0)
• RediSearch/RediSearch#8843 HNSW vector index memory growth under high-churn workloads until shard restart
• RediSearch/RediSearch#8396 FILTER returns inconsistent results with multiple indexes sharing field aliases
• RediSearch/RediSearch#8205 FT.HYBRID VSIM RANGE + FILTER incorrectly returns zero results
• RediSearch/RediSearch#8817 Instability and crashes in long-running search cursors during concurrent index updates
• RediSearch/RediSearch#8388 FT.SEARCH fails with “Query requires unavailable slots” after shard restart or failover
• RediSearch/RediSearch#8548 FILTER behavior depends on property order in the expression
• RediSearch/RediSearch#8320 Index FILTER applied inconsistently when documents are missing filtered fields
• RediSearch/RediSearch#8752 Missing blocked-client FAIL timeout mechanism for coordinator-level FT.AGGREGATE
• RediSearch/RediSearch#8657 Missing shard-level FAIL timeout handling for FT.HYBRID queries
• RediSearch/RediSearch#8420 Missing coordinator-level FAIL timeout handling for FT.HYBRID queries
• RediSearch/RediSearch#8335 Legacy shard-level FAIL handling for FT.SEARCH / FT.AGGREGATE
• RediSearch/RediSearch#8191 FT.SEARCH coordinator lacks strict FAIL timeout enforcement

Performance and resource utilization improvements (compared to 8.8-M02)

• #15114 Optimize SET key value GET
• #15065, #15118 Scan commands key collection: replace list with append-only pointer vector
• #15061 Widen fast_float_strtod fast path to 17-19 digit mantissas
• RediSearch/RediSearch#8378 Optimize filter expression evaluation: skip indexes not matching the document type (MOD-14064)

Metrics (compared to 8.8-M02)

• RediSearch/RediSearch#8246 ‘frontend_buffer_size’, ‘HNSW_main_thread_insertion’: metrics for tiered vector indexes (MOD-13819)
• RediSearch/RediSearch#8210 FT.PROFILE: added queue time tracking (MOD-13602)
• RediSearch/RediSearch#8283 INFO: Skip metrics when there are no indices (MOD-13903)
• RediSearch/RediSearch#7417 Add unique error message ids for improved debugging and troubleshooting (MOD-11806)

Configuration parameters

• RediSearch/RediSearch#8876 search-workers: change default to 16 (MOD-14486)
• RediSearch/RediSearch#8352 BG_INDEX_SLEEP_DURATION_US: sleep duration during background indexing (MOD-13994)

🚀 Highlights

FIPS-Compatible Script Helper

Script now supports a FIPS-safe execution mode that avoids client-side SHA-1 computation, which is blocked in strict FIPS environments. A new NewScriptServerSHA constructor uses SCRIPT LOAD to obtain and cache the digest from the server, then runs commands via EVALSHA/EVALSHA_RO. Falls back to EVAL/EVALRO if loading fails, and transparently retries once on NOSCRIPT. The default behavior is unchanged for existing users.

(#3700) by @chaitanyabodlapati

FT.AGGREGATE Step-Based Pipeline Builder

Added a new step-based FT.AGGREGATE pipeline API via FTAggregateOptions.Steps, allowing LOAD, APPLY, GROUPBY, and SORTBY (with per-step MAX) to be repeated and interleaved in arbitrary order — matching Redis's native multi-stage aggregation semantics. The legacy Load/Apply/GroupBy/SortBy/SortByMax fields are now deprecated.

(#3782) by @ndyakov

Raw RESP Protocol Access

Added DoRaw and DoRawWriteTo methods for executing arbitrary commands and reading the raw RESP response. Useful for proxying, custom protocol inspection, and working with commands not yet wrapped by go-redis.

(#3713) by @ofekshenawa

Configurable Dial Retry Backoff

Added DialerRetryBackoff option (plumbed through Options, ClusterOptions, RingOptions, FailoverOptions) to let callers customize the delay between failed dial attempts. Helpers DialRetryBackoffConstant and DialRetryBackoffExponential (with jitter and cap) are provided out of the box. Dial timeout is now also applied per attempt rather than across all retries.

(#3706, #3705) by @mwhooker

✨ New Features

• FT.AGGREGATE Steps: Step-based pipeline builder for FT.AGGREGATE with support for repeated/interleaved LOAD, APPLY, GROUPBY, and SORTBY stages (#3782) by @ndyakov
• VectorSet commands: Added VISMEMBER and WITHATTRIBS support (#3753) by @romanpovol
• FIPS-safe Script: NewScriptServerSHA uses SCRIPT LOAD to obtain the digest from the server, avoiding client-side SHA-1 (#3700) by @chaitanyabodlapati
• Raw RESP access: DoRaw and DoRawWriteTo for raw RESP protocol access (#3713) by @ofekshenawa
• Dial retry backoff: DialerRetryBackoff function option with constant and exponential helpers (#3706) by @mwhooker
• Typed NOSCRIPT error: Redis NOSCRIPT replies are now surfaced as a typed error for easier handling (#3738) by @LINKIWI
• PubSub ClientSetName: Added ClientSetName method to PubSub (#3727) by @Flack74
• ReplicaOf: New ReplicaOf method replaces the deprecated SlaveOf (#3720) by @Copilot
• HSCAN BinaryUnmarshaler: HScan now supports types implementing encoding.BinaryUnmarshaler (#3768) by @Aaditya-dubey1

🐛 Bug Fixes

• Auto hostname type detection: Improved endpoint type detection for maintenance notifications using DNS-based classification; handles empty hosts and expanded private-IP ranges (#3789) by @ndyakov
• HELLO fallback: Don't send CLIENT MAINT_NOTIFICATIONS handshake when HELLO fails and connection falls back to RESP2; fail fast when explicitly enabled with RESP3 (#3788) by @ndyakov
• Dial TCP retry: ShouldRetry now treats net.OpError with Op == "dial" timeout errors as safe to retry since no command was sent (#3787) by @vladisa88
• wrappedOnClose leak: Fixed resource leak caused by repeatedly wrapping baseClient close logic; replaced with a bounded, concurrency-safe named-hook registry (#3785) by @ndyakov
• Pool Close() on stale connections: Suppress close errors (e.g., TLS closeNotify timeouts) for connections already dropped by the server due to idle timeout (#3778) by @ofekshenawa
• FIFO waiter ordering: Fixed race in ConnStateMachine.notifyWaiters that could wake multiple waiters under a single mutex hold and violate FIFO ordering (#3777) by @0x48core
• Lua READONLY detection: Detect READONLY errors embedded in Lua script error messages on read-only replicas so commands are correctly retried (#3769) by @zhengjilei
• VectorScoreSliceCmd RESP2: Fixed VSimWithScores, VSimWithArgsWithScores, and VLinksWithScores which were broken on RESP2 connections returning flat arrays instead of maps (#3767) by @Copilot
• Closed connection handling: Two fixes for closed connection handling in the pool (#3764) by @cxljs
• ZRangeArgs Rev: Fixed ZRangeArgs with Rev + ByScore/ByLex incorrectly swapping Start/Stop, breaking ZRANGESTORE (#3751) by @Copilot
• OTel metric instrument types: Fixed metric instrument types in redisotel-native (#3743) by @ofekshenawa
• Options.clone() data race: Fixed data race when cloning Options (#3739) by @rubensayshi
• Connection closure metrics: Fixed connection closure metrics and enabled all metric groups by default in redisotel-native (#3735) by @ofekshenawa
• OTel semconv v1.38.0: Use metric definition from otel/semconv/v1.38.0 in redisotel-native (#3731) by @wzy9607
• SETNX semantics: Use SET ... NX instead of the deprecated SETNX command (#3723) by @ndyakov
• TIME keyless routing: Mark TIME as a keyless command for correct cluster routing (#3722) by @fatal10110
• Dial timeout per retry: Dial timeout now applies per attempt instead of across all retry attempts combined (#3705) by @mwhooker
• Cluster metrics attributes: Fixed pool.name being appended per node, which corrupted and dropped user-provided custom attributes (#3699) by @Jesse-Bonfire
• initConn nil dereference: Fixed nil pointer dereference and potential deadlock in *baseClient.initConn(); added explicit nil option guards to client constructors (#3676) by @olde-ducke

⚡ Performance

• RESP reader: Optimized RESP reader by eliminating intermediate string allocations (#3774) by @Aaditya-dubey1
• Inline rendezvous hashing: Replaced github.com/dgryski/go-rendezvous dependency with an in-repo implementation in internal/hashtag, reducing the dependency graph while preserving algorithm parity (#3762) by @bigsk05

🧪 Testing & Infrastructure

• Release automation: Added repository, ref, and client-libs-test-image-tag inputs to the run-tests composite action; redis-version is now optional so unstable builds use REDIS_VERSION from the Makefile (#3749) by @dariaguy
• Go 1.24: Updated minimum Go version to 1.24 and use -compat=1.24 in release scripts (#3714, #3754) by @ndyakov, @cxljs

🧰 Maintenance

• Pool state machine: Removed redundant Conn.closed atomic field in favor of the state machine's StateClosed (#3783) by @cxljs
• OTel SDK: Updated OpenTelemetry SDK dependencies in redisotel/redisotel-native (#3770) by @ndyakov
• Go 1.21+ built-ins: Use maps.Keys, slices.Collect, slices.Contains, clear(), and slices.SortFunc instead of custom helpers (#3758, #3746) by @cxljs
• HGetAll docs: Added Go doc comment to HGetAll describing behavior and complexity (#3776) by @0x48core
• Docs links: Fixed irrelevant docs links (#3724) by @olzhas-sabiyev
• Examples cleanup: Removed throughput binary from examples (#3733) by @ndyakov

👥 Contributors

We'd like to thank all the contributors who worked on this release!

@0x48core, @Aaditya-dubey1, @Copilot, @Flack74, @Jesse-Bonfire, @LINKIWI, @bigsk05, @chaitanyabodlapati, @cxljs, @dariaguy, @fatal10110, @mwhooker, @ndyakov, @ofekshenawa, @olde-ducke, @olzhas-sabiyev, @romanpovol, @rubensayshi, @vladisa88, @wzy9607, @zhengjilei

Full Changelog: https://github.com/redis/go-redis/compare/v9.18.0...v9.19.0

This is a maintenance release of Redis Insight.

Bug fixes

• Fixed issues with the Windows auto-update, so the new version is delivered automatically the next time the app is started.

SHA-512 Checksums

https://redis.io/docs/latest/develop/tools/insight/release-notes/v.3.4.2/

Full Changelog: https://github.com/redis/RedisInsight/compare/3.4.1...3.4.2

This is the General Availability (GA) release of Redis Insight 3.4.1, which includes new features, enhancements and bug fixes.

Headlines

• New dedicated Search workspace with full index lifecycle support: create indexes from sample data or existing user data, query indexed data with an assisted editor, and save queries to a Query Library for reuse.
• Enhancements for Azure integration, including Entra ID Docker support, Access Key authentication, and a manual connection form.

Details

• New dedicated Search page with index listing, index creation, a query editor with Profile and Explain actions, and a Query Library for saving and reusing queries.
• Create indexes from sample data to explore how Redis Search works, or from existing user data with automatic field detection and index type configuration.
• Navigate between Browser and Search workspaces: review the indexed data in the Browser, view indexed keys and their associated indexes, and create indexes directly from the Browser key list.
• Azure Entra ID authentication support for Docker deployments. To get started, follow the Azure Docker setup guide.
• Added a manual connection form for Azure Redis databases, allowing users to configure or override autodiscovery connection details.
• Added Access Key authentication support for Azure Redis databases as an alternative to Entra ID.
• Added client-side column sorting for the Browser key list, allowing users to sort by Key, TTL, or Size directly from the Columns popover.
• #5637 Added Linux ARM64 release support with AppImage, deb, and rpm packages.

Bugs

• #5394 Fixed startup error on first install caused by missing .redis-insight/logs directory when the parent directory does not exist yet.
• #5515 Added Redis Insight version display in the Web UI Settings, making it easier to verify deployments when running via Docker.
• #5540 Fixed incorrect deserialization of DateTimeOffset values in MessagePack objects.
• #5412 Fixed JSON error when viewing keys containing 'constructor' in the key name.
• #5608 Fixed Workbench view-type dropdown crash when external plugins are loaded.
• #5587 Workbench output settings now persist between commands, so users no longer need to reconfigure their preferred view each time.

SHA-512 Checksums

https://redis.io/docs/latest/develop/tools/insight/release-notes/v.3.4.1/

Full Changelog: https://github.com/redis/RedisInsight/compare/3.2.0...3.4.1

Changes

Unified command response types across RESP2 and RESP3 protocols

In this release, the command response types across RESP2 and RESP3 protocols are unified, ensuring that the same command returns the same Python type and structure regardless of which protocol version is in use — eliminating the need for protocol-specific branching in application code (#4025). Approximately 84 commands are affected across core Redis, Search, JSON, TimeSeries, and Probabilistic modules. Additionally, the default protocol has been changed from RESP2 to RESP3 for all Redis clients and connections, enabling richer native types (maps, sets, doubles, booleans) and improved performance out of the box (#4031). These changes are breaking relative to redis-py 7.x and earlier, so users upgrading should carefully review the migration guide. For a complete list of affected commands and updated response formats, see docs/resp_unification.rst and the detailed migration guide at specs/resp2_resp3_migration_guide.md. Users who need to retain the previous default protocol configuration can explicitly set protocol=2 when creating their client or connection.

🚀 New Features

• Add random load balancing strategy which allows for use of the primary (#4027)

🔥 Breaking changes

• RESP2 and RESP3 response unification (#4025)
• Changing the default RESP protocol configurations for Redis clients and connections to 3 (#4031)

🧰 Maintenance

• Reorganize unit tests grouping - extracting the tests that define their hardcoded client configuration separately (#4029)

We'd like to thank all the contributors who worked on this release! @Pack-Yak1 @petyaslavova

This is the second Milestone of Redis 8.8 in Redis Open Source.

Milestones are non-feature-complete pre-releases. Pre-releases are not suitable for production use.

Headlines:

Redis 8.8 introduces new features and performance improvements.

8.8-M02 is available as a Docker image and can be downloaded from Docker Hub. Additional distributions will be introduced in upcoming pre-releases.

Operating systems we test Redis 8.8 on

• Ubuntu 22.04 (Jammy Jellyfish), 24.04 (Noble Numbat), 26.04 (Resolute Raccoon)
• Rocky Linux 8.10, 9.7, 10.1
• AlmaLinux 8.10, 9.7, 10.1
• Debian 12.13 (Bookworm), Debian 13.4 (Trixie)
• Alpine 3.23
• macOS 14.8.4 (Sonoma), 15.7.4 (Sequoia), 26.3 (Tahoe) - for both Intel and ARM

New Features (compared to 8.6)

• #14826, #14905 GCRA (generic cell rate algorithm) rate limiter (based on the redis-cell module by @brandur - thank you!)
• #14797 XNACK: a new streams command that allows consumers to explicitly release pending messages
• RedisJSON/RedisJSON#1509 JSON.SET: new FPHA argument to specify the FP type for FP homogeneous arrays (MOD-13577)
• #14892 ZUNION, ZINTER, ZUNIONSTORE, ZINTERSTORE: new COUNT aggregator
• RedisTimeSeries/RedisTimeSeries#1916 TS.RANGE, TS.REVRANGE, TS.MRANGE, TS.MREVRANGE: multiple aggregators in a single command (MOD-9162)

Bug fixes (compared to 8.6.2)

• #15037 XINFO STREAM: wrong value in the per-slot memory tracking
• #12000 Incorrect shrinking of querybuf when client is reading a big argv
• #15021 HEXPIRE: overflow on fields count
• #14963 XREADGROUP: consumer replication inconsistency
• #15011 Double-free in rdbLoadObject
• #14667, #14886 Potential TCP stalls/deadlocks
• #14942 Fix COMMAND GETKEYS for PFMERGE with no source keys
• #14888 Hardens safety check in lpSafeToAdd
• #14748 Ensure sensitive user data is not exposed in logs when hide_user_data_from_log is enabled
• #14877 INFO KEYSIZES and INFO ALLOCSIZES fixes
• #14878 listpack memory leak in zipmap-to-hash conversion on error path
• #14955 Streams: IDMP-related bug
• #14974, #14932, #14866 Memory leaks
• #14790 Missing initialization
• #14789 DB hash tables not expanding during RDB load on standalone-mode
• #14785 Add HOTKEYS HELP subcommand (Each command having subcommands needs a HELP subcommand)
• #14784 RESTORE and SET: expiredkeys counter updates incorrectly on keys with past expiration time
• #14779 Accurate memory accounting for RedisModuleDict (instead of estimation)
• #14774 Missing cleanup code in getKeysFreeResult() on cross-slot error path
• #14771 Potential unsigned integer underflow in used_memory_dataset calculation
• #14780 Fixed name of HOTKEYS results field sampled-command-selected-slots-us to sampled-commands-selected-slots-us
• #14756 HOTKEYS does not track each command in a MULTI/EXEC block
• #14749 Fixed HOTKEYS GET RESP3 reply fixed to map instead of flat array
• RedisJSON/RedisJSON#1520 Numeric operations on homogeneous arrays: promote to next type if results overflow (MOD-14427)
• RedisJSON/RedisJSON#1519 JSON.NUMINCRBY, JSON.NUMMULTBY don’t error on numeric overflow (MOD-14191)
• RedisJSON/RedisJSON#1487 Depth limit (128) was not fully enforced (MOD-4107)
• RedisTimeSeries/RedisTimeSeries#1910 TS.INCRBY, TS.DECRBY create key before validating args (MOD-8167)
• RedisTimeSeries/RedisTimeSeries#1908 Potential crash on TS.RANGE with aggregation and EMPTY
• RedisTimeSeries/RedisTimeSeries#1896 Potential memory leak (MOD-13438)
• RedisTimeSeries/RedisTimeSeries#1913 ACL rules are not fully enforced for multi-key commands on a cluster setup (MOD-14124)

Performance and resource utilization improvements (compared to 8.6.2)

• #15003 Reduce overhead in command propagation
• #14979 Dismiss dict bucket arrays in fork child to reduce CoW
• #14661 Replace fast_float C++ library with pure C implementation
• #14928 Disable memory tracking in child processes
• #14885 Optimize rax (radix tree) insert and lookup for sequential key patterns
• #14335 Handle primary/replica clients in I/O threads
• #14754 Optimize prefetching commands
• #14770 Optimize BITOP operations with AVX512
• #14862 Streams: Filter expired IDMP entries during RDB save and load
• #14750 SFLUSH can now flush slots partially
• #14887 SFLUSH skips slot trimming when the requested slot ranges exactly match the node’s local slot coverage
• #14851 Skip RDB checksum computation/validation during diskless full synchronization to reduce CPU overhead
• #14783 Pause dict auto-resize during multi-field deletion
• RedisTimeSeries/RedisTimeSeries#1884 TS.RANGE, TS.REVRANGE, TS.MRANGE, TS.MREVRANGE: improve performance on a cluster setup (RED-184104)
• RedisTimeSeries/RedisTimeSeries#1866 Register to type_changed KSN instead of set (MOD-12919)

Modules API

• #14445 Allow modules to associate metadata with keys
  • RedisModule_CreateKeyMetaClass - define a new key-metadata class
  • RedisModule_ReleaseKeyMetaClass - release a key-metadata class
  • RedisModule_SetModuleMetadata - attach or update metadata to a key
  • RedisModule_GetKeyMeta - get key metadata

Metrics

• #14896 INFO STATS - global stats for slowlog metrics:
  • slowlog_commands_count - commands written to slowlog
  • slowlog_commands_time_ms_sum - sum of execution times of commands from the slowlog
  • slowlog_commands_time_ms_max - maximum execution time of a command from the slowlog
• #14896 INFO COMMANDSTATS - per-command stats for slowlog metrics:
  • slowlog_count - number of times the command was written in the slowlog
  • slowlog_time_ms_sum - sum of execution time of the command (only from the slowlog)
  • slowlog_time_ms_max - maximum execution time of the command (only from the slowlog)
• #14841 INFO STATS (global, all clients aggregated):
  • total_client_processing_events: attempts to process client input buffers; does not guarantee any command was actually parsed
  • eventloop_cycles_with_clients_processing: event loop cycles where client input buffers were processed
  • commands_per_parse_batch_sum: cumulative number of commands parsed across all parsing batches for all clients
  • commands_per_parse_batch_cnt: number of parsing batches across all clients. A batch is counted each time at least one command is parsed from a client's query buffer
  • commands_per_parse_batch_avg: average commands parsed per batch (sum/cnt). Approximates pipelining depth
• #14841 CLIENT INFO and CLIENT LIST (per-client):
  • read-events: number of read events for this client
  • parse-batch-cmd-sum: cumulative number of commands parsed across all parsing batches for this client
  • parse-batch-cnt: total number of parsing batches for this client. Divide parse-batch-cmd-sum by this value to get the client’s average commands per batch

CLI tools

• #14371 Divide-by-zero in redis-benchmark and redis-cli
• #14863 Memory leak in redis-cli
• #14703 redis-cli --keystats: fix percentile calculation

✨ What's Changed

🚀 Features

• feat: expose sendCommand on multi for all clients by @nkaradzhov in https://github.com/redis/node-redis/pull/3181
• feat(sentinel): add sSubscribe/sUnsubscribe methods to Sentinel client by @nkaradzhov in https://github.com/redis/node-redis/pull/3178

🐛 Fixes

• fix(search): correct INDEXMISSING placement by @nkaradzhov in https://github.com/redis/node-redis/pull/3179
• Pool fixes by @nkaradzhov in https://github.com/redis/node-redis/pull/3182
• fix(search): use @redis/client dist imports in CREATE command by @PavelPashov in https://github.com/redis/node-redis/pull/3187
• fix(sentinel): preserve root seeds for outage recovery by @nkaradzhov in https://github.com/redis/node-redis/pull/3188
• fix: fallthrough bug in transformDoubleReply by @rhymincymon in https://github.com/redis/node-redis/pull/3213

🔭 Observability (OTEL + Diagnostics)

Node Redis now ships with first-class observability via OpenTelemetry metrics and Node.js diagnostics_channel. Initialize OpenTelemetry before creating clients (OpenTelemetry.init({ metrics: { enabled: true } })) and you can plug Redis client telemetry into your existing OTel SDK/exporter pipeline.

This enables visibility into command latency, connection lifecycle, resiliency/errors, Pub/Sub traffic, streaming behavior, and client-side caching activity. On top of metrics, diagnostics channels provide a more abstract, higher-level way to track runtime behavior through low-overhead event streams (commands, batches, connection events, maintenance notifications, pub/sub, cache, and pool wait timing), so APM tools or custom subscribers can observe the system without changing application code.

• add OpenTelemetry metrics instrumentation by @PavelPashov in https://github.com/redis/node-redis/pull/3110
• feat: implement diagnostic channels for observability by @logaretm in https://github.com/redis/node-redis/pull/3195

🧪 Tests & CI

• test(scho oss): add smigrating checks for new connections by @nkaradzhov in https://github.com/redis/node-redis/pull/3186
• Add self-report metrics step to CI workflow by @bobymicroby in https://github.com/redis/node-redis/pull/3199
• Add run tests action by @dariaguy in https://github.com/redis/node-redis/pull/3221

📚 Docs

• improve sentinel docs by @cutiepoka in https://github.com/redis/node-redis/pull/3189
• docs: clarify DUMP/RESTORE binary payload usage by @nkaradzhov in https://github.com/redis/node-redis/pull/3201
• fix(docs): configure typedoc entry points for monorepo by @nkaradzhov in https://github.com/redis/node-redis/pull/3220

🙌 New Contributors

• @cutiepoka made their first contribution in https://github.com/redis/node-redis/pull/3189
• @rhymincymon made their first contribution in https://github.com/redis/node-redis/pull/3213
• @logaretm made their first contribution in https://github.com/redis/node-redis/pull/3195
• @dariaguy made their first contribution in https://github.com/redis/node-redis/pull/3221

Full Changelog: https://github.com/redis/node-redis/compare/redis@5.11.0...redis@5.12.0

Changes

Async Cluster PubSub & Keyspace Notifications

This release introduces full asyncio Cluster PubSub support, bringing shard-channel capabilities (SSUBSCRIBE, SUNSUBSCRIBE, SPUBLISH) to the async RedisCluster client. The new ClusterPubSub class in redis.asyncio.cluster automatically routes shard-channel subscriptions to the correct cluster node based on key-slot hashing, manages per-node PubSub connections, and supports round-robin message retrieval across nodes. Users can create a cluster pubsub instance via RedisCluster.pubsub() and use ssubscribe(), sunsubscribe(), and get_sharded_message() just as they would with the sync cluster client.

Alongside this, Redis Keyspace Notifications are now supported for both standalone and cluster deployments, in both sync and async modes. New classes—KeyspaceNotifications, ClusterKeyspaceNotifications, AsyncKeyspaceNotifications, and AsyncClusterKeyspaceNotifications—provide a high-level API for subscribing to keyspace and keyevent channels. In cluster mode, notifications are automatically subscribed across all primary nodes (since each node only emits notifications for keys it owns), with built-in topology-change handling. Convenience methods like subscribe_keyspace(), subscribe_keyevent(), and channel classes (KeyspaceChannel, KeyeventChannel) simplify common subscription patterns. Both sync run_in_thread() and async listen() workflows are supported.

Type Hints Improvements (breaking changes)

The @overload pattern has been applied systematically across core commands (core.py), VectorSet commands, and module commands (Search, JSON, TimeSeries, Bloom filters) to provide distinct return types for sync and async clients. Previously, methods returned a combined ResponseT (i.e., Union[Awaitable[Any], Any]), which caused static analysis tools like mypy and Pyright to flag false positives. Now, sync clients see concrete return types (e.g., int, bool, list[str]) while async clients see Awaitable[...] wrappers. This is a breaking change for type-checking only—runtime behavior is unchanged, but code relying on the old union return types in type annotations may need updates. Two new protocol types, SyncClientProtocol and AsyncClientProtocol, are used in overload signatures to enable this distinction.

🚀 New Features

• Support Cluster PubSub in asyncio (#3736)
• Add Redis Keyspace Notifications Support for Redis Cluster (#3962)

🔥 Breaking changes

• Type hints improvements - fixing static code analyses issues related to combined sync and async return types(vectorsets + commands in core.py) (#3991)
• Type hints improvements - fixing static code analyses issues related to combined sync and async return types - modules (#4005)
• Add Redis Keyspace Notifications Support for Redis Cluster (#3962)

🐛 Bug Fixes

• fix: guard disconnect() against RuntimeError on Python 3.13+ (#3856) (#4013)
• Fix CacheProxyConnection hang when invalidation arrives on another connection (#3600) (#4014)
• fix: handle scientific notation in score_cast_func for RESP2 (#4016)
• Fix TypeError in CacheProxyConnection when cached response is non-bytes (#4017)

⚠️ Deprecations

• Align deprecation of lib_name/lib_version in async cluster (#3995)

🧰 Maintenance

• Adding unstable 8.8 build to pipeline test matrix. Updating the lib version in master. (#4004)
• Fix type hints for register_script to support RedisCluster (#3876)
• Updating dependencies to fix reported vulnerabilities (#4012)
• Bump release-drafter/release-drafter from 6 to 7 (#4019)
• Bump rojopolis/spellcheck-github-actions from 0.58.0 to 0.60.0 (#4018)

We'd like to thank all the contributors who worked on this release! @abersheeran @alisaifee @majiayu000 @dmaier-redislabs @vladvildanov @petyaslavova

Bug fixes

• #14824 Potential UAF: don't use reply copy avoidance for module strings
• #14848 Crash during command processing on replicas performing full synchronization
• #14794 New XIDMPRECORD internal command and AOFRW emission to restore stream IDMP state
• #14816 setModuleEnumConfig() passing prefixed name to module callbacks
• #14858 Streams: Ensures XADD with IDMP/IDMPAUTO that hits an existing IID records the metadata change
• #14855, #14831, #14817 Potential memory leaks
• #14869 Streams: IDMP cron expiration not working after RDB load
• #14847 Potential crash during ACL checks on wrong-arity commands
• #14883 HSETEX, HGETEX do not validate that FIELDS is specified only once
• #14897 Streams: IDMP-related bugs

Changes

🐛 Bug Fixes

• Fix AttributeError in cluster metrics recording when connection is None or ClusterNode object instance is used to extract the connection info (#3999)
• Fixing security concern in repr methods for ConnectionPools - passwords might leak in plain text logs (#3998)
• Refactored connection count and SCH metric collection (#4001)

🧪 Experimental Features

-Refactored health check logic for MultiDBClient (#3994)

🧰 Maintenance

• Expose basic Otel classes and functions to be importable through redis.observability to match the examples in the readthedocs (#3996)

We'd like to thank all the contributors who worked on this release! @vladvildanov @petyaslavova

Changes

OpenTelemetry Native Metrics Support for asynchronous clients Added comprehensive OpenTelemetry metrics support for asynchronous clients following the OpenTelemetry Database Client Semantic Conventions. Metric groups include:

• Command metrics: Operation duration with retry tracking
• Connection basic: Connection count and creation time
• Resiliency: Errors, handoffs, timeout relaxation
• Connection advanced: Wait time and use time
• Pubsub metrics: Published and received messages
• Stream metrics: Processing duration and maintenance notifications

🚀 New Features

• Added OTel instrumentation and metrics export for async client (#3977)

🐛 Bug Fixes

• [async] Adding access to cluster client's nodes_manager and set_response_callback in ClusterPipeline objects (#3989)
• fix(connection): Ensure we have an initialized protocol in connection (#3981)

🧰 Maintenance

• fix: use KeysT for blpop and brpop keys parameter type annotation (#3987 #3990)
• Bump actions/upload-artifact from 6 to 7 (#3985)
• fix: replace 3 bare except clauses with except Exception (#3980)

We'd like to thank all the contributors who worked on this release! @mitre88 @turanalmammadov @haosenwang1018 @Medno @vladvildanov @petyaslavova

Passwordless authentication for Redis Cloud Pro, Redis 8.4 on Redis Cloud Pro, Automatic database upgrades.

This is the General Availability (GA) release of Redis Insight 3.2.0, which includes new features, build updates, and bug fixes.

Headlines

Connect to Azure Managed Redis with ease. Auto-discover databases across subscriptions with one-click import and connect using Entra ID and Azure passwordless (OAuth) authentication. To get started, follow the Azure setup guide to configure the required permissions.

Details

• Added support for Azure Managed Redis and Azure Cache for Redis tiers. This support includes auto-discovery of databases across subscriptions with one-click import, Microsoft Entra ID (OAuth) authentication with automatic background token refresh, and multi-account support to switch easily between different Azure accounts.
• Simplified the build process by removing the Webpack dependency. Vite is used now for both development and production builds.

Bugs

• https://github.com/redis/RedisInsight/pull/5504 Fixed critical security vulnerabilities CVE-2025-55130 (Node.js) and CVE-2025-15467 (OpenSSL) by upgrading the Node.js version and the Alpine base image in Docker.

SHA-512 Checksums

Full Changelog: https://github.com/redis/RedisInsight/compare/3.0.3...3.2.0