search

zkteco-home / redis-windows

Native port of Redis for Windows,it can be installed as service.
MIT License
1.91k stars 173 forks source link

Release notes documentation #30

Closed mazuryv closed 2 years ago

mazuryv commented 2 years ago

Hello. Thank you for your work. Please add release note to Redis 7.0.5. Is there fixed CRITICAL CVE-2022-35951 vulnerability?

Redis is an in-memory database that persists on disk. Versions 7.0.0 and above, prior to 7.0.5 are vulnerable to an Integer Overflow. Executing an `XAUTOCLAIM` command on a stream key in a specific state, with a specially crafted `COUNT` argument may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. This has been patched in Redis version 7.0.5. No known workarounds exist.

Which license agreement shall we accept to use your product? Could you please clarify your license agreement additionally instead of README? Thank you in advance.

zkteco-home commented 2 years ago

First of all,Thanks for your suggestion.

CRITICAL CVE-2022-35951 vulnerability fixed,i added note in 7.0.5 I created LICENSE for this project