This update for valkey fixes the following issues:
Update to 8.0.6:
-
Security fixes:
- CVE-2025-49844: Fixed that a Lua script may lead to remote code execution (bsc#1250995)
- CVE-2025-46817: Fixed that a Lua script may lead to integer overflow and potential RCE (bsc#1250995)
- CVE-2025-46818: Fixed that a Lua script can be executed in the context of another user (bsc#1250995)
- CVE-2025-46819: Fixed LUA out-of-bound read (bsc#1250995)
-
Bug fixes:
- Fix accounting for dual channel RDB bytes in replication stats (#2614)
- Fix EVAL to report unknown error when empty error table is provided (#2229)
- Fix use-after-free when active expiration triggers hashtable to shrink (#2257)
- Fix MEMORY USAGE to account for embedded keys (#2290)
- Fix memory leak when shrinking a hashtable without entries (#2288)
- Prevent potential assertion in active defrag handling large allocations (#2353)
- Prevent bad memory access when NOTOUCH client gets unblocked (#2347)
- Converge divergent shard-id persisted in nodes.conf to primary's shard id (#2174)
- Fix client tracking memory overhead calculation (#2360)
- Fix RDB load per slot memory pre-allocation when loading from RDB snapshot (#2466)
- Don't use AVX2 instructions if the CPU doesn't support it (#2571)
- Fix bug where active defrag may be unable to defrag sparsely filled pages (#2656)
Changes from 8.0.5:
https://github.com/valkey-io/valkey/releases/tag/8.0.5