Incorporate Redis CVE for CVE-2025-27151 #2146

madolson · 2025-05-28T17:34:29Z

Resolves #2145

Incorporate the CVE patch that was sent to us by Redis Ltd.

Signed-off-by: Madelyn Olson <[email protected]>

src/valkey-check-aof.c

codecov · 2025-05-28T17:49:34Z

Codecov Report

Attention: Patch coverage is 33.33333% with 2 lines in your changes missing coverage. Please review.

Project coverage is 71.31%. Comparing base (ff71358) to head (7a95027).
Report is 5 commits behind head on unstable.

Files with missing lines	Patch %	Lines
src/valkey-check-aof.c	33.33%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff            @@
##           unstable    #2146   +/-   ##
=========================================
  Coverage     71.31%   71.31%           
=========================================
  Files           122      122           
  Lines         66144    66155   +11     
=========================================
+ Hits          47170    47179    +9     
- Misses        18974    18976    +2

Files with missing lines	Coverage Δ
src/valkey-check-aof.c	`74.07% <33.33%> (-0.42%)`	⬇️

... and 13 files with indirect coverage changes

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Co-authored-by: Ping Xie <[email protected]> Signed-off-by: Madelyn Olson <[email protected]>

Resolves valkey-io#2145 Incorporate the CVE patch that was sent to us by Redis Ltd. --------- Signed-off-by: Madelyn Olson <[email protected]> Co-authored-by: Ping Xie <[email protected]>

Resolves valkey-io#2145 Incorporate the CVE patch that was sent to us by Redis Ltd. --------- Signed-off-by: Madelyn Olson <[email protected]> Co-authored-by: Ping Xie <[email protected]> Signed-off-by: Harkrishn Patro <[email protected]>

Resolves #2145 Incorporate the CVE patch that was sent to us by Redis Ltd. --------- Signed-off-by: Madelyn Olson <[email protected]> Co-authored-by: Ping Xie <[email protected]> Signed-off-by: Harkrishn Patro <[email protected]>

Resolves valkey-io#2145 Incorporate the CVE patch that was sent to us by Redis Ltd. --------- Signed-off-by: Madelyn Olson <[email protected]> Co-authored-by: Ping Xie <[email protected]> Signed-off-by: chzhoo <[email protected]>

Resolves valkey-io#2145 Incorporate the CVE patch that was sent to us by Redis Ltd. --------- Signed-off-by: Madelyn Olson <[email protected]> Co-authored-by: Ping Xie <[email protected]> (cherry picked from commit 73696bf)

Resolves valkey-io#2145 Incorporate the CVE patch that was sent to us by Redis Ltd. --------- Signed-off-by: Madelyn Olson <[email protected]> Co-authored-by: Ping Xie <[email protected]> Signed-off-by: shanwan1 <[email protected]>

Resolves valkey-io#2145 Incorporate the CVE patch that was sent to us by Redis Ltd. --------- Signed-off-by: Madelyn Olson <[email protected]> Co-authored-by: Ping Xie <[email protected]>

Resolves #2145 Incorporate the CVE patch that was sent to us by Redis Ltd. --------- Signed-off-by: Madelyn Olson <[email protected]> Co-authored-by: Ping Xie <[email protected]>

Resolves valkey-io#2145 Incorporate the CVE patch that was sent to us by Redis Ltd. --------- Signed-off-by: Madelyn Olson <[email protected]> Co-authored-by: Ping Xie <[email protected]> (cherry picked from commit 73696bf)

Resolves valkey-io#2145 Incorporate the CVE patch that was sent to us by Redis Ltd. --------- Signed-off-by: Madelyn Olson <[email protected]> Co-authored-by: Ping Xie <[email protected]> (cherry picked from commit 73696bf) Signed-off-by: Viktor Söderqvist <[email protected]>

Resolves #2145 Incorporate the CVE patch that was sent to us by Redis Ltd. --------- Signed-off-by: Madelyn Olson <[email protected]> Co-authored-by: Ping Xie <[email protected]> (cherry picked from commit 73696bf) Signed-off-by: Viktor Söderqvist <[email protected]>

Resolves valkey-io#2145 Incorporate the CVE patch that was sent to us by Redis Ltd. --------- Signed-off-by: Madelyn Olson <[email protected]> Co-authored-by: Ping Xie <[email protected]> (cherry picked from commit 73696bf) Signed-off-by: Viktor Söderqvist <[email protected]>

Apply cherry-pick of CVE provided by Redis

7f04aa6

Signed-off-by: Madelyn Olson <[email protected]>

madolson added this to Valkey 8.1, Valkey 8.0 and Valkey 7.2 May 28, 2025

madolson added the release-notes This issue should get a line item in the release notes label May 28, 2025

madolson changed the title ~~Incorporate Redis CVE~~ Incorporate Redis CVE for CVE-2025-27151 May 28, 2025

madolson requested a review from PingXie May 28, 2025 17:34

PingXie reviewed May 28, 2025

View reviewed changes

src/valkey-check-aof.c Outdated Show resolved Hide resolved

Update src/valkey-check-aof.c

7a95027

Co-authored-by: Ping Xie <[email protected]> Signed-off-by: Madelyn Olson <[email protected]>

PingXie approved these changes May 28, 2025

View reviewed changes

madolson merged commit 73696bf into valkey-io:unstable May 28, 2025
51 checks passed

github-project-automation bot moved this to To be backported in Valkey 7.2 May 28, 2025

github-project-automation bot moved this to To be backported in Valkey 8.1 May 28, 2025

github-project-automation bot moved this to To be backported in Valkey 8.0 May 28, 2025

hpatro moved this from To be backported to 8.1.2 in Valkey 8.1 Jun 11, 2025

vitarb mentioned this pull request Jun 13, 2025

Fixes for Valkey 8.0.5 #2210

Merged

FliegendeWurst mentioned this pull request Jun 14, 2025

valkey: 8.0.3 -> 8.1.2 NixOS/nixpkgs#401336

Merged

13 tasks

LeSuisse mentioned this pull request Jun 14, 2025

[25.05] valkey: apply patch for CVE-2025-27151 NixOS/nixpkgs#416794

Merged

13 tasks

ranshid moved this from To be backported to In Progress in Valkey 7.2 Jun 18, 2025

zuiderkwast moved this from To be backported to 8.0.5 in Valkey 8.0 Aug 18, 2025

zuiderkwast moved this from In Progress to To be backported in Valkey 7.2 Sep 23, 2025

rainsupreme moved this from To be backported to 7.2.10 in Valkey 7.2 Sep 29, 2025

Kanishk-Bansal mentioned this pull request Oct 8, 2025

Upgrade valkey to 8.0.6 for CVE-2025-49844 CVE-2025-46817 CVE-2025-46818 CVE-2025-46819 microsoft/azurelinux#14835

Merged

12 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Incorporate Redis CVE for CVE-2025-27151 #2146

Incorporate Redis CVE for CVE-2025-27151 #2146

Uh oh!

madolson commented May 28, 2025

Uh oh!

Uh oh!

codecov bot commented May 28, 2025 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Incorporate Redis CVE for CVE-2025-27151 #2146

Incorporate Redis CVE for CVE-2025-27151 #2146

Uh oh!

Conversation

madolson commented May 28, 2025

Uh oh!

Uh oh!

codecov bot commented May 28, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

codecov bot commented May 28, 2025 •

edited

Loading