24 KiB
1.0.2 - (2021-10-07)
Announcing Hiredis v1.0.2, which fixes CVE-2021-32765 but returns the SONAME to the correct value of 1.0.0
.
1.0.1 - (2021-10-04)
This release erroneously bumped the SONAME, please use 1.0.2
Announcing Hiredis v1.0.1, a security release fixing CVE-2021-32765
- Fix for CVE-2021-32765 commit (Yossi Gottlieb)
Thanks to Yossi Gottlieb for the security fix and to Microsoft Security Vulnerability Research for finding the bug. 💖
1.0.0 - (2020-08-03)
Announcing Hiredis v1.0.0, which adds support for RESP3, SSL connections, allocator injection, and better Windows support! 🎉
A big thanks to everyone who helped with this release. The following list includes everyone who contributed at least five lines, sorted by lines contributed. 💖
Michael Grunder, Yossi Gottlieb, Mark Nunberg, Marcus Geelnard, Justin Brewer, Valentino Geron, Minun Dragonation, Omri Steiner, Sangmoon Yi, Jinjiazh, Odin Hultgren Van Der Horst, Muhammad Zahalqa, Nick Rivera, Qi Yang, kevin1018
BREAKING CHANGES:
-
redisOptions
now has two timeout fields. One for connecting, and one for commands. If you're presently usingoptions->timeout
you will need to change it to useoptions->connect_timeout
. (See example) -
Bulk and multi-bulk lengths less than -1 or greater than
LLONG_MAX
are now protocol errors. This is consistent with the RESP specification. On 32-bit platforms, the upper bound is lowered toSIZE_MAX
. -
redisReplyObjectFunctions.createArray
now takessize_t
for its length parameter.
New features:
- Support for RESP3 #697, #805, #819, #841 (Yossi Gottlieb, Michael Grunder)
- Support for SSL connections #645, #699, #702, #708, #711, #821, more (Mark Nunberg, Yossi Gottlieb)
- Run-time allocator injection #800 (Michael Grunder)
- Improved Windows support (including MinGW and Windows CI) #652, #663 (Marcus Geelnard)
- Adds support for distinct connect and command timeouts #839, #829 (Valentino Geron)
- Add generic pointer and destructor to
redisContext
that users can use for context. #855 (Michael Grunder)
Closed issues (that involved code changes):
- Makefile does not install TLS libraries #809
- redisConnectWithOptions should not set command timeout #722, #829 (valentinogeron)
- Fix integer overflow in
sdsrange
#827 - INFO & CLUSTER commands failed when using RESP3 #802
- Windows compatibility patches #687, #838, #842
- RESP3 PUSH messages incorrectly use pending callback #825
- Asynchronous PSUBSCRIBE command fails when using RESP3 #815
- New SSL API #804, #813
- Hard-coded limit of nested reply depth #794
- Fix TCP_NODELAY in Windows/OSX #679, #690, #779, #785,
- Added timers to libev adapter. #778, #795
- Initialization discards const qualifier #777
-
BUG
- undefined reference to hi_malloc #769
- hiredis pkg-config file incorrectly ignores multiarch libdir spec'n #767
- Don't use -G to build shared object on Solaris #757
- error when make USE_SSL=1 #748
- Allow to change SSL Mode #646
- hiredis/adapters/libevent.h memleak #618
- redisLibuvPoll crash when server closes the connetion #545
- about redisAsyncDisconnect question #518
- hiredis adapters libuv error for help #508
- API/ABI changes analysis #506
- Memory leak patch in Redis #502
- Remove the depth limitation #421
Merged pull requests:
- Move SSL management to a distinct private pointer #855 (michael-grunder)
- Move include to sockcompat.h to maintain style #850 (michael-grunder)
- Remove erroneous tag and add license to push example #849 (michael-grunder)
- fix windows compiling with mingw #848 (rmalizia44)
- Some Windows quality of life improvements. #846 (michael-grunder)
- Use _WIN32 define instead of WIN32 #845 (michael-grunder)
- Non Linux CI fixes #844 (michael-grunder)
- Resp3 oob push support #841 (michael-grunder)
- fix #785: defer TCP_NODELAY in async tcp connections #836 (OmriSteiner)
- sdsrange overflow fix #830 (michael-grunder)
- Use explicit pointer casting for c++ compatibility #826 (aureus1)
- Document allocator injection and completeness fix in test.c #824 (michael-grunder)
- Use unique names for allocator struct members #823 (michael-grunder)
- New SSL API to replace redisSecureConnection(). #821 (yossigo)
- Add logic to handle RESP3 push messages #819 (michael-grunder)
- Use standrad isxdigit instead of custom helper function. #814 (tryfinally)
- Fix missing SSL build/install options. #812 (yossigo)
- Add link to ABI tracker #808 (michael-grunder)
- Resp3 verbatim string support #805 (michael-grunder)
- Allow users to replace allocator and handle OOM everywhere. #800 (michael-grunder)
- Remove nested depth limitation. #797 (michael-grunder)
- Attempt to fix compilation on Solaris #796 (michael-grunder)
- Support timeouts in libev adapater #795 (michael-grunder)
- Fix pkgconfig when installing to a custom lib dir #793 (michael-grunder)
- Fix USE_SSL=1 make/cmake on OSX and CMake tests #789 (michael-grunder)
- Use correct libuv call on Windows #784 (michael-grunder)
- Added CMake package config and fixed hiredis_ssl on Windows #783 (michael-grunder)
- CMake: Set hiredis_ssl shared object version. #780 (yossigo)
- Win32 tests and timeout fix #776 (michael-grunder)
- Provides an optional cleanup callback for async data. #768 (heronr)
- Housekeeping fixes #764 (michael-grunder)
- install alloc.h #756 (ch1aki)
- fix spelling mistakes #746 (ShooterIT)
- Free the reply in redisGetReply when passed NULL #741 (michael-grunder)
- Fix dead code in sslLogCallback relating to should_log variable. #737 (natoscott)
- Fix typo in dict.c. #731 (Kevin-Xi)
- Adding an option to DISABLE_TESTS #727 (pbotros)
- Update README with SSL support. #720 (yossigo)
- Fixes leaks in unit tests #715 (michael-grunder)
- SSL Tests #711 (yossigo)
- SSL Reorganization #708 (yossigo)
- Fix MSVC build. #706 (yossigo)
- SSL: Properly report SSL_connect() errors. #702 (yossigo)
- Silent SSL trace to stdout by default. #699 (yossigo)
- Port RESP3 support from Redis. #697 (yossigo)
- Removed whitespace before newline #691 (Miniwoffer)
- Add install adapters header files #688 (kevin1018)
- Remove unnecessary null check before free #684 (qlyoung)
- redisReaderGetReply leak memory #671 (movebean)
- fix timeout code in windows #670 (jman-krafton)
- test: fix errstr matching for musl libc #665 (ghost)
- Windows: MinGW fixes and Windows Travis builders #663 (mbitsnbites)
- The setsockopt and getsockopt API diffs from BSD socket and WSA one #662 (dragonation)
- Fix Compile Error On Windows
Visual Studio
#658 (jinjiazhang) - Fix NXDOMAIN test case #653 (michael-grunder)
- Add MinGW support #652 (mbitsnbites)
- SSL Support #645 (mnunberg)
- Fix Invalid argument after redisAsyncConnectUnix #644 (codehz)
- Makefile: use predefined AR #632 (Mic92)
- FreeBSD build fix #628 (devnexen)
- Fix errors not propagating properly with libuv.h. #624 (yossigo)
- Update README.md #621 (Crunsher)
- Fix redisBufferRead documentation #620 (hacst)
- Add CPPFLAGS to REAL_CFLAGS #614 (thomaslee)
- Update createArray to take size_t #597 (justinbrewer)
- fix common realloc mistake and add null check more #580 (charsyam)
- Proper error reporting for connect failures #578 (mnunberg)
* This Changelog was automatically generated by github_changelog_generator
1.0.0-rc1 - (2020-07-29)
Note: There were no changes to code between v1.0.0-rc1 and v1.0.0 so see v1.0.0 for changelog
0.14.1 (2020-03-13)
- Adds safe allocation wrappers (CVE-2020-7105, #747, #752) (Michael Grunder)
0.14.0 (2018-09-25)
BREAKING CHANGES:
-
Change
redisReply.len
tosize_t
, as it denotes the the size of a stringUser code should compare this to
size_t
values as well. If it was used to compare to other values, casting might be necessary or can be removed, if casting was applied before. -
Make string2ll static to fix conflict with Redis (Tom Lee [c3188b])
-
Use -dynamiclib instead of -shared for OSX (Ryan Schmidt [a65537])
-
Use string2ll from Redis w/added tests (Michael Grunder [7bef04, 60f622])
-
Makefile - OSX compilation fixes (Ryan Schmidt [881fcb, 0e9af8])
-
Remove redundant NULL checks (Justin Brewer [54acc8, 58e6b8])
-
Fix bulk and multi-bulk length truncation (Justin Brewer [109197])
-
Fix SIGSEGV in OpenBSD by checking for NULL before calling freeaddrinfo (Justin Brewer [546d94])
-
Several POSIX compatibility fixes (Justin Brewer [bbeab8, 49bbaa, d1c1b6])
-
Makefile - Compatibility fixes (Dimitri Vorobiev [3238cf, 12a9d1])
-
Makefile - Fix make install on FreeBSD (Zach Shipko [a2ef2b])
-
Makefile - don't assume $(INSTALL) is cp (Igor Gnatenko [725a96])
-
Separate side-effect causing function from assert and small cleanup (amallia [b46413, 3c3234])
-
Don't send negative values to
__redisAsyncCommand
(Frederik Deweerdt [706129]) -
Fix leak if setsockopt fails (Frederik Deweerdt [e21c9c])
-
Fix libevent leak (zfz [515228])
-
Clean up GCC warning (Ichito Nagata [2ec774])
-
Keep track of errno in
__redisSetErrorFromErrno()
as snprintf may use it (Jin Qing [25cd88]) -
Solaris compilation fix (Donald Whyte [41b07d])
-
Reorder linker arguments when building examples (Tustfarm-heart [06eedd])
-
Keep track of subscriptions in case of rapid subscribe/unsubscribe (Hyungjin Kim [073dc8, be76c5, d46999])
-
libuv use after free fix (Paul Scott [cbb956])
-
Properly close socket fd on reconnect attempt (WSL [64d1ec])
-
Skip valgrind in OSX tests (Jan-Erik Rediger [9deb78])
-
Various updates for Travis testing OSX (Ted Nyman [fa3774, 16a459, bc0ea5])
-
Update libevent (Chris Xin [386802])
-
Change sds.h for building in C++ projects (Ali Volkan ATLI [f5b32e])
-
Use proper format specifier in redisFormatSdsCommandArgv (Paulino Huerta, Jan-Erik Rediger [360a06, 8655a6])
-
Better handling of NULL reply in example code (Jan-Erik Rediger [1b8ed3])
-
Prevent overflow when formatting an error (Jan-Erik Rediger [0335cb])
-
Compatibility fix for strerror_r (Tom Lee [bb1747])
-
Properly detect integer parse/overflow errors (Justin Brewer [93421f])
-
Adds CI for Windows and cygwin fixes (owent, [6c53d6, 6c3e40])
-
Catch a buffer overflow when formatting the error message
-
Import latest upstream sds. This breaks applications that are linked against the old hiredis v0.13
-
Fix warnings, when compiled with -Wshadow
-
Make hiredis compile in Cygwin on Windows, now CI-tested
-
Bulk and multi-bulk lengths less than -1 or greater than
LLONG_MAX
are now protocol errors. This is consistent with the RESP specification. On 32-bit platforms, the upper bound is lowered toSIZE_MAX
. -
Remove backwards compatibility macro's
This removes the following old function aliases, use the new name now:
Old | New |
---|---|
redisReplyReaderCreate | redisReaderCreate |
redisReplyReaderCreate | redisReaderCreate |
redisReplyReaderFree | redisReaderFree |
redisReplyReaderFeed | redisReaderFeed |
redisReplyReaderGetReply | redisReaderGetReply |
redisReplyReaderSetPrivdata | redisReaderSetPrivdata |
redisReplyReaderGetObject | redisReaderGetObject |
redisReplyReaderGetError | redisReaderGetError |
- The
DEBUG
variable in the Makefile was renamed toDEBUG_FLAGS
Previously it broke some builds for people that had DEBUG
set to some arbitrary value,
due to debugging other software.
By renaming we avoid unintentional name clashes.
Simply rename DEBUG
to DEBUG_FLAGS
in your environment to make it working again.
0.13.3 (2015-09-16)
- Revert "Clear
REDIS_CONNECTED
flag when connection is closed". - Make tests pass on FreeBSD (Thanks, Giacomo Olgeni)
If the REDIS_CONNECTED
flag is cleared,
the async onDisconnect callback function will never be called.
This causes problems as the disconnect is never reported back to the user.
0.13.2 (2015-08-25)
- Prevent crash on pending replies in async code (Thanks, @switch-st)
- Clear
REDIS_CONNECTED
flag when connection is closed (Thanks, Jerry Jacobs) - Add MacOS X addapter (Thanks, @dizzus)
- Add Qt adapter (Thanks, Pietro Cerutti)
- Add Ivykis adapter (Thanks, Gergely Nagy)
All adapters are provided as is and are only tested where possible.
0.13.1 (2015-05-03)
This is a bug fix release.
The new reconnect
method introduced new struct members, which clashed with pre-defined names in pre-C99 code.
Another commit forced C99 compilation just to make it work, but of course this is not desirable for outside projects.
Other non-C99 code can now use hiredis as usual again.
Sorry for the inconvenience.
- Fix memory leak in async reply handling (Salvatore Sanfilippo)
- Rename struct member to avoid name clash with pre-c99 code (Alex Balashov, ncopa)
0.13.0 (2015-04-16)
This release adds a minimal Windows compatibility layer. The parser, standalone since v0.12.0, can now be compiled on Windows (and thus used in other client libraries as well)
- Windows compatibility layer for parser code (tzickel)
- Properly escape data printed to PKGCONF file (Dan Skorupski)
- Fix tests when assert() undefined (Keith Bennett, Matt Stancliff)
- Implement a reconnect method for the client context, this changes the structure of
redisContext
(Aaron Bedra)
0.12.1 (2015-01-26)
- Fix
make install
: DESTDIR support, install all required files, install PKGCONF in proper location - Fix
make test
as 32 bit build on 64 bit platform
0.12.0 (2015-01-22)
-
Add optional KeepAlive support
-
Try again on EINTR errors
-
Add libuv adapter
-
Add IPv6 support
-
Remove possibility of multiple close on same fd
-
Add ability to bind source address on connect
-
Add redisConnectFd() and redisFreeKeepFd()
-
Fix getaddrinfo() memory leak
-
Free string if it is unused (fixes memory leak)
-
Improve redisAppendCommandArgv performance 2.5x
-
Add support for SO_REUSEADDR
-
Fix redisvFormatCommand format parsing
-
Add GLib 2.0 adapter
-
Refactor reading code into read.c
-
Fix errno error buffers to not clobber errors
-
Generate pkgconf during build
-
Silence _BSD_SOURCE warnings
-
Improve digit counting for multibulk creation
0.11.0
-
Increase the maximum multi-bulk reply depth to 7.
-
Increase the read buffer size from 2k to 16k.
-
Use poll(2) instead of select(2) to support large fds (>= 1024).
0.10.1
-
Makefile overhaul. Important to check out if you override one or more variables using environment variables or via arguments to the "make" tool.
-
Issue #45: Fix potential memory leak for a multi bulk reply with 0 elements being created by the default reply object functions.
-
Issue #43: Don't crash in an asynchronous context when Redis returns an error reply after the connection has been made (this happens when the maximum number of connections is reached).
0.10.0
- See commit log.