Redis: Closing the Gaps Around Trust Boundaries
Today's merges center on correctness at trust and data boundaries — an ACL information leak in client-side caching, a Vector Set crash on AOF rewrite, and a duplicate-ID bug in Vector Set loading — alongside smaller fixes to server reporting and module config validation.
Duration: PT2M44S
Episode overview
This episode is a short developer briefing from Redis.
It explains recent repository work in plain language.
- Show: Redis
- Published: 2026-07-08T13:13:32Z
- Audio duration: PT2M44S
Transcript excerpt
This excerpt keeps the crawler page concise. Listen to the episode or use the RSS feed for the full update.
Good morning. It's July 8th, and today's Redis activity has a clear throughline: edge cases where the system's own bookkeeping quietly disagreed with reality, sometimes with security consequences.
The headline is PR 15371, merged from hristostaykov-del: a fix for an ACL key-name leak in BCAST client-side caching. Clients subscribed with a broad key prefix could learn the *names* of keys they weren't permitted to read, even if they never saw the values. The fix does more than add a permission check — it…
The second theme is data integrity in Vector Sets, showing up twice. PR 15436, from Stunned1, fixes a crash during AOF rewrite when a Vector Set's optional rewrite callback is null — a straightforward missing null-check with an outsized consequence, a crashed rewrite process. The related PR 15435, also from…
Smaller but worth flagging: PR 15434 fixes INFO SERVER reporting bind addresses that don't correspond to actual listening sockets, a bookkeeping mismatch when an optional bind fails. And PR 15438 tightens module config validation so string configs can't accept numeric-only flags.
Two maintenance items round things out: PR 15437 removes an underused dict iteration macro in favor…
Wha…
Nearby episodes from Redis
- Module Build Overhaul and a Cautious Revert
- Hot Path Fixes and Module Housekeeping
- Weekly Recap - Hardening Against Malformed Input and Edge-Case Crashes
- RediSearch Module Version Bump
- Hardening RESTORE Against Malformed Payloads
- Integer Truncation Bugs Take Center Stage
- Command Metadata and Cluster Tooling Enhancement
- Weekly Recap - Performance Optimization & Data Integrity