Redis: Weekly Recap - 8.8 RC1 Release and Major Security Patches
Redis 8.8 RC1 shipped this week with a major new Array data type implementation, while critical security vulnerabilities were patched across multiple CVEs. Development teams also completed extensive CI infrastructure backports across supported versions.
Duration: PT3M13S
Transcript
Good morning. This is your Redis weekly recap for May 10th through 17th, 2026.
Twenty pull requests merged with 11 additional commits this week.
Starting with major features: The Redis Array data type officially launched in PR 15162, introducing a true indexed data structure for position-semantic use cases. This 22,000-line addition includes a new TRE regex library dependency and fills a longstanding gap between hashes, lists, and streams. Redis 8.8 RC1 was tagged and released in PR 15214, incorporating updated GitHub Actions workflows and dependency changes.
Critical security fixes dominated this week's patches. PR 15203 addressed multiple CVEs including remote code execution vulnerabilities in unblock client flows, RESTORE commands, and Lua scripts. Additional patches covered crashes in SUBSCRIBE operations, CONFIG SET validation issues, and SCRIPT DEBUG stability problems.
Infrastructure improvements included extensive CI backporting across Redis versions. PRs 15192 through 15196 systematically applied FreeBSD, macOS runner upgrades, and TCP deadlock test fixes to versions 7.2, 7.4, 8.2, 8.4, and 8.6. These changes ensure consistent testing across the supported version matrix.
Performance optimizations shipped in PR 15049, implementing 4-way histogram accumulators for HyperLogLog operations. Profiling identified this as the hottest function in multi-key PFCOUNT operations. Fast float parsing received precision fixes in PR 15111, resolving ULP rounding mismatches with libc strtod.
Data integrity improvements included stream corruption handling in PRs 15124 and 15095. The first rejects mismatched entry counts in stream payloads, while the second fixes double-free issues when loading duplicate consumer PEL entries.
Notable feature reversals: GCRA rate limiting functionality was disabled in PR 15191 pending further evaluation, with commands made inaccessible and persistence disabled.
Module updates brought Redis data types to RC1 versions, with JSON 8.7.91 fixing mutation ordering and path evaluation issues, Bloom 8.7.91 addressing multiple stability concerns, and TimeSeries 8.7.91 resolving NaN return issues in count reducers.
Additional commits included vector dimension validation improvements, replication test fixes, and documentation updates renaming the Query Engine to Redis Search.
Next week expect continued 8.8 RC refinements and potential GCRA architecture decisions.
This has been your Redis weekly recap. We'll see you next week.