This is a maintenance release for Redis Stack Server 7.4.0.

Update urgency: SECURITY: there are security fixes in the release.

Docker

Headlines:

This version includes security fixes for the Redis server, addressing an out-of-bounds write vulnerability in HyperLogLog commands and improving connection handling by retrying accepted connections even after an error.
It also includes improvements and bug fixes for the Redis Query Engine, JSON, and time series data structures.
Additionally, this maintenance release ships with the latest version of Redis Insight.

Details:

Security and privacy

• Redis:
  • (CVE-2025-32023) Fix out-of-bounds write in HyperLogLog commands
  • (CVE-2025-48367) Retry accepting other connections even if the accepted connection reports an error

Improvements

• Redis Query Engine
  • #6279 Lock mechanism for collecting FT.INFO statistics when concurrently running index sanitiser (MOD-10007, MOD-9761)
  • #5637 Memory allocation when converting special UTF-8 symbols requires more memory (MOD-8799)
  • #6007 Parser for intersections on parentheses and sub-queries order won't affect full-text scores (MOD-9278)
  • #6020 Preventing access to the Redis key space when LOAD...@__key is used (MOD-9419)
  • #5938 Performance of collecing vector index statistics, reducing CPU time (MOD-9354)
  • #5800 Accuracy of index memory reporting by correcting a bug that caused negative memory counts (MOD-5904)

Bug Fixes

• Redis Query Engine

  • #6211 Some languages could have multiple lower and upper case matches, causing index misbehaviour (MOD-9835)
  • #6349 Search on terms larger than 128 characters could lead to missing matches (MOD-6786)
  • #6305 Iterating over a large index tree, due to frequent document updates, could hit the TIMEOUT, causing a crash (MOD-9856)
  • #6184 Reindexing from RDB with multiple vector indices could lead to a crash due to cluster health check - NodeWD (MOD-9220,MOD-8809)
  • #6028 FT.CURSOR...DEL while another thread is reading it could lead to a crash (MOD-9408,MOD-9432,MOD-9433,MOD-9434,MOD-9435)
  • #5967 When indexing documents using TEXT and without the text in the documents leads to an inf or nan score (MOD-9423)
  • #6056 Avoid lazy expiration in background indexing for Active-Active setup preventing keys from expiring incorrectly (MOD-9486)
  • #6108 Timeout fail returned when ON_TIMEOUT RETURN policy stop collecting of the partial results - best effort (MOD-9612)
  • #6207 Continuous increasing of index error counts on FT.INFO, could lead to an overflow and memory leak (MOD-9396)
  • #5859 Last query result using could be missing FT.AGGREGATE with ON_TIMEOUT RETURN and using multi-threading (MOD-9222)
  • #5858 Collecting empty results from shards during FT.AGGREGATE with RESP3 could cause a crash (MOD-9174)

• JSON:

  • #1329 Memory usage calculation: some allocations are counted twice (MOD-9169)

• Time series:

  • #1725 TS.DEL crashes on keys with compactions if the deletion removes the last compaction bucket (MOD-8936)
  • LibMR#58 Crash when a cluster contains both 1.8 and newer nodes (MOD-8976, MOD-9192)

Redis version:

• Redis 7.4.5

Module versions

• RediSearch 2.10.20
• RedisJSON 2.8.9
• RedisTimeSeries 1.12.6
• RedisBloom 2.8.7

Recommended Client Libraries

• Java
  • Jedis 5.2.0 or greater
  • redis-om-spring 0.9.11 or greater
• Python
  • redis-py 5.3.0 or greater
  • redis-om-python 0.3.5 or greater
• NodeJS
  • node-redis 4.7.0 or greater
  • redis-om-node 0.2.0 or greater
• .NET
  • redis-om-dotnet 0.8.0 or greater
  • NRedisStack 0.13.3 or greater
• Go
  • go-redis 9.7.3 or greater
  • rueidis 1.0.62 or greater

Compatible with Redis Insight. The Docker image redis/redis-stack for this version is bundled with Redis Insight 2.70.

Note: version numbers follow the following pattern:
x.y.z-b

• x.y Redis Major version
• z increases with even numbers as a module x.y version increases.
• b denotes a patch to Redis or a module (any z of Redis or Modules). b will consist of a v + numeric value.

Downloads

• macOS: x86_64, arm64
• AppImage: x86_64
• Ubuntu: Bionic x86_64, Bionic arm64, Focal x86_64, Focal arm64, Snap x86_64, Snap arm64, Jammy x86_64, Jammy arm64
• Debian: Bullseye x86_64
• RHEL 8/CentOS Linux 8: x86_64
• RHEL 9/Rocky Linux 9/CentOS Linux 9: x86_64
• Redis Stack on Dockerhub: x86_64 and arm64
• Redis Stack server on Dockerhub: x86_64 and arm64