2025-03-25
Resolved issues
-
Our
go-redislibrary has been updated to v9.7.3 to resolve CVE-2025-29923. Prior to this fix, go-redis potentially responds out of order whenCLIENT SETINFOtimes out during connection establishment. This can occur when the client is configured to transmit its identity, there are network connectivity issues, or the client was configured with aggressive timeouts.Workaround: Strata recommends all customers using the Redis cache upgrade to this latest version of orchestrator to resolve this issue. However, if you cannot upgrade orchestrator at this time, you can prevent the vulnerability by setting the flag
DisableIndentityto true when constructing the client instance. -
Internal enhancements and improvements.