** Redis 6.0.15** - Released Wed Jul 21 16:32:19 IDT 2021

Upgrade urgency: SECURITY, contains fixes to security issues that affect authenticated client connections on 32-bit versions. MODERATE otherwise.

Fix integer overflow in BITFIELD on 32-bit versions (CVE-2021-32761). An integer overflow bug in Redis version 2.2 or newer can be exploited using the BITFIELD command to corrupt the heap and potentially result with remote code execution.

Bug fixes that involve behavior changes:

• Change reply type for ZPOPMAX/MIN with count in RESP3 to nested array (#8981). Was using a flat array like in RESP2 instead of a nested array like ZRANGE does.

Bug fixes:

• Fail EXEC command in case a watched key is expired (#9194)
• Fix SMOVE not to invalidate dest key (WATCH and tracking) when member already exists (#9244)
• Fix SINTERSTORE not to delete dest key when getting a wrong type error (#9032)
• Fix overflows on 32-bit versions in GETBIT, SETBIT, BITCOUNT, BITPOS, and BITFIELD (#9191)
• Set TCP keepalive on inbound cluster bus connections (#9230)
• Fix ziplist length updates on big-endian platforms (#2080)
• Fix diskless replica loading to recover from RDB short read on module AUX data (#9199)
• Fix race in client side tracking (#9116)
• If diskless repl child is killed, make sure to reap the child pid (#7742)
• Add a timeout mechanism for replicas stuck in fullsync (#8762)

CLI tools:

• redis-cli cluster import support source and target that require auth (#7994)
• redis-cli cluster import command may issue wrong MIGRATE command, sending COPY instead of REPLACE (#8945)
• redis-cli support for RESP3 set type in CSV and RAW output (#7338)