Common Vulnerabilities and Exposures (CVE): Security vulnerabilities addressed in ElastiCache (Redis OSS)

Common Vulnerabilities and Exposures (CVE) is a list of entries for publicly known cybersecurity vulnerabilities. Each entry is a link that contains an identification number, a description, and at least one public reference. You can find on this page a list of security vulnerabilities that have been addressed in ElastiCache (Redis OSS).

We recommend that you always upgrade to the latest ElastiCache (Redis OSS) version to be protected against known vulnerabilities. When operating an ElastiCache Serverless Cache, CVE fixes are automatically applied to your cache. When operating self-designed clusters, ElastiCache (Redis OSS) exposes the PATCH component. For example, when using ElastiCache (Redis OSS) version 6.2.6, the major version is 6, the minor version is 2, and the patch version is 6. PATCH versions are for backwards-compatible bug fixes, security fixes, and non-functional changes.

You can use this page to verify whether a particular version of ElastiCache (Redis OSS) has a fix for a specific security vulnerability. If your ElastiCache (Redis OSS) cluster is running a version without the security fix, refer to the table below and take action. You can either upgrade to a more recent ElastiCache (Redis OSS) version containing the fix, or if you are on an ElastiCache (Redis OSS) version containing the fix, ensure you have the latest service update applied by referring to Managing service updates. For more information on the supported ElastiCache (Redis OSS) engine versions and how to upgrade, see Engine versions and upgrading.