Upgrade urgency MODERATE: Program an upgrade of the server, but it's not urgent.

• Authenticate slot migration client on source node to internal user (#2785)
• Bug fix: reset io_last_written on c->buf resize to prevent stale pointers (#2786)
• Sentinel: fix regression requiring "+failover" ACL in failover path (#2780)
• Cluster: Avoid usage of light weight messages to nodes with not ready bidirectional links (#2817)
• Send duplicate multi meet packet only for node which supports it in mixed clusters (#2840)
• Fix: LTRIM should not call signalModifiedKey when no elements are removed (#2787)
• Fix build on some 32-bit ARM by only using NEON on AArch64 (#2873)
• Fix deadlock in IO-thread shutdown during panic (#2898)
• Fix COMMANDLOG large-reply when using reply copy avoidance (#2652)
• Fix CLUSTER SLOTS crash when called from module timer callback (#2915)

Full Changelog: https://github.com/valkey-io/valkey/compare/9.0.0...9.0.1

Upgrade urgency MODERATE: Program an upgrade of the server, but it's not urgent.

• Fix Lua VM crash after FUNCTION FLUSH ASYNC + FUNCTION LOAD (#1826)
• Fix invalid memory address caused by hashtable shrinking during safe iteration (#2753)
• Cluster: Avoid usage of light weight messages to nodes with not ready bidirectional links (#2817)
• Send duplicate multi meet packet only for node which supports it (#2840)
• Fix loading AOF files from future Valkey versions (#2899)

Full Changelog: https://github.com/valkey-io/valkey/compare/8.1.4...8.1.5

Upgrade urgency LOW: This is the first release of Valkey 9.0 which includes stability, bug fixes, and incremental improvements over the third release candidate.

• HSETEX with FXX should not create an object if it does not exist (#2716)
• Fix crash when aborting a slot migration while child snapshot is active (#2721)
• Fix double MOVED reply on unblock at failover (#2734)
• Fix memory leak with CLIENT LIST/KILL duplicate filters (#2362)
• Fix incorrect accounting after completed atomic slot migration (#2749)
• Fix Lua VM crash after FUNCTION FLUSH ASYNC + FUNCTION LOAD (#1826, #2750)
• Fix invalid memory address caused by hashtable shrinking during safe iteration (#2753)

Upgrade urgency LOW: This is the third release candidate of Valkey 9.0.0, focused on stability, bug fixes, and incremental improvements.

• (CVE-2025-49844) A Lua script may lead to remote code execution
• (CVE-2025-46817) A Lua script may lead to integer overflow and potential RCE
• (CVE-2025-46818) A Lua script can be executed in the context of another user
• (CVE-2025-46819) LUA out-of-bound read

• Optimize skiplist random level generation logic (#2631)

• Redirect blocked clients after failover (#2329)
• Prevent exposure of importing keys on replicas during atomic slot migration (#2635)
• Add slot migration client flags and module context flags (#2639)
• Introduce SYNCSLOTS CAPA for forwards compatibility (#2688)

• Fix atomic slot migration snapshot never proceeding with hz 1 (#2636)
• Defrag if slab 1/8 full to fix defrag didn't stop issue (#2656)
• Fix module key memory usage accounting (#2661)
• Fix dual rdb channel connection error log (#2658)

• Implement a lolwut for version 9 (#2646)

Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible.

• (CVE-2025-49844) A Lua script may lead to remote code execution
• (CVE-2025-46817) A Lua script may lead to integer overflow and potential RCE
• (CVE-2025-46818) A Lua script can be executed in the context of another user
• (CVE-2025-46819) LUA out-of-bound read

• Fix accounting for dual channel RDB bytes in replication stats (#2616)
• Minor fix for dual rdb channel connection conn error log (#2658)
• Fix unsigned difference expression compared to zero (#2101)

Full Changelog: https://github.com/valkey-io/valkey/compare/8.0.5...8.0.6

Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible.

• (CVE-2025-49844) A Lua script may lead to remote code execution
• (CVE-2025-46817) A Lua script may lead to integer overflow and potential RCE
• (CVE-2025-46818) A Lua script can be executed in the context of another user
• (CVE-2025-46819) LUA out-of-bound read

• Fix accounting for dual channel RDB bytes in replication stats (#2614)
• Fix EVAL to report unknown error when empty error table is provided (#2229)
• Fix use-after-free when active expiration triggers hashtable to shrink (#2257)
• Fix MEMORY USAGE to account for embedded keys (#2290)
• Fix memory leak when shrinking a hashtable without entries (#2288)
• Prevent potential assertion in active defrag handling large allocations (#2353)
• Prevent bad memory access when NOTOUCH client gets unblocked (#2347)
• Converge divergent shard-id persisted in nodes.conf to primary's shard id (#2174)
• Fix client tracking memory overhead calculation (#2360)
• Fix RDB load per slot memory pre-allocation when loading from RDB snapshot (#2466)
• Don't use AVX2 instructions if the CPU doesn't support it (#2571)
• Fix bug where active defrag may be unable to defrag sparsely filled pages (#2656)

Full Changelog: https://github.com/valkey-io/valkey/compare/8.1.3...8.1.4

Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible.

• (CVE-2025-49844) A Lua script may lead to remote code execution
• (CVE-2025-46817) A Lua script may lead to integer overflow and potential RCE
• (CVE-2025-46818) A Lua script can be executed in the context of another user
• (CVE-2025-46819) LUA out-of-bound read

• Ensure empty error tables in Lua scripts don't crash Valkey (#2229)
• Fix client tracking memory overhead calculation (#2360)

Full Changelog: https://github.com/valkey-io/valkey/compare/7.2.10...7.2.11

Upgrade urgency levels:

Level	Meaning
LOW	No need to upgrade unless there are new features you want to use.
MODERATE	Program an upgrade of the server, but it's not urgent.
HIGH	There is a critical bug that may affect a subset of users. Upgrade!
CRITICAL	There is a critical bug affecting MOST USERS. Upgrade ASAP.
SECURITY	There are security fixes in the release.

Upgrade urgency LOW: This is the second release candidate of Valkey 9.0.0, focused on stability, bug fixes, and incremental improvements.

Attention Valkey Module maintainers: There is a new module option to indicate support for the Atomic Slot Migration (ASM) feature. Modules must explicitly opt in to ASM; otherwise, this feature will be disabled in clusters that load modules without ASM support.

• Fix module context object re-use in scripting engines (#2358)
• Fix pre-size hashtables per slot when reading RDB files (#2466)
• Do not migrate script functions in atomic slot migration (#2547)
• Don't use AVX2 instructions if the CPU don't support it (#2571)

• Optimized pipelining by parsing and prefetching multiple commands (#2092)

• Make cluster failover delay relative to node timeout (#2449)
• Separate RDB snapshotting from atomic slot migration (#2533)

• Added new module API event for tracking authentication attempts (#2237)
• Added READONLY flag to ClientInfo.flags output structure (#2522)
• Make modules opt-in to atomic slot migration and add server events (#2593)

• Added new cluster-announce-client-(port|tls-port) configs (#2429)
• CONFIG RESETSTATS now also resets cluster related stats (#2458)
• Make CONFIG GET command return sorted output (#2493)

• Update reply schema for LMOVE and BLMOVE (#2541)
• Most deprecated commands are now un-deprecated (#2546)

• Relaxed RDB check for foreign RDB formats (#2543)

• Added word-jump navigation (Alt/Option/Ctrl + ←/→) to valkey-cli (#2583)

Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible.

• Fix clients remaining blocked when reprocessing commands after certain blocking operations (#2109)
• Fix a memory corruption issue in the sharded pub/sub unsubscribe logic (#2137)
• Fix potential memory leak by ensuring module context is freed when aux_save2 callback writes no data (#2132)
• Fix CLIENT UNBLOCK triggering unexpected errors when used on paused clients (#2117)
• Fix missing NULL check on SSL_new() when creating outgoing TLS connections (#2140)
• Fix incorrect casting of ping extension lengths to prevent silent packet drops (#2144)
• Fix replica failover stall due to outdated config epoch (#2178)
• Fix incorrect port/tls-port info in CLUSTER SLOTS/CLUSTER NODES after dynamic config change (#2186)
• Ensure empty error tables in Lua scripts don't crash Valkey (#2229)
• Fix client tracking memory overhead calculation (#2360)
• Handle divergent shard-id from nodes.conf and reconcile to the primary node's shard-id (#2174)
• Fix pre-size hashtables per slot when reading RDB files (#2466)

• Trigger election immediately during a forced manual failover (CLUSTER FAILOVER FORCE) to avoid delay (#1067)
• Reset ongoing election state when initiating a new manual failover (#1274)

• Add support to drop all cluster packets (#1252)
• Improve log clarity in failover auth denial message (#1341)

• CVE-2025-27151: Check length of AOF file name in valkey-check-aof and reject paths longer than PATH_MAX (#2146)

Full Changelog: 8.0.4...8.0.5

Upgrade urgency levels:

Level	Meaning
LOW	No need to upgrade unless there are new features you want to use.
MODERATE	Program an upgrade of the server, but it's not urgent.
HIGH	There is a critical bug that may affect a subset of users. Upgrade!
CRITICAL	There is a critical bug affecting MOST USERS. Upgrade ASAP.
SECURITY	There are security fixes in the release.

Upgrade urgency LOW: This is the first release candidate of Valkey 9.0.0, with performance improvements, atomic slot migrations, hash field expiration, and numbered databases in cluster mode, as well as a whole host of new items as listed below.

• Client Commands Extended Filtering by @sarthakaggarwal97 (#1466)
• Add multi-database support to cluster mode by @xbasel (#1671)
• Support BYPOLYGON option for GEOSEARCH by @KarthikSubbarao (#1809)
• Introduce MPTCP by @pizhenwei (#1811)
• Add sentinel_total_tilt to sentinel INFO sentinel by @carlosfu (#1904)
• Add support for automatic client authentication via TLS certificate fields by @omanges (#1920)
• Add --hotkeys-count option for valkey-cli by @hwware (#1933)
• Introduce atomic slot migration by @murphyjacob4 (#1949)
• Introduce MPTCP for replica by @pizhenwei (#1961)
• Add DELIFEQ command by @LinusU (#1975)
• Allow dynamic modification of io-threads num by @ayush933 (#2033)
• Introduce HASH items expiration by @ranshid (#2089)
• Add SAFE option to SHUTDOWN to reject shutdown in unsafe situations by @enjoy-binbin (#2195)
• Support negative filtering for client command filters by @soloestoy (#2378)

• Auto-failover on shutdown unified config by @zuiderkwast (#2292)

• Add node pfail and fail count to cluster info metrics by @hpatro (#1910)
• Introduce support for lttng based tracing by @artikell (#2070)

• Optimize bitcount command by SIMD by @chzhoo (#1741)
• Save RDB file to disk using a background thread on replica(s) (#1784)
• Improve replication stability by prioritizing replication traffic in the replica by @xbasel (#1838)
• Optimize hyperloglog commands with ARM NEON SIMD instructions by @xbasel (#1859)
• Optimize BITCOUNT using ARM NEON SIMD by @xbasel (#1867)
• Optimize string-to-integer performance using AVX512 by @zhulipeng (#1944)
• Improve system responsiveness by limiting number of new cluster link connections per cycle by @hpatro (#2009)
• Optimize hash table performance using SIMD by @zhulipeng (#2030)
• Improve performance of network operations by directly writing responses to clients by @xbasel (#2078)
• Allow shrinking hashtables in low memory situations by @Fusl (#2095)
• Optimize string2ll with load-time CPU feature check using IFUNC resolver by @zhulipeng (#2099)
• Optimize WATCH by equalStringObjects early length check by @vitahlin (#2107)
• Optimize GEORADIUS command performance with pre-allocated buffer by @chzhoo (#2116)
• Improve zcount performance by combing range element ranks calculation with range elements search to @SoftlyRaining (#2129)
• Optimize scan/sscan/hscan/zscan commands by replacing list with vector by @chzhoo (#2160)

• Trigger manual failover on SIGTERM / shutdown to cluster primary by @enjoy-binbin (#1091)
• Add CLUSTER FLUSHSLOT command by @wuranxx (#1384)
• Allow replicas to become primaries without data by using CLUSTER REPLICATE NO ONE by @skolosov-snap (#1674)
• Add cluster bus port out of range error message for CLUSTER MEET command by @hwware (#1686)
• Add cluster-manual-failover-timeout to configure the timeout for manual failover by @enjoy-binbin (#1690)

• Add new module API flag to bypass command validation by @sungming2 (#1357)

• Avoid shard id update of replica if it doesn't match with primary shard id by @hpatro (#573)
• Change "Redis ver." to "Valkey ver." in LOLWUT output by @sarthakaggarwal97 (#1559)
• Fix temp file leak during replication error handling by @enjoy-binbin (#1721)
• Fix raxRemove crash at memcpy() due to key size exceeds max Rax size by @VoletiRam (#1722)
• Respect process umask when creating data files by @kronwerk (#1725)
• Fix error "SSL routines::bad length" when connTLSWrite is called second time with smaller buffer by @zori-janea (#1737)
• cmd's out bytes need count deferred reply by @soloestoy (#1760)
• Enable TCP_NODELAY by default in incoming and outgoing connections by @sungming2 (#1763)
• Ignore stale gossip packets that arrive out of order by @enjoy-binbin (#1777)
• Remove unicode optimization in Lua cjson library by @rjd15372 (#1785)
• Save config file and broadcast PONG message on configEpoch change by @enjoy-binbin (#1813)
• Fix engine crash on module client blocking during keyspace events by @yairgott (#1819)
• Fix bug where invalidation messages were getting sent to closing clients by @madolson (#1823)
• Fix ACL LOAD crash on replica since the primary client don't has a user by @bogdanp05 (#1842)
• Fix RANDOMKEY infinite loop during CLIENT PAUSE by @li-benson (#1850)
• Improve clarity of errors for GEO commands when member does not exist by @chx9 (#1943)
• Fix panic in primary when blocking shutdown after previous block with timeout by @murphyjacob4 (#1948)
• fix cluster slot stats assertion during promotion of replica by @Fusl (#1950)
• Fix incorrect lag reported in XINFO GROUPS by @nesty92 (#1952)
• Fix crash during TLS handshake with I/O threads by @uriyage (#1955)
• Disallow sending REPLY ON / OFF / SKIP inside a multi-exec transaction by @sarthakaggarwal97 (#1966)
• Fix random element in skewed sparse hash table by @zuiderkwast (#2085)
• Allow mixing quoted and unquoted inline args by @Fusl (#2098)
• Only mark the client reprocessing flag when unblocked on keys by @ranshid (#2109)
• CLIENT UNBLOCK should't be able to unpause paused clients by @enjoy-binbin (#2117)
• Fix memory corruption in sharded pubsub unsubscribe by @uriyage (#2137)
• Detect SSL_new() returning NULL in outgoing connections by @zuiderkwast (#2140)
• Correctly handle large cluster bus extensions which may have resulted in dropped cluster packets by @madolson (#2144)
• Converge divergent shard-id persisted in nodes.conf to primary's shard ID by @hpatro (#2174)
• Fix replica can't finish failover when config epoch is outdated by @enjoy-binbin (#2178)
• Fix CLUSTER SLOTS/NODES showing wrong port after updating port/tls-port by @enjoy-binbin (#2186)
• Fix use-after-free when active expiration triggers hashtable to shrink by @gusakovy (#2257)
• Redact user data when a module crashes for not handling I/O errors enabled by @YueTang-Vanessa (#2274)
• Generate a new shard_id when the replica executes CLUSTER RESET SOFT by @enjoy-binbin (#2283)
• Fix missing response when AUTH returns an error inside a transaction by @enjoy-binbin (#2287)
• Fix memory leak when shrinking a hashtable without entries by @yzc-yzc (#2288)
• Fix MEMORY USAGE to consider embedded keys by @yulazariy (#2290)
• Fix replicas claiming to still have slots after manual failover by @enjoy-binbin (#2301)
• Prevent bad memory access when NOTOUCH client gets unblocked by @uriyage (#2347)
• Fix large allocations crashing Valkey during active defrag by @Fusl (#2353)

• Support for RDB analysis reports by @artikell (#1743)
• Implement RPS control for valkey-benchmark by @artikell (#1761)
• valkey-cli: ensure output ends with a newline if missing when printing reply by @xbasel (#1782)
• Drop lua object files on clean by @secwall (#1812)
• Check both arm64 and aarch64 for ARM based system architecture by @eifrah-aws (#1829)
• Add --sequential option to valkey-benchmark to support populating entire keyspace by @SoftlyRaining (#1839)
• Support environment variable VALKEYCLI_AUTH alongside REDISCLI_AUTH in valkey-cli by @HiranmoyChowdhury (#1995)
• Add MGET test to valkey-benchmark by @zuiderkwast (#2015)
• Add support to send multiple arbitrary commands to valkey-benchmark by @zuiderkwast (#2057)
• Support RDMA for valkey-cli and benchmark by @pizhenwei (#2059)
• Support MPTCP for valkey-cli and benchmark by @pizhenwei (#2067)
• Allow valkey-benchmark to support multiple random (or sequential) placeholders by @SoftlyRaining (#2102)
• Change default values of valkey-cli to use valkey naming, and added fallback to old values by @avifenesh (#2334)
• Fix duplicate Acks for RDMA events and fix extremely large max latency for RDMA benchmark (#2430)

• Move auth check to the front, before command exist/arity/protected check by @enjoy-binbin (#1475)
• Include command fullname in error message when returning errors in multi-execs by @enjoy-binbin (#2286)
• Add STALE command flag to SCRIPT-EXISTS, SCRIPT-SHOW and SCRIPT-FLUSH by @enjoy-binbin (#2419)

• Ran Shidlansik @ranshid
• Binbin @enjoy-binbin
• Jacob Murphy @murphyjacob4
• Madelyn Olson @madolson
• YueTang-Vanessa @YueTang-Vanessa
• cxljs @cxljs
• Sarthak Aggarwal @sarthakaggarwal97
• amanosme @amanosme
• Hanxi Zhang @hanxizh9910
• Seungmin Lee @sungming2
• uriyage @uriyage
• Katie Holly @Fusl
• Nicky-2000 @Nicky-2000
• Allen Samuels @allenss-amazon
• yzc-yzc @yzc-yzc
• zhaozhao.zz @soloestoy
• asagegeLiu @asagege
• nitaicaro @nitaicaro
• Matthew @utdrmac
• Omkar Mestry @omanges
• Viktor Söderqvist @zuiderkwast
• kukey @kukey
• Harkrishn Patro @hpatro
• Avi Fenesh @avifenesh
• Amit Nagler @naglera
• Josh Soref @jsoref
• youngmore1024 @youngmore1024
• Rain Valentine @SoftlyRaining
• skyfirelee @artikell
• Wen Hui @hwware
• yulazariy @yulazariy
• Yakov Gusakov @gusakovy
• charsyam @charsyam
• Simon Baatz @gmbnomis
• Thalia Archibald @thaliaarchi
• chzhoo @chzhoo
• xbasel @xbasel
• Stav Ben-Tov @stav-bentov
• wuranxx @wuranxx
• Ayush Sharma @ayush933
• chx9 @chx9
• KarthikSubbarao @KarthikSubbarao
• Hüseyin Açacak @huseyinacacak-janea
• アンドリー・アンドリ @odaysec
• Ping Xie @PingXie
• Lipeng Zhu @zhulipeng
• Linus Unnebäck @LinusU
• Vitah Lin @vitahlin
• kronwerk @kronwerk
• Vadym Khoptynets @poiuj
• muelstefamzn @muelstefamzn
• zhenwei pi @pizhenwei
• George Padron @DoozkuV
• Björn Svensson @bjosv
• aradz44 @aradz44
• Hiranmoy Das Chowdhury @HiranmoyChowdhury
• Yair Gottdenker @yairgott
• Roshan Khatri @roshkhatri
• nesty92 @nesty92
• carlosfu @carlosfu
• Arthur Lee @arthurkiller
• Shai Zarka @zarkash-aws
• Sergey Kolosov @skolosov-snap
• Nathan Scott @natoscott
• lucasyonge @lucasyonge
• WelongZuo @WelongZuo
• Jim Brunner @JimB123
• jeon1226 @jeon1226
• Benson-li @li-benson
• Meinhard Zhou @MeinhardZhou
• Nikhil Manglore @Nikhil-Manglore
• Bogdan Petre @bogdanp05
• eifrah-aws @eifrah-aws
• Ricardo Dias @rjd15372
• secwall @secwall
• Anastasia Alexandrova @nastena1606
• Marek Zoremba @zori-janea
• VoletiRam @VoletiRam