Phoronix·31wValkey 9.0 Released With Ability To Achieve One Billion Requests / Second
Valkey 9.0 has been released, marking a major milestone for the Linux Foundation-backed Redis fork. The new version introduces significant performance improvements, with the capability to handle up to one billion requests per second. This key-value database continues to evolve as a popular alternative in the data storage ecosystem.
Collections·33wCritical Redis Vulnerability CVE‑2025‑49844: Immediate Action Required
Wiz Research discovered RediShell (CVE-2025-49844), a critical remote code execution vulnerability in Redis with a maximum CVSS score of 10.0. The flaw stems from a 13-year-old use-after-free bug in Redis's Lua interpreter that allows authenticated attackers to bypass the sandbox and execute arbitrary code. With Redis deployed in 75% of cloud environments and 330,000 instances exposed online (60,000 without authentication), the impact is severe. Patches are available for Redis versions 6.2.20, 7.2.11, 7.4.6, 8.0.4, and 8.2.2, along with Valkey. Organizations should immediately upgrade, enable authentication, restrict network access, disable unnecessary Lua commands, and implement ACLs to limit script execution.
The New Stack·30wValkey 9.0 Debuts Multidatabase Clustering for Massive-Scale Workloads
Valkey 9.0 launches with multidatabase clustering support, enabling separate logical databases within distributed clusters while maintaining high throughput. The release introduces atomic slot migration for seamless node rebalancing without downtime, hash field expiration, and performance optimizations achieving up to 20% higher throughput. Security improvements address Lua scripting vulnerabilities and enhance authentication options. The update positions Valkey as a Redis-compatible, performance-optimized datastore for massive-scale workloads exceeding one billion requests per second.
Laravel News·30wInteractively Search and Delete Cache Keys in Laravel with Cache UI
Cache UI is a Laravel package that enables developers to interactively search, list, and delete individual cache keys through a CLI interface or programmatic API. It supports multiple cache drivers including Redis, File, and Database, eliminating the need to purge entire caches when managing specific keys. The package provides methods to retrieve all cache keys from default or specific stores and selectively remove keys without affecting other cached data.
Low Level Learning·32wit doesn't get worse than this (CVSS 10.0)
A critical CVSS 10.0 vulnerability in Redis involves a use-after-free bug in its custom Lua interpreter implementation. The flaw occurs when the garbage collector fails to properly track T-string objects, allowing freed memory to be reused while still accessible, potentially leading to type confusion and remote code execution. The vulnerability requires authentication to exploit and demonstrates how even garbage-collected languages can have memory safety issues in their runtime implementations.