Add release notes entry for Valkey 7.2.13 (#3631)

Add a release notes entry for **Valkey 7.2.13** covering the three security fixes being ported to the `7.2` branch: - **CVE-2026-23479** — Use-After-Free in unblock client flow - **CVE-2026-25243** — Invalid Memory Access in RESTORE command - **CVE-2026-23631** — Use-after-free when full sync occurs during a yielding Lua/function execution Only modifies `00-RELEASENOTES`. The actual code fixes are in separate PRs targeting `7.2`. --------- Signed-off-by: Madelyn Olson <madelyneolson@gmail.com> Co-authored-by: Madelyn Olson <madelyneolson@gmail.com>
2026-05-06 05:26:42 -04:00 · 2026-05-06 06:56:13 +03:00
parent c25d38e97b
commit 5891a6150b
2 changed files with 15 additions and 2 deletions
@@ -11,6 +11,19 @@ CRITICAL: There is a critical bug affecting MOST USERS. Upgrade ASAP.
 SECURITY: There are security fixes in the release.
 --------------------------------------------------------------------------------

+================================================================================
+Valkey 7.2.13  -  Tue 05 May 2026
+================================================================================
+
+Upgrade urgency SECURITY: This release includes security fixes we recommend you
+apply as soon as possible.
+
+Security fixes
+==============
+* (CVE-2026-23479) Use-After-Free in unblock client flow
+* (CVE-2026-25243) Invalid Memory Access in RESTORE command
+* (CVE-2026-23631) Use-after-free when full sync occurs during a yielding Lua/function execution
+
 ================================================================================
 Valkey 7.2.12  -  Released Mon 23 February 2026
 ================================================================================
@@ -1,6 +1,6 @@
 #define SERVER_NAME "valkey"
-#define VALKEY_VERSION "7.2.12"
-#define VALKEY_VERSION_NUM 0x0007020C
+#define VALKEY_VERSION "7.2.13"
+#define VALKEY_VERSION_NUM 0x0007020D

 /* Redis compatibility version, should never
 * exceed 7.2.x. */