NewsBits - Redis security and Elasticsearch 6.3.0


Welcome to NewsBits where you'll find the database and developer news from around the net for the week ending June 15th:

Database Bits

Redis - Security vulnerabilities in Redis's Lua Scripting going back to 2013 were revealed in a blog posting from Antirez who also released patched versions of the in-memory data store. At the core, two Lua extension packages were not well behaved about handling large numbers of arguments and exploiting that could crash the server or worse. The worst case, of taking control of the Redis server, has yet to be realized, but now is a good time to upgrade your Redis.

At Compose, we've already made the 3.2.12 and 4.0.10 versions available so users can update as soon as they can. Antirez, aka Salvatore Sanfilippo, says he is also considering future plans to harden the Lua implementation. It's not the first time Lua's triggered a security update in Redis and it's unlikely to be the last as security is a constant battle of finding and closing holes.

Elasticsearch - Elasticsearch 6.3.0 has arrived, along with the associated updates that make Elasticstack 6.3.0. The version sees the incorporation of Elastic's proprietary X-Pack extensions into the default distribution of Elasticsearch with a license which restricts who can distribute or host it. For the open-source only version, there's a separate distribution - elasticsearch-oss - which contains Apache 2 licensed code only.

As for Elasticsearch 6.3.0 itself, the headline features are support for an SQL to Elastic translator and the ability to schedule rollups of data to save space and time in time series and similar data sets. Both these features are actually part of the X-Pack tools though. That leaves mostly miscellaneous small enhancement, security and bug fixes to open source Elasticsearch. Kibana 6.3.0 fares better getting autocomplete in the query bar and a quick way to resume your sessions among the enhancements.

RabbitMQ - Version 3.7.6 of RabbitMQ is now available, with bug fixes most prominent in its change list. One interesting change is that the maximum priority cap for queues is now enforced and set to 255. If you rely on having more than 255 priorities, your applications will break. Among the enhancements, logging directly to syslog without plugins and a reduction in RAM consumption for some workloads is now offered. All the changes are noted in the release page on Github. Also released is RabbitMQ 3.6.16 with a number of fixes for the older version.

usql - In the land of enhanced database clients, usql has been around for around a year and in it's latest incarnation usql 0.7.0, it has now grown to bring in cql support. That joins a long list of supported databases with SQL drivers, along with those that can use Oracle and ODBC drivers. The usql application is inspired by the PostgreSQL psql command and tends to making all databases look like that. It works with URLs for connection and most recently, has introduced syntax highlighting on the command line. Unlike other third-party command lines, autocompletion is yet to come to usql, but despite that, it's an interesting multipurpose tool.

Developer Bits

Python - The next version of Python, 3.7.0, is in the closing straights with the release of 3.7.0rc1. Python 3.7 sees new syntax around type annotations, the reserving of async and await as keywords, context state and data classes in the standard library, a built-in breakpoint() function, better asyncio performance and more which you can read about in What's New In Python 3.7 as you get ready to test the release candidate. There's also Python 3.6.6rc1 available for testing too. Both release candidates are, modulo critical issues, expected to release on the 27th of June.

And Finally - one for the fans of reductive code as this blog post by the author of Docker in Practice shows how to make a runnable Docker image in less than 1000 bytes.

NewsBits. News in bits, every Friday at Compose.

Read more articles about Compose databases - use our Curated Collections Guide for articles on each database type. If you have any feedback about this or any other Compose article, drop the Compose Articles team a line at We're happy to hear from you.

Dj Walker-Morgan
Dj Walker-Morgan is Compose's resident Content Curator, and has been both a developer and writer since Apples came in II flavors and Commodores had Pets. Love this article? Head over to Dj Walker-Morgan’s author page to keep reading.

Conquer the Data Layer

Spend your time developing apps, not managing databases.