TL;DR: A critical update to Redis, 4.0.6, is now available on Compose. Users of the 4.x series should upgrade as soon as possible.
On Wednesday, November 29th, Redis creator Salvatore Sanfilippo tweeted about a Redis 4.0.x bug that had recently been discovered. The problem affected the restarting of secondary Redis servers and the resynchronization process. At Compose we immediately began preparing for an important update to come to Redis. Reliable synchronization is a big part of our approach to keeping your Redis highly available.
In case you are wondering; yes, the last version of Redis was 4.0.2, the new version is 4.0.6. This is because there was a semi-false start with an incomplete set of fixes appearing in what was released as Redis 4.0.3. The release notes for 4.0.3 were correct, though, in picking the flaw out as critical and detailing a number of other fixes that were applied to the release.
Once he had the complete set of updates merged, Sanfilippo tested the fixed build and made Redis 4.0.4 available. Compose engineers deployed Redis 4.0.4 prepared for Compose Redis deployments.
And then, the next day, Sanfillipo alerted users to a bug that had passed all testing. This bug would see secondary servers crash if Lua scripting was in use. This bug was apparently fixed in a released version 4.0.5, but it was not to be. On December 4th, Sanfillipo released Redis 4.0.6 after bringing in independent developers to review the changes and bumping up intensity of the testing regime.
After initally offering the update, Compose engineering has held the upgrade back from general use, upgraded users who had upgraded to any of the earlier version and waited to ensure that there would be no more surprises. Now, that a week has passed and there are no reported problems, we are happy to offer Redis 4.0.6 upgrades again.
As per our database lifecycle policy, and given the update is labeled critical, but not for security purposes we are handling this as a high priority issue.
This means users have seven days to upgrade their Redis 4.0.x databases to 4.0.6 at a time of their choosing. At the end of the seven days, we will push the update to the remaining Redis 4.0.x databases.
How to update
To upgrade, visit your Redis deployment in the Compose console and go to the Overview page. There should be prompts indicating that you can upgrade and you can follow them or click on the Settings to get to the Change Version panel.
Then select 4.0.6 from the drop-down menu and click Change Version. If you have your clients configured for failover, you should see only a minor interruption of service. If not, just get your applications to reconnect and they will connect to the freshly updated Redis servers.
With minor updates, we rely of the efficacy of the upstream developers and in this case things became complicated by a series of updates. Sanfillipo has published a post mortem of what took place and outlined the steps being taken to ensure it doesn't happen again. We applaud his transparency in this matter and look forward to a less eventful release pattern in future.
Read more articles about Compose databases - use our Curated Collections Guide for articles on each database type. If you have any feedback about this or any other Compose article, drop the Compose Articles team a line at email@example.com. We're happy to hear from you.