Redis Uptake LUA fix to CVE-2014-5461 in redis

Redis 3.2.12(and possibly 4.x) does not have fix to CVE-2014-5461 that fixes a vulnerability in Lua.

Comment From: mojtaba-naseri

i using last stable version 4.0.11 but this vulnerability CVE-2014-5461 not fixed yet Why did not they fix the problem ?

Comment From: plainee

the same，using redis 6.0.4，lua vulnerabilities not fixed： CVE-2020-15888 CVE-2020-15889 CVE-2020-15945 CVE-2014-5461

Is there any plan to upgrade or fix it?

Comment From: yossigo

The Lua fix for CVE-2014-5461 is resolved by #7733. As for the other reported Lua vulnerabilities, they seem to have been introduced (and solved) by newer versions of Lua only (Redis uses Lua 5.1).

Comment From: oranagra

merged. thank you.