Update valkey/valkey Docker tag to v7.2.12

[renovate]

This PR contains the following updates:

Package	Type	Change
valkey/valkey	docker_registry_image	7.2.5-alpine → 7.2.12-alpine

---

Release Notes

valkey-io/valkey (valkey/valkey)

v7.2.12

Compare Source

Upgrade urgency SECURITY: This release includes security fixes we recommend you
apply as soon as possible.

Security fixes

• (CVE-2026-21863) Remote DoS with malformed Valkey Cluster bus message (#​3249)
• (CVE-2025-67733) RESP Protocol Injection via Lua error_reply (#​3249)

Bug fixes

• Fix ltrim should not call signalModifiedKey when no elements are removed (#​2787)
• Fix potential infinite loop in clusterNodeGetMaster (#​2830)
• Avoids crash during MODULE UNLOAD when ACL rules reference a module command and subcommand (#​3160)

Full changelog: valkey-io/valkey@7.2.11...7.2.12

v7.2.11

Compare Source

Valkey 7.2.11

Upgrade urgency SECURITY: This release includes security fixes we recommend you
apply as soon as possible.

Security fixes

• (CVE-2025-49844) A Lua script may lead to remote code execution
• (CVE-2025-46817) A Lua script may lead to integer overflow and potential RCE
• (CVE-2025-46818) A Lua script can be executed in the context of another user
• (CVE-2025-46819) LUA out-of-bound read

Bug fixes

• Ensure empty error tables in Lua scripts don't crash Valkey (#​2229)
• Fix client tracking memory overhead calculation (#​2360)

Full Changelog: valkey-io/valkey@7.2.10...7.2.11

v7.2.10: Valkey patch release 7.2.10

Compare Source

Upgrade urgency SECURITY: This release includes security fixes we recommend you
apply as soon as possible.

Bug fixes

• Fix a bug that allowed clients to process commands when the server has paused command processing (#​2231)
• Fix a crash when a module attempts to write auxiliary data with AOF enabled (#​2132)
• Fix a bug where the engine may crash when establishing new outbound TLS connections (#​2140)
• Fix a bug where a cluster bus packet may be incorrectly marked as invalid (#​2144)
• Fix a bug where CLUSTER SLOTS/NODES information can be stale after updating node port/tls-port (#​2186)
• Fix a bug where replica in cluster mode can't finish failover when config epoch is outdated (#​2232)
• Fix a bug to avoid CLIENT UNBLOCK command to unblock paused clients (#​2117)

Security fixes

• CVE-2025-27151 Check length of AOF file name in valkey-check-aof (#​2146)
• CVE-2025-32023 prevent out-of-bounds write during hyperloglog operations (#​2314)
• CVE-2025-48367 retry accept on transient errors (#​2315)

v7.2.9

Compare Source

Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible.

Security fixes

• (CVE-2025-21605) Limit output buffer for unauthenticated clients (#​1992)

Bug fixes

• Fix defrag crash when using FLUSHDB ASYNC in cluster mode (#​1873)
• Fix memory leak in forgotten node ping ext code path (#​1576)
• Fix module LatencyAddSample still work when latency-monitor-threshold is 0 (#​1541)
• Fix potential crash in radix tree recompression of huge keys (#​1722)
• Fix error "SSL routines::bad length" when connTLSWrite is called second time with smaller buffer (#​1737)
• Fix RANDOMKEY infinite loop during CLIENT PAUSE (#​1850)
• fix: add samples to stream object consumer trees (#​1825)
• Fix panic in primary when blocking shutdown after previous block with timeout (#​1948)
• Fix incorrect lag reported in XINFO GROUPS (#​1952)

Full Changelog: valkey-io/valkey@7.2.8...7.2.9

v7.2.8

Compare Source

Upgrade urgency SECURITY: This release includes security fixes we recommend you
apply as soon as possible.

Security fixes

• (CVE-2024-46981) Lua script commands may lead to remote code execution. (#​1513)
• (CVE-2024-51741) Denial-of-service due to malformed ACL selectors. (#​1514)

Bug fixes

• Fix a bug where extra memory would be used when storing strings in the
  inline protocol. (#​1213)
• Send the correct error message when FUNCTION KILL is used to kill an
  ongoing script. (#​1171)
• Make sure the last accessed time is correctly updated when using the TOUCH
  command with the CLIENT NO-TOUCH option. (#​1499)

v7.2.7

Compare Source

Upgrade urgency SECURITY: This release includes security fixes we recommend you
apply as soon as possible.

Bug fixes

• Prevented AOF from being incorrectly disabled after loading RDB data, ensuring
  proper re-enabling of AOF. (#​1001)
• Resolved issues in replicationSetPrimary where the primary node's IP/port
  updates were not correctly handled in the cluster gossip section. (#​965)

Packaging Improvements

• Build binary releases with systemd support. (#​1107)
• Avoid .c, .d and .o files from being copied to the binary tar.gz releases. (#​1106)

Security fixes

• (CVE-2024-31449) Lua library commands may lead to stack overflow and potential RCE.
• (CVE-2024-31227) Potential Denial-of-service due to malformed ACL selectors.
• (CVE-2024-31228) Potential Denial-of-service due to unbounded pattern matching.

v7.2.6

Compare Source

Upgrade urgency MODERATE: This release fixes an incompatibility issue with modules
compiled for Redis. For other users, it primarily fixes uncommon bugs.

Bug Fixes - Core

• Fix typo in REGISTER_API macro to prevent segfaults when loading Redis
  modules (#​608)
• Fix the command duration reset issue when clients are blocked and commands
  are reprocessed (#​526)
• Fix the data type conversion error in zrangeResultBeginStore (Redis#13148)
• Fix a crash caused by quicklist node merges (Redis#13040)
• Fix crashes in module blocking client timeout cases (Redis#13011)
• Fix conversion of numbers in Lua args to Redis args
  (Redis#13115, Fixes Redis#13113)
• Fix crash in LSET command when replacing small list items with larger ones,
  creating listpacks larger than 4GB (Redis#12955, Fixes Redis#12864)
• Fix blocking command timeout reset issue during reprocessing (Redis#13004)

Bug Fixes - Cluster

• Fix the CLUSTER SHARDS command to display accurate slot information even
  if a primary node fails (#​790, Fixes #​784)
• Fix an issue where module authentication failed when the cluster was down
  (#​693, Fixes #​619)
• Ensure only primary nodes with slots can mark another node as failed (#​634)
• Improve MEET command reliability under link failures to maintain cluster
  membership symmetry (#​461)
• Allow single primary node to mark potentially failed replica as FAIL in
  single-shard cluster (Redis#12824)

Bug Fixes - Sentinel

• Accept redis-sentinel to start Valkey in sentinel mode (#​731, Fixes #​719)

Bug Fixes - CLI

• Ensure the --count option in redis-cli works correctly even without
  --pattern (Redis#13092)
• Fix redis-check-aof misidentifying data in manifest format as MP-AOF
  (Redis#12951)
• Update redis-check-rdb types to replace stream-v2 with stream-v3
  (Redis#12969)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

GitLab Pipeline Action

General information

Link to pipeline: https://gitlab.com/code0-tech/infrastructure/mensa/-/pipelines/2410540714

Status: Passed
Duration: 2 minutes

Job summaries

tf-plan:server_administration

No changes. Your infrastructure matches the configuration.

tf-plan:github

No changes. Your infrastructure matches the configuration.

tf-plan:main

No changes. Your infrastructure matches the configuration.