Mastodawn

CVE-2026-46752: CRITICAL heap-based buffer overflow in Apache Kvrocks (2.0.4 – 2.15.0) via Redis Lua cjson. RCE & DoS possible. Upgrade to 2.16.0 ASAP. https://radar.offseq.com/threat/cve-2026-46752-cwe-122-heap-based-buffer-overflow--87a83247c4a43c17 #OffSeq #Kvrocks #CVE202646752 #infosec

OffSequence 1d ago

CVE-2026-41566 (CRITICAL, CVSS 9.4) in Apache Kvrocks 2.8.0 allows privilege escalation via improper permission handling. Upgrade to 2.16.0 is required — no other mitigation. Details: https://radar.offseq.com/threat/cve-2026-41566-cwe-280-improper-handling-of-insuff-5835abc74e4991d0 #OffSeq #CVE202641566 #Kvrocks #Security

Rune 🇨🇦Feb 6

I've been using Valkey (and Redis before it) for years when building scripts or small apps to store a bit of data.

Even though I'm not storing a lot of data, it has always irked me that it needs to be in memory all the time.

Last night I found kvrocks, an Apache project, which provides a redis interface, but stores data on disk in rocksdb. Even better, it has "namespaces", so I can separate each app easily by credential.

https://kvrocks.apache.org/

#kvrocks #redis #valkey #homelab #selfhost

Apache Kvrocks™ | Apache Kvrocks™

Apache Kvrocks is a distributed key value NoSQL database that uses RocksDB as storage engine and is compatible with Redis protocol.

Alexandre Dulaunoy Dec 26, 2024

Maybe it would be a great opportunity to replace the proprietary products mentioned like Redis in “ The Architecture of Open Source Applications (Volume 1)
The NoSQL Ecosystem ”

https://aosabook.org/en/v1/nosql.html with #valkey and also #kvrocks

I discover this git repo https://github.com/aosabook/aosabook/blob/3c147d363272138950266defbb99defa0cbd9e54/docs/en/v1/nosql.html#L333 which could be the source. Not sure how updates are performed for this book.