Our Response to the RediShell Vulnerability

Earlier this week, Wiz Research disclosed a critical remote code execution vulnerability called RediShell, affecting Redis and its open-source fork Valkey, specifically versions Redis 6.x and Valkey 8.x, used by Render Key Value instances. While there is no evidence of exploitation on Render, the company has scheduled maintenance to upgrade affected instances to patched versions, Redis 6.2.20 and Valkey 8.1.4, and has informed workspace owners via email. Render advises users to perform maintenance from the Render Dashboard at their convenience, though it will automatically occur at a scheduled time, causing a brief one-minute downtime. Security measures include blocking public internet traffic, requiring authentication for external connections, and auditing allowed IP ranges. Render remains committed to monitoring and updating its platform to ensure security, encouraging users to contact support with any questions, while promoting its cloud services as reliable and developer-friendly.