We support Debian versions that are under Debian Security Support / stable versions that are officially supported by Debian. Updated support matrix.

We encourage you to use the latest stable Debian version, and to consider that the 'LTS' versions of Debian are maintained by volunteers - not by the Debian security team.

Please refer to our security policy here

If you believe you've discovered a serious vulnerability, please contact the Redis core team at redis@redis.io. We will evaluate your report and if necessary issue a fix and an advisory. If the issue was previously undisclosed, we'll also mention your name in the credits.

In some cases, we may apply a responsible disclosure process to reported or otherwise discovered vulnerabilities. We will usually do that for a critical vulnerability, and only if we have a good reason to believe information about it is not yet public.

This process involves providing an early notification about the vulnerability, its impact and mitigations to a short list of vendors under a time-limited embargo on public disclosure.

If you believe you should be on the list, please contact us and we will consider your request based on the above criteria.