https://github.com/memcached/memcached/wiki/ReleaseNotes1642 reveals:
Memcached 1.6.42 Release Notes
Date: 2026-5-18
Download
--------
http://www.memcached.org/files/memcached-1.6.42.tar.gz
Overview
--------
This is a major security focused release. Nearly all of the fixes are security
related for issues that can cause memory corruption, crashes, and so on.
If you submitted a security report that ended up being value, you are credited
in the commit history.
If you submitted a security report and do not see it here, it was either not a
security bug or I missed it.
Due to the very high volume of security reports in this round I did not give
them the individual scrutiny that I typically do: if there was a clear bug, it
was fixed, but no effort was made to validate the potential impact of the bug.
Most of the these bugs look extremely obscure, and are impossible to trigger
without convoluted configurations. This does not apply to all of the bugs:
if memcached can be accessed easily by an attacker it can be crashed.
Similarly I have not created CVE's for any of these as that requires
understanding the severity of each bug. In most cases these submissions
vastly overstated the severity of the bug. I leave it up to the submitters
to request their own CVE's if they wish.
Upgrading is strongly advised, regardless. Thanks to everyone who submitted
reports and for your patience in allowing me to collect the fixes all at once.
Fixes
-----
- vendor: Instructively warn if vendor blob missing
- proxy: fix write length in extstore miss
- Fix timing side-channel in SASL password database authentication
- proto: fix signed overflow in bodylen for binprot
- proxy: fix underflow with 0 length values
- auth: fix data race during reload
- auth: fix crash when given huge token
- proto: fix crash in binary protocol
- core: fix crashes from slabs reassign
- proxy: check result of buffer parse in match_res
- proxy: fix memory underread when nulling requests
- update data block protocol description to no longer reference obsolete S
flag
New Features
------------
None.
Contributors
------------
The following people contributed to this release since 1.6.41.
Note that this is based on who contributed changes, not how they were done.
In many cases, a code snippet on the mailing list or a bug report ended up
as a commit with your name on it.
Note that this is just a summary of how many changes each person made which
doesn't necessarily reflect how significant each change was. For details on
what led up into a branch, either grab the git repo and look at the output
of git log 1.6.41..1.6.42 or use a web view.
- Repo list: https://github.com/memcached/memcached/wiki/DevelopmentRepos
- Web View: http://github.com/memcached/memcached/commits/1.6.42
8 dormando
2 Bujna, Igor
1 Alec Stewart
1 Sarthak Munshi
