This update for valkey fixes the following issues:
Update to version 8.0.7.
Security issues fixed:
- CVE-2025-67733: data tampering and denial of service via improper null character handling in Lua scripts
(bsc#1258746).
- CVE-2026-21863: denial of service via invalid clusterbus packet (bsc#1258788).
Other updates and bugfixes:
- ltrim should not call signalModifiedKey when no elements are removed (#2787)
- chained replica crash when doing dual channel replication (#2983)
- used_memory_dataset underflow due to miscalculated used_memory_overhead (#3005)
- avoids crash during MODULE UNLOAD when ACL rules reference a module command and
subcommand (#3160)
- server assert on ACL LOAD and resetchannels (#3182)
- bug causing no response flush sometimes when IO threads are busy (#3205)