Valkey, an open-source, Redis-compatible in-memory key-value data store, has just released version 9.1, which adds database-level access control lists, enabling administrators to restrict users to specific databases.
Previously, ACLs applied permissions across all databases. Now, users can be limited to databases such as 0 and 1 while being denied access to others, such as database 2.
Lua scripting has been moved to a separate module, reducing the core server’s security surface and allowing operators to disable Lua when not needed. Additionally, the INFO command now includes a Scripting Engines section to display loaded scripting engines.
TLS handling has also been improved, with the INFO command now reporting TLS certificate expiration dates. Automatic background reloading of TLS certificates enables rotation without downtime, and support for certificate Subject Alternative Name URI authentication is added for mTLS setups.
Another highlight is that Valkey 9.1 introduces main-thread and I/O-thread usage metrics for improved observability. Since CPU usage alone can be misleading, these cumulative metrics provide operators with a clearer view of actual server load.
Additionally, the release adds JSON logging via the new log-format json option, enabling server logs to be emitted as structured JSON objects for easier processing with observability and log-management tools.
On the performance side, Valkey 9.1 delivers significant improvements, reaching up to 2.1 million requests per second on a single server with 512-byte payloads, nine I/O threads, and a pipeline depth of 10 commands. The redesigned I/O threading model increases throughput by up to 17% across various workloads.
Stream operations have been optimized. XRANGE and XREVRANGE commands are up to 30% faster due to hot-path improvements. GET throughput has increased by up to 30% for string GET commands after raising the string embedding size threshold.
Sorted set performance is also improved through changes to skiplist query processing. Plus, caching the COMMAND response may reduce connection setup time for clients. In addition, hardware clock usage is now enabled by default, reducing system call overhead and improving GET and SET performance by up to 3%.
Regarding memory efficiency, in Valkey 9.1, internal pointer optimizations reduce memory usage for strings under 128 bytes by up to 20%, and skiplist optimizations reduce sorted set memory usage by up to 10%. Hash table rehashing has also been optimized to minimize latency during keyspace growth.
On top of that, three new commands have been introduced. HGETDEL atomically retrieves and deletes one or more fields from a hash, eliminating the need to combine HGET and HDEL in a transaction. MSETEX sets multiple keys with a shared expiration time in a single command, reducing round trips for expiring keys. CLUSTERSCAN enables cluster-wide key scanning, so clients no longer need to scan each node separately and merge results.
Finally, tooling updates include atomic slot migration support in valkey-cli via the --cluster-use-atomic-slot-migration option for cluster rebalance and reshard operations. The valkey-benchmark tool now reports request-per-second distribution and adds --warmup and --duration parameters for more controlled benchmarking.
For additional details, see the announcement. Valkey 9.1 is available now as binaries, containers, and source code, with distro packages coming soon.
