All Versions
14
Latest Version
Avg Release Cycle
33 days
Latest Release
21 days ago

Changelog History
Page 1

  • v1.24.0

    September 25, 2019
  • v1.23.0

    August 14, 2019

    πŸš€ This release resolves the DoS vulnerability CVE-2019-9515 (SETTINGS flood). Users using the grpc-netty server with untrusted clients should upgrade.

    Dependencies

    • ⬆️ Bump netty to 4.1.38
    • ⬆️ Bump PerfMark to 0.17.0
    • ⬆️ Bump protobuf to 3.9.0

    πŸ› Bug Fixes

    • netty: Limit number of frames a client can cause the server to enqueue (#6056). Addresses CVE-2019-9515 (Settings flood). While grpc-java was not vulnerable to CVE-2019-9512 (Ping flood) nor CVE-2019-9514 (Reset flood), the fix provides protections against these attacks as well
    • alts: Fix server hang (#5900)
    • context: Fix race between CancellableContext and Context (#5981)
    • stub: Avoid race in onHalfClose server StreamObserver (#5991)
    • πŸ‘€ core: Avoid using partially-closed resources that threw during close in SharedResourceHolder (#6048). This avoids a permanent hang when using google-cloud-java. See googleapis/google-cloud-java#5810 and googleapis/google-cloud-java#5801

    API Changes

    • core: Add @Nullable to getter for trailers on StatusRuntimeException (#5951)
    • core: ClientStream.getAttributes() can be called at any time (#5904)
    • core,netty: Block server shutdown until the socket is unbound (#5905)
    • netty: Users providing EventLoopGroup and/or ChannelType for NettyServerBuilder and NettyChannelBuilder requires to provide all of them or none. Otherwise, it will throw an IllegalStateException (#6014)

    πŸ†• New Features

    • Make //compiler:grpc_java_plugin publicly visible again (#5947)
    • java_grpc_library.bzl: Work with proto_library rules using strip_import_prefix / import_prefix (#5959)
    • πŸ‘‰ Make .proto import path computation work with virtual protos in the main repository (#5967)
    • core: Attach debug information about stream to DEADLINE_EXCEEDED (#5892)

    πŸ“š Documentation

    • Provide an example of hedging in examples
    • πŸ”Œ compiler: Add note about where to download precompiled version of plugin (#6022)

    Acknowledgements

    @aaliddell Adam Liddell
    @DarrienG Darrien Glasser
    @jadekler Jean de Klerk
    @lberki Lukacs T. Berki
    @liym stbridge
    @mkobit Mike Kobit
    @tiggerlee2 Shuangtai Li
    @zhaonian Zhaonian Luan

  • v1.22.2

    August 13, 2019
  • v1.22.1

    July 11, 2019

    πŸ› Bug Fixes

    • πŸ›  Fix IllegalStateException when transport is terminated (#5955). This is due to a race that seems to mainly impact OkHttp clients. While we believe all transports are affected, it may trigger very rarely. If you see an exception with the message β€œactiveTransport still points to this transport. Seems transportShutdown() was not called.” then you are impacted by the bug.
    • bazel target //compiler:grpc_java_plugin is publicly visible again (#5953). The target wasn't publicly visible since v1.21.0. This target was used by rules_proto.
  • v1.22.0

    July 02, 2019

    Dependencies

    • ⬆️ upgrade netty version to 4.1.35 and netty-tcnative version to 2.0.25 (#5818)

    πŸ› Bug Fixes

    • πŸ›  core: fixed #5692: NameResolver refresh not triggered if empty addresses returned
    • services: fix HealthCheckingLoadBalancer.shutdown() (#5887)
    • bazel: fixed a regression in v1.21 where java_grpc_library ignored custom java toolchains (#5844)
    • ALTS connection setup and teardown is more stable, less noisy.
    • netty: some of the less interesting transport level exceptions are now fine level (#5873)
    • βœ… testing: resource leak is fixed for TestUtils#newSslSocketFactoryForCa

    API Changes

    • πŸš€ protobuf-nano was deleted. The Protobuf project dropped support for nano in favor of javalite, which was causing trouble for gRPC’s development. Users of nano can continue using older grpc-protobuf-nano releases, as it only uses stable API. See gRFC L51.
    • πŸ‘€ LoadBalancer API sees a few changes that will help hierarchical implementations:
      • api: LoadBalancer.Helper and Subchannel is now further non-thread-safe. (#5718)
      • api: move SubchannelPicker.requestConnection() to LoadBalancer. (#5751)
      • api: pass Subchannel state updates to SubchannelStateListener rather than LoadBalancer (#5722). Different from the old LoadBalancer#handleSubchannelState(), the new SubchannelStateListener continues to receive updates after LoadBalancer is shutdown. (#5883)
      • api: Subchannel.requestConnection() will print a warning if called outside of sync-context (#5757). We plan to make it throw eventually.
      • api: deprecate Helper.updateSubchannelAddresses() and add equivalent on Subchannel (#5802)
    • πŸ— netty,okhttp: The experimental and long-deprecated enableKeepAlive API was removed from the transport channel builders (#5795). Setting the keep alive settings individually is still available and is stable API. The removed API was actively causing user issues because its defaults were too aggressive for the server’s defaults.
    • api: new method for removing values from Attributes.
    • core: some of the open census tags (method, status tags) are no longer propagated. This may break users who depends on the behavior that these tags propagate through process boundaries. (#5689)

    πŸ†• New Features

    • api: add getters for NameResolver.Args and NameResolverRegistry in LoadBalancer.Helper (#5685) (We are considering deleting getNameResolverRegistry() in the near future. Please reach out to us if you want to keep it).
    • 🌲 netty: can log the stages of connecting (client side only), such as TLS.
    • βž• Added perfmark annotations to RPCs for local tracing.

    πŸ“š Documentation

    • βœ… examples: use test certs for running example-tls (#5763)
    • πŸ”’ SECURITY.md: Add Fedora 30 package installation instructions (#5734)
    • api,stub: Clarify isReady()/onReady() interaction semantics (#5799)
    • examples: TLS examples are easier to run(#5715)

    Acknowledgements

  • v1.21.1

    August 14, 2019

    πŸš€ This release resolves the DoS vulnerability CVE-2019-9515 (SETTINGS flood). Users using the grpc-netty server with untrusted clients should upgrade.

    πŸ› Bug fixes

    • netty: Limit number of frames a client can cause the server to enqueue (#6056). Addresses CVE-2019-9515 (Settings flood). While grpc-java was not vulnerable to CVE-2019-9512 (Ping flood) nor CVE-2019-9514 (Reset flood), the fix provides protections against these attacks as well
    • bazel: fixed a regression in v1.21 where java_grpc_library ignored custom java toolchains (#5844)
    • bazel target //compiler:grpc_java_plugin is publicly visible again (#5953). The target wasn't publicly visible since v1.21.0. This target was used by rules_proto.
    • πŸ‘€ core: Avoid using partially-closed resources that threw during close in SharedResourceHolder (#6048). This avoids a permanent hang when using google-cloud-java. See googleapis/google-cloud-java#5810 and googleapis/google-cloud-java#5801
  • v1.21.0

    May 23, 2019

    Dependencies

    • 🚚 context: Removed unnecessary deps from Bazel target. gRPC depends on these deps elsewhere, so it only benefits Bazel users using context by itself
    • ⬆️ core: Upgraded to OpenCensus 0.21.0 (#5657)
    • 🚚 services: Removed dependency on re2j. Re2j is no longer used by grpc

    πŸ› Bug Fixes

    • πŸš€ stub: release server-streaming reference on request after method call (#5638). This allows the request to be garbage collected much sooner for a long-lived RPC
    • netty: ALPN negotiation failure is now properly reported as UNAVAILABLE, not UNKNOWN
    • πŸ›  okhttp: Deadlock during transport start when network became unavailable during the start up is fixed (#5567)

    API Changes

    • πŸ“¦ api: The classes in io.grpc (not subpackages) were moved to a new artifact β€œgrpc-api”, from grpc-core (#5590). This allows using the API without bringing in as many dependencies, and makes it easier for libraries to have an optional dependency on the rest of grpc. grpc-core now depends on grpc-api. Many users should be able to depend on grpc-api instead of grpc-core if they wish. grpc-core still contains the in-process transport, io.grpc.util, and internal classes used elsewhere in grpc. Most users should still expect to have at least a transitive dependency on grpc-core.
    • api: Stabilized MethodDescriptor.Marshaller
    • api: Added NameResolverRegistry (#5586). It is now possible to construct a NameResolverProvider and register it into the global map manually. This is useful to inject dependencies into the name resolver.
    • api: add a convenience getService() method on MethodDescriptor (#5633)
    • πŸ—„ api: added a new LoadBalancer.handleResolvedAddresses() API for handling resolved addresses which includes service config explicitly (#5499). LoadBalancer.handleResolvedAddressGroups() is deprecated
    • πŸ—„ api: introduced NameResolver.Args that deprecates NameResolver.Helper. (#5664)
    • api: make LoadBalancer.Helper and Subchannel further non-thread-safe (#5718)
    • api: augment LoadBalancer.CreateSubchannelArgs with custom options (#5640)
    • πŸ—„ api: deleted ManagedChannelBuilder.loadBalancerFactory() and all deprecated factories (#5480). Use LoadBalancerRegistry and ManagedChannelBuilder.defaultLoadBalancingPolicy() instead
    • πŸ— api: changed ClientStreamTracer.StreamInfo to a final class with a builder (#5648)
    • core/util: create a ForwardingClientStreamTracer class for delegation use (#5589)
    • 0️⃣ netty: Netty server sets default socket options for all socket-based transports. Not just NIO

    πŸ†• New Features

    • ⚑️ stub: optimized CPU and memory usage of the internal ThreadlessExecutor used for blocking calls (#5516)
    • stub: Improved error message on client and server when StreamObserver.onNext() is called after onCompleted() (#5656)
    • 🐧 netty: Netty channel / server will now default to using Netty’s Epoll transport when able, otherwise uses Nio like before. To use epoll, it requires to have a runtime dependency netty-transport-native-epoll and epoll supported OS (linux) (#5581)
    • 0️⃣ netty: now defers to netty for the default number of event loops, if unspecified (#5585). This should only matter when using system properties to override Netty’s defaults
    • πŸ‘‰ netty: TCP_USER_TIMEOUT is now enabled and set to the keepalive timeout if keepalive is enabled and if using the netty epoll transport (#5599). This can reduce the failure detection delay without a network cost
    • 🌲 okhttp: add verbose logging for OkHttp HTTP/2 frame content (#5488)
    • πŸ— auth: MoreCallCredentials now uses Credentials Builder instead of deprecated constructor to create the ServiceAccountJwtAccessCredentials used internally. This means JWT will continue to be used when the constructor is removed. Before this change the code would fall back to exchanging OAuth tokens if the constructor was not available
    • examples/android: add example for grpc running under StrictMode (#5527)

    πŸ“š Documentation

    • πŸ“š api: add note about retrying UNAVAILABLE for non-idempotent RPCs in Status documentation (#5595)

    Acknowledgements

    Thanks to all of our contributors:

  • v1.20.0

    April 10, 2019

    πŸ— Dependencies and Build Changes

    • ⬆️ Upgraded to Netty 4.1.34 and Netty TCNative 2.0.22
    • ⬆️ Upgraded to Protobuf 3.7.1
    • ⬆️ Test code upgraded to Mockito 2 (fixes #5319)
    • βœ… io.grpc:grpc-testing no longer (transitively) depends on mockito
    • πŸ‘‰ Bazel 0.23 or newer is required. This was required to support --incompatible_use_toolchain_providers_in_java_common . As of Bazel 0.24, grpc is compatible with all incompatible flags marked for migration
    • ⬆️ auth: Upgraded google-auth-library-java to 0.13.0
    • bazel: grpc_java_repositories: fix com_google_protobuf_javalite sha256. (#5456)

    πŸ› Bug Fixes

    • πŸ‘• core: suppress android lint error for javax.naming.*
    • 🚚 bom: added missing artifact (protoc-gen-grpc-java) to bom, removed grpc-compiler.
    • services/grpclb: use Stopwatch to count for LB backoff time.
    • πŸ›  core: fixed an issue that DNS JNDI does not work if there is an unavailability cause (#5500)
    • 0️⃣ netty: fixed a memory leak due to the default grace time (#5443)
    • πŸ›  core: make the newNameResolver() change backward compatible for callers (#5564, fixes #5556)
    • πŸ›  okhttp: fixed a deadlock (#5570)
    • core: corrected config key for hedging max attempts (#5373)
    • ⚑️ grpclb: keep track of state updates for cached Subchannels. (#5441)

    πŸ†• New Features

    • bazel: created bazel targets for grpc-services (#5384)
    • ALTS: added ComputeEngineChannelBuilder (#5473)
    • πŸ— okhttp: add socketFactory method to channel builder (#5378)
    • 0️⃣ grpclb: now supports "pick_first" child policy in addition to the default "round_robin" (#5438)

    Behavior Changes

    • grpclb: use fallback addresses if no balancer address is given (#5445)

    API Changes

    • πŸ—„ core: Deprecated ClientStreamTracer.Factory#newClientStreamTracer is now deleted(#5377)
    • core: NameResolver no longer needs to be thread-safe (#5364)
    • core: Added ManagedChannelBuilder.defaulServiceConfig() and disableServiceConfigLookUp()
    • πŸ—„ core: deprecated LoadBalancer.Helper#getNameResolverFactory (#5418)

    πŸ“š Documentation

    • ⚑️ COMPILING.md: updated document for codegen plugin compilation instruction.
    • πŸ”’ SECURITY.md: document that tcnative/ALPN works on Alpine. It is unclear how long Alpine has been capable of working
    • πŸ‘ examples: add an example of server-side compression support (#5358)

    Acknowledgments

    Thanks to all of our contributors:

  • v1.19.0

    February 28, 2019

    πŸ— Dependencies and Build Changes

    • ⬆️ Upgraded to protobuf 3.6.1 (#5320)
    • πŸ—„ Google App Engine Java 7 is no longer supported, as it was shut down. Java 8 is supported.
    • ⬆️ Upgraded Guava to 26.0-android
    • βž• Add "fake" Bazel dependency on Guava's failureaccess to fix dependency handling issue in maven_jar (#5350)
    • ⬆️ Upgraded OpenCensus to v0.19.2 (#5329)

    πŸ› Bug Fixes

    • πŸ›  Fixed Service Config DNS parsing to match specification (Service Config is still off by default) (#5293)
    • OkHttp no longer spams NPE when connecting to a server that's down (#5260)
    • Context avoids leaking ClassLoader through a ThreadLocal (#5290)
    • Status is now preserved when getting a RST_STREAM with no error (#5264)
    • βœ‚ Removed Channel reference from ManagedChannelWrapper to avoid a memory leak (#5283)
    • Avoid NPE in Cronet after the transport has shutdown (#5275)
    • πŸ›  Fixed a channel panic caused by calling NameResolver.refresh() (#5223)

    πŸ†• New Features

    • πŸ†• New artifact grpc-bom is added (#5209)
    • Each ManagedChannel can now have its own ProxyDetector (#5173)

    Behavior Changes

    • 0️⃣ If enabled, health checking defaults to SERVING if the name unspecified (#5274)
    • Graceful Netty server shutdown now issues two GOAWAYs (#5351)
    • Client-side health checking now warns if disabled (#5261)

    API Changes

    • Removed DEFAULT_CONNECTION_SPEC from OkHttpChannelBuilder (#5309)
    • NettyChannelBuilder now accepts a channelFactory (#5312)
    • πŸ‘ NettyServerBuilder supports listening on multiple sockets (#5306)
    • CallCredentials is now preferred over CallCredentials2 (#5216)
    • ProxiedSocketAddress is added as an Experimental API (#5344)
    • βž• Added NameResolver.Helper, for use with new NameResolver.newNameResolver() overload (#5345)
    • πŸ—„ Deprecated previous NameResolver.newNameResolver() overload (#5345)

    πŸ“š Documentation

    Acknowledgments

    Thanks to all of our contributors:

  • v1.18.0

    January 15, 2019

    Dependencies

    • ⬇️ Downgraded to Guava 25.1 to ease gRPC upgrade for users of Beta APIs broken in Guava 26. We’re planning to upgrade in gRPC-java v1.19.0
    • ⬆️ Upgraded to Netty 4.1.32 and Netty TCNative 2.0.20
    • ⬆️ Upgraded to OpenCensus 1.18.0

    πŸ› Bug Fixes

    • πŸ—„ core: Fixed typo in deprecation warning in RoundRobinLoadBalancerFactory (#5117). The balancer has the name round_robin in the registry (not round-robin)
    • πŸ›  core: Fixed a bug where CallOptions#withOption() mutates original instance if existing key is overwritten (#5142)
    • πŸ‘» stub: on server-side, disable cancellation exception from StreamObserver.onNext if onCancelHandler set (#5061). When using onCancelHandler, this makes it so that grpc’s implementations of StreamObserver.onNext never throw a StatusRuntimeException
    • stub: make sure StreamObservers.copyWithFlowControl() only calls onComplete once (#4558)
    • πŸ‘€ okhttp: Fixed Android out of memory upon network disconnect (#4860). Applications sending many small messages on a single stream may see much lower memory use
    • bazel: Corrected re2j SHA in repositories.bzl
    • πŸ—„ bazel: Use new http_archive rule instead of the deprecated native.http_archive (#5104)
    • πŸ›  alts: Fixed inactivity-triggered shutdown of netty event loop causing future Channels to enter panic mode

    πŸ†• New Features

    • Deadlines have a more readable toString() representation
    • core: User can now register custom LoadBalancerProviders into LoadBalancerRegistry (#5070)
    • 0️⃣ core: ManagedChannelBuilder can now specify the default load-balancing policy by name (#5135)
    • πŸ‘ core: Added hedging support specified by the retry spec. Calling ManagedChannelBuilder.enableRetry() will enable ordinary retry as well as hedging. Caveat: Retry/hedging need to consume a service config with retry/hedging policies, but currently grpc-java library did not provide an effective way/API to produce a service config locally or from name resolver yet
    • core: LoadBalancer can now trigger name resolution refresh (#5121)
    • πŸ‘ core: the new LoadBalancingConfig field from Service Config is now supported (#5073)
    • core: LoadBalancer can opt-in to receive empty address list from NameResolver (#5148)
    • πŸ“‡ core: ClientStreamTracer can intercept trailing metadata (#5088)
    • core: Record real-time metrics (reported on a per-message basis) to OpenCensus (#5099)
    • ⬆️ netty: Fixed client-side support for h2c via Upgrade (#4518). This is still a second-class negotiation mechanism as it lacks good tests and is rarely used

    API Changes

    • HealthStatusManager can go permanently unhealthy to aid in server shutdown

    πŸ“š Documentation

    • examples: Added JWT authentication and Google Cloud Authentication examples

    Acknowledgements

    Thanks to all our external contributors:

    Arnout Engelen @raboof
    Brendan Linn @Ubehebe
    David Hoover @deadmoose
    Grant Oakley @groakley
    Rodrigo Queiro @drigz
    ST-DDT @ST-DDT
    Thomas Broyer @tbroyer
    Venil Noronha @venilnoronha
    Ze'ev Klapow @zklapow