gRPC v1.21.1

Version Release Notes from August 14, 2019 (over 4 years ago)

« Changelog History

gRPC v1.21.1 Release Notes

Release Date: 2019-08-14 // over 4 years ago

🚀 This release resolves the DoS vulnerability CVE-2019-9515 (SETTINGS flood). Users using the grpc-netty server with untrusted clients should upgrade.

🐛 Bug fixes
- netty: Limit number of frames a client can cause the server to enqueue (#6056). Addresses CVE-2019-9515 (Settings flood). While grpc-java was not vulnerable to CVE-2019-9512 (Ping flood) nor CVE-2019-9514 (Reset flood), the fix provides protections against these attacks as well
- bazel: fixed a regression in v1.21 where java_grpc_library ignored custom java toolchains (#5844)
- bazel target //compiler:grpc_java_plugin is publicly visible again (#5953). The target wasn't publicly visible since v1.21.0. This target was used by rules_proto.
- 👀 core: Avoid using partially-closed resources that threw during close in SharedResourceHolder (#6048). This avoids a permanent hang when using google-cloud-java. See googleapis/google-cloud-java#5810 and googleapis/google-cloud-java#5801

Awesome Java is part of the LibHunt network. Terms. Privacy Policy.