ยซ Changelog History


gRPC v1.23.0 Release Notes

Release Date: 2019-08-14 // over 4 years ago

  • ๐Ÿš€ This release resolves the DoS vulnerability CVE-2019-9515 (SETTINGS flood). Users using the grpc-netty server with untrusted clients should upgrade.

    Dependencies

    • โฌ†๏ธ Bump netty to 4.1.38
    • โฌ†๏ธ Bump PerfMark to 0.17.0
    • โฌ†๏ธ Bump protobuf to 3.9.0

    ๐Ÿ› Bug Fixes

    • netty: Limit number of frames a client can cause the server to enqueue (#6056). Addresses CVE-2019-9515 (Settings flood). While grpc-java was not vulnerable to CVE-2019-9512 (Ping flood) nor CVE-2019-9514 (Reset flood), the fix provides protections against these attacks as well
    • alts: Fix server hang (#5900)
    • context: Fix race between CancellableContext and Context (#5981)
    • stub: Avoid race in onHalfClose server StreamObserver (#5991)
    • ๐Ÿ‘€ core: Avoid using partially-closed resources that threw during close in SharedResourceHolder (#6048). This avoids a permanent hang when using google-cloud-java. See googleapis/google-cloud-java#5810 and googleapis/google-cloud-java#5801

    API Changes

    • core: Add @Nullable to getter for trailers on StatusRuntimeException (#5951)
    • core: ClientStream.getAttributes() can be called at any time (#5904)
    • core,netty: Block server shutdown until the socket is unbound (#5905)
    • netty: Users providing EventLoopGroup and/or ChannelType for NettyServerBuilder and NettyChannelBuilder requires to provide all of them or none. Otherwise, it will throw an IllegalStateException (#6014)

    ๐Ÿ†• New Features

    • Make //compiler:grpc_java_plugin publicly visible again (#5947)
    • java_grpc_library.bzl: Work with proto_library rules using strip_import_prefix / import_prefix (#5959)
    • ๐Ÿ‘‰ Make .proto import path computation work with virtual protos in the main repository (#5967)
    • core: Attach debug information about stream to DEADLINE_EXCEEDED (#5892)

    ๐Ÿ“š Documentation

    • Provide an example of hedging in examples
    • ๐Ÿ”Œ compiler: Add note about where to download precompiled version of plugin (#6022)

    Acknowledgements

    @aaliddell Adam Liddell
    @DarrienG Darrien Glasser
    @jadekler Jean de Klerk
    @lberki Lukacs T. Berki
    @liym stbridge
    @mkobit Mike Kobit
    @tiggerlee2 Shuangtai Li
    @zhaonian Zhaonian Luan