Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Update gRPC packages to v1.23.0 #6081

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
chingor13 merged 1 commit into from
Aug 16, 2019
Merged

Update gRPC packages to v1.23.0 #6081

chingor13 merged 1 commit into from
Aug 16, 2019

Conversation

@renovate-bot
Copy link
Contributor

@renovate-bot renovate-bot commented Aug 15, 2019

This PR contains the following updates:

Package Update Change
io.grpc:grpc-netty (source) minor 1.21.0 -> 1.23.0
io.grpc:grpc-netty-shaded (source) minor 1.21.0 -> 1.23.0
io.grpc:grpc-stub (source) minor 1.21.0 -> 1.23.0
io.grpc:grpc-core (source) minor 1.21.0 -> 1.23.0
io.grpc:grpc-protobuf (source) minor 1.21.0 -> 1.23.0
io.grpc:grpc-context (source) minor 1.21.0 -> 1.23.0
io.grpc:grpc-testing (source) minor 1.21.0 -> 1.23.0
io.grpc:grpc-auth (source) minor 1.21.0 -> 1.23.0

Release Notes

grpc/grpc-java

v1.23.0

Compare Source

This release resolves the DoS vulnerability CVE-2019-9515 (SETTINGS flood). Users using the grpc-netty server with untrusted clients should upgrade.

Dependencies

  • Bump netty to 4.1.38
  • Bump PerfMark to 0.17.0
  • Bump protobuf to 3.9.0

Bug Fixes

API Changes

  • core: Add @Nullable to getter for trailers on StatusRuntimeException (#​5951)
  • core: ClientStream.getAttributes() can be called at any time (#​5904)
  • core,netty: Block server shutdown until the socket is unbound (#​5905)
  • netty: Users providing EventLoopGroup and/or ChannelType for NettyServerBuilder and NettyChannelBuilder requires to provide all of them or none. Otherwise, it will throw an IllegalStateException (#​6014)

New Features

  • Make //compiler:grpc_java_plugin publicly visible again (#​5947)
  • java_grpc_library.bzl: Work with proto_library rules using strip_import_prefix / import_prefix (#​5959)
  • Make .proto import path computation work with virtual protos in the main repository (#​5967)
  • core: Attach debug information about stream to DEADLINE_EXCEEDED (#​5892)

Documentation

  • Provide an example of hedging in examples
  • compiler: Add note about where to download precompiled version of plugin (#​6022)

Acknowledgements

@​aaliddell Adam Liddell
@​DarrienG Darrien Glasser
@​jadekler Jean de Klerk
@​lberki Lukacs T. Berki
@​liym stbridge
@​mkobit Mike Kobit
@​tiggerlee2 Shuangtai Li
@​zhaonian Zhaonian Luan

v1.22.2

Compare Source

This release resolves the DoS vulnerability CVE-2019-9515 (SETTINGS flood). Users using the grpc-netty server with untrusted clients should upgrade.

Bug fixes

v1.22.1

Compare Source

Bug Fixes

  • Fix IllegalStateException when transport is terminated (#​5955). This is due to a race that seems to mainly impact OkHttp clients. While we believe all transports are affected, it may trigger very rarely. If you see an exception with the message “activeTransport still points to this transport. Seems transportShutdown() was not called.” then you are impacted by the bug.
  • bazel target //compiler:grpc_java_plugin is publicly visible again (#​5953). The target wasn't publicly visible since v1.21.0. This target was used by rules_proto.

v1.22.0

Compare Source

Dependencies

  • upgrade netty version to 4.1.35 and netty-tcnative version to 2.0.25 (#​5818)

Bug Fixes

  • core: fixed #​5692: NameResolver refresh not triggered if empty addresses returned
  • services: fix HealthCheckingLoadBalancer.shutdown() (#​5887)
  • bazel: fixed a regression in v1.21 where java_grpc_library ignored custom java toolchains (#​5844)
  • ALTS connection setup and teardown is more stable, less noisy.
  • netty: some of the less interesting transport level exceptions are now fine level (#​5873)
  • testing: resource leak is fixed for TestUtils#newSslSocketFactoryForCa

API Changes

  • protobuf-nano was deleted. The Protobuf project dropped support for nano in favor of javalite, which was causing trouble for gRPC’s development. Users of nano can continue using older grpc-protobuf-nano releases, as it only uses stable API. See gRFC L51.
  • LoadBalancer API sees a few changes that will help hierarchical implementations:
    • api: LoadBalancer.Helper and Subchannel is now further non-thread-safe. (#​5718)
    • api: move SubchannelPicker.requestConnection() to LoadBalancer. (#​5751)
    • api: pass Subchannel state updates to SubchannelStateListener rather than LoadBalancer (#​5722). Different from the old LoadBalancer#handleSubchannelState(), the new SubchannelStateListener continues to receive updates after LoadBalancer is shutdown. (#​5883)
    • api: Subchannel.requestConnection() will print a warning if called outside of sync-context (#​5757). We plan to make it throw eventually.
    • api: deprecate Helper.updateSubchannelAddresses() and add equivalent on Subchannel (#​5802)
  • netty,okhttp: The experimental and long-deprecated enableKeepAlive API was removed from the transport channel builders (#​5795). Setting the keep alive settings individually is still available and is stable API. The removed API was actively causing user issues because its defaults were too aggressive for the server’s defaults.
  • api: new method for removing values from Attributes.
  • core: some of the open census tags (method, status tags) are no longer propagated. This may break users who depends on the behavior that these tags propagate through process boundaries. (#​5689)

New Features

  • api: add getters for NameResolver.Args and NameResolverRegistry in LoadBalancer.Helper (#​5685) (We are considering deleting getNameResolverRegistry() in the near future. Please reach out to us if you want to keep it).
  • netty: can log the stages of connecting (client side only), such as TLS.
  • Added perfmark annotations to RPCs for local tracing.

Documentation

  • examples: use test certs for running example-tls (#​5763)
  • SECURITY.md: Add Fedora 30 package installation instructions (#​5734)
  • api,stub: Clarify isReady()/onReady() interaction semantics (#​5799)
  • examples: TLS examples are easier to run(#​5715)

Acknowledgements

v1.21.1

Compare Source

This release resolves the DoS vulnerability CVE-2019-9515 (SETTINGS flood). Users using the grpc-netty server with untrusted clients should upgrade.

Bug fixes

  • netty: Limit number of frames a client can cause the server to enqueue (#​6056). Addresses CVE-2019-9515 (Settings flood). While grpc-java was not vulnerable to CVE-2019-9512 (Ping flood) nor CVE-2019-9514 (Reset flood), the fix provides protections against these attacks as well
  • bazel: fixed a regression in v1.21 where java_grpc_library ignored custom java toolchains (#​5844)
  • bazel target //compiler:grpc_java_plugin is publicly visible again (#​5953). The target wasn't publicly visible since v1.21.0. This target was used by rules_proto.
  • core: Avoid using partially-closed resources that threw during close in SharedResourceHolder (#​6048). This avoids a permanent hang when using google-cloud-java. See googleapis/google-cloud-java#​5810 and googleapis/google-cloud-java#​5801

Renovate configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever PR becomes conflicted, or if you modify the PR title to begin with "rebase!".

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot. View repository job log here.

@googlebot googlebot added the cla: yes This human has signed the Contributor License Agreement. label Aug 15, 2019
@chingor13 chingor13 added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Aug 16, 2019
@yoshi-kokoro yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Aug 16, 2019
@chingor13 chingor13 merged commit 17c6888 into googleapis:master Aug 16, 2019
@renovate-bot renovate-bot deleted the renovate/grpc-packages branch August 16, 2019 22:26
This was referenced Aug 22, 2019
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chingor13 chingor13 chingor13 approved these changes

Assignees

No one assigned

Labels

cla: yes This human has signed the Contributor License Agreement.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@renovate-bot @chingor13 @googlebot @yoshi-kokoro