gRPC Java 1.22.1 is released and available on Maven Central and JCenter. https://github.com/grpc/grpc-java/releases/tag/v1.21.1
This release resolves the DoS vulnerability CVE-2019-9515 (SETTINGS flood). Users using the grpc-netty server with untrusted clients should upgrade. Bug fixes - netty: Limit number of frames a client can cause the server to enqueue (#6056 <https://github.com/grpc/grpc-java/pull/6056>). Addresses CVE-2019-9515 (Settings flood). While grpc-java was not vulnerable to CVE-2019-9512 (Ping flood) nor CVE-2019-9514 (Reset flood), the fix provides protections against these attacks as well - bazel: fixed a regression in v1.21 where java_grpc_library ignored custom java toolchains (#5844 <https://github.com/grpc/grpc-java/pull/5844>) - bazel target //compiler:grpc_java_plugin is publicly visible again ( #5953 <https://github.com/grpc/grpc-java/pull/5953>). The target wasn't publicly visible since v1.21.0. This target was used by rules_proto. - core: Avoid using partially-closed resources that threw during close in SharedResourceHolder (#6048 <https://github.com/grpc/grpc-java/pull/6048>). This avoids a permanent hang when using google-cloud-java. See googleapis/google-cloud-java#5810 <https://github.com/googleapis/google-cloud-java/issues/5810> and googleapis/google-cloud-java#5801 <https://github.com/googleapis/google-cloud-java/issues/5801> -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/CA%2B4M1oMSH0mArULAobX-oCq-0ZL7VCCTYv696im7pCq7XWKE0g%40mail.gmail.com.
smime.p7s
Description: S/MIME Cryptographic Signature
