gRPC Java 1.22.2 is released and available on Maven Central and JCenter.

https://github.com/grpc/grpc-java/releases/tag/v1.22.2

This release resolves the DoS vulnerability CVE-2019-9515 (SETTINGS flood).
Users using the grpc-netty server with untrusted clients should upgrade.
Bug fixes

   - netty: Limit number of frames a client can cause the server to enqueue
   (#6056 <https://github.com/grpc/grpc-java/pull/6056>). Addresses
   CVE-2019-9515 (Settings flood). While grpc-java was not vulnerable to
   CVE-2019-9512 (Ping flood) nor CVE-2019-9514 (Reset flood), the fix
   provides protections against these attacks as well
   - core: Avoid using partially-closed resources that threw during close
   in SharedResourceHolder (#6048
   <https://github.com/grpc/grpc-java/pull/6048>). This avoids a permanent
   hang when using google-cloud-java. See googleapis/google-cloud-java#5810
   <https://github.com/googleapis/google-cloud-java/issues/5810> and
   googleapis/google-cloud-java#5801
   <https://github.com/googleapis/google-cloud-java/issues/5801>

-- 
You received this message because you are subscribed to the Google Groups 
"grpc.io" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to grpc-io+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/grpc-io/CA%2B4M1oMem%3DjT7G%3Df1qxav%3DUy9L0bkwj4XzYUkx0zK69MEhaE_A%40mail.gmail.com.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to