gRPC Java 1.22.2 is released and available on Maven Central and JCenter.

This release resolves the DoS vulnerability CVE-2019-9515 (SETTINGS flood).
Users using the grpc-netty server with untrusted clients should upgrade.
Bug fixes

   - netty: Limit number of frames a client can cause the server to enqueue
   (#6056 <>). Addresses
   CVE-2019-9515 (Settings flood). While grpc-java was not vulnerable to
   CVE-2019-9512 (Ping flood) nor CVE-2019-9514 (Reset flood), the fix
   provides protections against these attacks as well
   - core: Avoid using partially-closed resources that threw during close
   in SharedResourceHolder (#6048
   <>). This avoids a permanent
   hang when using google-cloud-java. See googleapis/google-cloud-java#5810
   <> and

You received this message because you are subscribed to the Google Groups 
"" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
To view this discussion on the web visit

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to