v1.25.0

Dependencies

• Bumped netty to 4.1.42
• Bumped error_prone_annotations to 2.3.3
• Bumped perfmark to 0.19.0
• Bumped guava to 28.1
• Bumped gson to 2.8.5
• Bumped protobuf to 3.10.0
• Tests bumped truth to 1.0

Bug Fixes

• Rolled forward the fix for “ClientCall.Listener.onClose never called when the call is interrupted” (#6255)
• netty: fixed the bug that users using proxy may experience hang when starting channel (#6159)
• alts: fixed potential memory leak when alts negotiation is aborted (#6186)
• alts: fixed wrong ComputeEngineChannelBuilder class signature (#6367)
• bom: now specifying pom type for protoc-gen-grpc-java (#6247)
• netty: Check for TE: trailers header after checking Content-Type. This prevents confusing warnings when a non-grpc client contacts a grpc server
• bazel: Fixed typo in repositories.bzl for maven_install override_targets; io.grpc:grpc-core was pointing to a non-existent target name
• okhttp: fixed header scheme that did not match transport type (#6264). OkHttp users using plaintext may experience errors when communicating with dotnet gRPC server is fixed.

API Changes

• api: MethodDescriptor’s safe and idempotent methods are now considered stable and set appropriately by the generated code when the proto contains the RPC option option idempotency_level = NO_SIDE_EFFECTS; or option idempotency_level = IDEMPOTENT;. grpc-java is not using these values directly, but interceptors are free to observe them
• protobuf: StatusProto.fromStatusAndTrailers fall-back to status if trailers are not available (#6278). Previously it returned null
• bazel: Removed deps from grpc_java_repositories() that protobuf_deps() provides
• ManageChannelBuilder.usePlaintext() (with no argument) is now stabilized.

New Features

• okhttp: add full implementation of HPACK header compression (#6026). Patched HTTP header compression implementation for writer from OkHttp3, which was missing in OkHttp2.
• bazel: added support for --incompatible_load_cc_rules_from_bzl and --incompatible_load_proto_rules_from_bzl
• netty: Implicitly use Conscrypt when it is available and is necessary. If tcnative is not available and the JVM is Java 7 or 8, then grpc will use Conscrypt if present. This allows using Conscrypt by just adding Conscrypt to the classpath
• alts: Use Conscrypt when available. This provides Java 7 support and gives a huge performance boost on Java 8. Java 7 update 121 and Java 8 update 111 (released three years ago) are required.
• api: Add EquivalentAddressGroup.ATTR_AUTHORITY_OVERRIDE which allows NameResolvers to specify different names for different backends within one Channel which may be especially useful for certain TLS deployments (#6126). Note that NameResolvers must receive the authority names from a trusted source (e.g., local file, remote server with TLS)
• core: Propagate EquivalentAddressGroup Attributes in RoundRobinLoadBalancer. This allows NameResolvers to set attributes like ATTR_AUTHORITY_OVERRIDE with round robin
• api: Added ManagedChannelBuilder.offloadExecutor() for expensive or blocking operations like DNS resolution. Previously an internal executor was used that couldn’t be overridden. The executor is also passed to NameResolvers via Args.getOffloadExecutor()
• grpclb: Add dns NameResolver to io.grpc.grpclb that has SRV record lookup enabled by default (#6298). This allows using grpclb without the -Dio.grpc.internal.DnsNameResolverProvider.enable_grpclb=true system property. Note that grpclb is still experimental and deprecated. In particular, we plan to change grpclb policy selection which together with this change provides a path forward for grpclb to function without custom support in grpc-core; see gRFC A26

Acknowledgements

• Anar Sultanov (@anarsultanov)
• Elliotte Rusty Harold (@elharo)
• Grant Oakley (@groakley)
• Przemek Piotrowski (@ppiotrow)
• Steve Rao (@steverao)
• edr (@enguerrand)

v1.24.1

This release resolves proxy hang issue during initial protocol negotiation, users using proxy should upgrade.
ADDED: please upgrade to 1.24.2 or 1.25.0, see known issues for more details.

Known Issues

• grpclb change described in new features is not part of this release, users should upgrade to 1.24.2 or 1.25.0.
• Users may see dependency failing error about error_prone_annotations version requirement when building the application (#6217). Adding perkmark 0.19.0 (io.perfmark:perfmark-api:0.19.0) to dependency can workaround this issue.

Dependencies

• Bump perfmark to 0.19.0 correction: didn't made the cut

Bug Fixes

• netty: Users using proxy may experience hang is fixed (#6159).
• bom: specify pom type for protoc-gen-grpc-java (#6247).
• okhttp: fix header scheme does not match transport type (#6264). OkHttp users using plaintext may experienced error when communicate with dotnet gRPC server is fixed.

New Features

• grpclb: Add dns NameResolver to io.grpc.grpclb that has SRV record lookup enabled by default (#6298). This allows using grpclb without the -Dio.grpc.internal.DnsNameResolverProvider.enable_grpclb=true system property. Note that grpclb is still experimental and deprecated. In particular, we plan to change grpclb policy selection which together with this change provides a path forward for grpclb to function without custom support in grpc-core; see gRFC A26 correction: didn't made the cut, please use 1.25.0 or 1.24.2.

v1.23.1

This release resolves proxy hang issue during initial protocol negotiation, users using proxy should upgrade.

Known Issues

• Users may see dependency failing error about error_prone_annotations version requirement when building the application (#6217). Adding perkmark 0.19.0 (io.perfmark:perfmark-api:0.19.0) to dependency can workaround this issue.

Bug Fixes

• netty: Users using proxy may experience hang is fixed (#6159).
• bom: specify pom type for protoc-gen-grpc-java (#6247).
• okhttp: fix header scheme does not match transport type (#6264). OkHttp users using plaintext may experienced error when communicate with dotnet gRPC server is fixed.

v1.22.3

This release resolves proxy hang issue during initial protocol negotiation, users using proxy should upgrade.

Known Issues

• Users may see dependency failing error about error_prone_annotations version requirement when building the application (#6217). Adding perkmark 0.19.0 (io.perfmark:perfmark-api:0.19.0) to dependency can workaround this issue.

Bug Fixes

• netty: Users using proxy may experience hang is fixed (#6172).
• bom: specify pom type for protoc-gen-grpc-java (#6246).
• okhttp: fix header scheme does not match transport type (#6265). OkHttp users using plaintext may experienced error when communicate with dotnet gRPC server is fixed.

v1.24.0

Dependencies

• core: Migrate to new OpenCensus method & status tags (#5996)

Bug Fixes

• core: handle removing partially-closed resources for throwing on close. Fixes #6002. (#6044)
• auth: fix builder invocation for converting Google service account to Jwt access credential (#6106)
• netty: netty client using http proxy may experienced hang is fixed (#6159). This issue was introduced in 1.22.0.
• bazel: Fix java path separator bug on Windows (#6054)
• grpclb: fix pick_first mode shutdown without subchannels. (#6072)

API Changes

• The deprecated API ManagedChannelBuilder.usePlaintext(boolean skipNegotiation) will be removed in the next release. If you are still using it, please plan a migration (#1772)
• android: final stabilization of AndroidChannelBuilder (#6097). AndroidChannelBuilder is stabilized. Deprecated APIs are deleted. fromBuilder(...) is deprecated with replacement of usingBuilder(...).
• core: allow setting custom Deadline.Ticker to InProcessServerBuilder (#6034)

New Features

• bazel: Added //netty:shaded_maven target, similar to netty-shaded. It is only intended as a dependency for pre-compiled JARs
• bazel: Added IO_GRPC_GRPC_JAVA_OVERRIDE_TARGETS for use with maven_install. See repositories.bzl for how to use
• cronet: add grpc-cronet artifact publishing configurations (#6130). grpc-cronet is published as a standalone artifact in maven central.

Documentation

• doc: explicitly mention that Deadline might saturate (#6085)

Acknowledgements

• @aadityasg Aaditya Gavandalkar
• @dharmeshjogadia Dharmesh Jogadia
• @igorbernstein2 Igor Bernstein
• @KangZhiDong 康智冬
• @laurentlb Laurent Le Brun
• @ST-DDT
• @Xjs Jannis Andrija Schnitzer

v1.23.0

This release resolves the DoS vulnerability CVE-2019-9515 (SETTINGS flood). Users using the grpc-netty server with untrusted clients should upgrade.

Dependencies

• Bump netty to 4.1.38
• Bump PerfMark to 0.17.0
• Bump protobuf to 3.9.0

Bug Fixes

• netty: Limit number of frames a client can cause the server to enqueue (#6056). Addresses CVE-2019-9515 (Settings flood). While grpc-java was not vulnerable to CVE-2019-9512 (Ping flood) nor CVE-2019-9514 (Reset flood), the fix provides protections against these attacks as well
• alts: Fix server hang (#5900)
• context: Fix race between CancellableContext and Context (#5981)
• stub: Avoid race in onHalfClose server StreamObserver (#5991)
• core: Avoid using partially-closed resources that threw during close in SharedResourceHolder (#6048). This avoids a permanent hang when using google-cloud-java. See googleapis/google-cloud-java#5810 and googleapis/google-cloud-java#5801

API Changes

• core: Add @Nullable to getter for trailers on StatusRuntimeException (#5951)
• core: ClientStream.getAttributes() can be called at any time (#5904)
• core,netty: Block server shutdown until the socket is unbound (#5905)
• netty: Users providing EventLoopGroup and/or ChannelType for NettyServerBuilder and NettyChannelBuilder requires to provide all of them or none. Otherwise, it will throw an IllegalStateException (#6014)
• stub,core: avoid calling onReady if the call is UNARY or SERVER_STREAMING for performance optimization. Users relying on onReady need to migrate. (Note: ADDED on 2/3/20)

New Features

• Make //compiler:grpc_java_plugin publicly visible again (#5947)
• java_grpc_library.bzl: Work with proto_library rules using strip_import_prefix / import_prefix (#5959)
• Make .proto import path computation work with virtual protos in the main repository (#5967)
• core: Attach debug information about stream to DEADLINE_EXCEEDED (#5892)

Documentation

• Provide an example of hedging in examples
• compiler: Add note about where to download precompiled version of plugin (#6022)

Acknowledgements

@aaliddell Adam Liddell
@DarrienG Darrien Glasser
@jadekler Jean de Klerk
@lberki Lukacs T. Berki
@liym stbridge
@mkobit Mike Kobit
@tiggerlee2 Shuangtai Li
@zhaonian Zhaonian Luan

v1.22.2

This release resolves the DoS vulnerability CVE-2019-9515 (SETTINGS flood). Users using the grpc-netty server with untrusted clients should upgrade.

Bug fixes

• netty: Limit number of frames a client can cause the server to enqueue (#6056). Addresses CVE-2019-9515 (Settings flood). While grpc-java was not vulnerable to CVE-2019-9512 (Ping flood) nor CVE-2019-9514 (Reset flood), the fix provides protections against these attacks as well
• core: Avoid using partially-closed resources that threw during close in SharedResourceHolder (#6048). This avoids a permanent hang when using google-cloud-java. See googleapis/google-cloud-java#5810 and googleapis/google-cloud-java#5801

v1.21.1

This release resolves the DoS vulnerability CVE-2019-9515 (SETTINGS flood). Users using the grpc-netty server with untrusted clients should upgrade.

Bug fixes

• netty: Limit number of frames a client can cause the server to enqueue (#6056). Addresses CVE-2019-9515 (Settings flood). While grpc-java was not vulnerable to CVE-2019-9512 (Ping flood) nor CVE-2019-9514 (Reset flood), the fix provides protections against these attacks as well
• bazel: fixed a regression in v1.21 where java_grpc_library ignored custom java toolchains (#5844)
• bazel target //compiler:grpc_java_plugin is publicly visible again (#5953). The target wasn't publicly visible since v1.21.0. This target was used by rules_proto.
• core: Avoid using partially-closed resources that threw during close in SharedResourceHolder (#6048). This avoids a permanent hang when using google-cloud-java. See googleapis/google-cloud-java#5810 and googleapis/google-cloud-java#5801

v1.22.1

Bug Fixes

• Fix IllegalStateException when transport is terminated (#5955). This is due to a race that seems to mainly impact OkHttp clients. While we believe all transports are affected, it may trigger very rarely. If you see an exception with the message “activeTransport still points to this transport. Seems transportShutdown() was not called.” then you are impacted by the bug.
• bazel target //compiler:grpc_java_plugin is publicly visible again (#5953). The target wasn't publicly visible since v1.21.0. This target was used by rules_proto.

v1.22.0

Dependencies

• upgrade netty version to 4.1.35 and netty-tcnative version to 2.0.25 (#5818)

Bug Fixes

• core: fixed #5692: NameResolver refresh not triggered if empty addresses returned
• services: fix HealthCheckingLoadBalancer.shutdown() (#5887)
• bazel: fixed a regression in v1.21 where java_grpc_library ignored custom java toolchains (#5844)
• ALTS connection setup and teardown is more stable, less noisy.
• netty: some of the less interesting transport level exceptions are now fine level (#5873)
• testing: resource leak is fixed for TestUtils#newSslSocketFactoryForCa

API Changes

• protobuf-nano was deleted. The Protobuf project dropped support for nano in favor of javalite, which was causing trouble for gRPC’s development. Users of nano can continue using older grpc-protobuf-nano releases, as it only uses stable API. See gRFC L51.
• LoadBalancer API sees a few changes that will help hierarchical implementations:
  • api: LoadBalancer.Helper and Subchannel is now further non-thread-safe. (#5718)
  • api: move SubchannelPicker.requestConnection() to LoadBalancer. (#5751)
  • api: pass Subchannel state updates to SubchannelStateListener rather than LoadBalancer (#5722). Different from the old LoadBalancer#handleSubchannelState(), the new SubchannelStateListener continues to receive updates after LoadBalancer is shutdown. (#5883)
  • api: Subchannel.requestConnection() will print a warning if called outside of sync-context (#5757). We plan to make it throw eventually.
  • api: deprecate Helper.updateSubchannelAddresses() and add equivalent on Subchannel (#5802)
• netty,okhttp: The experimental and long-deprecated enableKeepAlive API was removed from the transport channel builders (#5795). Setting the keep alive settings individually is still available and is stable API. The removed API was actively causing user issues because its defaults were too aggressive for the server’s defaults.
• api: new method for removing values from Attributes.
• core: some of the open census tags (method, status tags) are no longer propagated. This may break users who depends on the behavior that these tags propagate through process boundaries. (#5689)

New Features

• api: add getters for NameResolver.Args and NameResolverRegistry in LoadBalancer.Helper (#5685) (We are considering deleting getNameResolverRegistry() in the near future. Please reach out to us if you want to keep it).
• netty: can log the stages of connecting (client side only), such as TLS.
• Added perfmark annotations to RPCs for local tracing.

Documentation

• examples: use test certs for running example-tls (#5763)
• SECURITY.md: Add Fedora 30 package installation instructions (#5734)
• api,stub: Clarify isReady()/onReady() interaction semantics (#5799)
• examples: TLS examples are easier to run(#5715)

Acknowledgements

• Manuel Kollus @manuelkollus
• Nick Travers @nicktrav
• Ryan Michela @rmichela
• Ruben de Vries @rubensayshi
• @rsgowman
• Sebastian Schmidt @schmidt-sebastian
• Yang Song @songy23
• Tim van der Lippe @TimvdLippe