Commit 949a113
authored
![pulumi-renovate[bot]](https://avatars.githubusercontent.com/u/21992475?v=4&size=40){kind=avatar}
Update module google.golang.org/grpc to v1.79.3 [SECURITY] (#2583)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [google.golang.org/grpc](https://redirect.github.com/grpc/grpc-go) |
indirect | minor | `v1.72.1` -> `v1.79.3` |
| [google.golang.org/grpc](https://redirect.github.com/grpc/grpc-go) |
indirect | minor | `v1.78.0` -> `v1.79.3` |
### GitHub Vulnerability Alerts
####
[CVE-2026-33186](https://redirect.github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3)
### Impact
_What kind of vulnerability is it? Who is impacted?_
It is an **Authorization Bypass** resulting from **Improper Input
Validation** of the HTTP/2 `:path` pseudo-header.
The gRPC-Go server was too lenient in its routing logic, accepting
requests where the `:path` omitted the mandatory leading slash (e.g.,
`Service/Method` instead of `/Service/Method`). While the server
successfully routed these requests to the correct handler, authorization
interceptors (including the official `grpc/authz` package) evaluated the
raw, non-canonical path string. Consequently, "deny" rules defined using
canonical paths (starting with `/`) failed to match the incoming
request, allowing it to bypass the policy if a fallback "allow" rule was
present.
**Who is impacted?**
This affects gRPC-Go servers that meet both of the following criteria:
1. They use path-based authorization interceptors, such as the official
RBAC implementation in `google.golang.org/grpc/authz` or custom
interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`.
2. Their security policy contains specific "deny" rules for canonical
paths but allows other requests by default (a fallback "allow" rule).
The vulnerability is exploitable by an attacker who can send raw HTTP/2
frames with malformed `:path` headers directly to the gRPC server.
### Patches
_Has the problem been patched? What versions should users upgrade to?_
Yes, the issue has been patched. The fix ensures that any request with a
`:path` that does not start with a leading slash is immediately rejected
with a `codes.Unimplemented` error, preventing it from reaching
authorization interceptors or handlers with a non-canonical path string.
Users should upgrade to the following versions (or newer):
* **v1.79.3**
* The latest **master** branch.
It is recommended that all users employing path-based authorization
(especially `grpc/authz`) upgrade as soon as the patch is available in a
tagged release.
### Workarounds
_Is there a way for users to fix or remediate the vulnerability without
upgrading?_
While upgrading is the most secure and recommended path, users can
mitigate the vulnerability using one of the following methods:
#### 1. Use a Validating Interceptor (Recommended Mitigation)
Add an "outermost" interceptor to your server that validates the path
before any other authorization logic runs:
```go
func pathValidationInterceptor(ctx context.Context, req any, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (any, error) {
if info.FullMethod == "" || info.FullMethod[0] != '/' {
return nil, status.Errorf(codes.Unimplemented, "malformed method name")
}
return handler(ctx, req)
}
// Ensure this is the FIRST interceptor in your chain
s := grpc.NewServer(
grpc.ChainUnaryInterceptor(pathValidationInterceptor, authzInterceptor),
)
```
#### 2. Infrastructure-Level Normalization
If your gRPC server is behind a reverse proxy or load balancer (such as
Envoy, NGINX, or an L7 Cloud Load Balancer), ensure it is configured to
enforce strict HTTP/2 compliance for pseudo-headers and reject or
normalize requests where the `:path` header does not start with a
leading slash.
#### 3. Policy Hardening
Switch to a "default deny" posture in your authorization policies
(explicitly listing all allowed paths and denying everything else) to
reduce the risk of bypasses via malformed inputs.
---
### Release Notes
<details>
<summary>grpc/grpc-go (google.golang.org/grpc)</summary>
###
[`v1.79.3`](https://redirect.github.com/grpc/grpc-go/releases/tag/v1.79.3):
Release 1.79.3
[Compare
Source](https://redirect.github.com/grpc/grpc-go/compare/v1.79.2...v1.79.3)
### Security
- server: fix an authorization bypass where malformed :path headers
(missing the leading slash) could bypass path-based restricted "deny"
rules in interceptors like `grpc/authz`. Any request with a
non-canonical path is now immediately rejected with an `Unimplemented`
error.
([#​8981](https://redirect.github.com/grpc/grpc-go/issues/8981))
###
[`v1.79.2`](https://redirect.github.com/grpc/grpc-go/releases/tag/v1.79.2):
Release 1.79.2
[Compare
Source](https://redirect.github.com/grpc/grpc-go/compare/v1.79.1...v1.79.2)
### Bug Fixes
- stats: Prevent redundant error logging in health/ORCA producers by
skipping stats/tracing processing when no stats handler is configured.
([https://github.com/grpc/grpc-go/pull/8874](https://redirect.github.com/grpc/grpc-go/pull/8874))
###
[`v1.79.1`](https://redirect.github.com/grpc/grpc-go/releases/tag/v1.79.1):
Release 1.79.1
[Compare
Source](https://redirect.github.com/grpc/grpc-go/compare/v1.79.0...v1.79.1)
### Bug Fixes
- grpc: Remove the `-dev` suffix from the User-Agent header.
([https://github.com/grpc/grpc-go/pull/8902](https://redirect.github.com/grpc/grpc-go/pull/8902))
###
[`v1.79.0`](https://redirect.github.com/grpc/grpc-go/releases/tag/v1.79.0):
Release 1.79.0
[Compare
Source](https://redirect.github.com/grpc/grpc-go/compare/v1.78.0...v1.79.0)
### API Changes
- mem: Add experimental API `SetDefaultBufferPool` to change the default
buffer pool.
([#​8806](https://redirect.github.com/grpc/grpc-go/issues/8806))
- Special Thanks: [@​vanja-p](https://redirect.github.com/vanja-p)
- experimental/stats: Update `MetricsRecorder` to require embedding the
new `UnimplementedMetricsRecorder` (a no-op struct) in all
implementations for forward compatibility.
([#​8780](https://redirect.github.com/grpc/grpc-go/issues/8780))
### Behavior Changes
- balancer/weightedtarget: Remove handling of `Addresses` and only
handle `Endpoints` in resolver updates.
([#​8841](https://redirect.github.com/grpc/grpc-go/issues/8841))
### New Features
- experimental/stats: Add support for asynchronous gauge metrics through
the new `AsyncMetricReporter` and `RegisterAsyncReporter` APIs.
([#​8780](https://redirect.github.com/grpc/grpc-go/issues/8780))
- pickfirst: Add support for weighted random shuffling of endpoints, as
described in [gRFC
A113](https://redirect.github.com/grpc/proposal/pull/535).
- This is enabled by default, and can be turned off using the
environment variable `GRPC_EXPERIMENTAL_PF_WEIGHTED_SHUFFLING`.
([#​8864](https://redirect.github.com/grpc/grpc-go/issues/8864))
- xds: Implement `:authority` rewriting, as specified in [gRFC
A81](https://redirect.github.com/grpc/proposal/blob/master/A81-xds-authority-rewriting.md).
([#​8779](https://redirect.github.com/grpc/grpc-go/issues/8779))
- balancer/randomsubsetting: Implement the `random_subsetting` LB
policy, as specified in [gRFC
A68](https://redirect.github.com/grpc/proposal/blob/master/A68-random-subsetting.md).
([#​8650](https://redirect.github.com/grpc/grpc-go/issues/8650))
- Special Thanks:
[@​marek-szews](https://redirect.github.com/marek-szews)
### Bug Fixes
- credentials/tls: Fix a bug where the port was not stripped from the
authority override before validation.
([#​8726](https://redirect.github.com/grpc/grpc-go/issues/8726))
- Special Thanks:
[@​Atul1710](https://redirect.github.com/Atul1710)
- xds/priority: Fix a bug causing delayed failover to lower-priority
clusters when a higher-priority cluster is stuck in `CONNECTING` state.
([#​8813](https://redirect.github.com/grpc/grpc-go/issues/8813))
- health: Fix a bug where health checks failed for clients using legacy
compression options (`WithDecompressor` or `RPCDecompressor`).
([#​8765](https://redirect.github.com/grpc/grpc-go/issues/8765))
- Special Thanks: [@​sanki92](https://redirect.github.com/sanki92)
- transport: Fix an issue where the HTTP/2 server could skip header size
checks when terminating a stream early.
([#​8769](https://redirect.github.com/grpc/grpc-go/issues/8769))
- Special Thanks:
[@​joybestourous](https://redirect.github.com/joybestourous)
- server: Propagate status detail headers, if available, when
terminating a stream during request header processing.
([#​8754](https://redirect.github.com/grpc/grpc-go/issues/8754))
- Special Thanks:
[@​joybestourous](https://redirect.github.com/joybestourous)
### Performance Improvements
- credentials/alts: Optimize read buffer alignment to reduce copies.
([#​8791](https://redirect.github.com/grpc/grpc-go/issues/8791))
- mem: Optimize pooling and creation of `buffer` objects.
([#​8784](https://redirect.github.com/grpc/grpc-go/issues/8784))
- transport: Reduce slice re-allocations by reserving slice capacity.
([#​8797](https://redirect.github.com/grpc/grpc-go/issues/8797))
###
[`v1.78.0`](https://redirect.github.com/grpc/grpc-go/releases/tag/v1.78.0):
Release 1.78.0
[Compare
Source](https://redirect.github.com/grpc/grpc-go/compare/v1.77.0...v1.78.0)
### Behavior Changes
- client: Align URL validation with Go 1.26+ to now reject target URLs
with unbracketed colons in the hostname.
([#​8716](https://redirect.github.com/grpc/grpc-go/issues/8716))
- Special Thanks: [@​neild](https://redirect.github.com/neild)
- transport/client : Return status code `Unknown` on malformed
grpc-status.
([#​8735](https://redirect.github.com/grpc/grpc-go/issues/8735))
- - xds/resolver:
- Drop previous route resources and report an error when no matching
virtual host is found.
- Only log LDS/RDS configuration errors following a successful update
and retain the last valid resource to prevent transient failures.
([#​8711](https://redirect.github.com/grpc/grpc-go/issues/8711))
### New Features
- stats/otel: Add backend service label to weighted round robin metrics
as part of A89.
([#​8737](https://redirect.github.com/grpc/grpc-go/issues/8737))
- stats/otel: Add subchannel metrics (without the disconnection reason)
to eventually replace the pickfirst metrics.
([#​8738](https://redirect.github.com/grpc/grpc-go/issues/8738))
- client: Wait for all pending goroutines to complete when closing a
graceful switch balancer.
([#​8746](https://redirect.github.com/grpc/grpc-go/issues/8746))
- Special Thanks: [@​twz123](https://redirect.github.com/twz123)
- client: Add `experimental.AcceptCompressors` so callers can restrict
the `grpc-accept-encoding` header advertised for a call.
([#​8718](https://redirect.github.com/grpc/grpc-go/issues/8718))
- Special Thanks:
[@​iblancasa](https://redirect.github.com/iblancasa)
### Bug Fixes
- xds: Fix a bug in `StringMatcher` where regexes would match
incorrectly when ignore_case is set to true.
([#​8723](https://redirect.github.com/grpc/grpc-go/issues/8723))
- client:
- Change connectivity state to CONNECTING when creating the name
resolver (as part of exiting IDLE).
- Change connectivity state to TRANSIENT_FAILURE if name resolver
creation fails (as part of exiting IDLE).
- Change connectivity state to IDLE after idle timeout expires even when
current state is TRANSIENT_FAILURE.
- Fix a bug that resulted in `OnFinish` call option not being invoked
for RPCs where stream creation failed.
([#​8710](https://redirect.github.com/grpc/grpc-go/issues/8710))
- xdsclient: Fix a race in the xdsClient that could lead to
resource-not-found errors.
([#​8627](https://redirect.github.com/grpc/grpc-go/issues/8627))
### Performance Improvements
- mem: Round up to nearest 4KiB for pool allocations larger than 1MiB.
([#​8705](https://redirect.github.com/grpc/grpc-go/issues/8705))
- Special Thanks: [@​cjc25](https://redirect.github.com/cjc25)
###
[`v1.77.0`](https://redirect.github.com/grpc/grpc-go/releases/tag/v1.77.0):
Release 1.77.0
[Compare
Source](https://redirect.github.com/grpc/grpc-go/compare/v1.76.0...v1.77.0)
### API Changes
- mem: Replace the `Reader` interface with a struct for better
performance and maintainability.
([#​8669](https://redirect.github.com/grpc/grpc-go/issues/8669))
### Behavior Changes
- balancer/pickfirst: Remove support for the old `pick_first` LB policy
via the environment variable
`GRPC_EXPERIMENTAL_ENABLE_NEW_PICK_FIRST=false`. The new `pick_first`
has been the default since `v1.71.0`.
([#​8672](https://redirect.github.com/grpc/grpc-go/issues/8672))
### Bug Fixes
- xdsclient: Fix a race condition in the ADS stream implementation that
could result in `resource-not-found` errors, causing the gRPC client
channel to move to `TransientFailure`.
([#​8605](https://redirect.github.com/grpc/grpc-go/issues/8605))
- client: Ignore HTTP status header for gRPC streams.
([#​8548](https://redirect.github.com/grpc/grpc-go/issues/8548))
- client: Set a read deadline when closing a transport to prevent it
from blocking indefinitely on a broken connection.
([#​8534](https://redirect.github.com/grpc/grpc-go/issues/8534))
- Special Thanks:
[@​jgold2-stripe](https://redirect.github.com/jgold2-stripe)
- client: Fix a bug where default port 443 was not automatically added
to addresses without a specified port when sent to a proxy.
- Setting environment variable
`GRPC_EXPERIMENTAL_ENABLE_DEFAULT_PORT_FOR_PROXY_TARGET=false` disables
this change; please file a bug if any problems are encountered as we
will remove this option soon.
([#​8613](https://redirect.github.com/grpc/grpc-go/issues/8613))
- balancer/pickfirst: Fix a bug where duplicate addresses were not being
ignored as intended.
([#​8611](https://redirect.github.com/grpc/grpc-go/issues/8611))
- server: Fix a bug that caused overcounting of channelz metrics for
successful and failed streams.
([#​8573](https://redirect.github.com/grpc/grpc-go/issues/8573))
- Special Thanks: [@​hugehoo](https://redirect.github.com/hugehoo)
- balancer/pickfirst: When configured, shuffle addresses in resolver
updates that lack endpoints. Since gRPC automatically adds endpoints to
resolver updates, this bug only affects custom LB policies that delegate
to `pick_first` but don't set endpoints.
([#​8610](https://redirect.github.com/grpc/grpc-go/issues/8610))
- mem: Clear large buffers before re-using.
([#​8670](https://redirect.github.com/grpc/grpc-go/issues/8670))
### Performance Improvements
- transport: Reduce heap allocations to reduce time spent in garbage
collection.
([#​8624](https://redirect.github.com/grpc/grpc-go/issues/8624),
[#​8630](https://redirect.github.com/grpc/grpc-go/issues/8630),
[#​8639](https://redirect.github.com/grpc/grpc-go/issues/8639),
[#​8668](https://redirect.github.com/grpc/grpc-go/issues/8668))
- transport: Avoid copies when reading and writing Data frames.
([#​8657](https://redirect.github.com/grpc/grpc-go/issues/8657),
[#​8667](https://redirect.github.com/grpc/grpc-go/issues/8667))
- mem: Avoid clearing newly allocated buffers.
([#​8670](https://redirect.github.com/grpc/grpc-go/issues/8670))
### New Features
- outlierdetection: Add metrics specified in [gRFC
A91](https://redirect.github.com/grpc/proposal/blob/master/A91-outlier-detection-metrics.md).
([#​8644](https://redirect.github.com/grpc/grpc-go/issues/8644))
- Special Thanks:
[@​davinci26](https://redirect.github.com/davinci26),
[@​PardhuKonakanchi](https://redirect.github.com/PardhuKonakanchi)
- stats/opentelemetry: Add support for optional label
`grpc.lb.backend_service` in per-call metrics
([#​8637](https://redirect.github.com/grpc/grpc-go/issues/8637))
- xds: Add support for JWT Call Credentials as specified in [gRFC
A97](https://redirect.github.com/grpc/proposal/blob/master/A97-xds-jwt-call-creds.md).
Set environment variable
`GRPC_EXPERIMENTAL_XDS_BOOTSTRAP_CALL_CREDS=true` to enable this
feature.
([#​8536](https://redirect.github.com/grpc/grpc-go/issues/8536))
- Special Thanks:
[@​dimpavloff](https://redirect.github.com/dimpavloff)
- experimental/stats: Add support for up/down counters.
([#​8581](https://redirect.github.com/grpc/grpc-go/issues/8581))
###
[`v1.76.0`](https://redirect.github.com/grpc/grpc-go/releases/tag/v1.76.0):
Release 1.76.0
[Compare
Source](https://redirect.github.com/grpc/grpc-go/compare/v1.75.1...v1.76.0)
### Dependencies
- Minimum supported Go version is now 1.24
([#​8509](https://redirect.github.com/grpc/grpc-go/issues/8509))
- Special Thanks: [@​kevinGC](https://redirect.github.com/kevinGC)
### Bug Fixes
- client: Return status `INTERNAL` when a server sends zero response
messages for a unary or client-streaming RPC.
([#​8523](https://redirect.github.com/grpc/grpc-go/issues/8523))
- client: Fail RPCs with status `INTERNAL` instead of `UNKNOWN` upon
receiving http headers with status 1xx and `END_STREAM` flag set.
([#​8518](https://redirect.github.com/grpc/grpc-go/issues/8518))
- Special Thanks:
[@​vinothkumarr227](https://redirect.github.com/vinothkumarr227)
- pick_first: Fix race condition that could cause pick_first to get
stuck in `IDLE` state on backend address change.
([#​8615](https://redirect.github.com/grpc/grpc-go/issues/8615))
### New Features
- credentials: Add `credentials/jwt` package providing file-based JWT
PerRPCCredentials (A97).
([#​8431](https://redirect.github.com/grpc/grpc-go/issues/8431))
- Special Thanks:
[@​dimpavloff](https://redirect.github.com/dimpavloff)
### Performance Improvements
- client: Improve HTTP/2 header size estimate to reduce re-allocations.
([#​8547](https://redirect.github.com/grpc/grpc-go/issues/8547))
- encoding/proto: Avoid redundant message size calculation when
marshaling.
([#​8569](https://redirect.github.com/grpc/grpc-go/issues/8569))
- Special Thanks:
[@​rs-unity](https://redirect.github.com/rs-unity)
###
[`v1.75.1`](https://redirect.github.com/grpc/grpc-go/releases/tag/v1.75.1):
Release 1.75.1
[Compare
Source](https://redirect.github.com/grpc/grpc-go/compare/v1.75.0...v1.75.1)
### Bug Fixes
- transport: Fix a data race while copying headers for stats handlers in
the std lib http2 server transport.
([#​8519](https://redirect.github.com/grpc/grpc-go/issues/8519))
- xdsclient:
- Fix a data race caused while reporting load to LRS.
([#​8483](https://redirect.github.com/grpc/grpc-go/pull/8483))
- Fix regression preventing empty node IDs when creating an LRS client.
([#​8483](https://redirect.github.com/grpc/grpc-go/issues/8483))
- server: Fix a regression preventing streams from being cancelled or
timed out when blocked on flow control.
([#​8528](https://redirect.github.com/grpc/grpc-go/issues/8528))
###
[`v1.75.0`](https://redirect.github.com/grpc/grpc-go/releases/tag/v1.75.0):
Release 1.75.0
[Compare
Source](https://redirect.github.com/grpc/grpc-go/compare/v1.74.3...v1.75.0)
### Behavior Changes
- xds: Remove support for GRPC_EXPERIMENTAL_XDS_FALLBACK environment
variable. Fallback support can no longer be disabled.
([#​8482](https://redirect.github.com/grpc/grpc-go/issues/8482))
- stats: Introduce `DelayedPickComplete` event, a type alias of
`PickerUpdated`.
([#​8465](https://redirect.github.com/grpc/grpc-go/issues/8465))
- This (combined) event will now be emitted only once per call, when a
transport is successfully selected for the attempt.
- OpenTelemetry metrics will no longer have multiple "Delayed LB pick
complete" events in Go, matching other gRPC languages.
- A future release will delete the `PickerUpdated` symbol.
- credentials: Properly apply `grpc.WithAuthority` as the
highest-priority option for setting authority, above the setting in the
credentials themselves.
([#​8488](https://redirect.github.com/grpc/grpc-go/issues/8488))
- Now that this `WithAuthority` is available, the credentials should not
be used to override the authority.
- round_robin: Randomize the order in which addresses are connected to
in order to spread out initial RPC load between clients.
([#​8438](https://redirect.github.com/grpc/grpc-go/issues/8438))
- server: Return status code INTERNAL when a client sends more than one
request in unary and server streaming RPC.
([#​8385](https://redirect.github.com/grpc/grpc-go/issues/8385))
- This is a behavior change but also a bug fix to bring gRPC-Go in line
with the gRPC spec.
### New Features
- dns: Add an environment variable (`GRPC_ENABLE_TXT_SERVICE_CONFIG`) to
provide a way to disable TXT lookups in the DNS resolver (by setting it
to `false`). By default, TXT lookups are enabled, as they were
previously.
([#​8377](https://redirect.github.com/grpc/grpc-go/issues/8377))
### Bug Fixes
- xds: Fix regression preventing empty node IDs in xDS bootstrap
configuration.
([#​8476](https://redirect.github.com/grpc/grpc-go/issues/8476))
- Special Thanks:
[@​davinci26](https://redirect.github.com/davinci26)
- xds: Fix possible panic when certain invalid resources are
encountered.
([#​8412](https://redirect.github.com/grpc/grpc-go/issues/8412))
- Special Thanks: [@​wooffie](https://redirect.github.com/wooffie)
- xdsclient: Fix a rare panic caused by processing a response from a
closed server.
([#​8389](https://redirect.github.com/grpc/grpc-go/issues/8389))
- stats: Fix metric unit formatting by enclosing non-standard units like
`call` and `endpoint` in curly braces to comply with UCUM and gRPC
OpenTelemetry guidelines.
([#​8481](https://redirect.github.com/grpc/grpc-go/issues/8481))
- xds: Fix possible panic when clusters are removed from the xds
configuration.
([#​8428](https://redirect.github.com/grpc/grpc-go/issues/8428))
- xdsclient: Fix a race causing "resource doesn not exist" when rapidly
subscribing and unsubscribing to the same resource.
([#​8369](https://redirect.github.com/grpc/grpc-go/issues/8369))
- client: When determining the authority, properly percent-encode (if
needed, which is unlikely) when the target string omits the hostname and
only specifies a port (`grpc.NewClient(":<port-number-or-name>")`).
([#​8488](https://redirect.github.com/grpc/grpc-go/issues/8488))
###
[`v1.74.3`](https://redirect.github.com/grpc/grpc-go/releases/tag/v1.74.3):
Release 1.74.3
[Compare
Source](https://redirect.github.com/grpc/grpc-go/compare/v1.74.2...v1.74.3)
### Bug Fixes
- xds: Fix a regression preventing empty node IDs in the bootstrap
configuration.
([#​8476](https://redirect.github.com/grpc/grpc-go/issues/8476) ,
[#​8483](https://redirect.github.com/grpc/grpc-go/issues/8483))
- xdsclient: Fix a data race caused while reporting load to LRS.
([#​8483](https://redirect.github.com/grpc/grpc-go/issues/8483))
- server: Fix a regression preventing streams from being cancelled or
timed out when blocked on flow control.
([#​8528](https://redirect.github.com/grpc/grpc-go/issues/8528))
###
[`v1.74.2`](https://redirect.github.com/grpc/grpc-go/releases/tag/v1.74.2):
Release 1.74.2
[Compare
Source](https://redirect.github.com/grpc/grpc-go/compare/v1.74.1...v1.74.2)
### New Features
- grpc: introduce new `DialOptions` and `ServerOptions`
(`WithStaticStreamWindowSize`, `WithStaticConnWindowSize`,
`StaticStreamWindowSize`, `StaticConnWindowSize`) that force fixed
window sizes for all HTTP/2 connections. By default, gRPC uses dynamic
sizing of these windows based upon a BDP estimation algorithm. The
existing options (`WithInitialWindowSize`, etc) also disable BDP
estimation, but this behavior will be changed in a following release.
([#​8283](https://redirect.github.com/grpc/grpc-go/issues/8283))
### API Changes
- balancer: add `ExitIdle` method to `Balancer` interface. Earlier,
implementing this method was optional.
([#​8367](https://redirect.github.com/grpc/grpc-go/issues/8367))
### Behavior Changes
- xds: Remove the `GRPC_EXPERIMENTAL_ENABLE_LEAST_REQUEST` environment
variable that allows disabling the least request balancer with xDS.
Least request was made available by default with xDS in v1.72.0.
([#​8248](https://redirect.github.com/grpc/grpc-go/issues/8248))
- Special Thanks:
[@​atollena](https://redirect.github.com/atollena)
- server: allow 0s grpc-timeout header values, which older gRPC-Java
versions could send. This restores the behavior of grpc-go before
v1.73.0.
([#​8439](https://redirect.github.com/grpc/grpc-go/issues/8439))
### Bug Fixes
- googledirectpath: avoid logging the error message `Attempt to set a
bootstrap configuration...` when creating multiple directpath channels.
([#​8419](https://redirect.github.com/grpc/grpc-go/issues/8419))
### Performance Improvements
- transport: reduce heap allocations by pooling objects and avoiding
method-to-closure conversions.
([#​8361](https://redirect.github.com/grpc/grpc-go/issues/8361))
- transport: reduce heap allocations by re-using `mem.Reader` objects.
([#​8360](https://redirect.github.com/grpc/grpc-go/issues/8360))
### Documentation
- examples: add examples to demonstrate enabling experimental metrics
using the OpenTelemetry plugin.
([#​8388](https://redirect.github.com/grpc/grpc-go/issues/8388))
- Special Thanks:
[@​vinothkumarr227](https://redirect.github.com/vinothkumarr227)
###
[`v1.74.1`](https://redirect.github.com/grpc/grpc-go/releases/tag/v1.74.1):
Release 1.74.1
[Compare
Source](https://redirect.github.com/grpc/grpc-go/compare/v1.74.0...v1.74.1)
Version 1.74.1 retracts release v1.74.0 and itself. Release 1.74.0 was
accidentally tagged on the wrong commit and should not be used. Version
1.73.0 should be used until 1.74.2 is released.
###
[`v1.74.0`](https://redirect.github.com/grpc/grpc-go/releases/tag/v1.74.0):
Release 1.74.0
[Compare
Source](https://redirect.github.com/grpc/grpc-go/compare/v1.73.1...v1.74.0)
Release 1.74.0 was accidentally tagged on the wrong commit and should
not be used. Version 1.73.0 should be used until 1.74.1 is released.
###
[`v1.73.1`](https://redirect.github.com/grpc/grpc-go/releases/tag/v1.73.1):
Release 1.73.1
[Compare
Source](https://redirect.github.com/grpc/grpc-go/compare/v1.73.0...v1.73.1)
### Bug Fixes
- server: Fix a regression preventing streams from being cancelled or
timed out when blocked on flow control.
([https://github.com/grpc/grpc-go/pull/8528](https://redirect.github.com/grpc/grpc-go/pull/8528))
###
[`v1.73.0`](https://redirect.github.com/grpc/grpc-go/releases/tag/v1.73.0):
Release 1.73.0
[Compare
Source](https://redirect.github.com/grpc/grpc-go/compare/v1.72.3...v1.73.0)
### New Features
- balancer/ringhash: move LB policy from xds/internal to exported path
to facilitate use without xds
([#​8249](https://redirect.github.com/grpc/grpc-go/issues/8249))
- xds: enable least request LB policy by default. It can be disabled by
setting `GRPC_EXPERIMENTAL_ENABLE_LEAST_REQUEST=false` in your
environment.
([#​8253](https://redirect.github.com/grpc/grpc-go/issues/8253))
- grpc: add a `CallAuthority` Call Option that can be used to overwrite
the http `:authority` header on per-RPC basis.
([#​8068](https://redirect.github.com/grpc/grpc-go/issues/8068))
- stats/opentelemetry: add trace event for name resolution delay.
([#​8074](https://redirect.github.com/grpc/grpc-go/issues/8074))
- health: added `List` method to gRPC Health service.
([#​8155](https://redirect.github.com/grpc/grpc-go/issues/8155))
- Special Thanks:
[@​marcoshuck](https://redirect.github.com/marcoshuck)
- ringhash: implement features from gRFC A76.
([#​8159](https://redirect.github.com/grpc/grpc-go/issues/8159))
- xds: add functionality to support SPIFFE Bundle Maps as roots of trust
in XDS which can be enabled by setting
`GRPC_EXPERIMENTAL_XDS_MTLS_SPIFFE=true`.
([#​8167](https://redirect.github.com/grpc/grpc-go/issues/8167),
[#​8180](https://redirect.github.com/grpc/grpc-go/issues/8180),
[#​8229](https://redirect.github.com/grpc/grpc-go/issues/8229),
[#​8343](https://redirect.github.com/grpc/grpc-go/issues/8343))
### Bug Fixes
- xds: locality ID metric label is changed to make it consistent with
[gRFC
A78](https://redirect.github.com/grpc/proposal/blob/master/A78-grpc-metrics-wrr-pf-xds.md#optional-xds-locality-label).
([#​8256](https://redirect.github.com/grpc/grpc-go/issues/8256))
- client: fail RPCs on the client when using extremely short contexts
that expire before the `grpc-timeout` header is created.
([#​8312](https://redirect.github.com/grpc/grpc-go/issues/8312))
- server: non-positive `grpc-timeout` header values are now rejected.
This is consistent with the [gRPC protocol
spec](https://redirect.github.com/grpc/grpc/blob/master/doc/PROTOCOL-HTTP2.md#requests).
([#​8290](https://redirect.github.com/grpc/grpc-go/issues/8290))
- Special Thanks: [@​evanj](https://redirect.github.com/evanj)
- xds: fix reported error string when LRS load reporting interval is
invalid.
([#​8224](https://redirect.github.com/grpc/grpc-go/issues/8224))
- Special Thanks: [@​alingse](https://redirect.github.com/alingse)
### Performance Improvements
- credentials/alts: improve read performance by optimizing buffer copies
and allocations.
([#​8271](https://redirect.github.com/grpc/grpc-go/issues/8271))
- server: improve performance of RPC handling by avoid a status proto
copy
([#​8282](https://redirect.github.com/grpc/grpc-go/issues/8282))
- Special Thanks: [@​evanj](https://redirect.github.com/evanj)
### Documentation
- examples/features/opentelemetry: modify example to demonstrate tracing
using OpenTelemtry plugin.
([#​8056](https://redirect.github.com/grpc/grpc-go/issues/8056))
###
[`v1.72.3`](https://redirect.github.com/grpc/grpc-go/releases/tag/v1.72.3):
Release 1.72.3
[Compare
Source](https://redirect.github.com/grpc/grpc-go/compare/v1.72.2...v1.72.3)
### Bug Fixes
- server: Fix a regression preventing streams from being cancelled or
timed out when blocked on flow control.
([https://github.com/grpc/grpc-go/pull/8528](https://redirect.github.com/grpc/grpc-go/pull/8528))
###
[`v1.72.2`](https://redirect.github.com/grpc/grpc-go/releases/tag/v1.72.2):
Release 1.72.2
[Compare
Source](https://redirect.github.com/grpc/grpc-go/compare/v1.72.1...v1.72.2)
### Bug Fixes
- client: restore support for `NO_PROXY` environment variable when
connecting to locally-resolved addresses (case 2 from [gRFC
A1](https://redirect.github.com/grpc/proposal/blob/master/A1-http-connect-proxy-support.md)).
([#​8329](https://redirect.github.com/grpc/grpc-go/issues/8329))
- balancer/least_request: fix panic on resolver errors.
([#​8333](https://redirect.github.com/grpc/grpc-go/issues/8333))
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - Monday through
Friday ( * * * * 1-5 ) (UTC).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about these
updates again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yNjQuMCIsInVwZGF0ZWRJblZlciI6IjM5LjI2NC4wIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyIsImltcGFjdC9uby1jaGFuZ2Vsb2ctcmVxdWlyZWQiXX0=-->
Co-authored-by: pulumi-renovate[bot] <189166143+pulumi-renovate[bot]@users.noreply.github.com>1 parent bb473d7 commit 949a113
File tree
20 files changed
+445
-409
lines changed- aws-apigateway-go-routes
- aws-go-ansible-wordpress
- classic-azure-go-aks-multicluster
- classic-azure-go-webserver-component
- gcp-go-functions-raw
- gcp-go-functions
- gcp-go-instance
- gcp-go-webserver
- misc/benchmarks/go-many-resources
- stack-readme-go
20 files changed
+445
-409
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
36 | 36 | | |
37 | 37 | | |
38 | 38 | | |
39 | | - | |
| 39 | + | |
40 | 40 | | |
41 | 41 | | |
42 | 42 | | |
| |||
79 | 79 | | |
80 | 80 | | |
81 | 81 | | |
82 | | - | |
| 82 | + | |
83 | 83 | | |
84 | | - | |
85 | | - | |
86 | | - | |
87 | | - | |
88 | | - | |
89 | | - | |
90 | | - | |
91 | | - | |
92 | | - | |
93 | | - | |
| 84 | + | |
| 85 | + | |
| 86 | + | |
| 87 | + | |
| 88 | + | |
| 89 | + | |
| 90 | + | |
| 91 | + | |
| 92 | + | |
| 93 | + | |
94 | 94 | | |
95 | 95 | | |
96 | 96 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
29 | 29 | | |
30 | 30 | | |
31 | 31 | | |
| 32 | + | |
| 33 | + | |
32 | 34 | | |
33 | 35 | | |
34 | 36 | | |
| |||
66 | 68 | | |
67 | 69 | | |
68 | 70 | | |
69 | | - | |
70 | | - | |
| 71 | + | |
| 72 | + | |
71 | 73 | | |
72 | 74 | | |
73 | 75 | | |
74 | 76 | | |
75 | 77 | | |
76 | | - | |
77 | | - | |
| 78 | + | |
| 79 | + | |
78 | 80 | | |
79 | 81 | | |
80 | 82 | | |
| |||
208 | 210 | | |
209 | 211 | | |
210 | 212 | | |
211 | | - | |
212 | | - | |
213 | | - | |
214 | | - | |
215 | | - | |
216 | | - | |
217 | | - | |
218 | | - | |
219 | | - | |
220 | | - | |
221 | | - | |
222 | | - | |
| 213 | + | |
| 214 | + | |
| 215 | + | |
| 216 | + | |
| 217 | + | |
| 218 | + | |
| 219 | + | |
| 220 | + | |
| 221 | + | |
| 222 | + | |
| 223 | + | |
| 224 | + | |
223 | 225 | | |
224 | 226 | | |
225 | 227 | | |
226 | 228 | | |
227 | 229 | | |
228 | 230 | | |
229 | | - | |
230 | | - | |
| 231 | + | |
| 232 | + | |
231 | 233 | | |
232 | 234 | | |
233 | 235 | | |
234 | 236 | | |
235 | 237 | | |
236 | 238 | | |
237 | | - | |
238 | | - | |
| 239 | + | |
| 240 | + | |
239 | 241 | | |
240 | 242 | | |
241 | 243 | | |
242 | 244 | | |
243 | 245 | | |
244 | 246 | | |
245 | | - | |
246 | | - | |
| 247 | + | |
| 248 | + | |
247 | 249 | | |
248 | 250 | | |
249 | 251 | | |
250 | | - | |
251 | | - | |
| 252 | + | |
| 253 | + | |
252 | 254 | | |
253 | 255 | | |
254 | 256 | | |
| |||
264 | 266 | | |
265 | 267 | | |
266 | 268 | | |
267 | | - | |
268 | | - | |
| 269 | + | |
| 270 | + | |
269 | 271 | | |
270 | | - | |
271 | | - | |
| 272 | + | |
| 273 | + | |
272 | 274 | | |
273 | 275 | | |
274 | 276 | | |
275 | | - | |
276 | | - | |
| 277 | + | |
| 278 | + | |
277 | 279 | | |
278 | 280 | | |
279 | 281 | | |
280 | 282 | | |
281 | 283 | | |
282 | 284 | | |
283 | | - | |
284 | | - | |
| 285 | + | |
| 286 | + | |
285 | 287 | | |
286 | 288 | | |
287 | 289 | | |
288 | 290 | | |
289 | | - | |
290 | | - | |
291 | | - | |
292 | | - | |
293 | | - | |
294 | | - | |
| 291 | + | |
| 292 | + | |
| 293 | + | |
| 294 | + | |
| 295 | + | |
| 296 | + | |
| 297 | + | |
| 298 | + | |
295 | 299 | | |
296 | 300 | | |
297 | 301 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
109 | 109 | | |
110 | 110 | | |
111 | 111 | | |
112 | | - | |
| 112 | + | |
113 | 113 | | |
114 | 114 | | |
115 | 115 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
327 | 327 | | |
328 | 328 | | |
329 | 329 | | |
330 | | - | |
331 | | - | |
| 330 | + | |
| 331 | + | |
332 | 332 | | |
333 | 333 | | |
334 | 334 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
35 | 35 | | |
36 | 36 | | |
37 | 37 | | |
38 | | - | |
| 38 | + | |
39 | 39 | | |
40 | 40 | | |
41 | 41 | | |
| |||
87 | 87 | | |
88 | 88 | | |
89 | 89 | | |
90 | | - | |
91 | | - | |
92 | | - | |
| 90 | + | |
| 91 | + | |
| 92 | + | |
93 | 93 | | |
94 | 94 | | |
95 | 95 | | |
| |||
0 commit comments