Update dependency io.grpc:grpc-protobuf to v1.53.0

[dev-mend-for-github-com]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change
io.grpc:grpc-protobuf	compile	minor	1.4.0 → 1.53.0

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity	CVSS Score	Vulnerability	Reachability
High	7.5	CVE-2023-1428
High	7.4	CVE-2023-32731
Medium	5.3	CVE-2023-32732

---

Release Notes

grpc/grpc-java (io.grpc:grpc-protobuf)

v1.53.0

Compare Source

New Features

• googleapis: Allow user set c2p bootstrap config (#​9856)
• xds: Add contain and stringMatcher in RouteConfiguration (#​9845)
• core: Add grpc-previous-rpc-attempts to the initial response metadata (#​9686)
• servlet: Implement gRPC server as a Servlet (#​8596)
• authz: Implement static authorization server interceptor (#​8934)

Examples

• servlet: Add servlet example (#​8596)

Bug Fixes

• xds: Update xds error handling logic. Specifically:
  • When the ads stream is closed only send errors to subscribers that haven't yet gotten results
  • Timers to detect missing resources don’t start until the adsStream is ready (#​9745)
  • Call subscriber onError callback when xds client fails to connect to server (#​9827)
• core: Delay retriable stream master listener close until all sub streams are closed. This fixes the call executor lifecycle and prevents potential RejectedExecutionException. (#​9754)
• core: Free unused MessageProducer in RetriableStream (#​9853), fixing a Netty buffer memory leak for cancelled RPCs
• api: Fail with NullPointerException when a Metadata.Marshaller returns null bytes (#​9781). This would previously cause a NullPointerException later during the RPC. Now the return value of the Marshaller is checked immediately, to help find the broken Marshaller

Behavior Changes

• xds: Disallow duplicate addresses in the RingHashLB. (#​9776)
• xds: EDS weight sums are allowed up to max unsigned int (was max signed int) (#​9765)
• xds: Drop xds v2 support (#​9760)

Dependencies

• JUnit upgraded to 4.13.2
• bazel: Dropped support for Bazel 4. We track the two most recent major versions of Bazel, Bazel 5 and 6. Bazel 4 may still work, but we are no longer testing it
• bazel: Include Tomcat annotations dependency for @Generated as used by autovalue (#​9762). Necessary for building xds and rls on Java 9+
• bazel: Export deps from Maven Central-specific stand-in targets (#​9780). Some Maven Central artifacts are a combination of multiple Bazel targets, like grpc-core is composed of //core:inprocess, //core:internal, //core:util, //api. There is a “//core:core_maven” target used by maven_install that uses the other targets. Previously the target used runtime_deps to discourage their use by Bazel users, but that could cause compilation failures from lack of hjars. These targets now use exports

Acknowledgement

@​cpovirk
@​niloc132
@​stephenh
@​olderwei
@​pandaapo
@​panxuefeng

v1.52.1

Compare Source

Bug Fixes

• xds: Fix an internal bug in xds resource subscription that might cause xds stream not accepting response update for that resource type entirely. (#​9810)

v1.52.0

Compare Source

gRPC Java 1.52.0 Release Notes

grpc-xds starting with 1.51.0 had a regression where resources might stop receiving updates. The trigger could happen hours or days after the binary had started. xDS users should avoid this release and use 1.50.x until patch releases with the fix are available. #​9809

API Changes

• Fix CallOptions to be properly @Immutable (#​9689)
• binder: Promote out of experimental status (#​9669). Much of the API is now stable

New Features

• xds: Support localities in multiple priorities (#​9683)
• xds: Log xDS node ID with verbosity INFO when environment variable GRPC_LOG_XDS_NODE_ID=true (#​9731)

Examples

• Add examples for name resolver and load balancer (#​9700)
• Swap to ChannelCredentials/ServerCredentials API, as it is preferred

Bug Fixes

• xds:Fix ConcurrentModificationException in PriorityLoadBalancer (#​9728)
• ManagedChannelImpl.SubchannelImpl fix args check to avoid NPE (#​9651)
• okhttp: Add missing server support for TLS ClientAuth (#​9711)
• binder: Ensure the security interceptor is always closest to the actual transport (#​9716)
• bazel: Include @​Generated dep for autovalue. This fixes builds of xds and rls using Java 9+
• xds: Nack xds response when weighted cluster total weight sums zero (#​9738)
• core: Fix a bug about a retriable stream lifecycle. It stops using the call executor resource in a retriable stream when the client call is closed, thus preventing potential channel panics. (#​9626)

Behavior Changes

• binder: Set default idle timeout to 60 seconds, and enable "strict lifecycle management". (#​9486)
• xds: Limit ring hash max size to 4K instead of 8M (#​9709). RingHashOptions.setRingSizeCap() can increase the limit
• binder: Set default idle timeout to 60 seconds, and add BinderChannelBuilder.strictLifecycleManagement() which disables idle timeout and prevents it from being changed (#​9486). Disabling idle timeout can be useful to find bugs in applications that fail to promptly shut down the channel and are particularly sensitive to keeping Binder instances alive.
• bazel: Replace ctx.host_configuration.host_path_separator with ctx.configuration.host_path_separator (#​9742). This changes no behavior today, but improves future compatibility with newer versions of Bazel
• xds: Refactor internal logics about LDS and CDS resource handling. It may cause minor log line changes about corresponding RDS and EDS subscriber event notification, but it should not change xds name resolution and LB behavior. (#​9724)

Dependencies

Acknowledgement

@​RapperCL
@​Smityz
@​pandaapo

v1.51.3

Compare Source

Bug Fixes

• xds: Fix an internal bug in xds resource subscription that might cause xds stream not accepting response update for that resource type entirely. (#​9811)

v1.51.1

Compare Source

grpc-xds starting with 1.51.0 had a regression where resources might stop receiving updates. The trigger could happen hours or days after the binary had started. xDS users should avoid this release and use 1.50.x until patch releases with the fix are available. #​9809

Bug Fixes

• xds: Fix ConcurrentModificationException in PriorityLoadBalancer. (#​9744)

v1.51.0

Compare Source

grpc-xds starting with 1.51.0 had a regression where resources might stop receiving updates. The trigger could happen hours or days after the binary had started. xDS users should avoid this release and use 1.50.x until patch releases with the fix are available. #​9809

Bug Fixes

• grpclb: Fix a debug logging message which incorrectly logged loadbalancer addresses under backend addresses. (#​9602)

New Features

• okhttp: okhttp server now supports maxConnectionAge and maxConnectionAgeGrace configuration for improved connection management. (#​9649)

Behavior Changes

• netty: switch default cumulation strategy from MERGE to ADAPTIVE. When accumulating incoming network data, Adaptive cumulator dynamically switches between MERGE and COMPOSE strategies to minimize the amount of copying while also limiting per-buffer overhead. (#​9558)

Acknowledgements

@​TrevorEdwards

v1.50.3

Compare Source

Bug Fixes

• core: Free unused MessageProducer in RetriableStream (#​9853), fixing a Netty buffer memory leak for cancelled RPCs

v1.50.2

Compare Source

Bug fixes

gcp-observability: Supports period(.) in the service name part of regular expression for a fully-qualified method to accept "package.service"

v1.50.1

Compare Source

gcp-observability: support new configuration defined in grpc-gcp-observability public preview user guide

v1.50.0

Compare Source

New Features

• okhttp: Added connection management features to okhttp server, including maxConnectionIdle(), permitKeepAliveTime(), and permitKeepAliveWithoutCalls() (#​9494, #​9544)
• binder: Add SecurityPolicies for checking device owner/profile owner (#​9428)

API Changes

• api: Add LoadBalancer.acceptResolvedAddresses() (#​9498). The method is like handleResolvedAddresses() but returns a boolean of whether the addresses and configuration were accepted. Not accepting the update triggers the NameResolver to retry after a delay. We are not yet encouraging migration to this method, as there is still a second future API change
• core: add CallOptions to CallCredentials.RequestInfo (#​9538)

Bug Fixes

• auth: Fix AppEngine failing while retrieving access token when instantiating a blocking stub using AppEngineCredentials (#​9504)
• core: Ensure that context cancellationCause is set (#​9501)
• core: Update outlier detection max ejection logic to allow exceeding the limit by one, to match Envoy. (#​9489, #​9492)
• core: outlier detection to honor min host request volume (#​9490)
• okhttp: Add timeout for HTTP CONNECT proxy handshake (#​9586)
• xds: ringhash policy in TRANSIENT_FAILURE should not attempt connecting when already in connecting (#​9535). With workloads where most requests have the same hash, ring hash should behave more like pick-first of slowly trying backends

Dependencies

• netty: upgrade netty from 4.1.77.Final to 4.1.79.Final and tcnative from 2.0.53 to 2.0.54 (#​9451)

Acknowledgements

@​cpovirk
@​prateek-0
@​sai-sunder-s

v1.49.2

Compare Source

Dependencies

• Bump protobuf to 3.21.7

v1.49.1

Compare Source

Bug Fixes

• xds: Fix a bug in ring-hash load balancing policy that, during TRANSIENT_FAILURE state, it might cause unnecessary internal connection requests on subchannels. (#​9537)
• auth: Fix AppEngine failing while retrieving access token when instantiating a blocking stub using AppEngineCredentials (#​9524)

Behavior Changes

• core: Update outlier detection max ejection logics, and min host request volume logics. (#​9550, #​9551, #​9552)

v1.49.0

Compare Source

New Features

• okhttp: Add OkHttpServerBuilder. The server can be used directly, but is not yet available via ServerBuilder.forPort() and Grpc.newServerBuilderForPort(). It passes our tests, but has seen no real-world use. It is also lacking connection management features
• okhttp: Add support for byte-based private keys via TlsChannelCredentials and TlsServerCredentials
• core: New outlier detection load balancer
• googleapis: google-c2p resolver is now stabilized

Bug Fixes

• core: Fix retry causing memory leak for canceled RPCs. (#​9360)
• core: Use SyncContext for InProcess transport callbacks to avoid deadlocks. This fixes the long-standing issue #​3084 which prevented using directExecutor() in some tests using streaming RPCs
• core: Disable retries with in-process transport by default (#​9361). In-process does not compute message sizes so can retain excessive amounts of memory
• bazel: Use valid target name for services and xds when overriding Maven targets (#​9422). This fixes an error of the form no such target '@​io_grpc_grpc_java//services:services' for services and missing ORCA classes for xds. The wrong target names were introduced in 1.47.0
• xds: channel_id hash policy now uses a random per-channel id instead of an incrementing one. The incrementing id was the same for every process of a binary, which was not the intention (#​9453)
• core: Fix a bug that the server stream should not deliver halfClose() when the call is immediately canceled. The bug causes a bad message INTERNAL, desc: Half-closed without a request at server call. (#​9362)
• xds: Remove shaded orca proto dependency in ORCA api. The shading was broken and couldn't really be used. (#​9366)

Behavior Changes

• gcp-observability: Interceptors are now injected in more situations, including for non-Netty transports and when using transport-specific APIs like NettyChannelBuilder. (#​9309 #​9312 #​9424)
• gcp-observability: custom tags now extended to metrics and traces (#​9402 #​9407)
• gcp-observability: excludes RPCs into Google Cloud Ops backend for instrumentation (#​9436)
• xds: xdsNameResolver now matches channel overrideAuthority in virtualHost matching (#​9405)

Acknowledgement

@​benjaminp
@​j-min5u

v1.48.2

Compare Source

Bug Fixes

• xds: Fix a bug in ring-hash load balancing policy that, during TRANSIENT_FAILURE state, it might cause unnecessary internal connection requests on subchannels. (#​9537)
• auth: Fix AppEngine failing while retrieving access token when instantiating a blocking stub using AppEngineCredentials (#​9524)
• xds: channel_id hash policy now uses a random per-channel id instead of an incrementing one. The incrementing id was the same for every process of a binary, which was not the intention (#​9453)
• bazel: Use valid target name for services and xds when overriding Maven targets (#​9422). This fixes an error of the form no such target '@​io_grpc_grpc_java//services:services' for services and missing ORCA classes for xds. The wrong target names were introduced in 1.47.0

Dependencies

• Bump protobuf to 3.21.7

v1.48.1

Compare Source

New Features

ORCA provides APIs to inject custom metrics at a gRPC server, and consume them at a gRPC client. It implements A51: Custom Backend Metrics Support. We changed the ORCA APIs; they had broken shading and couldn't really be used, so we fixed them in the patch release.

Bug Fixes

• core: Fix a bug that the server stream should not deliver halfClose() when the call is immediately canceled. The bug causes a bad message INTERNAL, desc: Half-closed without a request at server call. (#​9362)
• core: Fix retry causing memory leak for cancelled RPCs. (#​9415)
• core: Disable retry by default for in-process transport's channel.(#​9368)

v1.48.0

Compare Source

Bug Fixes

• Removed the Class-Path manifest entry from jars generated with the gradle shadow plugin (#​9270). This should prevent “[WARNING] [path] bad path element” compilation warnings
• Fix Channelz HTTP/2 window reporting. Previously the sender and receiver windows were reversed
• Service config parse failures should be UNAVAILABLE, not INVALID_ARGUMENT (#​9346). This bug could cause RPCs to fail with INVALID_ARGUMENT if the service config was invalid when the channel started. RPCs were not failed if the channel had previously received no config or a valid config. Channels using xds were not exposed to this issue

New Features

• xds: implement ignore_resource_deletion server feature as defined in the gRFC A53: Option for Ignoring xDS Resource Deletion. (#​9339)
• bazel: Support maven_install's strict_visibility=True by including direct dependencies explicitly

Improvements

• Changed the debug strings for many Attributes.Keys to reference the API of the key. This should make it easier to find the API the key is exposed when using attributes.toString()
• api: Document Attributes.Key uses reference equality. This is to make it clear the behavior is on purpose, and mirrors other Key types in the API
• api: Explain security constraints of EquivalentAddressGroup.ATTR_AUTHORITY_OVERRIDE, to avoid misuse by NameResolvers (#​9281)
• testing: GrpcCleanupRule now extends ExternalResource. This makes it usable with JUnit 5
• core: Clear ConfigSelector when the channel enters panic mode (#​9272). This prevents hanging RPCs if panic mode is entered very early in the channel lifetime and makes panic mode more predictable when xds is in use. Panic mode is a Channel feature used when a bug causes an unrecoverable error
• core: Avoid unnecessary flushes for unary responses. It optimizes the response flow (#​9273)
• core: Use the offload executor in CallCredentials rather than the executor from CallOptions (#​9313)
• compiler: support protoc compiling on loongarch_64 and ppc64le platform (#​9178 #​9284)
• binder: Add security Policy for verifying signature using sha-256 hash (#​9305)
• xds: clusterresolver reuses child policy names for the same locality to avoid subchannel connection churns (#​9287)
• xds: Fail RPCs with error details when resources are deleted instead of “NameResolver returned no usable address errors” (#​9337)
• xds: Support least_request LB in LoadBalancingPolicy (#​9262)
• xds: weighted target to delay picker updates while updating children (#​9306)
• xds: delete the permanent error logic in processing LDS updates in XdsServerWrapper (#​9268)
• xds: when delegate server throws on start communicate the error to statusListener (#​9277)

Dependencies

• Bump Guava to 31.1
• Bump protobuf to 3.21.1 (#​9311)
• Bump Error Prone annotations to 2.14.0
• Bump Animal Sniffer annotations to 1.21
• Bump Netty to 4.1.77.Final and netty_tcnative to 2.0.53.Final
• protobuf: Bump com.google.api.grpc:proto-google-common-protos to 2.9.0
• alts: Bump Conscrypt to 2.5.2
• xds: Bump RE2J to 1.6
• xds: Remove unused org.bouncycastle:bcpkix-jdk15on dependency
• xds: Update xDS protos (#​9223)

Acknowledgements

@​mirlord
@​zhangwenlong8911
@​adilansari
@​amirhadadi
@​jader-eero
@​jvolkman
@​sumitd2

v1.47.1

Compare Source

Bug Fixes

• core: Fix retry causing memory leak for canceled RPCs. (#​9416)

Behavior Changes

• xds: Remove permanent error handling in LDS update in XdsServerWrapper. Also notify OnNotServing on StatusListener when the delegated server initial start fails. (#​9276, #​9279)

Dependencies

• Bump protobuf to 3.19.6

v1.47.0

Compare Source

Bug Fixes

• api: Ignore ClassCastExceptions for hard-coded providers on Android (#​9174). This avoids ServiceConfigurationError in certain cases when an “SDK” includes a copy of gRPC that was renamed with Proguard-like tools that do precise class name rewriting (versus something like Maven Shade Plugin which uses coarse pattern matching)
• binder: respect requested message limits when provide received messages to listener (#​9163)
• binder: Avoid an ISE from asAndroidAppUri() (#​9169)
• okhttp: Use the user-provided ScheduledExecutorService for keepalive if provided. Previously the user-provided executor was used for deadlines, but not keepalive. Keepalive always used the default executor (#​9073)
• bom: Reverted “bom: Removed protoc-gen-grpc-java from the BOM” in v1.46.0. There was a way to use it with Gradle (#​9154)
• build: fix grpc-java build against protobuf 3.21 (#​9218)
• grpclb: Adds missing META-INF resources to libgrpclb.jar produced by bazel //grpclb:grpclb target (#​9156)
• xds: Protect xdstp processing with federation env var. If the xds server uses xdstp:// resource names it was possible for federation code paths to be entered even without enabling the experimental federation support. This is now fixed and it is safe for xds servers to use xdstp:// resource names. (#​9190)
• xds: fix bugs in ring-hash load balancer picking subchannel behavior per gRFC. The bug may cause connection not failing over from TRANSIENT_FAILURE status. (#​9085)
• xds: NACK EDS resources with duplicate localities in the same priority (#​9119)

New Features

• api: Add connection management APIs to ServerBuilder (#​9176). This includes methods for keepalive, max connection age, and max connection idle. These APIs have been available on NettyServerBuilder since v1.4.0
• api: allow NameResolver to influence which transport to use (#​9076)
• api: New API in ServerCall to expose SecurityLevel on server-side (#​8943)
• netty: Add NameResolver for unix: scheme, as defined in gRPC Name Resolution (#​9113)
• binder: add allOf security policy, which allows access iff ALL given security policies allow access. (#​9125)
• binder: add anyOf security policy, which allows access if ANY given security policy allows access. (#​9147)
• binder: add hasPermissions security policy, which checks that a caller has all of the given package permissions. (#​9117)
• build: Add Bazel build support for xds, googleapis, rls, and services. grpc-services previously had partial bazel support, but some parts were missing. These artifacts are now configured via IO_GRPC_GRPC_JAVA_OVERRIDE_TARGETS so maven_install will not use the artifacts from Maven Central (#​9172)
• xds: New ability to configure custom load balancer implementations via the xDS Cluster.load_balancing_policy field. This implements gRFC A52: gRPC xDS Custom Load Balancer Configuration. (#​9141)
• xds, orca: add support for custom backend metrics reporting: allow setting metrics at gRPC server and consuming metrics reports from a custom load balancing policy at the client. This implements gRFC A51: Custom Backend Metrics Support.
• xds: include node ID in RPC failure status messages from the XdsClient (#​9099)
• xds: support for the is_optional logic in Cluster Specifier Plugins: if an unsupported Cluster Specifier Plugin is optional, don't NACK, and skip any routes that point to it. (#​9168)

Behavior Changes

• xds: Allow unspecified listener traffic direction, to match other languages and to work with Istio (#​9173)
• xds: change priority load balancer failover time behavior and ring_hash LB aggregation rule to better handle transient_failure channel status (#​9084, #​9093)

Dependencies

• Bump GSON to 2.9.0. Earlier versions of GSON are affected by CVE-2022-25647. gRPC was not impacted by the vulnerability. (#​9215)
• gcp-observability: add grpc-census as a dependency and update opencensus version (#​9140)

Acknowledgements

@​caseyduquettesc
@​cfredri4
@​jvolkman
@​mirlord
@​ovidiutirla

v1.46.1

Compare Source

Behavior Changes

• xds: Remove permanent error handling in LDS update in XdsServerWrapper. Also notify OnNotServing on StatusListener when the delegated server initial start fails. (#​9278, #​9280)
• xds: Protect xdstp processing with federation env var. If the xds server uses xdstp:// resource names it was possible for federation code paths to be entered even without enabling the experimental federation support. This is now fixed and it is safe for xds servers to use xdstp:// resource names. (#​9190)

Dependencies

• Bump protobuf to 3.19.6

v1.46.0

Compare Source

Bug Fixes

• netty: Fixed incompatibility with Netty 4.1.75.Final that caused COMPRESSION_ERROR (#​9004)
• xds: Fix LBs blindly propagating control plane errors (#​9012). This change forces the use of UNAVAILABLE for any xDS communication failures, which otherwise could greatly confuse an application. This is essentially a continuation of the fix in 1.45.0 for XdsNameResolver, but for other similar cases
• xds: Fix ring_hash reconnecting behavior. Previously a TRANSIENT_FAILURE subchannel would remain failed forever
• xds: Fix ring_hash defeating priority’s failover connection timeout. grpc/proposal#296
• binder: Work around an Android Intent bug for consistent AndroidComponentAndress hashCode() and equals() (#​9061)
• binder: Fix deadlock when using process-local Binder (#​8987). Process-local binder has a different threading model than normal FLAG_ONEWAY, so this case is now detected and the FLAG_ONEWAY threading model is emulated
• okhttp: Removed dead code in io.grpc.okhttp.internal.Util. This should have no impact except for static code analysis. This code was never used and was from the process of forking okhttp. It calculated things like MD5 which can trigger security scanners (#​9071)

Behavior Changes

• java_grpc_library.bzl: Pass use_default_shell_env = True for protoc (#​8984). This allows using MinGW on Windows
• xds: Unconditionally apply backoff on ADS and LDS stream recreation. Previously if a message had been received on the stream no backoff wait would be performed. This limits QPS to a buggy server to 1 QPS, instead of a closed loop
• xds: Skip Routes within VirtualHosts whose RouteAction has no cluster_specifier. This probably means the control plane is using a cluster_specifier field unknown/unsupported by gRPC. The control plane can repeat the Route with a different cluster_specifier for compatibility with older clients
• xds: Support xds.config.resource-in-sotw client capability. Resources wrapped in a io.envoyproxy.envoy.service.discovery.v3.Resource message are now supported (#​8997)

New Features

• gcp-observability: A new experimental module for improving visibility into gRPC workloads. Initially supports logging RPCs to Google Cloud Logging
• grpclb: Support setting initial fallback timeout by service config (#​8980)

Dependencies

• PerfMark bumped to 0.25.0 (#​8948)
• okhttp: the okhttp dependency is now compile only (#​8971). Okhttp’s internal HTTP/2 implementation was forked inside grpc-okhttp a long time ago, but there had been a few stray internal classes that had not been forked but should have been. That has now been fixed in preparation for OkHttp 3/4 support. Compile-only may cause a runtime failure for code using reflection on OkHttpChannelBuilder; add a dependency on okhttp 2.7.4 to resolve
• bom: Removed protoc-gen-grpc-java from the BOM, as the classifier was confusing and it provided no value (#​9020)

Acknowledgements

@​jesseschalken
@​kluever
@​beatrausch

v1.45.4

Compare Source

Bug Fixes

• core: Free unused MessageProducer in RetriableStream (#​9853), fixing a memory leak for cancelled RPCs

v1.45.3

Compare Source

Bug Fixes

• core: Fix retry causing memory leak for canceled RPCs. (#​9360)

v1.45.2

Compare Source

Bug Fixes

• xds: fix bugs in ring-hash load balancer picking subchannel behavior per gRFC. The bug may cause connection not failing over from TRANSIENT_FAILURE status. (#​9085)
• xds: Protect xdstp processing with federation env var. If the xds server uses xdstp:// resource names it was possible for federation code paths to be entered even without enabling the experimental federation support. This is now fixed and it is safe for xds servers to use xdstp:// resource names. (#​9190)

Behavior Changes

• xds: change ring_hash LB aggregation rule to better handle transient_failure channel status (#​9084)

Dependencies

• Bump protobuf to 3.19.6
• bom: Exclude grpc-observability. The module does not exist in 1.45.x. Should be a noop (#​9122)

v1.45.1

Compare Source

Bug Fixes

• netty: Fixed incompatibility with Netty 4.1.75.Final that caused COMPRESSION_ERROR (#​9004)
• xds: Fix LBs blindly propagating control plane errors (#​9012). This change forces the use of UNAVAILABLE for any xDS communication failures, which otherwise could greatly confuse an application. This is essentially a continuation of the fix in 1.45.0 for XdsNameResolver, but for other similar cases

v1.45.0

Compare Source

gRPC Java 1.45.0 Release Notes

Bug Fixes

• rls: fix child lb leak when client channel is shutdown (#​8750)
• rls: fix RLS lb policy name (#​8867)
• testing: fix GrpcCleanupRule issue when retrying tests (#​8918)
• xds: Fix XdsNameResolver blindly propagates control plane errors (#​8953). This change forces the use of UNAVAILABLE for any xDS communication failures, which otherwise could greatly confuse an application
• xds: fix validation code to accept new-style CertificateProviderPluginInstance (#​8892)
• xds: fix a concurrency issue in CSDS ClientStatus responses (#​8795)
• xds: Squelch "Failed to resolve name" ADS reconnection error logs. Workaround for #​8886 (#​8942)
• xds: Improve priority failover handling for IDLE subpolicies (#​8926). This mainly improves behavior with ring_hash
• bom: Include grpc-binder
• binder: Fix a ServiceConnection leak (#​8861)
• binder: Increase fairness across streams when limited by flow control. This can dramatically reduce latency when channel is being used for high throughput (#​8835)
• android: fix for app coming to foreground (#​8855)

Behavior Changes

• Local-only transparent retry is (practically) unlimited now. Previously it was at most once per RPC.
• xds: implement least_request load balancing policy (#​8739)

Dependencies

• Bump Error Prone Annotations to 2.10.0
• Bump Guava to 31.0.1-android
• Bump Google Auth Library to 1.4.0
• Bump Auto Value to 1.9
• netty: Include both x86 and Arm64 epoll as dependency for grpc-netty-shaded
• testing: remove opencensus dependency from grpc-testing (#​8833)

v1.44.2

Compare Source

Bug Fixes

• netty: Fixed incompatibility with Netty 4.1.75.Final that caused COMPRESSION_ERROR (#​9004)
• xds: Fix LBs blindly propagating control plane errors (#​9012). This change forces the use of UNAVAILABLE for any xDS communication failures, which otherwise could greatly confuse an application. This is essentially a continuation of the fix in 1.45.0 for XdsNameResolver, but for other similar cases
• xds: Fix XdsNameResolver blindly propagates control plane errors (#​8953). This change forces the use of UNAVAILABLE for any xDS communication failures, which otherwise could greatly confuse an application
• xds: fix bugs in ring-hash load balancer picking subchannel behavior per gRFC. The bug may cause connection not failing over from TRANSIENT_FAILURE status. (#​9085)

Behavior Changes

• xds: change ring_hash LB aggregation rule to better handle transient_failure channel status (#​9084)

Dependencies

• Bump protobuf to 3.19.6

v1.44.1

Compare Source

Bug Fixes

• xds: fix the validation code to accept new-style CertificateProviderPluginInstance wherever used (#​8901 fixes #​8885)
• binder: Fix a ServiceConnection leak (#​8861 closes #​8726)
• android: fix for app coming to foreground (#​8904 closes #​8850)

v1.44.0

Compare Source

gRPC Java 1.44.0 Release Notes

Java 7 is no longer supported. This release uses Java 8 bytecode, except for grpc-context which remains on Java 7 bytecode. Users requiring Java 7 are encouraged to use the v1.41.x branch. See gRFC P5. Android support remains API level 19+. If this is expected to cause undue hardship or community issues, please contact us via a GitHub issue or grpc-io@googlegroups.com.

Java 8 users pay note: per gRFC P5, gRPC may drop Java 8 support as soon as March this year. If this is expected to cause undue hardship or community issues, please contact us via a GitHub issue or grpc-io@googlegroups.com.

API Changes

• Removed deprecated StreamInfo.transportAttrs (#​8768)

Bug Fixes

• core: fix a race condition when calling ManagedChannel#enterIdle() (#​8761)
• xds: rename ring_hash LB Policy to ring_hash_experimental to comply with gRPC A42: xDS Ring Hash LB Policy (#​8776)

Behavior Changes

• Binder: Enclose all operations in BinderTransport even when an exception was thrown. (#​8733)*
• Binder: Fix a bug that might cause memory leaks in binder. (#​8728)

Dependencies

• Upgraded Protobuf to 3.19.2 to avoid CVE-2021-22569. See the protobuf advisory
• Bump GSON to 2.8.9 (#​8759)
• Bump Netty to 4.1.72.Final and tcnative to 2.0.46.Final (#​8780)

Acknowledgement

• groakley@
• apolcyn@
• beatrausch@
• danielnorberg@
• jdcormie@

v1.43.3

Compare Source

Bugfixes

• android: fix for app coming to foreground #​8850
• xds: fix the validation code to accept new-style CertificateProviderPluginInstance wherever used

Dependencies

• Bump protobuf to 3.19.6

v1.43.2

Compare Source

Dependencies

• Upgraded Protobuf to 3.19.2 to avoid CVE-2021-22569. See the protobuf advisory

v1.43.1

Compare Source

Bug Fixes

• core: fix a race condition when calling ManagedChannel#enterIdle() (#​8761)

Dependencies

• Bump GSON to 2.8.9 (#​8764)

v1.43.0

Compare Source

API Changes

• alts: Make GoogleDefaultChannelCredentials take a CallCredentials (#​8548)
• binder: Support BinderChannelBuilder.forTarget (#​8633)
• inprocess: Add support for anonymous in-process servers (#​8589)

Bug Fixes

• census: fixed a bug which in rare cases, a NullPointerException may be thrown by recordFinishedAttempt(). Users not enabling grpc-census are not impacted by this bug (#​8706)
• xds: stop generating UUIDs for filter chains that lack them. The UUID was preventing the XdsServer from noticing when a control plane sent a needless duplicate update, causing XdsServer to drain all its existing connections to use the “new” configuration #​8663
• xds: fix a bug where XdsServer didn’t block start() when configuration is missing, and instead errored. #​8660

New Features

• protoc-gen-grpc-java plugin support for Apple M1 architecture (#​7690)
• okhttp: introduced new TLS1.2 cipher suites and internal okhttp implementation for TLS1.3 prepared (#​8650)
• netty: Add ability to set system property -Dio.grpc.netty.disableConnectionHeaderCheck=false to disable HTTP Connection header check. This is a temporary workaround to allow fixing out-of-spec HTTP/2 clients (#​8683)

Dependencies

• bump guava to 30.1.1-android (#​8748)
• bump protobuf to 3.19.1 (#​8748)

Acknowledgement

@​beatrausch
@​benjaminp Benjamin Peterson
@​cfredri4
@​kdubb Kevin Wooten

v1.42.3

Compare Source

Dependencies

• Bump protobuf to 3.19.6

v1.42.2

Compare Source

Bug Fixes

• census: fixed a bug which in rare cases, a NullPointerException may be thrown by recordFinishedAttempt(). Users not enabling grpc-census are not impacted by this bug (#​8706)
• core: fix a race condition when calling ManagedChannel.enterIdle() (#​8746)

Dependencies

• Upgraded Protobuf to 3.18.2 to avoid CVE-2021-22569. See the protobuf advisory
• Upgraded Guava to 30.1.1-android

v1.42.1

Compare Source

Bug fixes:

• xds: fix a bug that invalid resources from the control plane was internally classified as missing configuration, but instead it should be classified as a transient error. This will change load balancing states on failure handling behavior: for example, missing LDS at xDS server would make it enter “not serving” mode but a transient error does not affect serving status. #​8690
• xds: fix a bug where XdsServer didn’t block start() when configuration is missing, and instead errored. #​8690
• xds: stop generating UUIDs for filter chains that lack them. The UUID was preventing the XdsServer from noticing when a control plane sent a needless duplicate update, causing XdsServer to drain all its existing connections to use the “new” configuration #​8688

New feature:

• netty: Add ability to set system property -Dio.grpc.netty.disableConnectionHeaderCheck=false to disable HTTP Connection header check. This is a temporary workaround to allow fixing out-of-spec HTTP/2 clients #​8683
• compiler: Protoc plugin for macOS x86 is duplicated to be used on the aarch architecture, to ease use on arm64 macs. The plugin is not actually ARM64, just named as such. Future work will need to compile it appropriately #​8680

v1.42.0

Compare Source

In this release we drop support for Android API level 18 or lower (Jelly Bean or earlier), following Google Play Service’s discontinued updates for Jelly Bean (API levels 16, 17 & 18).

API Changes

• xds: Added XdsServerBuilder.overrideBootstrapForTest() to provide bootstrap override for testing purposes. This way, the test does not need to use the shared environment variable for bootstrap injection. (#​8575)
• api: Stabilize the Status.asException(Metadata) method. (#​8520)
• core/auth: Remove CallCredentials2 (#​8572). CallCredentials2 was introduced in 1.16.0 to ease migration of CallCredentials to an abstract class. `CallCredential

✂ Note

PR body was truncated to here.