-
Notifications
You must be signed in to change notification settings - Fork 3.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Need compatible versions for Netty 4.1.68+ , GRPC server and netty-tcnative-boringssl-static #8617
Comments
thanks for the update.. is there an ETA on this please ? we need to upgrade by november end due to security requirements. Also Grpc version is shown as 1.42.x , whereas the latest published version in maven central for grpc-core is at 1.41.0 . Is this correct info ? |
That PR was created before 1.42.x branch was cut, assuming it would get merged before the cut. Now it should be updated, say 1.43.x if gets merged before next branch cut. |
You are free to upgrade to newer versions of Netty, but understand that we have not tested them exhaustively. But since you seem to be using Netty yourselves, you should be able to notice any fall-out and report issues. If you don't directly use Netty yourself, we'd encourage you to use grpc-netty-shaded, at which point you could upgrade Netty to your liking. |
Another reason we need to officially provide a grpc-compatible upgraded netty dependency: |
@dapengzhang0, it seems like someone manually upgrading Netty "works," but we don't trust it yet because we've not yet investigated the behavior change. Upgrading Netty is possible, but comes with the "you're on your own" mentality that always comes with using a different version of netty. |
gRPC does seem to have an issue with newer versions of Netty. We're impacted by netty/netty-tcnative#680. We expect the bug started being triggered in 4.1.65 which enabled tasks, although we haven't confirmed that to be true. |
@ejona86 FYI you can workaround this by disable tasks via:
Also note there is a PR that will fix this as part of the next netty release: |
Also the change that triggered this was introduced in 4.1.64.Final: |
@sanjaypujare, it'd be fair to use the workaround for the upgrade. |
@normanmaurer what's the ETA for the next netty release? |
@sanjaypujare next week |
Thanks! @ejona86 Considering it's so imminent I will wait to use this new release for grpc-java's netty upgrade. If that fails because of some new issues in the release then I'll use 4.1.70.Final with the workaround. |
Has there been any update here? I see Netty has released their new version. |
@jukelly, the new version fixes all known issues, but we've not yet done extensive testing. I wouldn't expect updates until early January when devs get back from the holidays. |
We need to upgrade Netty version to 4.1.68+. Please let us know the compatible versions for gRPC server and netty-tcnative-boringssl-static. The versions table in https://github.com/grpc/grpc-java/blob/master/SECURITY.md#netty does not include this netty version.
The text was updated successfully, but these errors were encountered: