bump google.golang.org/grpc v1.23.0 (CVE-2019-9512, CVE-2019-9514, CVE-2019-9515)#39798
Merged
AkihiroSuda merged 2 commits intomoby:masterfrom Sep 3, 2019
Merged
bump google.golang.org/grpc v1.23.0 (CVE-2019-9512, CVE-2019-9514, CVE-2019-9515)#39798AkihiroSuda merged 2 commits intomoby:masterfrom
AkihiroSuda merged 2 commits intomoby:masterfrom
Conversation
Member
Author
|
ping @dmcgowan @justincormack PTAL |
Member
Author
|
marked as "WIP" as we need to be sure we can bump without breaking connections with containerd; see containerd/ttrpc#46 and containerd/containerd#3581 |
Member
Author
|
Marking as "WIP" again, pending containerd/ttrpc#46 (comment) and containerd/containerd#3586 (comment) |
full diff: grpc/grpc-go@v1.20.1...v1.23.0 This update contains security fixes: - transport: block reading frames when too many transport control frames are queued (grpc/grpc-go#2970) - Addresses CVE-2019-9512 (Ping Flood), CVE-2019-9514 (Reset Flood), and CVE-2019-9515 (Settings Flood). Other changes can be found in the release notes: https://github.com/grpc/grpc-go/releases/tag/v1.23.0 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diff: containerd/ttrpc@699c4e4...92c8520 changes: - containerd/ttrpc#37 Handle EOF to prevent file descriptor leak - containerd/ttrpc#38 Improve connection error handling - containerd/ttrpc#40 Support headers - containerd/ttrpc#41 Add client and server unary interceptors - containerd/ttrpc#43 metadata as KeyValue type - containerd/ttrpc#42 Refactor close handling for ttrpc clients - containerd/ttrpc#44 Fix method full name generation - containerd/ttrpc#46 Client.Call(): do not return error if no Status is set (gRPC v1.23 and up) - containerd/ttrpc#49 Handle ok status Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Member
Author
|
Updated ttrpc vendor to include containerd/ttrpc#49. Removing "WIP" |
Member
Author
|
ping @crosbymichael @estesp @justincormack PTAL |
Member
Author
|
ping @crosbymichael @AkihiroSuda @justincormack PTAL |
AkihiroSuda
approved these changes
Sep 3, 2019
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
full diff: grpc/grpc-go@v1.20.1...v1.23.0
This update contains security fixes:
Other changes can be found in the release notes:
https://github.com/grpc/grpc-go/releases/tag/v1.23.0
Also updating containerd/ttrpc to get containerd/ttrpc#46 in;
full diff: containerd/ttrpc@699c4e4...92c8520
changes: