-
Notifications
You must be signed in to change notification settings - Fork 162
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
deps: bump google.golang.org/grpc, set MaxConcurrentStreams (#4424)
Bump google.golang.org/grpc from 1.57.0 to 1.57.2 due to a security patch. Skipping 1.57.1, because that contained a bug. From vulnerability alert "gRPC-Go HTTP/2 Rapid Reset vulnerability": > Impact > > In affected releases of gRPC-Go, it is possible for an attacker to send > HTTP/2 requests, cancel them, and send subsequent requests, which is > valid by the HTTP/2 protocol, but would cause the gRPC-Go server to > launch more concurrent method handlers than the configured maximum > stream limit. Patches > > This vulnerability was addressed by #6703 and has been included in patch > releases: 1.56.3, 1.57.1, 1.58.3. It is also included in the latest > release, 1.59.0. > > Along with applying the patch, users should also ensure they are using > the grpc.MaxConcurrentStreams server option to apply a limit to the > server's resources used for any single connection.
- Loading branch information
Showing
7 changed files
with
26 additions
and
8 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters