Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

vendor: google.golang.org/grpc v1.56.3 #4626

Merged
merged 1 commit into from
Oct 26, 2023
Merged

vendor: google.golang.org/grpc v1.56.3 #4626

merged 1 commit into from
Oct 26, 2023

Conversation

thaJeztah
Copy link
Member

server: prohibit more than MaxConcurrentStreams handlers from running at once (CVE-2023-44487).

In addition to this change, applications should ensure they do not leave running tasks behind related to the RPC before returning from method handlers, or should enforce appropriate limits on any such work.

- What I did

- How I did it

- How to verify it

- Description for the changelog

- A picture of a cute animal (not mandatory but encouraged)

@thaJeztah
vendor: google.golang.org/grpc v1.56.3
8073525 
server: prohibit more than MaxConcurrentStreams handlers from running at once
(CVE-2023-44487).

In addition to this change, applications should ensure they do not leave running
tasks behind related to the RPC before returning from method handlers, or should
enforce appropriate limits on any such work.

- grpc/grpc-go@v1.56.2...v1.56.3

Signed-off-by: Sebastiaan van Stijn <[email protected]>
@thaJeztah thaJeztah added this to the 25.0.0 milestone Oct 25, 2023
@thaJeztah thaJeztah mentioned this pull request Oct 25, 2023
Merged
2 tasks
@codecov-commenter
Copy link

codecov-commenter commented Oct 25, 2023
edited
Loading

Codecov Report

Merging #4626 (8073525) into master (b7b5b31) will not change coverage.
Report is 1 commits behind head on master.
The diff coverage is n/a.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master    #4626   +/-   ##
=======================================
  Coverage   59.74%   59.74%           
=======================================
  Files         288      288           
  Lines       24849    24849           
=======================================
  Hits        14846    14846           
  Misses       9117     9117           
  Partials      886      886

@cpuguy83 cpuguy83 merged commit 4f0b466 into docker:master Oct 26, 2023
74 checks passed
@thaJeztah thaJeztah deleted the bump_grpc branch October 26, 2023 07:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cpuguy83 cpuguy83 cpuguy83 approved these changes

@dmcgowan dmcgowan dmcgowan approved these changes

Assignees
No one assigned
Labels
kind/bugfix PR's that fix bugs status/2-code-review
Projects
None yet
Milestone
25.0.0
Development

Successfully merging this pull request may close these issues.
4 participants
@thaJeztah @codecov-commenter @dmcgowan @cpuguy83