Below is the release schedule for gRPC Java, Go and Core and its dependent languages C++, C#, Objective-C, PHP, Python and Ruby.
Releases are scheduled every six weeks on Tuesdays on a best effort basis. In some unavoidable situations a release may be delayed or released early or a language may skip a release altogether and do the next release to catch up with other languages. See the past releases in the links above. A six-week cycle gives us a good balance between delivering new features/fixes quickly and keeping the release overhead low.
The gRPC release support policy can be found here.
Releases are cut from release branches. For Core and Java repos, the release branch is cut two weeks before the scheduled release date. For Go, the branch is cut just before the release. An RC (release candidate) is published for Core and its dependent languages just after the branch cut. This RC is later promoted to release version if no further changes are made to the release branch. We do our best to keep head of master branch stable at all times regardless of release schedule. Daily build packages from master branch for C#, PHP, Python, Ruby and Protoc plugins are published on packages.grpc.io. If you depend on gRPC in production we recommend to set up your CI system to test the RCs and, if possible, the daily builds.
Fix issue where specially crafted inputs to encode() could
take exceptionally long amount of time to process. [CVE-2024-3651]
Thanks to Guido Vranken for reporting the issue.
3.6 (2023-11-25)
++++++++++++++++
Fix regression to include tests in source distribution.
3.5 (2023-11-24)
++++++++++++++++
Update to Unicode 15.1.0
String codec name is now "idna2008" as overriding the system codec
"idna" was not working.
Fix typing error for codec encoding
"setup.cfg" has been added for this release due to some downstream
lack of adherence to PEP 517. Should be removed in a future release
so please prepare accordingly.
Removed reliance on a symlink for the "idna-data" tool to comport
with PEP 517 and the Python Packaging User Guide for sdist archives.
Added security reporting protocol for project
Thanks Jon Ribbens, Diogo Teles Sant'Anna, Wu Tingfeng for contributions
to this release.
3.4 (2022-09-14)
++++++++++++++++
Update to Unicode 15.0.0
Migrate to pyproject.toml for build information (PEP 621)
Correct another instance where generic exception was raised instead of
IDNAError for malformed input
Source distribution uses zeroized file ownership for improved
reproducibility
Thanks to Seth Michael Larson for contributions to this release.
Fix a security issue where eval(pre_dispatch) could potentially run
arbitrary code. Now only basic numerics are supported.
joblib/joblib#1327
Make sure that joblib works even when multiprocessing is not available,
for instance with Pyodide
joblib/joblib#1256
Avoid unnecessary warnings when workers and main process delete
the temporary memmap folder contents concurrently.
joblib/joblib#1263
Fix memory alignment bug for pickles containing numpy arrays.
This is especially important when loading the pickle with
mmap_mode != None as the resulting numpy.memmap object
would not be able to correct the misalignment without performing
a memory copy.
This bug would cause invalid computation and segmentation faults
with native code that would directly access the underlying data
buffer of a numpy array, for instance C/C++/Cython code compiled
with older GCC versions or some old OpenBLAS written in platform
specific assembly.
joblib/joblib#1254
Vendor cloudpickle 2.2.0 which adds support for PyPy 3.8+.
Vendor loky 3.3.0 which fixes several bugs including:
robustly forcibly terminating worker processes in case of a crash
(joblib/joblib#1269);
avoiding leaking worker processes in case of nested loky parallel
calls;
reliability spawn the correct number of reusable workers.
Release 1.1.1
Fix a security issue where eval(pre_dispatch) could potentially run
arbitrary code. Now only basic numerics are supported.
joblib/joblib#1327
To provide a more stable migration for custom HTTPAdapters impacted
by the CVE changes in 2.32.0, we've renamed _get_connection to
a new public API, get_connection_with_tls_context. Existing custom
HTTPAdapters will need to migrate their code to use this new API.
get_connection is considered deprecated in all versions of Requests>=2.32.0.
A minimal (2-line) example has been provided in the linked PR to ease
migration, but we strongly urge users to evaluate if their custom adapter
is subject to the same issue described in CVE-2024-35195. (#6710)
v2.32.1
2.32.1 (2024-05-20)
Bugfixes
Add missing test certs to the sdist distributed on PyPI.
verify=True now reuses a global SSLContext which should improve
request time variance between first and subsequent requests. It should
also minimize certificate load time on Windows systems when using a Python
version built with OpenSSL 3.x. (#6667)
Requests now supports optional use of character detection
(chardet or charset_normalizer) when repackaged or vendored.
This enables pip and other projects to minimize their vendoring
surface area. The Response.text() and apparent_encoding APIs
will default to utf-8 if neither library is present. (#6702)
Bugfixes
Fixed bug in length detection where emoji length was incorrectly
calculated in the request content-length. (#6589)
Fixed deserialization bug in JSONDecodeError. (#6629)
Fixed bug where an extra leading / (path separator) could lead
urllib3 to unnecessarily reparse the request URI. (#6644)
To provide a more stable migration for custom HTTPAdapters impacted
by the CVE changes in 2.32.0, we've renamed _get_connection to
a new public API, get_connection_with_tls_context. Existing custom
HTTPAdapters will need to migrate their code to use this new API.
get_connection is considered deprecated in all versions of Requests>=2.32.0.
A minimal (2-line) example has been provided in the linked PR to ease
migration, but we strongly urge users to evaluate if their custom adapter
is subject to the same issue described in CVE-2024-35195. (#6710)
2.32.1 (2024-05-20)
Bugfixes
Add missing test certs to the sdist distributed on PyPI.
verify=True now reuses a global SSLContext which should improve
request time variance between first and subsequent requests. It should
also minimize certificate load time on Windows systems when using a Python
version built with OpenSSL 3.x. (#6667)
Requests now supports optional use of character detection
(chardet or charset_normalizer) when repackaged or vendored.
This enables pip and other projects to minimize their vendoring
surface area. The Response.text() and apparent_encoding APIs
will default to utf-8 if neither library is present. (#6702)
Bugfixes
Fixed bug in length detection where emoji length was incorrectly
calculated in the request content-length. (#6589)
Fixed deserialization bug in JSONDecodeError. (#6629)
Fixed bug where an extra leading / (path separator) could lead
urllib3 to unnecessarily reparse the request URI. (#6644)
Bumps the pip group with 12 updates in the / directory:
2021.10.8
2024.7.4
0.18.2
0.18.3
1.41.1
1.53.2
3.3
3.7
1.1.0
1.2.0
3.1.1
3.2.2
8.4.0
10.3.0
2.26.0
2.32.2
1.0.1
1.5.0
2.7.0rc1
2.11.1
1.26.7
1.26.19
2.0.2
3.0.3
Bumps the pip group with 1 update in the /docs directory: tensorflow.
Updates
certifi
from 2021.10.8 to 2024.7.4Commits
bd81538
2024.07.04 (#295)06a2cbf
Bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 (#294)13bba02
Bump actions/checkout from 4.1.6 to 4.1.7 (#293)e8abcd0
Bump pypa/gh-action-pypi-publish from 1.8.14 to 1.9.0 (#292)124f4ad
2024.06.02 (#291)c2196ce
--- (#290)fefdeec
Bump actions/checkout from 4.1.4 to 4.1.5 (#289)3c5fb15
Bump actions/download-artifact from 4.1.6 to 4.1.7 (#286)4a9569a
Bump actions/checkout from 4.1.2 to 4.1.4 (#287)1fc8086
Bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (#288)Updates
future
from 0.18.2 to 0.18.3Release notes
Sourced from future's releases.
... (truncated)
Changelog
Sourced from future's changelog.
... (truncated)
Commits
af1db97
Merge pull request #613 from PythonCharmers/lwan/0.18.3-release079ee9b
Prepare for 0.18.3 release02f7a81
Merge pull request #610 from wshanks/wshanks-patch-1c91d70b
Backport fix for bpo-3880480523f3
Merge pull request #569 from jmadler/master5e5af71
Merge pull request #582 from r3m0t/patch-617e4bbd
Merge pull request #596 from abjonnes/fix-print-trailing-comma1b427ba
Merge branch 'xZise-official-count' into masterc8eb497
Merge branch 'official-count' of https://github.com/xZise/python-future into ...dffc579
Fix bug in fix_print.py fixerUpdates
grpcio
from 1.41.1 to 1.53.2Release notes
Sourced from grpcio's releases.
... (truncated)
Changelog
Sourced from grpcio's changelog.
Commits
afb307f
[v1.53.x][Interop] Backport Python image update (#33864)7a9373b
[Backport] [dependency] Restrict cython to less than 3.X (#33770)fdb64a6
[v1.53][Build] Update Phusion baseimage (#33767) (#33836)cdf4186
[PSM Interop] Legacy tests: fix xDS test client build (v1.53.x backport) (#33...ce5b93a
[PSM Interop] Legacy test builds always pull the driver from master (v1.53.x ...b24b6ea
[release] Bump release version to 1.53.2 (#33709)1e86ca5
[backport][iomgr][EventEngine] Improve server handling of file descriptor exh...aff3066
[PSM interop] Don't fail url_map target if sub-target already failed (v1.53.x...539d75c
[PSM interop] Don't fail target if sub-target already failed (#33222) (v1.53....3e79c88
[Release] Bump version to 1.53.1 (on v1.53.x branch) (#33047)Updates
idna
from 3.3 to 3.7Release notes
Sourced from idna's releases.
Changelog
Sourced from idna's changelog.
Commits
1d365e1
Release v3.7c1b3154
Merge pull request #172 from kjd/optimize-contextj0394ec7
Merge branch 'master' into optimize-contextjcd58a23
Merge pull request #152 from elliotwutingfeng/dev5beb28b
More efficient resolution of joiner contexts1b12148
Update ossf/scorecard-action to v2.3.1d516b87
Update Github actions/checkout to v4c095c75
Merge branch 'master' into dev60a0a4c
Fix typo in GitHub Actions workflow key5918a0e
Merge branch 'master' into devUpdates
joblib
from 1.1.0 to 1.2.0Changelog
Sourced from joblib's changelog.
Commits
5991350
Release 1.2.03fa2188
MAINT cleanup numpy warnings related to np.matrix in tests (#1340)cea26ff
CI test the future loky-3.3.0 branch (#1338)8aca6f4
MAINT: remove pytest.warns(None) warnings in pytest 7 (#1264)067ed4f
XFAIL test_child_raises_parent_exits_cleanly with multiprocessing (#1339)ac4ebd5
MAINT add back pytest warnings plugin (#1337)a23427d
Test child raises parent exits cleanly more reliable on macos (#1335)ac09691
[MAINT] various test updates (#1334)4a314b1
Vendor loky 3.2.0 (#1333)bdf47e9
Make test_parallel_with_interactively_defined_functions_default_backend timeo...Updates
oauthlib
from 3.1.1 to 3.2.2Release notes
Sourced from oauthlib's releases.
... (truncated)
Changelog
Sourced from oauthlib's changelog.
Commits
e6c33e4
Add 3.2.2 version4a4d65f
Merge pull request #832 from oauthlib/3.2.188bb156
Updated date and authors2e40b41
Merge pull request from GHSA-3pgj-pg6c-r5p71a45d97
Prepare 3.2.1 releaseb4bdd09
Merge pull request #818 from dasm/master5d85c61
Fix IPV6 regex used to check redirect_urie514826
Add check of performance of ipv6 check0adbbe1
docs: fix typos6569ec3
docs: Fix a few typosUpdates
pillow
from 8.4.0 to 10.3.0Release notes
Sourced from pillow's releases.
... (truncated)
Changelog
Sourced from pillow's changelog.
... (truncated)
Commits
5c89d88
10.3.0 version bump63cbfcf
Update CHANGES.rst [ci skip]2776126
Merge pull request #7928 from python-pillow/lcmsaeb51cb
Merge branch 'main' into lcms5beb0b6
Update CHANGES.rst [ci skip]cac6ffa
Merge pull request #7927 from python-pillow/imagemathf5eeeac
Name as 'options' in lambda_eval and unsafe_eval, but '_dict' in deprecated evalfacf3af
Added release notes2a93aba
Use strncpy to avoid buffer overflowa670597
Update CHANGES.rst [ci skip]Updates
requests
from 2.26.0 to 2.32.2Release notes
Sourced from requests's releases.
... (truncated)
Changelog
Sourced from requests's changelog.
... (truncated)
Commits
88dce9d
v2.32.2c98e4d1
Merge pull request #6710 from nateprewitt/api_rename92075b3
Add deprecation warningaa1461b
Move _get_connection to get_connection_with_tls_context970e8ce
v2.32.1d6ebc4a
v2.32.09a40d12
Avoid reloading root certificates to improve concurrent performance (#6667)0c030f7
Merge pull request #6702 from nateprewitt/no_char_detection555b870
Allow character detection dependencies to be optional in post-packaging stepsd6dded3
Merge pull request #6700 from franekmagiera/update-redirect-to-invalid-uri-testUpdates
scikit-learn
from 1.0.1 to 1.5.0Release notes
Sourced from scikit-learn's releases.