Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected.
Release Notes
grpc/grpc (grpcio)
### [`v1.53.2`](https://togithub.com/grpc/grpc/releases/tag/v1.53.2)
[Compare Source](https://togithub.com/grpc/grpc/compare/v1.53.1...v1.53.2)
This is release gRPC Core 1.53.2 (glockenspiel).
For gRPC documentation, see [grpc.io](https://grpc.io/). For previous releases, see [Releases](https://togithub.com/grpc/grpc/releases).
This release contains refinements, improvements, and bug fixes.
## Core
- \[backport]\[iomgr]\[EventEngine] Improve server handling of file descriptor exhaustion by [@drfloob](https://togithub.com/drfloob) in [https://github.com/grpc/grpc/pull/33672](https://togithub.com/grpc/grpc/pull/33672)
### [`v1.53.1`](https://togithub.com/grpc/grpc/releases/tag/v1.53.1)
[Compare Source](https://togithub.com/grpc/grpc/compare/v1.53.0...v1.53.1)
This is release gRPC Core 1.53.1 (glockenspiel).
For gRPC documentation, see [grpc.io](https://grpc.io/). For previous releases, see [Releases](https://togithub.com/grpc/grpc/releases).
This release contains refinements, improvements, and bug fixes.
- Fixed [CVE-2023-32731](https://www.cve.org/cverecord?id=CVE-2023-32731)
- Fixed [CVE-2023-32732](https://www.cve.org/cverecord?id=CVE-2023-32732)
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
==1.53.0->==1.53.2GitHub Vulnerability Alerts
CVE-2023-4785
Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected.
Release Notes
grpc/grpc (grpcio)
### [`v1.53.2`](https://togithub.com/grpc/grpc/releases/tag/v1.53.2) [Compare Source](https://togithub.com/grpc/grpc/compare/v1.53.1...v1.53.2) This is release gRPC Core 1.53.2 (glockenspiel). For gRPC documentation, see [grpc.io](https://grpc.io/). For previous releases, see [Releases](https://togithub.com/grpc/grpc/releases). This release contains refinements, improvements, and bug fixes. ## Core - \[backport]\[iomgr]\[EventEngine] Improve server handling of file descriptor exhaustion by [@drfloob](https://togithub.com/drfloob) in [https://github.com/grpc/grpc/pull/33672](https://togithub.com/grpc/grpc/pull/33672) ### [`v1.53.1`](https://togithub.com/grpc/grpc/releases/tag/v1.53.1) [Compare Source](https://togithub.com/grpc/grpc/compare/v1.53.0...v1.53.1) This is release gRPC Core 1.53.1 (glockenspiel). For gRPC documentation, see [grpc.io](https://grpc.io/). For previous releases, see [Releases](https://togithub.com/grpc/grpc/releases). This release contains refinements, improvements, and bug fixes. - Fixed [CVE-2023-32731](https://www.cve.org/cverecord?id=CVE-2023-32731) - Fixed [CVE-2023-32732](https://www.cve.org/cverecord?id=CVE-2023-32732)Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.