Tags: heduxar/grpc-swift
Tags
Bump version number to 1.4.1-async-await.3 (grpc#1303) Motivation: We plan on tagging a release soon. Modifications: - Bump the version to 1.4.1-async-await.3 Result: The version in the default user-agent string will match the released version.
Bump version number to 1.4.1-async-await.2 (grpc#1291) Motivation: We plan on tagging a release soon. Modifications: - Bump the version to 1.4.1-async-await.2 Result: The version in the default user-agent string will match the released version.
Bump version number to 1.4.2 (grpc#1280) Motivation: We plan on tagging a release soon. Modifications: - Bump the version to 1.4.2 - Add a commit template for version bumps, because the commit is always the same (unless I'm adding a commit template as well). Result: The version in the default user-agent string will match the released version.
Merge pull request from GHSA-2jx2-qcm4-rf9h Motivation: If the server replies early, currently the GRPCWebToHTTPServerCodec takes it upon itself to suppress the rest of the data coming from the client. This design does not match with HTTP/2, where an early return from the server does not suppress this data. As a result, there is no particular reason to have implemented this beyond optimisation. Sadly, this optimisation also opens up a crash vector, because the codec also suppressed the .end message. When combined with the fact that grpc-web re-uses the server state machine, we exposed the server to a crash, because it could see two .heads with no intervening .end. Modifications: Stop suppressing reads, continue to police them and pass them through. Result: Remove a crash vector, stop errors being fatal. Co-authored-by: Cory Benfield <[email protected]>
PreviousNext