Skip to content

feat(dependencies): update grpc #6429

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
kuny0707 merged 1 commit into from
Aug 26, 2025
Merged

feat(dependencies): update grpc #6429

kuny0707 merged 1 commit into from
Aug 26, 2025

Conversation

@halibobo1205
Copy link
Contributor

@halibobo1205 halibobo1205 commented Aug 25, 2025

What does this PR do?

  1. bump grpc from 1.60.0 to 1.75.0
  2. bump protobuf from 3.25.5 to 3.25.8
  3. add node.rpc.maxRstStream and node.rpc.secondsPerWindow
  4. bump libp2p to 2.2.7-SNAPSHOT

Why are these changes required?
Avoid Netty affected by MadeYouReset HTTP/2 DDoS vulnerability

This PR has been tested by:

  • Unit Tests
  • Manual Testing

Follow up

Extra details
CVE-2025-55163

@halibobo1205 halibobo1205 changed the title feat(dependencies): update grpc feat(dependencies): update gRPC Aug 25, 2025
@halibobo1205 halibobo1205 changed the title feat(dependencies): update gRPC feat(dependencies): update grpc Aug 25, 2025
@halibobo1205 halibobo1205 force-pushed the feat/update_grpc_java branch 3 times, most recently from 5b043c4 to ebedb82 Compare August 25, 2025 09:34
@halibobo1205
feat(dependencies): update grpc
3846491 
   avoid CVE-2025-55163,MadeYouReset
 1. bump grpc-java from 1.60.0 to 1.75.0
 2. bump protobuf from 3.25.5 to 3.25.8
 3. add node.rpc.maxRstStream and node.rpc.secondsPerWindow
 4. bump libp2p to 2.2.7-SNAPSHOT
@halibobo1205 halibobo1205 force-pushed the feat/update_grpc_java branch from ebedb82 to 3846491 Compare August 26, 2025 04:08
waynercheung
waynercheung approved these changes Aug 26, 2025
View reviewed changes
Copy link
Contributor

@waynercheung waynercheung left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@kuny0707 kuny0707 merged commit 8481e81 into tronprotocol:release_v4.8.1 Aug 26, 2025
7 checks passed
@FriendlyCM FriendlyCM mentioned this pull request Aug 25, 2025
Open
6 tasks
@kuny0707 kuny0707 moved this to Done in java-tron Aug 28, 2025
@kuny0707 kuny0707 assigned kuny0707 and halibobo1205 and unassigned kuny0707 Aug 28, 2025
halibobo1205 added a commit to halibobo1205/java-tron that referenced this pull request Oct 14, 2025
@halibobo1205
feat(dependencies): update grpc (tronprotocol#6429)
9ad8f77 
avoid CVE-2025-55163,MadeYouReset
 1. bump grpc-java from 1.60.0 to 1.75.0
 2. bump protobuf from 3.25.5 to 3.25.8
 3. add node.rpc.maxRstStream and node.rpc.secondsPerWindow
 4. bump libp2p to 2.2.7-SNAPSHOT
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kuny0707 kuny0707 kuny0707 approved these changes

@lvs0075 lvs0075 lvs0075 approved these changes

+2 more reviewers

@317787106 317787106 317787106 approved these changes

@waynercheung waynercheung waynercheung approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@halibobo1205 halibobo1205

Labels

None yet

Projects

java-tron
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@halibobo1205 @kuny0707 @317787106 @waynercheung @lvs0075