Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Hide AbstractManagedChannelImplBuilder from public API #7211

Closed
ejona86 opened this issue Jul 15, 2020 · 4 comments · Fixed by #7424 or #10406
Closed

Hide AbstractManagedChannelImplBuilder from public API #7211

ejona86 opened this issue Jul 15, 2020 · 4 comments · Fixed by #7424 or #10406
Assignees
Milestone

Comments

@ejona86
Copy link
Member

ejona86 commented Jul 15, 2020

Transport implementations extend io.grpc.internal.AbstractManagedChannelImplBuilder to obtain most of their builder implementations. However, this leaks to the user in the Javadoc and with an api dependency in Gradle. The Javadoc in particular is a confusing mess because it isn't clear what is stable, experimental, and internal. Since we don't generate io.grpc.internal Javadoc and since the extending class "shadows" the base ManagedChannelBuilder, it also means the user is unable to click links to get to documentation for a large number of its methods. We should avoid extending AbstractManagedChannelImplBuilder in public (non-internal) classes.

To do this, we should extend ForwardingChannelBuilder instead (probably extending the Simple* version, which would need to be created). Transport implementations would create a AbstractManagedChannelImplBuilder and forward to it. We don't want to remove (useful) public methods in this process and break users, so we should make sure that there aren't any stray public methods in AbstractManagedChannelImplBuilder that would be dropped in the process.

The only abstract method in AbstractManagedChannelImplBuilder is buildTransportFactory(). We should probably inject that method in the constructor and convert the class to concrete, non-abstract. To simplify migration we can create ManagedChannelImplBuilder as a shim on top of AbstractManagedChannelImplBuilder. The shim could override some protected methods and make them public. It can also provide a setter for the checkAuthority override used by things like NettyChannelBuilder. Once all classes (external and internal) are migrated we can remove AbstractManagedChannelImplBuilder and combine it with the shim. If some classes still extend ManagedChannelImplBuilder that may be okay, but we should try to avoid such inheritance if possible.

The same should be done for AbstractServerImplBuilder.

@sergiitk
Copy link
Member

Re-opening because io.grpc.internal.AbstractManagedChannelImplBuilder and io.grpc.internal.AbstractServerImplBuilder were re-added back to the class hierarchy to fix broken ABI backward compatibility in #7564.

@sergiitk sergiitk reopened this Jan 21, 2021
@sergiitk sergiitk modified the milestones: 1.33, Next Jan 21, 2021
@ejona86
Copy link
Member Author

ejona86 commented Jan 21, 2021

#7552 discusses some options to resolve.

ejona86 added a commit to ejona86/grpc-java that referenced this issue Jan 22, 2021
This provides us a path forward with grpc#7211 (hiding
AbstractManagedChannelImplBuilder and AbstractServerImplBuilder) while
providing users a migration path to manage the ABI breakage (grpc#7552). We
do a .class hack so that recompiling avoids the internal class reference
yet the old methods are still available.

Leaving the classes as-is causes javac to compile two versions of each
method, one returning the public class (e.g. ServerBuilder) and one
returning the internal class (e.g., AbstractServerImplBuilder). However,
we rewrite the signature that is used at compile time so that new
compilations will not reference internal-returning methods.

This is intended to be temporary, just to give a migration path. Once we
have given users some time to recompile we will remove this rewriting
and change the generics to use public classes.
@ejona86
Copy link
Member Author

ejona86 commented Jan 22, 2021

API review meeting notes (concerning ABI issue):

  • Three rough approaches: Keep current API, break users/ABI, redefine methods in top-level class (keeping them forever), hacks (aka class rewriting as shown in Binary backwards-incompatibily in 1.33.0 #7552)
  • GoogleDefaultChannelBuilder → ForwardingChannelBuilder
    • Keep current API (it needs to be stable), but create new ForwardingChannelBuilder2 that has correct generics for new code to use. Discussed other names, but just adding 2 seemed most straight-forward for users
  • NettyChannelBuilder → AbstractManagedChannelImplBuilder
    • Strong consensus that we want to change the API and that we want to help users to avoid pain. Consensus for doing "hacks". Nobody preferred bridge-method-injector over the "manual" rewriting. The manual method has less concern about issues that bridge-method-injector may have and it avoids adding the annotations as a temporary dependency

ejona86 added a commit that referenced this issue Jan 26, 2021
This provides us a path forward with #7211 (hiding
AbstractManagedChannelImplBuilder and AbstractServerImplBuilder) while
providing users a migration path to manage the ABI breakage (#7552). We
do a .class hack so that recompiling avoids the internal class reference
yet the old methods are still available.

Leaving the classes as-is causes javac to compile two versions of each
method, one returning the public class (e.g. ServerBuilder) and one
returning the internal class (e.g., AbstractServerImplBuilder). However,
we rewrite the signature that is used at compile time so that new
compilations will not reference internal-returning methods.

This is intended to be temporary, just to give a migration path. Once we
have given users some time to recompile we will remove this rewriting
and change the generics to use public classes.
@ejona86
Copy link
Member Author

ejona86 commented Feb 12, 2021

#7834 is providing a bridge to get users off the internal name. After enough releases/time, we can proceed on this again.

fixmebot bot referenced this issue in aomsw13/develop_test Apr 12, 2021
gcf-merge-on-green bot referenced this issue in GoogleCloudPlatform/java-docs-samples Sep 2, 2021
[![WhiteSource Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [io.grpc:grpc-stub](https://togithub.com/grpc/grpc-java) | `1.0.1` -> `1.40.1` | [![age](https://badges.renovateapi.com/packages/maven/io.grpc:grpc-stub/1.40.1/age-slim)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://badges.renovateapi.com/packages/maven/io.grpc:grpc-stub/1.40.1/adoption-slim)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://badges.renovateapi.com/packages/maven/io.grpc:grpc-stub/1.40.1/compatibility-slim/1.0.1)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://badges.renovateapi.com/packages/maven/io.grpc:grpc-stub/1.40.1/confidence-slim/1.0.1)](https://docs.renovatebot.com/merge-confidence/) |
| [io.grpc:grpc-protobuf](https://togithub.com/grpc/grpc-java) | `1.0.1` -> `1.40.1` | [![age](https://badges.renovateapi.com/packages/maven/io.grpc:grpc-protobuf/1.40.1/age-slim)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://badges.renovateapi.com/packages/maven/io.grpc:grpc-protobuf/1.40.1/adoption-slim)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://badges.renovateapi.com/packages/maven/io.grpc:grpc-protobuf/1.40.1/compatibility-slim/1.0.1)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://badges.renovateapi.com/packages/maven/io.grpc:grpc-protobuf/1.40.1/confidence-slim/1.0.1)](https://docs.renovatebot.com/merge-confidence/) |
| [io.grpc:grpc-netty](https://togithub.com/grpc/grpc-java) | `1.0.1` -> `1.40.1` | [![age](https://badges.renovateapi.com/packages/maven/io.grpc:grpc-netty/1.40.1/age-slim)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://badges.renovateapi.com/packages/maven/io.grpc:grpc-netty/1.40.1/adoption-slim)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://badges.renovateapi.com/packages/maven/io.grpc:grpc-netty/1.40.1/compatibility-slim/1.0.1)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://badges.renovateapi.com/packages/maven/io.grpc:grpc-netty/1.40.1/confidence-slim/1.0.1)](https://docs.renovatebot.com/merge-confidence/) |

---

### Release Notes

<details>
<summary>grpc/grpc-java</summary>

### [`v1.40.1`](https://togithub.com/grpc/grpc-java/releases/v1.40.1)

##### Bug Fixes

-   xds: fixed channel panic with NullPointerException if a cluster is configured with RING_HASH LB policy.

### [`v1.40.0`](https://togithub.com/grpc/grpc-java/releases/v1.40.0)

##### API Changes

-   api: Removed deprecated method `ClientStreamTracer.Factory.newClientStreamTracer(CallOptions callOptions, Metadata headers)`.
-   api: Deprecated `ClientStreamTracer.StreamInfo.getTransportAttrs()` and `ClientStreamTracer.StreamInfo.Builder.setTransportAttrs()`.
-   api: Added new method `ClientStreamTracer.streamCreated(Attributes transportAttrs, Metadata headers)`.
-   core: Stabilized `ManagedChannelBuilder.enableRetry()` and `ManagedChannelBuilder.disableRetry()`.

##### Bug Fixes

-   core: Fix a flow control issue if retry is enabled ([#&#8203;8401](https://togithub.com/grpc/grpc-java/issues/8401)).
-   core: Fix a race between client call cancel() and start() if retry is enabled ([#&#8203;8386](https://togithub.com/grpc/grpc-java/issues/8386)).
-   xds: Fix the race condition in SslContextProviderSupplier's updateSslContext and close ([#&#8203;8294](https://togithub.com/grpc/grpc-java/issues/8294)).
-   xds: If “server_listener_resource_name_template” is not set or xds_v3 is not in use, log an error and fail XdsServer `start()` instead of NPE.
-   netty: The Netty server produces plain-text error messages for non-gRPC clients. The error pages’ Content-Type incorrectly had `encoding=utf-8`. It now has `charset=utf-8`.

##### New Features

-   compiler: Added GrpcGenerated annotation with CLASS retention to the top-level generated class. This can be used by annotation processors to detect or ignore the generated code.
-   api: Added ServerCallExecutorSupplier experimental API. This allows for a per-service/method executor to handle the server call based on each RPC call information at runtime. ([#&#8203;8266](https://togithub.com/grpc/grpc-java/issues/8266)).
-   xds: Added xDS retry support ([gRFC-A44](https://togithub.com/grpc/proposal/blob/master/A44-xds-retry.md)).

##### Behavior Changes

-   core: The [gRPC built-in retry](https://togithub.com/grpc/proposal/blob/master/A6-client-retries.md) feature is enabled by default. (Users can call `ManagedChannelBuilder.disableRetry()` to turn off retry if they do not want this feature, for example if they have already implemented an application level retry.) `ManagedChannelBuilder.enableRetry()` will no longer have the side that disables Census stats and tracing as in previous versions.

##### Dependencies

-   xds: Envoy proto updated to commit [`62ca8bd`](https://togithub.com/envoyproxy/envoy/commit/62ca8bd2b5960ed1c6ce2be97d3120cee719ecab) ([#&#8203;8346](https://togithub.com/grpc/grpc-java/issues/8346)).

##### Improvements

-   api: Clarify the ServerCallHandler API contract in Javadoc ([#&#8203;8339](https://togithub.com/grpc/grpc-java/issues/8339)).
-   netty: Allow transparent retries for servers that lack graceful two-stage GOAWAY connection shutdown, such as nginx and gRPC C core. This refined a workaround introduced in 1.34.0 for a Netty header processing GOAWAY bug fixed in 4.1.54.Final, but that we are giving time for the fix to work its way through the ecosystem ([#&#8203;8359](https://togithub.com/grpc/grpc-java/issues/8359)).
-   testing: Make more obvious in Javadoc that GrpcServerRule has been replaced.
-   api: Use \<scheme,provider> map in nameResoverRegistry. This makes scheme matching more clear and explicit in name resolver API.([#&#8203;8323](https://togithub.com/grpc/grpc-java/issues/8323)).

### [`v1.39.0`](https://togithub.com/grpc/grpc-java/releases/v1.39.0)

### API Changes

-   Static methods in Builders that always throw are now annotated [@&#8203;DoNotCall](https://togithub.com/DoNotCall). This annotation can be noticed by ErrorProne and inform you of a mistake at compile time instead of runtime. This applies to static methods like InProcessServerBuilder.forPort(int) which are inherited from base classes like ServerBuilder/ManagedChannelBuilder yet are a bug if used.
-   api, core: Support zero copy into protobuf. New APIs have been added to support the custom implementation of a zero-copy Protobuf deserialization marshaller. The `HasByteBuffer` API exposes ByteBuffers underlying the InputStream being passed to the `Marshaller` and the `Detachable` API allows custom Marshaller to take over the ownership of buffers for performing delayed deserialization.
-   NettyChannelBuilder supports SocketAddress with ChannelCredentials.

### Bug Fixes

-   netty: Remove Maven pom.properties from netty-shaded jar. The properties don’t add much value and mainly confuse tools in a shaded jar.
-   netty-shaded: Modify the shading operation to transform native-image resources so they correctly reference shaded class names ([#&#8203;7540](https://togithub.com/grpc/grpc-java/issues/7540))
-   xds: Shut down the scheduledExecutorService in the CertificateProvider when it is shutdown.
-   xds: Close the SslContexrProviderSupplier when a CDS LoadBalancer is shut down to prevent leakage.
-   xds, grpclb: Use a standalone Context for control plane RPCs. The existing behavior of implicitly using the Context in ThreadLocal can cause control plane RPCs to be cancelled prematurely, in cases the data plane RPC is made within a gRPC service to another service. To avoid being impacted by data plane RPC lifecycle, the fix creates standalone Context for control plane RPCs.
-   xds: cluster_resolver LB policy should wait until all clusters are resolved before propagating endpoints to child LB policy. Previously, the cluster_resolver LB policy propagated partially resolved results (endpoints for a subset of clusters) to its child LB policy, which can cause RPCs to be sent to less favored clusters before endpoints of more favored clusters are discovered.
-   xds: use load assignment endpoint address in Cluster as the DNS hostname for LOGICAL_DNS. The LOGICAL_DNS concept was misunderstood previously. Instead of using the channel authority, the hostname should be given by Cluster resource in CDS responses.
-   grpclb: skip fallback if the LB is already in fallback mode. An invariant check for gRPCLB LB policy’s internal state introduced by [#&#8203;8035](https://togithub.com/grpc/grpc-java/issues/8035) is broken in case the LB policy is in fallback mode while receiving an address update without remote balancer addresses. The fix mitigated the temporal invariant violation.

### New Features

-   compiler:  Add support for ppc64le on RHEL8.

### Dependencies

-   Protobuf upgraded to 3.17.2
-   We now use custom Gradle logic to determine if Maven’s requireUpperBoundDeps would fail for our published artifacts instead of Gradle’s failOnVersionConflict. This means we now make use of fewer dependency exclusions ([#&#8203;8238](https://togithub.com/grpc/grpc-java/issues/8238)). failOnVersionConflict has similar behavior to dependencyConvergence but we previously lacked a more precise tool to detect cases where Maven would downgrade dependencies. We strongly encourage all Maven users to use Maven Enforcer’s requireUpperBoundDeps and continue to discourage using dependencyConvergence

Acknowledgements

[@&#8203;lepistone](https://togithub.com/lepistone) Leonardo Pistone
[@&#8203;shirodkara](https://togithub.com/shirodkara) Amit Shirodkar
[@&#8203;cfredri4](https://togithub.com/cfredri4)

### [`v1.38.1`](https://togithub.com/grpc/grpc-java/releases/v1.38.1)

#### Bug Fixes

-   grpclb: skip fallback if the LB is already in fallback mode. An invariant check for gRPCLB LB policy’s internal state introduced by [#&#8203;8035](https://togithub.com/grpc/grpc-java/issues/8035) is broken in case the LB policy is in fallback mode while receiving an address update without remote balancer addresses. It caused a channel panic (`INTERNAL: Panic! This is a bug!`) due to the exception `IllegalStateException: already in fallback`. The fix mitigated the temporal invariant violation.
-   xds: shut down the scheduledExecutorService in the CertificateProvider when it is shutdown

### [`v1.38.0`](https://togithub.com/grpc/grpc-java/releases/v1.38.0)

##### gRPC Java 1.38.0 Release Notes

##### API Changes

-   services: move classes with protobuf dependency into io.grpc.protobuf.services. Users currently using BinaryLogging, HealthChecking, Channelz should migrate to use the corresponding classes in io.grpc.protobuf.services. ([#&#8203;8056](https://togithub.com/grpc/grpc-java/issues/8056))
-   ChannelCredentials and ServerCredentials and are now stable. Notably, this also includes TlsChannelCredentials and TlsServerCredentials that allow mTLS configuration without a direct dependency on Netty. The description of the new API can be found in [gRFC L74](https://togithub.com/grpc/proposal/blob/master/L74-java-channel-creds.md#proposal). These APIs are intended to “replace” the implicit security defaults of channels/servers as well as the `usePlaintext()` and `useTransportSecurity()` methods on the channel and server builders. The previous APIs are stable so will not be removed. Over time, documentation and examples will be migrated to the new API

##### Bug Fixes

-   xds: Fixed a bug that xDS users may experience null pointer exception in rare cases ([#&#8203;8087](https://togithub.com/grpc/grpc-java/issues/8087))
-   netty: Fixed a bug that client RPCs may fail with a wrong exception with message "Maximum active streams violated for this endpoint" when receiving GOAWAY while MAX_CONCURRENT_STREAMS is reached. After the fix the client RPC should fail with UNAVAILABLE status in such a scenario. ([#&#8203;8020](https://togithub.com/grpc/grpc-java/issues/8020))
-   xds: Fixed a bug that xDS LB policies may process and propagate load balancing state update from its child LB policy after itself being shut down. This can be cascaded and result in hard-to-reason behaviors if any one layer of the LB policies does not clean up its internal state after shutdown.

##### Behavior Changes

-   core, grpclb, xds: let leaf LB policies explicitly refresh name resolution when subchannel connection is broken. Custom LoadBalancer implementations should refresh name resolution (with `Helper.refreshNameResolution()`) when seeing its created subchannel becomes IDLE or TRANSIENT_FAILURE. Currently the Channel will do it for you and log a warning. But this operation will be removed in the future releases. ([#&#8203;8048](https://togithub.com/grpc/grpc-java/issues/8048))
-   netty: Added support for OpenJSSE

##### Dependencies

-   Upgrade Guava to 30.1 ([#&#8203;8100](https://togithub.com/grpc/grpc-java/issues/8100)). As part of [#&#8203;4671](https://togithub.com/grpc/grpc-java/issues/4671) grpc-java will drop support for Java 7, with no impact to Android API levels supported. Guava is going through the same process and in this Guava release it warns when used on Java 7. If you are using Java 7 and are impacted, please comment on [#&#8203;4671](https://togithub.com/grpc/grpc-java/issues/4671). The Java 7 check may be noticed by Android builds and fail without language-level desugaring. We expect most users have already enabled language-level desugaring, but if not it would be necessary to add to your build.gradle:

<!---->

    android {
        compileOptions {
            sourceCompatibility JavaVersion.VERSION_1_8
            targetCompatibility JavaVersion.VERSION_1_8
        }
    }

-   auth: Allow pre- and post-0.25.0 behavior from google-auth-library-java, for Bazel users. google-auth-library-java 0.25.0 changed its behavior for JWT that caused a gRPC test to fail. The failure was benign but prevented Bazel users from using newer versions of the library

### [`v1.37.1`](https://togithub.com/grpc/grpc-java/releases/v1.37.1)

##### Bug Fixes

-   netty: fixed a bug that client RPCs may fail with a wrong exception with message "Maximum active streams violated for this endpoint" when receiving GOAWAY while MAX_CONCURRENT_STREAMS is reached. After the fix the client RPC should fail with UNAVAILABLE status in such a scenario.
-   grpclb, xds: fixed a day-one issue that the control plane RPC are using the same Context as the inbound application RPC, which can cause control plane RPC aborted when the inbound application RPC completes.
-   xds: fixed a bug that xDS LB policies may process and propagate load balancing state update from its child LB policy after itself being shut down. This can be cascaded and result in hard-to-reason behaviors if any one layer of the LB policies does not clean up its internal state after shutdown.

### [`v1.37.0`](https://togithub.com/grpc/grpc-java/releases/v1.37.0)

#### Behavior Changes

-   alts: make both `GoogleDefaultChannelCredentials` and `ComputeEngineChannelCredentials` choose ALTS for backends given by xDS TD. Changes for `ComputeEngineChannelCredentials` were missing, but they really should be the same.
-   api: added a convenient `ServerBuilder.addServices()` API that allows adding a list of services instead of iterating through list and calling `addService()`.
-   api: deleted some `NameResolver` APIs that have been marked as deprecated since 1.21 release.
-   api: implemented admin interface API, which automatically loads available admin services in a given binary. Currently, it only includes [`Channelz`](https://togithub.com/grpc/proposal/blob/master/A14-channelz.md) and [`CSDS`](https://togithub.com/grpc/proposal/blob/master/A40-csds-support.md) with dependencies required at runtime.
-   context: move `pendingDeadline.cancel` out of synchronized block.
-   netty: allow connection handshakes (e.g., TCP, TLS) to be interrupted by `channel.shutdown()`. Previously `shutdownNow()` was required for prompt shutdown if a connection was handshaking.
-   xds: change in parsing ADS responses for LDS, RDS, CDS, and EDS resources. Before this release, gRPC parsing logic for ADS response containing multiple resources was to stop resource processing on the first encountered error, followed by NACK with the details of this single error. With this change, the parsing logic processes all resources and collects all processing errors. If any error occurred, a NACK is issued with concatenated error messages of all errors encountered. The rationale and the detailed design can be found in [gRFC A40 — ADS Parsing Logic Update: Continue After First Error](https://togithub.com/grpc/proposal/blob/master/A40-csds-support.md#ads-parsing-logic-update-continue-after-first-error).
-   xds: change system property name for reading bootstrap config from io.grpc.xds.bootstrapValue to `io.grpc.xds.bootstrapConfig`.
-   xds: circuit breaking, timeout and fault injection are enabled by default. Previously they were protected by environment variables.
-   xds: use the new `server_listener_resource_name_template` property from the bootstrap file for server side xDS processing as per the gRFC [A36-xds-for-servers.md](https://togithub.com/grpc/proposal/blob/master/A36-xds-for-servers.md).

#### New Features

-   api: `TlsChannelCredentials` and `TlsServerCredentials` now support client certificates and custom KeyManagers/TrustManagers. grpc-netty fully supports these options. grpc-okhttp does not support keyfile-based configuration; you’d need to use a KeyManager. Most users of Netty’s SslContext and GrpcSslContexts should be able to migrate and are encouraged to do so, because this API does not have a Netty dependency and so is planned to become stable.
-   netty: added support for OpenJSSE.
-   okhttp: support compiling with okio 2.x API for Bazel users. grpc-okhttp was already compatible with okio 2 at runtime.
-   xds: `XdsServingStatusListener` has been implemented as per the gRFC [A36-xds-for-servers.md](https://togithub.com/grpc/proposal/blob/master/A36-xds-for-servers.md).
-   xds: add proto leakage check at gradle build. Create a new Gradle task depends on shadowJar. It examines the outputs of shadowJar package prefix to make sure it is inside within the package.
-   xds: added `CsdsService`. It is safe for production but are Experimental APIs to resolve issues discovered as they see usage. The rationale and description of the new API can be found in [gRFC A40: xDS Configuration Dump via Client Status Discovery Service in gRPC](https://togithub.com/grpc/proposal/blob/master/A40-csds-support.md).
-   xds: implement gRPC server side validations and filterChain match of xDS configuration as per the gRFC [A36-xds-for-servers.md](https://togithub.com/grpc/proposal/blob/master/A36-xds-for-servers.md).
-   xds: `WeightedTargetLoadBalancer` collect all failure child pickers to log more error details.

#### Bug Fixes

-   grpclb: gRPCLB would buffer RPCs indefinitely if failing to fallback because the resolver provides no fallback addresses. Now it turns into `TRANSIENT_FAILURE` for such cases.
-   xds: fix `CdsLoadBalancer2` childLb shutdown behavior. Previously these childLbs are not properly shutdown, which might cause channel panic as client channel is referenced by those childLbs.
-   Fixed an `UnsupportedOperationException` incompatibility with Netty 4.1.60.Final ([#&#8203;7953](https://togithub.com/grpc/grpc-java/issues/7953)). This allows users of grpc-netty that may be using Netty elsewhere in their application to upgrade their Netty version to avoid exposure to recent Netty CVEs. gRPC itself is not impacted by those CVEs.
-   grpclb: fixed a race between address update and LB stream recreation, which would cause channel panic if the resolver refreshes the result while gRPCLB is in LB stream backoff.
-   grpclb: gRPCLB ignored `CONNECTING` subchannels when aggregating the overall LB state, which would cause RPCs to fail prematurely if there are subchannels in its initial connection.
-   grpclb: now we allow multiple authorities in lb backends instead of flattening to the first authority.
-   interop-testing: fix alts handshaking race: add proper synchronization on the `AltsTestServer` object lock, this way, alts client and alts server won’t race on the `AltsTestServer` during Alts handshake negotiation.
-   xds: fixed a bug that would drop some node information (e.g., user-agent) when reporting to LRS ([#&#8203;7964](https://togithub.com/grpc/grpc-java/issues/7964)).
-   xds: the xDS resolver did not clear its state when control plane resources were revoked before offloading the xDS LB plugin. It would treat the next update as duplicate if the control plane recovers and never comes back to use those resources. Now this is fixed.

#### Documentation

-   example-tls: ported to `TlsChannelCredentials`/`TlsServerCredentials` and no longer depends on Netty at compile time.
-   examples: add ALTS example README.md.

#### Dependencies

-   gradle: bumped protobuf-gradle-plugin version to 0.8.15
-   xds: envoy proto updated to commit [`ac9a26373`](https://togithub.com/envoyproxy/envoy/commit/ac9a2637336decdcc52c24add5e8fc39edebb962). Added xDS v3 csds.proto with dependencies.

#### Acknowledgements

[@&#8203;spkrka](https://togithub.com/spkrka) Kristofer Karlsson
[@&#8203;njhill](https://togithub.com/njhill) Nick Hill
[@&#8203;ulfjack](https://togithub.com/ulfjack) Ulf Adams

### [`v1.36.2`](https://togithub.com/grpc/grpc-java/releases/v1.36.2)

##### Bug Fixes

-   grpclb: fixed a day-one issue that the control plane RPC are using the same Context as the inbound application RPC, which can cause control plane RPC aborted when the inbound application RPC completes.
-   netty: Fixed a bug that client RPCs may fail with a wrong exception with message "Maximum active streams violated for this endpoint" when receiving GOAWAY while MAX_CONCURRENT_STREAMS is reached. After the fix the client RPC should fail with UNAVAILABLE status in such a scenario. ([#&#8203;8020](https://togithub.com/grpc/grpc-java/issues/8020))
-   xds: Fixed a bug that xDS users may experience null pointer exception in rare cases ([#&#8203;8087](https://togithub.com/grpc/grpc-java/issues/8087))
-   xds: the xDS resolver did not clear its state when control plane resources were revoked before offloading the xDS LB plugin. It would treat the next update as duplicate if the control plane recovers and never comes back to use those resources. Now this is fixed.

### [`v1.36.1`](https://togithub.com/grpc/grpc-java/releases/v1.36.1)

-   Fix an `UnsupportedOperationException` incompatibility with Netty 4.1.60.Final ([#&#8203;7953](https://togithub.com/grpc/grpc-java/issues/7953)). This allows users of grpc-netty that may be using Netty elsewhere in their application to upgrade their Netty version to avoid exposure to recent Netty CVEs. gRPC is not impacted by those CVEs so a Netty upgrade for gRPC itself is not necessary
-   xds: Fixed a bug that would drop some node information (e.g., user-agent) when reporting to LRS ([#&#8203;7964](https://togithub.com/grpc/grpc-java/issues/7964))
-   xds: Renamed `io.grpc.xds.bootstrapValue` system property to `io.grpc.xds.bootstrapConfig`. This more closely matches the environment variable (`GRPC_XDS_BOOTSTRAP_CONFIG`) and avoids future confusion ([#&#8203;7968](https://togithub.com/grpc/grpc-java/issues/7968))
-   xds: Fixed a possible `IllegalStateException` causing Channel panic during LB shutdown ([#&#8203;7942](https://togithub.com/grpc/grpc-java/issues/7942)). The bug was introduced in v1.36.0. The issue likely most impacts xDS users that may leave a channel unused (no RPCs) for 30 minutes since idle timeout triggers LB shutdown

### [`v1.36.0`](https://togithub.com/grpc/grpc-java/releases/v1.36.0)

##### API Changes

-   Added .class file hack to ease removal of internal ABIs ([https://github.com/grpc/grpc-java/pull/7834](https://togithub.com/grpc/grpc-java/pull/7834)). This does not impact source code (API); it only impacts code compiled with a different version of gRPC than it runs with (ABI). Users of the transport-specific and experimental channel/server builders (`NettyChannelBuilder`, `NettyServerBuilder`, `OkHttpChannelBuilder`, `InProcessChannelBuilder`, `CronetChannelBuilder`) are commonly referencing internal ABIs due to overly-specific generics in gRPC. There is now a .class file hack in place which preserves ABI compatibility for old builds while causing javac to use the intended public API for new builds. In a future release we will remove the internal ABI for these experimental APIs ([https://github.com/grpc/grpc-java/issues/7211](https://togithub.com/grpc/grpc-java/issues/7211)) which may cause runtime failures. Recompiling with this release or later will prevent your code from using those ABIs and so you will not be impacted by the ABI removal. This is related to the temporary ABI breakage in v1.33.0.
-   Deleted deprecated `LoadBalancer.Helper` APIs as they had been deprecated since v1.22 release ([#&#8203;7793](https://togithub.com/grpc/grpc-java/issues/7793)).
-   Deprecated `LoadBalancer.Helper.createResolvingOobChannelBuilder(String target)` in favor of the new experimental API `createResolvingOobChannelBuilder(String target, ChannelCredentials creds)`. The two APIs differ not only in signature but also in the default authority of the returned builder. See their javadoc for more detail.

##### Behavior Changes

-   `ManagedChannelBuilder.overrideAuthority()` is now used even if the NameResolver uses `EquivalentAddressGroup.ATTR_AUTHORITY_OVERRIDE`. Previously the NameResolver’s override would be used
-   grpclb: keep RR Subchannel state in TRANSIENT_FAILURE until becoming READY ([#&#8203;7816](https://togithub.com/grpc/grpc-java/issues/7816)). This enhancement was previously made to the round_robin policy, but now also applies to grpclb
-   netty: On server-side, stop logging expected STREAM_CLOSED exceptions. This reduces log pollution

##### New Features

-   services: Add support for `grpc.channelz.v1.Channelz.GetServer`, as defined in [`channelz.proto`](https://togithub.com/grpc/grpc-proto/blob/f5c9cf6eecbe948b8744bd0398a1ddc937ec5237/grpc/channelz/v1/channelz.proto#L429-L430)
-   xds: support reading bootstrap config directly from env var (`GRPC_XDS_BOOTSTRAP_CONFIG`) or system property (`io.grpc.xds.bootstrapValue`) values
-   alts: Introduce `AltsContext` to allow outside packages access to ALTS peer information

##### Bug Fixes

-   core: Fixed a bug where RPCs queued waiting for a connection can use user-provided executors after the ManagedChannel is terminated ([#&#8203;6283](https://togithub.com/grpc/grpc-java/issues/6283))
-   core: Fixed a bug where RPCs queued waiting on CallCredentials can use user-provided executors after the ManagedChannel is terminated ([#&#8203;7813](https://togithub.com/grpc/grpc-java/issues/7813))

##### Documentation

-   api: add nullable annotation to `Status.trailersFromThrowable` ([#&#8203;7856](https://togithub.com/grpc/grpc-java/issues/7856)). The annotation doesn’t change behavior, it just makes the behavior more clear

##### Dependencies

-   alts: Remove dependency on Apache Commons Lang

##### Acknowledgements

[@&#8203;elharo](https://togithub.com/elharo) Elliotte Rusty Harold
[@&#8203;lriuui0x0](https://togithub.com/lriuui0x0) Rui Liu
[@&#8203;martin-schaub](https://togithub.com/martin-schaub) Martin Schaub
[@&#8203;njhill](https://togithub.com/njhill) Nick Hill
[@&#8203;ReginFell](https://togithub.com/ReginFell) Serhii Zabelnykov

### [`v1.35.1`](https://togithub.com/grpc/grpc-java/releases/v1.35.1)

-   Fix an `UnsupportedOperationException` incompatibility with Netty 4.1.60.Final ([#&#8203;7953](https://togithub.com/grpc/grpc-java/issues/7953)). This allows users of grpc-netty that may be using Netty elsewhere in their application to upgrade their Netty version to avoid exposure to recent Netty CVEs. gRPC is not impacted by those CVEs so a Netty upgrade for gRPC itself is not necessary
-   xds: Fixed a bug that would drop some node information (e.g., user-agent) when reporting to LRS ([#&#8203;7964](https://togithub.com/grpc/grpc-java/issues/7964))

### [`v1.35.0`](https://togithub.com/grpc/grpc-java/releases/v1.35.0)

### Bug Fixes

-   core: Fix CompositeChannelCredentials to no longer use CallCredentials for OOB channels. OOB channels are available for load balancing policies to use to communicate with an LB server. It is mainly used by gRPC-LB. This resolves the incompatibility of the 1.34.0 release with googleapis.com.
-   alts: Limit number of concurrent handshakes to 32. ALTS uses blocking RPCs for handshakes. If the handshake server has a limit to number of concurrent handshakes this can produce a deadlock. Limiting to 32 should workaround the problem for the majority of the cases. A later fix will allow handshake RPCs to be asynchronous
-   xds: Fix missed class relocations for generated code. grpc-xds previously exposed generated code for multiple 3rd-party protobuf generated code classes outside of the `io.grpc` package. They are now shaded to avoid colliding with other users of the classes
-   xds: Fix a user visible stack trace showing java.util.NoSuchElementException when the environment variable GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT was set and the application contains an xDS configured gRPC server. The exception was benign and was seen when the connection was dropped before an SslContextProvider was available.
-   xds: Decouple xds channel creation and bootstrapping. This fixes the bug caused by the lifecycle mismatch between XdsClient and its channel to the xDS server. Creating a new XdsClient (previous one shutdown due to no Channel using it) would create and use a new xDS channel.
-   xds: Fix races between creating subchannls and Channel shutdown caused by delaying address/config propagation between LB policies. An exception will be thrown if Channel's shutdown() has been called and receiving an EDS update while the Channel has not completely shutdown.

### Dependencies

-   Guava updated to 30.0-android
-   Animal Sniffer annotations updated to 1.19
-   Error Prone annotations updated to 2.4.0
-   Perfmark updated to 0.23.0
-   compiler: Linux artifacts now built using CentOS 7. Previously CentOS 6 was used, but that distribution is discontinued and no longer available in our build infrastructure
-   netty: Upgrade to Netty 4.1.52 and tcnative 2.0.34. Note that this Netty release enables TLSv1.3 support. mTLS failures with TLSv1.3 will have different error messages than in TLSv1.2
-   auth,alts: google-auth-library-java updated to 0.22.2
-   census: OpenCensus updated to 0.28.0
-   protobuf: googleapi’s common protos updated to 2.0.1
-   okhttp: Okio updated to 1.17.5
-   xds: re2j updated to 1.5
-   xds: bouncycastle updated to 1.67
-   gradle: bumped protobuf-gradle-plugin version to 0.8.14
-   android, cronet: upgraded the latest support Android version to 29

### Acknowledgments

[@&#8203;amnox](https://togithub.com/amnox)
[@&#8203;horizonzy](https://togithub.com/horizonzy)
[@&#8203;wanyingd1996](https://togithub.com/wanyingd1996)

### [`v1.34.1`](https://togithub.com/grpc/grpc-java/releases/v1.34.1)

### Bug Fixes

-   core: Fix CompositeChannelCredentials to no longer use CallCredentials for OOB channels. OOB channels are available for load balancing policies to use to communicate with an LB server. It is mainly used by gRPC-LB. This resolves the incompatibility of the 1.34.0 release with googleapis.com.
-   alts: Limit number of concurrent handshakes to 32. ALTS uses blocking RPCs for handshakes. If the handshake server has a limit to number of concurrent handshakes this can produce a deadlock. Limiting to 32 should workaround the problem for the majority of the cases. A later fix will allow handshake RPCs to be asynchronous
-   xds: Relocate (shade) all generated code; a few classes had previously been missed
-   xds: Fixed an issue when `GRPC_XDS_EXPERIMENTAL_NEW_SERVER_API=true` where gRPC would request non-existent resources

### [`v1.34.0`](https://togithub.com/grpc/grpc-java/releases/v1.34.0)

**This release has a severe bug when using CompositeChannelCredentials that predominantly impacts googleapis.com ([#&#8203;7643](https://togithub.com/grpc/grpc-java/issues/7643)). You may be impacted in the future even if not impacted today. If you contact googleapis.com, *please* use 1.34.1 instead.**

##### API Changes

-   api: added `io.grpc.ForwardingServerBuilder` ([#&#8203;7633](https://togithub.com/grpc/grpc-java/issues/7633))

##### New Features

-   Added ChannelCredentials and ServerCredentials. They are safe for production but are Experimental APIs to resolve issues discovered as they see usage. The rationale and description of the new API can be found in [gRFC L74](https://togithub.com/grpc/proposal/blob/master/L74-java-channel-creds.md). In short, these APIs are intended to “replace” the implicit security defaults of channels/servers as well as the `usePlaintext()` and `useTransportSecurity()` methods on the channel and server builders. The previous APIs are stable so will not be removed, but are expected to be deprecated in the future. Since these new APIs will be widely used, we encourage users to try the APIs out and report any problems experienced so they can be corrected before the APIs become stable ([#&#8203;7294](https://togithub.com/grpc/grpc-java/issues/7294), [#&#8203;7601](https://togithub.com/grpc/grpc-java/issues/7601))
-   As part of ChannelCredentials and ServerCredentials there are now XdsChannelCredentials and XdsServerCredentials added that can be used to enable use of XDS provided credentials on the channel and server. A File-watcher certificate provider has been implemented to support these Xds Credentials. The example in example-xds has been enhanced to be a full xDS example with XdsChannelCredentials and XdsServerCredentials to illustrate their usage. ([#&#8203;7497](https://togithub.com/grpc/grpc-java/issues/7497), [#&#8203;7636](https://togithub.com/grpc/grpc-java/issues/7636))
-   xds: added support for setting bootstrap file with java system property ([#&#8203;7620](https://togithub.com/grpc/grpc-java/issues/7620))

##### Bug Fixes

-   netty: abrupt GOAWAY should not cause INTERNAL status. It is now UNAVAILABLE. This was a regression introduced in v1.33.0. The error was in the form `StatusRuntimeException: INTERNAL: http2 exception` with a cause similar to `Http2Exception$StreamException: Cannot create stream 222691 greater than Last-Stream-ID 222689 from GOAWAY.` This was mainly observed when a C core-based gRPC server shut down. ([#&#8203;7501](https://togithub.com/grpc/grpc-java/issues/7501))
-   core, netty, okhttp, cronet: fixed builders ABI backward compatibility broken in v1.33.0 ([#&#8203;7552](https://togithub.com/grpc/grpc-java/issues/7552)). For details, see v1.33.1 release note.
-   core: round robin should ignore name resolution error for channel state change when there are READY subchannels ([#&#8203;7595](https://togithub.com/grpc/grpc-java/issues/7595)). Previously the round_robin load balancing policy puts the Channel into TRANSIENT_FAILURE if encountering name resolution failures even if it has received usable addresses.
-   core: fixed floating-point number formatting Locale in error messages ([#&#8203;7473](https://togithub.com/grpc/grpc-java/issues/7473))
-   android: make Channel always enterIdle() upon network recover ([#&#8203;7611](https://togithub.com/grpc/grpc-java/issues/7611)). This is for AndroidChannelBuilder. It avoids failing new RPCs prematurely when the device detects the network has recovered while resuming connections.
-   xds: only reschedule time for unresolved resources upon ADS stream restarts ([#&#8203;7582](https://togithub.com/grpc/grpc-java/issues/7582)). The management server can choose not to send resources it has previously sent when the RPC stream is recreated. So the client will keep using resources it has saved previously.
-   alts: create handshaker RPC lazily ([#&#8203;7630](https://togithub.com/grpc/grpc-java/issues/7630)). Previously the handshake RPCs start before the TCP connection is established, which might be leaked forever if the connection is never established.

##### Documentation

-   api: added implementation note regarding server interceptors and thread locals ([#&#8203;7482](https://togithub.com/grpc/grpc-java/issues/7482))
-   api: clarify expectations regarding `ServerCall#close` ([#&#8203;7580](https://togithub.com/grpc/grpc-java/issues/7580))

##### Behavior Changes

-   netty: differentiate GOAWAY closure status descriptions ([#&#8203;7502](https://togithub.com/grpc/grpc-java/issues/7502)). Previously many different GOAWAY-related errors all produced the same status description. Now they each should use their own specific description which should allow distinguishing between issues like weak server GOAWAY behavior, MAX_CONCURRENT_STREAMS interfering with eager transport selection, and local races. We now also use UNAVAILABLE in more cases, although the cases that benefit should be rare
-   xds: added support case insensitive path matching ([#&#8203;7506](https://togithub.com/grpc/grpc-java/issues/7506)). The xDS traffic splitting now supports the case-insensitive option for path matching.
-   alts: add a timeout to AltsHandshakerStub. A default of 20 seconds is used ([#&#8203;7589](https://togithub.com/grpc/grpc-java/issues/7589))

##### Dependencies

-   all: bumped google auth libraries to version 0.22.0 ([#&#8203;6652](https://togithub.com/grpc/grpc-java/issues/6652))

##### Acknowledgements

[@&#8203;attila123](https://togithub.com/attila123)
[@&#8203;erikjoh](https://togithub.com/erikjoh)
[@&#8203;jbdeboer](https://togithub.com/jbdeboer)
[@&#8203;ST-DDT](https://togithub.com/ST-DDT)
[@&#8203;sullis](https://togithub.com/sullis)
[@&#8203;susinmotion](https://togithub.com/susinmotion)

### [`v1.33.1`](https://togithub.com/grpc/grpc-java/releases/v1.33.1)

##### Bug Fixes

-   Fix builders ABI backward compatibility broken in v1.33.0, see [#&#8203;7552](https://togithub.com/grpc/grpc-java/issues/7552)
    -   netty: The class `io.grpc.netty.NettyServerBuilder` reverted to extend internal class `io.grpc.internal.AbstractServerImplBuilder`
    -   netty: The class `io.grpc.netty.NettyChannelBuilder` reverted to extend internal class  `io.grpc.internal.AbstractManagedChannelImplBuilder`
    -   okhttp: The class `io.grpc.okhttp.OkhttpChannelBuilder` reverted to extend internal class  `io.grpc.internal.AbstractManagedChannelImplBuilder`
    -   core: `The class io.grpc.inprocess.InProcessChannelBuilder` reverted to extend internal class  `io.grpc.internal.AbstractManagedChannelImplBuilder`
    -   cronet: The class `io.grpc.cronet.CronetChannelBuilder` reverted to extend internal class `io.grpc.internal.AbstractManagedChannelImplBuilder`
-   api: `ForwardingServerBuilder` reverted until the permanent fix of the issue with ABI compatibility of delegating classes
-   okhttp: exclude Internal\* from javadoc
-   netty: Abrupt GOAWAY should not cause INTERNAL status. It is now UNAVAILABLE. This was a regression introduced in v1.33.0. The error was in the form `StatusRuntimeException: INTERNAL: http2 exception` with a cause similar to `Http2Exception$StreamException: Cannot create stream 222691 greater than Last-Stream-ID 222689 from GOAWAY.` This was mainly observed when a C core-based gRPC server shut down.
-   core: fix floating-point number formatting Locale

### [`v1.33.0`](https://togithub.com/grpc/grpc-java/releases/v1.33.0)

*This release broke ABI in a non-planned way for NettyServerBuilder, NettyChannelBuilder, and similar. See [https://github.com/grpc/grpc-java/issues/7552](https://togithub.com/grpc/grpc-java/issues/7552). If you are impacted, please use an earlier version until v1.33.1 is available.* A future ABI breakage may be necessary, but will be communicated explicitly at that time.

##### API Changes

-   netty: The class `io.grpc.netty.NettyServerBuilder` is no longer a subclass of the internal class `io.grpc.internal.AbstractServerImplBuilder`
-   netty: The class `io.grpc.netty.NettyChannelBuilder` is no longer a subclass of the internal class  `io.grpc.internal.AbstractManagedChannelImplBuilder`
-   okhttp: The class `io.grpc.okhttp.OkhttpChannelBuilder` is no longer a subclass of the internal class  `io.grpc.internal.AbstractManagedChannelImplBuilder`
-   core: `The class io.grpc.inprocess.InProcessChannelBuilder` is no longer a subclass of the internal class  `io.grpc.internal.AbstractManagedChannelImplBuilder`
-   cronet: The class `io.grpc.cronet.CronetChannelBuilder` is no longer a subclass of the internal class `io.grpc.internal.AbstractManagedChannelImplBuilder`
-   api: Add ForwardingServerBuilder: a ServerBuilder that delegates to another builder by default
-   core: Add accessor for bare method name in MethodDescriptor ([#&#8203;7339](https://togithub.com/grpc/grpc-java/issues/7339))
-   stub: On server-side when an RPC is cancelled, only throw `StatusRuntimeException: CANCELLED` from `onNext()` for streaming responses. Previously the exception was also thrown from `onNext()` for unary responses and from `onComplete()`, which didn’t help the server avoid unnecessary processing
-   okhttp: OkHttpChannelBuilder made final and can no longer be anonymous
-   api, core: delete io.grpc.LoadBalancer.loadBalancingConfig attribute ([#&#8203;7440](https://togithub.com/grpc/grpc-java/issues/7440)). The attribute was deprecated in v1.27.0, now it is completely deleted.

##### New Features

-   netty: Add support for IBMJSSE2 ([#&#8203;7422](https://togithub.com/grpc/grpc-java/issues/7422))

##### Documentation

-   API documentation (Javadoc) for Server and Channel builders now correctly displays inherited methods and the class hierarchy

##### Bug Fixes

-   core: Reverted "delay sending cancel request on client-side when deadline expires" which introduced a memory leak ([#&#8203;7105](https://togithub.com/grpc/grpc-java/issues/7105)). It could also cause messages to arrive after the call was reported closed (e.g., `onMessage()` after `onClose()`)
-   grpclb: Fixed a bug that RPC might be hanging when using grpclb balancer as a child balancer in a hierarchical load balancer tree ([#&#8203;7434](https://togithub.com/grpc/grpc-java/issues/7434))
-   netty: TCP close during TLS handshake should be UNAVAILABLE, not UNKNOWN
-   netty: BDP ping accounting should occur after flow control. This resolves an incompatibility issue introduced in v1.30.0 and could be worked around via `GRPC_EXPERIMENTAL_AUTOFLOWCONTROL=false` introduced later. The symptom was a GOAWAY with “too_many_pings” without an aggressive keepalive configured. The environment variable is still available, but will be removed in the future

##### Behavior Changes

-   xds: Xds server channel credential option will be required in the [xDS bootstrap file](https://togithub.com/grpc/proposal/blob/master/A27-xds-global-load-balancing.md#xdsclient-and-bootstrap-file). Use `{"type":"insecure"}”` for plaintext ([#&#8203;7396](https://togithub.com/grpc/grpc-java/issues/7396))

##### Dependencies

-   benchmarks: Removed -javaagent jvm option in CreateStartScripts, to allow running the benchmarks without building from source
-   Upgrade Conscrypt to 2.5.1
-   bazel: Remove Maven repositories from `repositories.bzl`, in favor of `maven_install`. v1.27.0 introduced support for `maven_install` and encouraged users to migrate. See `examples/WORKSPACE` for an example. `maven_install` dramatically reduces the boilerplate for maven dependencies and properly handles transitive dependencies and version selection. gRPC is not yet using the `@maven` workspace, so it is still possible to use other dependency tools.
-   Update protobuf gradle plugin version to 0.8.13 ([#&#8203;7355](https://togithub.com/grpc/grpc-java/issues/7355))

##### Acknowledgements

[@&#8203;codeblooded](https://togithub.com/codeblooded) Benjamin Reed
[@&#8203;kiwi1969](https://togithub.com/kiwi1969) Russell Shaw
[@&#8203;pkern](https://togithub.com/pkern) Philipp Kern

### [`v1.32.3`](https://togithub.com/grpc/grpc-java/releases/v1.32.3)

##### Bug Fixes

-   xds: Fixed JSON number types in internally generated service config for header matching (more specifically, range matching for numerical headers) ([#&#8203;7880](https://togithub.com/grpc/grpc-java/issues/7880)).

### [`v1.32.2`](https://togithub.com/grpc/grpc-java/releases/v1.32.2)

##### Bug Fixes

-   netty: TCP close during TLS handshake should be UNAVAILABLE, not UNKNOWN
-   netty: BDP ping accounting should occur after flow control. This resolves an incompatibility issue introduced in v1.30.0 and could be worked around via `GRPC_EXPERIMENTAL_AUTOFLOWCONTROL=false` introduced later. The symptom was a GOAWAY with “too_many_pings” without an aggressive keepalive configured. The environment variable is still available, but will be removed in the future
-   alts: Reverted workaround for Conscrypt cipher performance. Conscrypt 2.5.0 has significantly improved performance and the workaround now decreases performance. Note that grpc-alts itself still depends on Conscrypt 2.2.1 to remain stable for this bug fix release, but users are encouraged to use newer a version of Conscrypt. The gains from Conscrypt 2.5.0 are significantly greater than what the workaround provided

### [`v1.32.1`](https://togithub.com/grpc/grpc-java/releases/v1.32.1)

##### API Changes

-   api: Removed deprecated method `ChannelBuilder.blockingExecutor()` ([#&#8203;7242](https://togithub.com/grpc/grpc-java/issues/7242)). There should not be any users as it was deprecated the first release it was available and was renamed `offloadExecutor()`.
-   grpclb: Make ATTR_LB_ADDRS public ([#&#8203;7230](https://togithub.com/grpc/grpc-java/issues/7230)). This is necessary to configure grpclb from a custom NameResolver

##### New Features

-   xds: perform header matching on concatenated multi-valued headers ([#&#8203;7215](https://togithub.com/grpc/grpc-java/issues/7215))
-   xds: add header matching special cases for hiding/exposing some gRPC headers ([#&#8203;7224](https://togithub.com/grpc/grpc-java/issues/7224)). The only gRPC header available for header matching is “content-type”.
-   xds: support load reporting all clusters option and fix actual report interval measurement ([#&#8203;7209](https://togithub.com/grpc/grpc-java/issues/7209)). If the LRS response enables send_all_clusters, the client side will report loads for all clusters it is currently using.

##### Bug Fixes

-   core, alts, cronet: Fix ByteBuffer covariant method usages ([#&#8203;7349](https://togithub.com/grpc/grpc-java/issues/7349)). When built with Java 9+, internal usages of ByteBuffer APIs may cause runtime breakage for dependent applications running with Java 8. This is fixed now.
-   core: Fixed a bug that RPC may hang when hedging is enabled with a throttling configuration ([#&#8203;7337](https://togithub.com/grpc/grpc-java/issues/7337))
-   netty: The environment variable `GRPC_EXPERIMENTAL_AUTOFLOWCONTROL=false` will now disable the BDP monitoring introduced in v1.30.0. This is intended to help diagnose a “too_many_pings” compatibility issue and will be removed once it is resolved. If you need to use the variable, please file an issue
-   benchmarks: Use correct classpath for scripts (the ones in the bin/ folder of the tar/zip), fixing NoClassDefFoundErrors. The classpath was probably broken starting in v1.30.
-   xds: routing policy should immediately update a picker that selects base on updated config ([#&#8203;7233](https://togithub.com/grpc/grpc-java/issues/7233))

##### Dependencies

-   netty: Upgrade to Netty 4.1.51 and tcnative 2.0.31
-   android, cronet: Drop support for android SDK versions older than 16 ([#&#8203;7253](https://togithub.com/grpc/grpc-java/issues/7253)). The minimum supported Android SDK version is 16.

##### Acknowledgements

[@&#8203;susinmotion](https://togithub.com/susinmotion)
[@&#8203;trustin](https://togithub.com/trustin)
[@&#8203;wanyingd1996](https://togithub.com/wanyingd1996)

### [`v1.31.2`](https://togithub.com/grpc/grpc-java/releases/v1.31.2)

##### Bug Fixes

-   xds: Fixed JSON number types in internally generated service config for header matching (more specifically, range matching for numerical headers) ([#&#8203;7884](https://togithub.com/grpc/grpc-java/issues/7884)).

### [`v1.31.1`](https://togithub.com/grpc/grpc-java/releases/v1.31.1)

##### Bug Fixes

-   netty: The environment variable `GRPC_EXPERIMENTAL_AUTOFLOWCONTROL=false` will now disable the BDP monitoring introduced in v1.30.0. This is intended to help diagnose a “too_many_pings” compatibility issue and will be removed once it is resolved. If you need to use the variable, *please* file an issue
-   examples: some gRPC artifacts are missing in JCenter causing Android examples to sometimes fail to build. Now we are adding mavenCentral as fallback for the Android examples. See [#&#8203;5782](https://togithub.com/grpc/grpc-java/issues/5782)
-   xds: meshCA protocol buffers added in v1.31.0 are now properly shaded in an internal package
-   xds: fixed some internal breakage for traffic splitting

### [`v1.31.0`](https://togithub.com/grpc/grpc-java/releases/v1.31.0)

##### API Changes

-   api: `ManagedChannelBuilder.nameResolverFactory` is now marked deprecated. It has long been our plan to remove the function, but was not communicated. Most usages should be able to globally register via the SPI mechanism or `NameResolverRegistry.register()`. There is a plan to add a method to `ManagedChannelBuilder` to specify the default target scheme for the channel. If your use-case is not covered, please inform us on [#&#8203;7133](https://togithub.com/grpc/grpc-java/issues/7133)

##### New Features

-   The following new xDS functionality is added in this release:
    -   Requests matching based on [path](https://www.envoyproxy.io/docs/envoy/latest/api-v2/api/v2/route/route_components.proto#route-routematch) (prefix, full path and safe regex) and [headers](https://www.envoyproxy.io/docs/envoy/latest/api-v2/api/v2/route/route_components.proto#route-headermatcher).
    -   Requests routing to multiple clusters based on [weights](https://www.envoyproxy.io/docs/envoy/latest/api-v2/api/v2/route/route_components.proto#route-weightedcluster).
    -   The xDS features supported in a given release are documented [here](https://togithub.com/grpc/grpc/blob/master/doc/grpc_xds_features.md).
-   api: Added `LoadBalancer.Helper.createResolvingOobChannelBuilder()`. It is similar to `LoadBalancer.Helper.createResolvingOobChannel()` except allows configuring the channel ([#&#8203;7136](https://togithub.com/grpc/grpc-java/issues/7136))

##### Bug Fixes

-   netty: return status code unavailable when netty channel has unresolved InetSocketAddress ([#&#8203;7023](https://togithub.com/grpc/grpc-java/issues/7023))
-   core: fix a bug that a call may hang when using manual flow control and gRPC retry is enabled ([#&#8203;6817](https://togithub.com/grpc/grpc-java/issues/6817))

##### Documentation

-   stub: Documented more behavior of ClientCalls and ServerCalls, with regard to ClientResponseObserver, ClientCallStreamObserver, ServerCallStreamObserver, and exceptions
-   api: Documented how Providers may be used in their respective class documentation. Previously you “just had to know” the SPI mechanism was available

##### Dependencies

-   Update guava to 29.0 ([#&#8203;7079](https://togithub.com/grpc/grpc-java/issues/7079))

##### Examples

-   examples: Add client/server retrying example via service config [#&#8203;7111](https://togithub.com/grpc/grpc-java/issues/7111)

##### Acknowledgements

[@&#8203;alexanderscott](https://togithub.com/alexanderscott)
[@&#8203;AnarSultanov](https://togithub.com/AnarSultanov)
[@&#8203;cindyxue](https://togithub.com/cindyxue)
[@&#8203;d-reidenbach](https://togithub.com/d-reidenbach)
[@&#8203;elharo](https://togithub.com/elharo)
[@&#8203;gsharma](https://togithub.com/gsharma)
[@&#8203;reggiemcdonald](https://togithub.com/reggiemcdonald)

### [`v1.30.2`](https://togithub.com/grpc/grpc-java/releases/v1.30.2)

##### Bug Fixes

-   xds:  disable code for a future xds feature

### [`v1.30.1`](https://togithub.com/grpc/grpc-java/releases/v1.30.1)

##### Bug Fixes

-   all: remove grpc-rls from grpc-all dependencies ([#&#8203;7118](https://togithub.com/grpc/grpc-java/issues/7118)). grpc-rls is not intended to be published yet, projects depending on grpc-all gets a "failed to collect dependencies at io.grpc:grpc-all:jar:1.30.0 -> io.grpc:grpc-rls:jar:1.30.0" error. This is fixed here.
-   core: fix a bug that a call may hang when using manual flow control and gRPC retry is enabled. ([#&#8203;6817](https://togithub.com/grpc/grpc-java/issues/6817))

### [`v1.30.0`](https://togithub.com/grpc/grpc-java/releases/v1.30.0)

*Note: gRPC-Java no longer exposes many transitive dependencies as "compile" dependencies, but instead specifies them as "runtime" dependencies. Consuming projects using these dependencies directly will need to explicitly add the dependencies to their compile-time classpath.*

##### Behavioral Changes

-   netty: Bandwidth delay product (BDP) is enabled by default ([#&#8203;6979](https://togithub.com/grpc/grpc-java/issues/6979)). BDP dynamically adjusts flow control window to optimize the network bandwidth utilization. To disable this feature, build channel/server with `NettyChannelBuilder#flowControlWindow` or `NettyServerBuilder#flowControlWindow`. Existing `flowControlWindow` users need to use `initialFlowWindowSize` to enable BDP. The default initial window size has remained unchanged, so most users should not see a performance difference. In the future we plan to reduce the default size, which may briefly (up to 4 RTT) slow down new connections as they determine an appropriate BDP.

##### New Features

-   This release adds an xDS URI scheme called `xds`. This is the stable version of the scheme `xds-experimental` that was introduced in v1.28.0. `xds-experimental` scheme will be removed in subsequent releases so you must switch to `xds` scheme instead. `xds` scheme is a client side implementation of xDSv2 APIs. This allows a gRPC client written in Java to receive configuration from an xDSv2 API compatible server and use that configuration to load balance RPCs. In this release, only the virtual host matching, default path (“” or “/”) matching and cluster route action are supported. The features supported in a given release are documented [here](https://togithub.com/grpc/grpc/blob/master/doc/grpc_xds_features.md).
-   core: ManagedChannel provides LoadBalancer#Helper with implemented createResolvingOobChannel ([#&#8203;6923](https://togithub.com/grpc/grpc-java/issues/6923)).
-   stub: Add `ClientCallStreamObserver.disableAutoRequestWithInitial(int)` and `ServerCallStreamObserver.disableAutoRequest()` that disables all automatic inbound flow-control requests. These methods are intended to replace the existing `CallStreamObserver.disableAutoInboundFlowControl()`. There may still be some tweaks to the API, so `disableAutoInboundFlowControl()` is not yet deprecated.
-   inprocess: Add `InprocessChannelBuilder.propagateCauseWithStatus(true)` to propagate exceptions from the server within `status.getCause()` ([#&#8203;6968](https://togithub.com/grpc/grpc-java/issues/6968)). This is intended for unit tests to ease debugging test failures.
-   netty: support setting options of boss in NettyServer ([#&#8203;6947](https://togithub.com/grpc/grpc-java/issues/6947)). Adds a new API on `NettyServerBuilder` to allow passing channel options for the boss ELG.

##### Bug Fixes

-   okhttp: use new APIs to configure TLS in Android (roll forward of [#&#8203;6959](https://togithub.com/grpc/grpc-java/issues/6959)) ([#&#8203;6960](https://togithub.com/grpc/grpc-java/issues/6960)). Starting from Android 10, there is a new set of public APIs for configuring TLS, where we were previously invoking hidden methods in SSLSocket. Some of those hidden methods are no longer allowed (will be removed in the future) in Android 11. We migrate to use public APIs whenever possible.
-   netty: Using classloader to isolate grpc without isolating netty can cause exceptions when creating netty channel/server is fixed ([#&#8203;7048](https://togithub.com/grpc/grpc-java/issues/7048)).
-   api, core, services: make ProtoReflectionService interceptor compatible ([#&#8203;6967](https://togithub.com/grpc/grpc-java/issues/6967)). Previously intercepting the ProtoReflectionService breaks the internal hack of passing the server instance to the service. Now we change the way of how it obtains the server instance so that applying interceptors to it doesn’t break its functionality. This change also allows multiple servers to use a shared ProtoReflectionService instance.
-   netty: Reduce race window size between GOAWAY and new streams. This should greatly reduce the number of calls that fail with errors similar to “UNAVAILABLE: HTTP/2 error code: NO_ERROR Received Goaway.” Although note that these errors have multiple sources, and it only addresses one of them
-   core: Delay transport shutdown when changing a subchannel’s addresses. This should prevent users from seeing errors saying “UNAVAILABLE: InternalSubchannel closed transport due to address change,” which should have already been rare

##### Documentation

-   For Java 9+ users, we now recommend using `org.apache.tomcat:annotations-api` for the `@Generated` annotation instead of `javax.annotation:javax.annotation-api`, as it has a more appropriate license
-   SECURITY.md: add instruction for disabling Conscrypt's default TrustManager ([#&#8203;6962](https://togithub.com/grpc/grpc-java/issues/6962)). By default, Conscrypt delegates hostname verification to the platform's default HostNameVerifier, which in OpenJDK is a deny-all implementation. You can configure the Conscrypt provider to not use its TrustManager.

##### Dependencies

-   Starting from this version, some transitive dependencies of gRPC artifacts are changed from compile scope to runtime scope. Users may experience their application can not rebuild once the gRPC version is upgraded, because some other component of the project may require a dependency that is no longer transitively provided by gRPC artifacts at compile time; and if that happens, users should explicitly add that dependency for the other component. This change does not affect running the application at runtime.
-   Bumped protobuf to 3.12.0

##### Examples

-   Deleted example-kotlin ([#&#8203;6936](https://togithub.com/grpc/grpc-java/issues/6936)). [grpc-kotlin](https://togithub.com/grpc/grpc-kotlin) was officially released and examples can be found in its own repository.

##### Acknowledgements

[@&#8203;agasparovic-sabre](https://togithub.com/agasparovic-sabre)
[@&#8203;AgentK20](https://togithub.com/AgentK20)
[@&#8203;apolcyn](https://togithub.com/apolcyn)
[@&#8203;asdf2014](https://togithub.com/asdf2014)
[@&#8203;ashithasantosh](https://togithub.com/ashithasantosh

</details>

---

### Configuration

📅 **Schedule**: At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Never, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about these updates again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box.

---

This PR has been generated by [WhiteSource Renovate](https://renovate.whitesourcesoftware.com). View repository job log [here](https://app.renovatebot.com/dashboard#github/GoogleCloudPlatform/java-docs-samples).
sergiitk added a commit to sergiitk/grpc-java that referenced this issue Oct 14, 2021
As part of refactoring described in issue grpc#7211, the implementation of this method,
and its corresponding field was pulled down from internal AbstractManagedChannelImplBuilder
to concrete classes that actually enforce this setting. That's the right place for
method's implementation, so it wasn't ported to ManagedChannelImplBuilder too.

Then AbstractManagedChannelImplBuilder was brought to fix ABI backward compatibility,
and temporarily turned into a ForwardingChannelBuilder, see PR grpc#7564. Eventually it will
be deleted, after a period with "bridge" solution added in grpc#7834.

However, this bringing AbstractManagedChannelImplBuilder back fix unintentionally
made this method's ABI backward incompatible: pre-refactoring builds expect
maxInboundMessageSize() to be a method of AbstractManagedChannelImplBuilder, and not
concrete classes. This problem was caught in grpc#8313.

Since the end goal is to keep only this method in concrete classes the need it,
to fix its ABI issue, we temporary reintroduce it to the original layer it was removed from,
AbstractManagedChannelImplBuilder. This class is also temporary, and its only intention
is a ABI compatibility. Once we move forward with dropping ABI compatibility (with grpc#7834),
this fix is also no longer necessary, and will go away with AbstractManagedChannelImplBuilder.
sergiitk added a commit to sergiitk/grpc-java that referenced this issue Oct 14, 2021
As part of refactoring described in issue grpc#7211, the implementation of this method,
and its corresponding field was pulled down from internal AbstractManagedChannelImplBuilder
to concrete classes that actually enforce this setting. That's the right place for
method's implementation, so it wasn't ported to ManagedChannelImplBuilder too.

Then AbstractManagedChannelImplBuilder was brought to fix ABI backward compatibility,
and temporarily turned into a ForwardingChannelBuilder, see PR grpc#7564. Eventually it will
be deleted, after a period with "bridge" solution added in grpc#7834.

However, this bringing AbstractManagedChannelImplBuilder back fix unintentionally
made this method's ABI backward incompatible: pre-refactoring builds expect
maxInboundMessageSize() to be a method of AbstractManagedChannelImplBuilder, and not
concrete classes. This problem was caught in grpc#8313.

Since the end goal is to keep only this method in concrete classes the need it,
to fix its ABI issue, we temporary reintroduce it to the original layer it was removed from,
AbstractManagedChannelImplBuilder. This class is also temporary, and its only intention
is a ABI compatibility. Once we move forward with dropping ABI compatibility (with grpc#7834),
this fix is also no longer necessary, and will go away with AbstractManagedChannelImplBuilder.
sergiitk added a commit to sergiitk/grpc-java that referenced this issue Oct 15, 2021
In refactoring described in grpc#7211, the implementation of #maxInboundMessageSize(int)
(and its corresponding field) were pulled down from internal AbstractManagedChannelImplBuilder
to concrete classes that actually enforce this setting. For the same reason, it wasn't ported
to ManagedChannelImplBuilder (the #delegate()).

Then AbstractManagedChannelImplBuilder was brought back to fix ABI backward compatibility,
and temporarily turned into a ForwardingChannelBuilder, ref PR grpc#7564. Eventually it will
be deleted, after a period with "bridge" ABI solution introduced in grpc#7834.

However, restoring AbstractManagedChannelImplBuilder unintentionally made ABI of
pre-refactoring builds expect it to be a method of AbstractManagedChannelImplBuilder,
and not concrete classes, ref grpc#8313.

The end goal is to keep #maxInboundMessageSize(int) only in concrete classes that enforce it.
To fix method's ABI, we temporary reintroduce it to the original layer it was removed from:
AbstractManagedChannelImplBuilder. This class' only intention is to provide short-term
ABI compatibility. Once we move forward with dropping the ABI, both fixes are no longer
necessary, and both will perish with removing AbstractManagedChannelImplBuilder.
sergiitk added a commit to sergiitk/grpc-java that referenced this issue Oct 15, 2021
In refactoring described in grpc#7211, the implementation of #maxInboundMessageSize(int)
(and its corresponding field) were pulled down from internal AbstractManagedChannelImplBuilder
to concrete classes that actually enforce this setting. For the same reason, it wasn't ported
to ManagedChannelImplBuilder (the #delegate()).

Then AbstractManagedChannelImplBuilder was brought back to fix ABI backward compatibility,
and temporarily turned into a ForwardingChannelBuilder, ref PR grpc#7564. Eventually it will
be deleted, after a period with "bridge" ABI solution introduced in grpc#7834.

However, restoring AbstractManagedChannelImplBuilder unintentionally made ABI of
pre-refactoring builds expect it to be a method of AbstractManagedChannelImplBuilder,
and not concrete classes, ref grpc#8313.

The end goal is to keep #maxInboundMessageSize(int) only in concrete classes that enforce it.
To fix method's ABI, we temporary reintroduce it to the original layer it was removed from:
AbstractManagedChannelImplBuilder. This class' only intention is to provide short-term
ABI compatibility. Once we move forward with dropping the ABI, both fixes are no longer
necessary, and both will perish with removing AbstractManagedChannelImplBuilder.
sergiitk added a commit that referenced this issue Oct 15, 2021
…8607)

In refactoring described in #7211, the implementation of #maxInboundMessageSize(int)
(and its corresponding field) were pulled down from internal AbstractManagedChannelImplBuilder
to concrete classes that actually enforce this setting. For the same reason, it wasn't ported
to ManagedChannelImplBuilder (the #delegate()).

Then AbstractManagedChannelImplBuilder was brought back to fix ABI backward compatibility,
and temporarily turned into a ForwardingChannelBuilder, ref PR #7564. Eventually it will
be deleted, after a period with "bridge" ABI solution introduced in #7834.

However, restoring AbstractManagedChannelImplBuilder unintentionally made ABI of
pre-refactoring builds expect it to be a method of AbstractManagedChannelImplBuilder,
and not concrete classes, ref #8313.

The end goal is to keep #maxInboundMessageSize(int) only in concrete classes that enforce it.
To fix method's ABI, we temporary reintroduce it to the original layer it was removed from:
AbstractManagedChannelImplBuilder. This class' only intention is to provide short-term
ABI compatibility. Once we move forward with dropping the ABI, both fixes are no longer
necessary, and both will perish with removing AbstractManagedChannelImplBuilder.
@ejona86 ejona86 modified the milestones: Next, 1.59 Nov 13, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Feb 12, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
2 participants