Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: prepare 0.12.3 release #1899

Merged
merged 3 commits into from
Sep 26, 2024
Merged

Conversation

tottoto
Copy link
Collaborator

@tottoto tottoto commented Aug 28, 2024

No description provided.

@tottoto tottoto requested review from djc and LucioFranco August 28, 2024 15:17
@kushudai
Copy link

Could we please get #1938 into this release as well?

@djc
Copy link
Contributor

djc commented Sep 15, 2024

More, importantly, we should consider:

(Which tweaks newly public API.)

@Sh4d1
Copy link
Contributor

Sh4d1 commented Sep 16, 2024

@djc actually, in the current latest tonic release, if the TLS server is configured, and the server is exposed publicly (which is the case for some setup I guess), a external non authenticated user can very easily bring down the tonic server without any issues (HTTP requests or TCP packets to the TLS server). IMHO 0.12.3 should be released quickly with the fix (and maybe adding the impacted versions on rustsec? Or at least a warning somewhere)

@kushudai
Copy link

@djc actually, in the current latest tonic release, if the TLS server is configured, and the server is exposed publicly (which is the case for some setup I guess), a external non authenticated user can very easily bring down the tonic server without any issues (HTTP requests or TCP packets to the TLS server). IMHO 0.12.3 should be released quickly with the fix (and maybe adding the impacted versions on rustsec? Or at least a warning somewhere)

+1, it's a pretty serious regression from 0.12.1

@djc
Copy link
Contributor

djc commented Sep 16, 2024

The risk/severity was adequately explained in #1938 -- I agree that we should merge and release this but unfortunately I don't have the privileges to release and there's some governance discussions between the maintainers. So no need for +1 comments (which are actually universally unhelpful).

@Sh4d1
Copy link
Contributor

Sh4d1 commented Sep 16, 2024

Gotcha, wasn't aware of the governance issues!

@LucioFranco LucioFranco added this pull request to the merge queue Sep 16, 2024
@LucioFranco LucioFranco removed this pull request from the merge queue due to a manual request Sep 16, 2024
@LucioFranco
Copy link
Member

I am going to try to get the other PRs we want for this release and get this out this week

@Tuetuopay
Copy link
Contributor

Hi, I just opened #1948 that's a continuation of #1938. While less severe, it still is the same issue, and it would be great to include it. Thanks :)

@niebayes
Copy link

Looks forward for this release since the #1948 helps a lot!

@LucioFranco LucioFranco added this pull request to the merge queue Sep 26, 2024
Merged via the queue into hyperium:master with commit 4b8d2c4 Sep 26, 2024
17 checks passed
@zakhenry
Copy link
Contributor

@LucioFranco thanks for getting this merged, what has to happen for the 0.12.3 release to be pushed to crates.io ? I see the build passed on master but I don't know the process from there.

@LucioFranco
Copy link
Member

@zakhenry for my meeting to end so I could publish :)

@LucioFranco
Copy link
Member

@zakhenry its been published, let me know if you run into any issues.

@tottoto tottoto deleted the prepare-0.12.3 branch September 26, 2024 20:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

8 participants