Skip to content

Releases: mostynb/go-grpc-compression

v1.2.3

06 Jun 12:41
Compare
Choose a tag to compare

This release contains an important security fix: Do not use zstd.Decoder.DecodeAll on untrusted data (#27)

This issue was uncovered during a security audit performed by 7ASecurity, facilitated by OSTIF, for the OpenTelemetry project.

https://opentelemetry.io/blog/2024/cve-2024-36129/
GHSA-c74f-6mfw-mm4v

v1.2.2

12 Oct 21:51
Compare
Choose a tag to compare

Update go modules, for some security fixes.

v1.2.1

14 Sep 20:10
Compare
Choose a tag to compare

Fix lz4 package, which was accidentally using zstd instead. (#21)

v1.2.0

26 Jun 20:47
Compare
Choose a tag to compare

Add "nonclobbering" imports, for cases where you do not want to override previously registered grpc codecs with the same name.

v1.1.19

08 Jun 23:13
Compare
Choose a tag to compare
  • Zstd: use a more appropriate window size for RPC.

v1.1.18

05 May 21:21
Compare
Choose a tag to compare
  • Upgrade github.com/klauspost/compress v1.15.9 -> v1.16.5
  • Upgrade github.com/pierrec/lz4/v4 v4.1.15 -> v4.1.17
  • Require go >= 1.17

v1.1.17: add experimental s2 and klauspost_snappy

25 Jul 19:33
Compare
Choose a tag to compare

What's Changed

  • Add experimental s2 support by @mostynb in #11
  • Add experimental/klauspost_snappy package, which might be more efficient than the google snappy package by @mostynb in #12
  • Update deps by @mostynb in #13

Full Changelog: v1.1.16...v1.1.17

v1.1.16: upgrade github.com/klauspost/compress to v1.14.1

11 Jan 23:44
Compare
Choose a tag to compare

v1.1.15: Upgrade lz4 to v3

09 Nov 22:18
Compare
Choose a tag to compare
Run the tests on push and PR updates

v1.1.14: upgrade github.com/klauspost/compress to v1.13.6, google.golang.org/grpc to v1.42.0

03 Nov 21:55
Compare
Choose a tag to compare

Upgrade github.com/klauspost/compress to v1.13.6 and google.golang.org/grpc to v1.42.0.

This includes the following zstd improvements since v1.13.4: