grpc-netty-shaded and netty issue in PEM reader

Question

grpc-netty-shaded and netty issue in PEM reader

jwojcie opened this issue 13 days ago · 5 comments

I'm using a library which depends on io.grpc:grpc-netty-shaded:jar:1.54.1. While moving to BC FIPS I noticed that there is an issue in netty - it has hardcoded BC non FIPS in PEM reader. So I raised the issue there to fix it. Now the questions:

what version of netty should I seek to have that change implemented in order to ask you to use it in the next release of grpc-netty-shaded? Is that netty 4 or 5?
how long does it take for you to adopt new netty release and release new version of grpc-netty-shaded?

Issue raised in netty:
netty/netty#14455

Answer 1 · 2024-11-12T17:57:53.000Z

Netty 4 is the normal one they'd fix it in, and what we are using. It's going to be a bit before Netty 5 is released.

The time to upgrade varies considerably, depending on the difficulty. But we're already behind on the upgrade as it is more involved. We were hoping to get on 4.1.111+ in Q1 next year.

Answer 2 · 2024-11-12T17:58:42.000Z

Note: If using grpc-netty, you can choose the version of Netty and wouldn't need to wait for us. But there would be a performance regression if you upgrade to 4.1.111+.

Answer 3 · 2024-11-13T23:31:19.000Z

Can you point me to the material explaining how to do that? I thought that since it is shaded I'm stuck with whatever version is there in grpc-java library release.

Answer 4 · 2024-11-14T05:08:40.000Z

Yes, you are stuck with the selected netty version if using grpc-netty-shaded. I was just saying there's the possible option of using grpc-netty in order to upgrade netty sooner.