gRPC Java 1.22.2 is released and available on Maven Central and JCenter.
https://github.com/grpc/grpc-java/releases/tag/v1.22.2
This release resolves the DoS vulnerability CVE-2019-9515 (SETTINGS flood). Users using the grpc-netty server with untrusted clients should upgrade.