gRPC-Java and Netty 4.1.111 possible corruption

[Eric Anderson]

Users of grpc-java should avoid upgrading to Netty 4.1.111 (released two days ago), as it appears there is corruption. The issue is being tracked in https://github.com/grpc/grpc-java/issues/11284

Little is known now, but best to delay the upgrade until more is known.

[Eric Anderson]

The issue was resolved. It is best to use 1.63.2, 1.64.2, 1.65.1, and later. The earlier versions 1.64.1 and 1.65.0 did fix the corruption, but it is better to use the later versions listed.

The corruption was caused by grpc-java code, so would not have impacted other Netty users. Luckily the corruption was not subtle, so most applications probably would have noticed the corruption before deploying to production. It was highly likely to trigger and highly likely to cause INTERNAL RPC failures.

I'm sorry we didn't close the loop on the group earlier. I only just now realized there had been no update posted to this thread.