Subject: [grpc-io] HTTP/2 Security Vulnerabilities

Eight new DoS vulnerabilities in HTTP/2 implementations were disclosed
today, as detailed by CERT Vulnerability Note VU#605641
<>.  gRPC implementations were
potentially impacted by the following: CVE-2019-9512 (Ping Flood),
CVE-2019-9514 (Reset Flood), CVE-2019-9515 (Settings Flood).

The following versions of gRPC contain fixes to these CVEs:

   - gRPC-Go: 1.23.0, 1.22.2, 1.21.3
      - Original fix: grpc/grpc-go#2970
   - gRPC-Java: 1.23.0, 1.22.2, 1.21.1
      - (These releases are currently available but may not be indexed on
      - Original fix: grpc/grpc-java#6056
   - gRPC-C and wrapped languages: 1.23.0, 1.22.1
      - (Releases currently in progress.)
      - Original fix: grpc/grpc#19924

We recommend updating to one of these releases as soon as possible.