Skip to content

Problems with upgrading netty beyond 4.1.110 when grpc-java is a dependency. #12149

New issue
New issue
Open
Open
Problems with upgrading netty beyond 4.1.110 when grpc-java is a dependency.#12149
Labels
question
@daniel-b2c2

Description

@daniel-b2c2
daniel-b2c2
opened on Jun 11, 2025

I have an application that's based on netty and uses grpc-java (along with several other dependencies which also use netty). We've been using 4.1.110 to date with no issue.

I recently upgraded this application to use netty 4.1.121. When I did this upgrade our UAT team reported issues which look similar to a previously reported corruption issue. (io.grpc.StatusRuntimeException: INTERNAL: Encountered end-of-stream mid-frame")

I note the corruption issue is from last year June 2024, the thread is long but it looks like it was fixed.

There is a suggestion from a different thread here that as follows that one can choose any Netty version since there are no known incompatibilities, and that any issues with corruption are the results of failing to upgrade gRPC or maven resolution failing to select the 'right' version.

There are no known incompatibilities with Netty, including 4.2.x. If you are having trouble with the corruption bug, then it seems you haven't upgraded gRPC, so there's no point in us upgrading Netty for you as you wouldn't use the new version. If you are using 1.63.2, 1.64.2, 1.65.1 or later and see corruption, please file a new issue. The easiest explanation is you are using Maven and it is choosing improper versions.

Before getting into the details of the corruption issue, I want to just confirm my understanding of the grpc version requirements are correct.

We are using Bazel with rules_jvm_external which produces a json lock file to ensure we know which version of a library has been resolved.

Since the lockfile shows I am using 1.72.0 grpc, and since that's later than 1.65.1, according to the claim above, it should just work?

Here are all the io.grpc entries in the lockfile:

    "io.grpc:grpc-api": {
      "shasums": {
        "jar": "f7ca643e2a8cab338b3c3c37305da4084d81d75b66a2016018c1c0ab97b655d4",
        "sources": "66395a625aadc0566664d033dc501e0e9479fb74c4987d917ffeb2ac0b9d0812"
      },
      "version": "1.72.0"
    },
    "io.grpc:grpc-context": {
      "shasums": {
        "jar": "43b58ec3cd95c16627f5846d1b934564b22a2715885d0ebcdbb071212213db22",
        "sources": "feae656a0c24f30d1e5fdab11d273f8d162cb07c0ca43157d19dcb97578e2e3f"
      },
      "version": "1.72.0"
    },
    "io.grpc:grpc-core": {
      "shasums": {
        "jar": "da3cc600520ce757cd4d08e502348e65e0815574fbcdafa4ee1f7d3dd10e77c3",
        "sources": "fd5ae79c8e4aa03cc389bc6510aeb5466bf0f0d89a4ab30796a57c1808000055"
      },
      "version": "1.72.0"
    },
    "io.grpc:grpc-netty": {
      "shasums": {
        "jar": "d16fc7d4be7cc9894629b6d22ee1c4a87b64f6b3eb0bf954a2cb2d2244c8ff4d",
        "sources": "3a479bdd8627bfc486208a5d8d597c7c9de567f7b589448eba69073a4a912fbc"
      },
      "version": "1.72.0"
    },
    "io.grpc:grpc-protobuf": {
      "shasums": {
        "jar": "2c65feaebb9d74281ec78dcaa30ff222aff71fe2a27514426f078e10bb20bb14",
        "sources": "0b924166b2ef9e0e88bd23fc073f2bf7f5ecb162b9657bfb9c495a847838256f"
      },
      "version": "1.72.0"
    },
    "io.grpc:grpc-protobuf-lite": {
      "shasums": {
        "jar": "7d942e864624783f27b8110d66e6812a9d43e65c63234de6edf937e959f243f8",
        "sources": "8827e1f0f74987663c4081fda7bc3f1e7478d83efc19b7b9c744cc122884da12"
      },
      "version": "1.72.0"
    },
    "io.grpc:grpc-stub": {
      "shasums": {
        "jar": "851c7d3e6a42d0a662e78aecda4318fc347e12b1e85f67e78598c46c9bcb3dc8",
        "sources": "9860e55aaa6c5bd8ef19f8fc25d920923fec59ded4054adc02b10e496e1613f8"
      },
      "version": "1.72.0"
    },
    "io.grpc:grpc-util": {
      "shasums": {
        "jar": "68a2f8162a3ff7e1235989e950d23bebbafba1cbd5771216992d6496f01fdcd5",
        "sources": "2e20bcecdab03cbcf6fa2ff6b09af4121007042c08c792ea93b71b94e56343dd"
      },
      "version": "1.72.0"
    },

secondary lock file.

    "io.grpc:grpc-api": {
      "shasums": {
        "jar": "f7ca643e2a8cab338b3c3c37305da4084d81d75b66a2016018c1c0ab97b655d4",
        "sources": "66395a625aadc0566664d033dc501e0e9479fb74c4987d917ffeb2ac0b9d0812"
      },
      "version": "1.72.0"
    },
    "io.grpc:grpc-context": {
      "shasums": {
        "jar": "43b58ec3cd95c16627f5846d1b934564b22a2715885d0ebcdbb071212213db22",
        "sources": "feae656a0c24f30d1e5fdab11d273f8d162cb07c0ca43157d19dcb97578e2e3f"
      },
      "version": "1.72.0"
    },
    "io.grpc:grpc-core": {
      "shasums": {
        "jar": "da3cc600520ce757cd4d08e502348e65e0815574fbcdafa4ee1f7d3dd10e77c3",
        "sources": "fd5ae79c8e4aa03cc389bc6510aeb5466bf0f0d89a4ab30796a57c1808000055"
      },
      "version": "1.72.0"
    },
    "io.grpc:grpc-inprocess": {
      "shasums": {
        "jar": "e86902487dd79a44241fe2b2a5a5dc143dfeabe047b404ade27e076a5c2f1a2d",
        "sources": "dad18c23aafdd8c1e4bd178593fce35bbb7ff24370c8be12ff731a8fa7e620e1"
      },
      "version": "1.72.0"
    },
    "io.grpc:grpc-netty": {
      "shasums": {
        "jar": "d16fc7d4be7cc9894629b6d22ee1c4a87b64f6b3eb0bf954a2cb2d2244c8ff4d",
        "sources": "3a479bdd8627bfc486208a5d8d597c7c9de567f7b589448eba69073a4a912fbc"
      },
      "version": "1.72.0"
    },
    "io.grpc:grpc-protobuf": {
      "shasums": {
        "jar": "2c65feaebb9d74281ec78dcaa30ff222aff71fe2a27514426f078e10bb20bb14",
        "sources": "0b924166b2ef9e0e88bd23fc073f2bf7f5ecb162b9657bfb9c495a847838256f"
      },
      "version": "1.72.0"
    },
    "io.grpc:grpc-protobuf-lite": {
      "shasums": {
        "jar": "7d942e864624783f27b8110d66e6812a9d43e65c63234de6edf937e959f243f8",
        "sources": "8827e1f0f74987663c4081fda7bc3f1e7478d83efc19b7b9c744cc122884da12"
      },
      "version": "1.72.0"
    },
    "io.grpc:grpc-services": {
      "shasums": {
        "jar": "a670b61e55dbfb92bc986ca0f06f1a6836b3a03abec887a984f6378eb5029665",
        "sources": "1cb6a86bae5bde16e3c6a3fa6ad3bc8ee464cb78eb695424f1e3f2f75f67eddd"
      },
      "version": "1.72.0"
    },
    "io.grpc:grpc-stub": {
      "shasums": {
        "jar": "851c7d3e6a42d0a662e78aecda4318fc347e12b1e85f67e78598c46c9bcb3dc8",
        "sources": "9860e55aaa6c5bd8ef19f8fc25d920923fec59ded4054adc02b10e496e1613f8"
      },
      "version": "1.72.0"
    },
    "io.grpc:grpc-testing": {
      "shasums": {
        "jar": "56038fb10576e613bd31ce0738ad02dcc0c5cd925139c32c387d537e4da1ff25",
        "sources": "5fa808199d229a8b688b38d6db6dc2a6da9c39e495e0e0123dd7399edb902774"
      },
      "version": "1.72.0"
    },
    "io.grpc:grpc-util": {
      "shasums": {
        "jar": "68a2f8162a3ff7e1235989e950d23bebbafba1cbd5771216992d6496f01fdcd5",
        "sources": "2e20bcecdab03cbcf6fa2ff6b09af4121007042c08c792ea93b71b94e56343dd"
      },
      "version": "1.72.0"
    },

Finally the rules_proto_grpc for java that we're using is also using 1.72.0 https://github.com/rules-proto-grpc/rules_proto_grpc/blob/5bd52f6e3a440aff0613d3c35421527baef6b191/modules/java/MODULE.bazel#L27

Can we agree that if the above is present in the lock file, that 1.72.0 is the resolved version?

If so can we then agree that

  • This corruption issue is not expected with this version.
  • I should be able to upgrade netty to 4.1.121 without issue,

if so, I can move the discussion onto detailing the corruption issue we saw.

Metadata

Metadata

Assignees

No one assigned

    Labels

    question

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions