v1.47.0

Bug Fixes

• api: Ignore ClassCastExceptions for hard-coded providers on Android (#9174). This avoids ServiceConfigurationError in certain cases when an “SDK” includes a copy of gRPC that was renamed with Proguard-like tools that do precise class name rewriting (versus something like Maven Shade Plugin which uses coarse pattern matching)
• binder: respect requested message limits when provide received messages to listener (#9163)
• binder: Avoid an ISE from asAndroidAppUri() (#9169)
• okhttp: Use the user-provided ScheduledExecutorService for keepalive if provided. Previously the user-provided executor was used for deadlines, but not keepalive. Keepalive always used the default executor (#9073)
• bom: Reverted “bom: Removed protoc-gen-grpc-java from the BOM” in v1.46.0. There was a way to use it with Gradle (#9154)
• build: fix grpc-java build against protobuf 3.21 (#9218)
• grpclb: Adds missing META-INF resources to libgrpclb.jar produced by bazel //grpclb:grpclb target (#9156)
• xds: Protect xdstp processing with federation env var. If the xds server uses xdstp:// resource names it was possible for federation code paths to be entered even without enabling the experimental federation support. This is now fixed and it is safe for xds servers to use xdstp:// resource names. (#9190)
• xds: fix bugs in ring-hash load balancer picking subchannel behavior per gRFC. The bug may cause connection not failing over from TRANSIENT_FAILURE status. (#9085)
• xds: NACK EDS resources with duplicate localities in the same priority (#9119)

New Features

• api: Add connection management APIs to ServerBuilder (#9176). This includes methods for keepalive, max connection age, and max connection idle. These APIs have been available on NettyServerBuilder since v1.4.0
• api: allow NameResolver to influence which transport to use (#9076)
• api: New API in ServerCall to expose SecurityLevel on server-side (#8943)
• netty: Add NameResolver for unix: scheme, as defined in gRPC Name Resolution (#9113)
• binder: add allOf security policy, which allows access iff ALL given security policies allow access. (#9125)
• binder: add anyOf security policy, which allows access if ANY given security policy allows access. (#9147)
• binder: add hasPermissions security policy, which checks that a caller has all of the given package permissions. (#9117)
• build: Add Bazel build support for xds, googleapis, rls, and services. grpc-services previously had partial bazel support, but some parts were missing. These artifacts are now configured via IO_GRPC_GRPC_JAVA_OVERRIDE_TARGETS so maven_install will not use the artifacts from Maven Central (#9172)
• xds: New ability to configure custom load balancer implementations via the xDS Cluster.load_balancing_policy field. This implements gRFC A52: gRPC xDS Custom Load Balancer Configuration. (#9141)
• xds, orca: add support for custom backend metrics reporting: allow setting metrics at gRPC server and consuming metrics reports from a custom load balancing policy at the client. This implements gRFC A51: Custom Backend Metrics Support.
• xds: include node ID in RPC failure status messages from the XdsClient (#9099)
• xds: support for the is_optional logic in Cluster Specifier Plugins: if an unsupported Cluster Specifier Plugin is optional, don't NACK, and skip any routes that point to it. (#9168)

Behavior Changes

• xds: Allow unspecified listener traffic direction, to match other languages and to work with Istio (#9173)
• xds: change priority load balancer failover time behavior and ring_hash LB aggregation rule to better handle transient_failure channel status (#9084, #9093)

Dependencies

• Bump GSON to 2.9.0. Earlier versions of GSON are affected by CVE-2022-25647. gRPC was not impacted by the vulnerability. (#9215)
• gcp-observability: add grpc-census as a dependency and update opencensus version (#9140)

Acknowledgements

@caseyduquettesc
@cfredri4
@jvolkman
@mirlord
@ovidiutirla