Package: libnginx-mod-http-fancyindex Version: 1.14.2-2+deb10u3 Severity: normal Tags: patch,fixed-upstream Control: found -1 1.10.1-2
Dear maintainer, Since fancyindex 0.4.1, the sorting algorithm has been changed to insertion sort in commit 2fa65b0, which leads to severe performance degradation, especially in those directories that contain large number of files. To make it worse, the event loop of a working process is blocked by the sorting procedure, resulting in a potential DoS attack surface. The patch https://github.com/aperezdc/ngx-fancyindex/pull/112 fixes this issue by changing it back to quick sort, and has been accepted by the upstream. I wonder if it can be applied to unstable and also backported to stable-pu since most users are using stable in their production environment? Cheers, Miao Wang