On Sun, Jun 28, 2009 at 08:20:20PM +0200, Stefan Fritsch wrote:
> we have received a bug report [1] that a DoS is possible with 
> mod_deflate since it does not stop to compress large files even after 
> the network connection has been closed. This allows to use large 
> amounts of CPU if there is a largish (>10 MB) file available that has 
> mod_deflate enabled.

Thanks for posting the report.  This issue has been assigned 

On the security list, Ruediger suggested these fixes, which I've 
proposed for inclusion in 2.2.x:


along with a third fix which concerned event MPM write completion - 
AFAICT that is not relevant on the 2.2.x branch.

Regards, Joe

Reply via email to