Impact
A malicious homeserver could redirect requests to their .well-known file to a large file. This can lead to a denial of service attack where homeservers will consume significantly more resources when requesting the .well-known file of a malicious homeserver.
This affects any server which accepts federation requests from untrusted servers.
Patches
Issue is resolved by #8950. A bug not affecting the security aspects of this was fixed in #9108.
Workarounds
The federation_domain_whitelist setting can be used to restrict the homeservers communicated with over federation.
Impact
A malicious homeserver could redirect requests to their .well-known file to a large file. This can lead to a denial of service attack where homeservers will consume significantly more resources when requesting the .well-known file of a malicious homeserver.
This affects any server which accepts federation requests from untrusted servers.
Patches
Issue is resolved by #8950. A bug not affecting the security aspects of this was fixed in #9108.
Workarounds
The
federation_domain_whitelistsetting can be used to restrict the homeservers communicated with over federation.