Mitigating KNS/Discover impact in our servers
Aleix Pol
aleixpol at kde.org
Wed Feb 9 17:45:45 GMT 2022
Dear distributors,
In the last few days, we have been looking into mitigating the impact
of Discover against certain KDE web services.
Some of the problems can be addressed in the service itself but not
them entirely, so it would be useful if the following changes were
backported into your own packaging. We have already included it in our
stable branches but on the distributions that ship unsupported
versions of our software it would be useful you can apply these
patches.
https://invent.kde.org/frameworks/knewstuff/-/commit/c8165b7a0d622e318b3353ccf257a8f229dd12c9
https://invent.kde.org/frameworks/knewstuff/-/commit/e1c6f2bf383876a31cd3e3f9e6edcaa19dc0a7dd
https://invent.kde.org/plasma/plasma-desktop/-/commit/b85cf34298c274b5f16cb6c2aead7b87f0dabbb8
https://invent.kde.org/plasma/discover/-/commit/6257e21c313e21afd80d101d24c78d66621236b1
If you feel unsure about the patch on a specific branch, feel free to
contact me here or in private and I will backport it if necessary.
Plasma 5.24.0 has already some of these mitigations, Plasma 5.24.1 and
KDE Frameworks 5.92 should have these all plus some others that also
help.
Please excuse the inconvenience.
Best regards,
Aleix
More information about the Distributions
mailing list