Security: Fix revision parsing (#5772)

A carefully crated URL can cause Etherpad to hang.
2025-04-30 12:19:13 -04:00 · 2023-06-26 18:17:06 +01:00 · 2023-06-26 18:17:06 +01:00 · 1e98033632
commit 1e98033632
parent 1d289520eb
9 changed files with 325 additions and 29 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,3 +1,14 @@
+# Next release
+
+### Notable enhancements and fixes
+
+* Security
+  * Limit requested revisions in timeslider and export to head revision. (affects v1.9.0)
+
+* Bugfixes
+  * revisions in `CHANGESET_REQ` (timeslider) and export (txt, html, custom)
+    are now checked to be numbers.
+
 # 1.9.0

 ### Notable enhancements and fixes