diff --git a/CHANGELOG.md b/CHANGELOG.md
index 524899dc0..b79217324 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,11 @@
+# Next release
+
+### Notable enhancements and fixes
+
+* Bugfixes
+  * revisions in `CHANGESET_REQ` (timeslider) and export (txt, html, custom)
+    are now checked to be numbers.
+
 # 1.9.0
 
 ### Notable enhancements and fixes
diff --git a/src/node/handler/ExportHandler.js b/src/node/handler/ExportHandler.js
index f3fde047c..417380866 100644
--- a/src/node/handler/ExportHandler.js
+++ b/src/node/handler/ExportHandler.js
@@ -29,6 +29,7 @@ const os = require('os');
 const hooks = require('../../static/js/pluginfw/hooks');
 const TidyHtml = require('../utils/TidyHtml');
 const util = require('util');
+const { checkValidRev } = require('../utils/checkValidRev');
 
 const fsp_writeFile = util.promisify(fs.writeFile);
 const fsp_unlink = util.promisify(fs.unlink);
@@ -53,6 +54,12 @@ exports.doExport = async (req, res, padId, readOnlyId, type) => {
   // tell the browser that this is a downloadable file
   res.attachment(`${fileName}.${type}`);
 
+  if (req.params.rev !== undefined) {
+    // ensure revision is a number
+    // modify req, as we use it in a later call to exportConvert
+    req.params.rev = checkValidRev(req.params.rev);
+  }
+
   // if this is a plain text export, we can do this directly
   // We have to over engineer this because tabs are stored as attributes and not plain text
   if (type === 'etherpad') {
diff --git a/src/node/utils/ExportHelper.js b/src/node/utils/ExportHelper.js
index 7962476e8..48054e7f4 100644
--- a/src/node/utils/ExportHelper.js
+++ b/src/node/utils/ExportHelper.js
@@ -21,10 +21,14 @@
 
 const AttributeMap = require('../../static/js/AttributeMap');
 const Changeset = require('../../static/js/Changeset');
+const { checkValidRev } = require('./checkValidRev');
 
+/*
+ * This method seems unused in core and no plugins depend on it
+ */
 exports.getPadPlainText = (pad, revNum) => {
   const _analyzeLine = exports._analyzeLine;
-  const atext = ((revNum !== undefined) ? pad.getInternalRevisionAText(revNum) : pad.atext);
+  const atext = ((revNum !== undefined) ? pad.getInternalRevisionAText(checkValidRev(revNum)) : pad.atext);
   const textLines = atext.text.slice(0, -1).split('\n');
   const attribLines = Changeset.splitAttributionLines(atext.attribs, atext.text);
   const apool = pad.pool;