reported by xmpp:travis@burtrum.org (update afterwards)

[2020-03-03 15:21:25] https://www.moparisthebest.com/eatxmempp is a quick POC, needs java13, chmod +x it and change the 2 domains in there (direct TLS port) and run it [2020-03-03 15:21:45] but please don't share publically yet, at least prosody is affected and the devs are working on it [2020-03-03 15:22:06] basically the problem is just a DOS due to unconstrained memory use on unlimited sized stanzas ?? [2020-03-03 15:23:08] ah, we do have limits on XML (cdata + number of elements) [2020-03-03 15:23:39] I guess the question is how much memory do you allocate before checking those [2020-03-03 15:24:39] streaming parser so they are checked constantly [2020-03-03 15:25:36] that's probably fine then, barring some strange bug [2020-03-03 15:25:58] prosody in theory has a stanza limit too, and it does disconnect me before I can send the full thing, however memory use continues to climb for some reason [2020-03-03 15:26:51] ejabberd does not seem to be affected, and that's all I've been able to test myself, I'm not pointing it at public servers without asking on purpose ??