SwiftNIO Extras in the version range 1.3.0 ... 1.4.0 is affected by a Denial of Service security vulnerability if the
NIOHTTPCompression component. Specifically, the
NIOHTTPRequest/ResponseDecompressor handlers when used with the
.size(...) decompression limit. The vulnerability has been fixed in SwiftNIO Extras 1.4.1.
So please make sure to update your dependency to 1.4.1 or newer. For example:
.package(url: "https://github.com/apple/swift-nio-extras.git", from: "1.4.1")
For more details about the vulnerability see:
Many thanks to @adtrevor for the report of this security vulnerability.