We've just fixed a vulnerability in Vapor's FileMiddleware where an attacker could send invalid Range headers causing the application to crash leading to a Denial of Service attack. You can see more details in the blog post or on the security advisory on GitHub.
Thanks to @weissi for reporting!