We've just fixed a vulnerability in Vapor's HTTP Error handling where an attacker could send a malformed request which would trigger a crash leading to a Denial of Service attack. You can see more details in the blog post or on the security advisory on GitHub .
Thanks to t0chwo0d for reporting!