I have seen bug 200110, but Luigi Auriemma's advisory seems to be another issue. C] duplicated HTTP parameter Denial of Service D] CPU at 100% with partial queries http://aluigi.altervista.org/adv/fireflyz-adv.txt
According to the advisory, this will be fixed in the next release.
It appears that 0.2.4.2 is still affected by the duplicate parameter issue, at least the poc took the cpu to 100% a few times. Can someone verify this please.
upstream states: Item C I can replicate against both stable code and current svn. > D] CPU at 100% with partial queries This I can't replicate against stable code, or on current svn. It likely represents an issue in some version of svn, although socket handling and timeout stuff has been in flux lately, so I'm not sure what version this represents an issue with.