https://groups.google.com/g/repo-discuss/c/JGx3G_KKi9Y
Gerrit version 3.3.10 is now available.
This release includes a fix to prevent DoS by anonymous users performing unlimited changes queries. See the release notes for more details.
Release Notes: https://www.gerritcodereview.com/3.3.html#3310
Log of changes since 3.3.9: https://gerrit.googlesource.com/gerrit/+log/v3.3.9..v3.3.10?no-merges
Security updates:
- Change 333304: Ignore --no-limit query changes option for anonymous users
- Prevent the use of no-limit option with query changes REST API. The option can result in excessive resources usage make Gerrit subject to DoS and DDoS by any remote endpoint without the need to have any Gerrit account or signing in.