MDL-69028 introduced DOS attack mitigation for file uploads. The algorithm used introduces two new $CFG settings..

• $CFG->draft_area_bucket_capacity
• $CFG->draft_area_bucket_leak

Unfortunately, there is no documentation for these (arcane) config settings. At the very least, they should get a mention in config-dist.php.

This is particularly important because if the protection algorithm plays up and end user would be forgiven for not knowing this feature exists.