rsync CVE-2022-29154 fix and the --trust-sender option
The fix in rsync 3.2.5 for CVE-2022-29154 can cause severe performance degradation. I observed a huge degradation of a job that took 15 min before the fix and almost 12 h after!
If you encounter this degradation you can mitigate it by using the --trust-sender flag, which is available in rsync >= v3.2.5.
This option disables two extra validation checks that a local client performs on the file list generated by a remote sender. -- source
The problem is that some vendors like Red Hat have backported the fix without also backporting the --trust-sender flag.
So, in that case you are stuck, the system package is not usable for big workloads. To install a more recent version I used the rsync conda package.