This is an automated email from the ASF dual-hosted git repository.
lukaszlenart pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/struts-site.git
The following commit(s) were added to refs/heads/master by this push:
new 97ab905e3 WW-5321 Extends description of maxStringLength
97ab905e3 is described below
commit 97ab905e3a50a20ed3a2b81c2447afffbacbc4fd
Author: Lukasz Lenart <lukaszlen...@apache.org>
AuthorDate: Fri Aug 4 09:33:30 2023 +0200
WW-5321 Extends description of maxStringLength
---
source/core-developers/file-upload.md | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
diff --git a/source/core-developers/file-upload.md
b/source/core-developers/file-upload.md
index f4eed69ef..a16ba1abf 100644
--- a/source/core-developers/file-upload.md
+++ b/source/core-developers/file-upload.md
@@ -302,6 +302,28 @@ Notice the locations of these settings in the following
example:
</action>
</struts>
```
+### Normal Field Size Limit
+
+Since Struts 6.1.2.1 a new option has been introduced to limit the size of a
normal string field in the multipart request.
+The defeault limit is set to 4096 bytes:
+
+```
+struts.multipart.maxStringLength=4096
+```
+
+This options prevents attacks, which consists of multiple large objects in the
multipart request. Such attack can exhaust
+the available memory and finally produce `OutOfMemoryException`. If the limit
is too low you can increase it but defining
+the following constant in `struts.xml`:
+
+```xml
+<struts>
+ <constant name="struts.multipart.maxStringLength" value="10000"/>
+
+ <action name="doUpload" class="com.example.UploadAction">
+ ...
+ </action>
+</struts>
+```
### File Types
