This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new b6837648fc Update meaning of maxParameterCount to include uploaded
files
b6837648fc is described below
commit b6837648fc4d7d07be58adfb13cab6dd9177c27b
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Mar 9 09:48:04 2023 +0000
Update meaning of maxParameterCount to include uploaded files
---
webapps/docs/security-howto.xml | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/webapps/docs/security-howto.xml b/webapps/docs/security-howto.xml
index d0cdf3e946..a271988a25 100644
--- a/webapps/docs/security-howto.xml
+++ b/webapps/docs/security-howto.xml
@@ -266,10 +266,12 @@
duration of the authentication (which may be many minutes) so this is
limited to 4KB by default to reduce exposure to a DOS attack.</p>
- <p>The <strong>maxParameterCount</strong> attribute controls the
- maximum number of parameter and value pairs (GET plus POST) that can
- be parsed and stored in the request. Excessive parameters are ignored.
- If you want to reject such requests, configure a
+ <p>The <strong>maxParameterCount</strong> attribute controls the maximum
+ total number of request parameters (including uploaded files) obtained
+ from the query string and, for POST requests, the request body if the
+ content type is <code>application/x-www-form-urlencoded</code> or
+ <code>multipart/form-data</code>. Excessive parameters are ignored. If
you
+ want to reject such requests, configure a
<a href="config/filter.html">FailedRequestFilter</a>.</p>
<p>The <strong>xpoweredBy</strong> attribute controls whether or not the
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
