This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 8a7ea2bc4e Update meaning of maxParameterCount to include uploaded
files
8a7ea2bc4e is described below
commit 8a7ea2bc4ec958e91fe224c9f2eaf4f03b16a5a7
Author: Mark Thomas <[email protected]>
AuthorDate: Thu Mar 9 09:48:04 2023 +0000
Update meaning of maxParameterCount to include uploaded files
---
webapps/docs/security-howto.xml | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/webapps/docs/security-howto.xml b/webapps/docs/security-howto.xml
index c437558f11..d2edb4a3d2 100644
--- a/webapps/docs/security-howto.xml
+++ b/webapps/docs/security-howto.xml
@@ -299,10 +299,12 @@
duration of the authentication (which may be many minutes) so this is
limited to 4KB by default to reduce exposure to a DOS attack.</p>
- <p>The <strong>maxParameterCount</strong> attribute controls the
- maximum number of parameter and value pairs (GET plus POST) that can
- be parsed and stored in the request. Excessive parameters are ignored.
- If you want to reject such requests, configure a
+ <p>The <strong>maxParameterCount</strong> attribute controls the maximum
+ total number of request parameters (including uploaded files) obtained
+ from the query string and, for POST requests, the request body if the
+ content type is <code>application/x-www-form-urlencoded</code> or
+ <code>multipart/form-data</code>. Excessive parameters are ignored. If
you
+ want to reject such requests, configure a
<a href="config/filter.html">FailedRequestFilter</a>.</p>
<p>The <strong>xpoweredBy</strong> attribute controls whether or not the
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
