This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 1679ced19a Update meaning of maxParameterCount to include uploaded
files
1679ced19a is described below
commit 1679ced19a932395c216320ab8c1bcaa1780f8bc
Author: Mark Thomas <[email protected]>
AuthorDate: Thu Mar 9 09:48:04 2023 +0000
Update meaning of maxParameterCount to include uploaded files
---
webapps/docs/security-howto.xml | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/webapps/docs/security-howto.xml b/webapps/docs/security-howto.xml
index 3ef294dbce..0dc8a24f59 100644
--- a/webapps/docs/security-howto.xml
+++ b/webapps/docs/security-howto.xml
@@ -287,10 +287,12 @@
duration of the authentication (which may be many minutes) so this is
limited to 4KB by default to reduce exposure to a DOS attack.</p>
- <p>The <strong>maxParameterCount</strong> attribute controls the
- maximum number of parameter and value pairs (GET plus POST) that can
- be parsed and stored in the request. Excessive parameters are ignored.
- If you want to reject such requests, configure a
+ <p>The <strong>maxParameterCount</strong> attribute controls the maximum
+ total number of request parameters (including uploaded files) obtained
+ from the query string and, for POST requests, the request body if the
+ content type is <code>application/x-www-form-urlencoded</code> or
+ <code>multipart/form-data</code>. Excessive parameters are ignored. If
you
+ want to reject such requests, configure a
<a href="config/filter.html">FailedRequestFilter</a>.</p>
<p>The <strong>xpoweredBy</strong> attribute controls whether or not the
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
