This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new d25055b357 More doc improvements for maxPartCount
d25055b357 is described below
commit d25055b357057f68b96e6a3eca58ffd1bec0d349
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue Jun 24 10:12:57 2025 +0100
More doc improvements for maxPartCount
---
webapps/docs/security-howto.xml | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/webapps/docs/security-howto.xml b/webapps/docs/security-howto.xml
index a28399a5f3..8d6eb237c7 100644
--- a/webapps/docs/security-howto.xml
+++ b/webapps/docs/security-howto.xml
@@ -271,10 +271,17 @@
will interpret as UTF-7 a response containing characters that are safe
for
ISO-8859-1 but trigger an XSS vulnerability if interpreted as UTF-7.</p>
+ <p>The <strong>maxPartCount</strong> attribute controls the maximum
number
+ of parts supported for a multipart request. This is limited to 50 by
+ default to reduce exposure to a DoS attack. The documentation for
+ <strong>maxPartCount</strong> provides more details on the memory
+ requirements for processing multipart requests. Requests with excessive
+ parts are rejected.</p>
+
<p>The <strong>maxPostSize</strong> attribute controls the maximum size
of a POST request that will be parsed for parameters. The parameters are
cached for the duration of the request so this is limited to 2 MiB by
- default to reduce exposure to a DOS attack.</p>
+ default to reduce exposure to a DoS attack.</p>
<p>The <strong>maxSavePostSize</strong> attribute controls the saving of
the request body during FORM and CLIENT-CERT authentication and HTTP/1.1
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
