https://bz.apache.org/bugzilla/show_bug.cgi?id=69721
--- Comment #6 from Paolo B. ---
Ok!
Now I understand the limit of me example:
JSF always add
2 input hidden + input type submit
If you set maxPartCount="5"
You can upload only 2 files...
Back to the problem, this new parameter
also limits
https://bz.apache.org/bugzilla/show_bug.cgi?id=69721
--- Comment #5 from Remy Maucherat ---
maxPartCount is the number of total parts of the multipart, not the number of
files.
These changes are about the following CVEs (both rathed Important):
- CVE-2025-48976 Apache Tomcat - DoS in Commons File
https://bz.apache.org/bugzilla/show_bug.cgi?id=69721
--- Comment #4 from Christoph Strasser ---
Think this is the reason:
https://github.com/apache/tomcat/commit/e34fe96ef8ee782b0e56b64358e8dc57cbe336a6#diff-57d2f0a72170743f6c3687a48997b2aa37d8d209efe200f00a0b9dc51fc7e572
No further opinion on t
https://bz.apache.org/bugzilla/show_bug.cgi?id=69721
--- Comment #3 from Christoph Strasser ---
Up to 10.1.41 this just worked. (It´s covered by integration-tests which run
every night for PrimeFaces.)
With 10.1.42 it´s now broken.
As far as i looked into this there 10.1.42 switched to a newer ve
Build status: Build succeeded!
Worker used: bb_worker2_ubuntu
URL: https://ci2.apache.org/#builders/37/builds/1437
Blamelist: Mark Thomas , remm
Build Text: build successful
Status Detected: restored build
Build Source Stamp: [branch 9.0.x] 5c8fc302d7f1da1aab9f81c671cbf7a98be2743f
Steps:
work
https://bz.apache.org/bugzilla/show_bug.cgi?id=69721
Paolo B. changed:
What|Removed |Added
Status|NEEDINFO|NEW
--
You are receiving this mail because
https://bz.apache.org/bugzilla/show_bug.cgi?id=69721
--- Comment #2 from Paolo B. ---
if you configure on server.xml
maxParameterCount="1"
maxPartCount="5"
maxPartHeaderSize="-1"
The limit seems to be 2 files
--
You are receiving this mail because:
You are the assignee f
https://bz.apache.org/bugzilla/show_bug.cgi?id=69710
--- Comment #23 from Remy Maucherat ---
For the record, +1 for 50 as the new default for maxPartCount.
--
You are receiving this mail because:
You are the assignee for the bug.
-
https://bz.apache.org/bugzilla/show_bug.cgi?id=69721
Mark Thomas changed:
What|Removed |Added
Severity|critical|normal
Status|NEW
https://bz.apache.org/bugzilla/show_bug.cgi?id=69710
--- Comment #24 from Mark Thomas ---
That is a potential 800MB memory usage on Tomcat 9 + Java 8 and 400MB memory
usage for everyone else.
That seems to be a reasonable default to me. It is higher than I would selected
given a free choice but
https://bz.apache.org/bugzilla/show_bug.cgi?id=69721
Bug ID: 69721
Summary: The new Connector parameter 'maxPartCount' is not
calculated correctly
Product: Tomcat 10
Version: 10.1.42
Hardware: PC
OS: Linux
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 84bdbb0501 Fix BZ 69717 - expand test cases
84bdb
https://bz.apache.org/bugzilla/show_bug.cgi?id=69710
--- Comment #22 from Brice ---
I wanted to add my voice to those concerned about this change.
Upgrading to Tomcat 10.1.42 introduced new
org.apache.tomcat.util.http.fileupload.impl.FileCountLimitExceededException
errors in some of our existin
https://bz.apache.org/bugzilla/show_bug.cgi?id=69717
Mark Thomas changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|---
On Fri, Jun 20, 2025 at 3:27 PM Mark Thomas wrote:
>
> On 20/06/2025 13:13, r...@apache.org wrote:
> > This is an automated email from the ASF dual-hosted git repository.
> >
> > remm pushed a commit to branch main
> > in repository https://gitbox.apache.org/repos/asf/tomcat.git
> >
> >
> > The fo
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 704409d602 Fix BZ 69717 - expand test cases
704409d60
https://bz.apache.org/bugzilla/show_bug.cgi?id=69710
--- Comment #21 from Remy Maucherat ---
We're really sorry for the trouble, but that's basically how CVEs work these
days. They have to be secured by default regardless of the immediate
consequences. There are plenty of examples out there of ve
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 5c8fc302d7 Fix BZ 69717 - expand test cases
5c8fc30
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/11.0.x by this push:
new 5d8cc738ee Fix BZ 69717 - expand test cases
5d8cc
On 20/06/2025 13:13, r...@apache.org wrote:
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 4c68821
https://bz.apache.org/bugzilla/show_bug.cgi?id=69710
--- Comment #20 from c.bollme...@lecare.com ---
Hello,
just to mention this subtle change did cost us 2.5 team days & a whole lot of
stress searching for the needle in the haystack as our app suddenly didn't work
anymore with multipart uploads.
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 0d4dda0068 Allow trailing slash for webAppMount in R
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new c52bd4c3f5 Allow trailing slash for webAppMount in
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/11.0.x by this push:
new ee27caa76d Allow trailing slash for webAppMount in
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 4c688213d9 Allow trailing slash for webAppMount in Res
On Fri, Jun 20, 2025 at 9:06 AM Mark Thomas wrote:
>
> On 19/06/2025 17:13, Christopher Schultz wrote:
>
>
>
> > I guess maybe I don't understand the issue. BZ always required an
> > account to write, and anyone could register for an account. A small
> > hurdle, but present. The same is true for
On 19/06/2025 17:13, Christopher Schultz wrote:
I guess maybe I don't understand the issue. BZ always required an
account to write, and anyone could register for an account. A small
hurdle, but present. The same is true for GitHub.
I'm not sure why we care about AI scrapers, given that all
27 matches
Mail list logo
