[
https://issues.apache.org/jira/browse/WICKET-7169?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18060430#comment-18060430
]
ASF GitHub Bot commented on WICKET-7169:
----------------------------------------
renoth opened a new pull request, #1382:
URL: https://github.com/apache/wicket/pull/1382
Make maxpartheaderSize configurable, the default value can be too small when
using very long component names and deeply nested components.
> Make partHeaderSizeMax in AbstractFileUpload configurable
> ---------------------------------------------------------
>
> Key: WICKET-7169
> URL: https://issues.apache.org/jira/browse/WICKET-7169
> Project: Wicket
> Issue Type: New Feature
> Components: wicket-core
> Affects Versions: 10.6.0
> Reporter: Johannes Renoth
> Priority: Major
>
> Commons Fileupload introduced a setting for partHeaderSizeMax in 2.0.0-M4 but
> failed to make the default Value configurable by callers, the PR
> [https://github.com/apache/commons-fileupload/pull/429] fixes that, but is
> not yet released.
> We had to revert Wicket to Version 10.5.0 even though it is still vulnerable
> to the CVE commons fileupload was fixing by creating the setting. Most of the
> time the default value is enough, but when there is a fileupload with a long
> component path the header size gets too large and there is an error.
> In order to fix this, Wicket should be able to set the partHeaderSizeMax in
> {color:#000000}MultipartServletWebRequest{color} or other appropirate
> Classes.
>
> I am not sure how the setting should be configured (Application Settings,
> just read the connector properties if that is even possible), maybe use an
> opinionated, higher default value for Wicket?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
