[
https://issues.apache.org/jira/browse/WICKET-7169?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Martin Tzvetanov Grigorov resolved WICKET-7169.
-----------------------------------------------
Fix Version/s: 11.0.0
10.9.0
Assignee: Johannes Renoth
Resolution: Fixed
> Make partHeaderSizeMax in AbstractFileUpload configurable
> ---------------------------------------------------------
>
> Key: WICKET-7169
> URL: https://issues.apache.org/jira/browse/WICKET-7169
> Project: Wicket
> Issue Type: New Feature
> Components: wicket-core
> Affects Versions: 10.6.0
> Reporter: Johannes Renoth
> Assignee: Johannes Renoth
> Priority: Major
> Fix For: 11.0.0, 10.9.0
>
>
> Commons Fileupload introduced a setting for partHeaderSizeMax in 2.0.0-M4 but
> failed to make the default Value configurable by callers, the PR
> [https://github.com/apache/commons-fileupload/pull/429] fixes that, but is
> not yet released.
> We had to revert Wicket to Version 10.5.0 even though it is still vulnerable
> to the CVE commons fileupload was fixing by creating the setting. Most of the
> time the default value is enough, but when there is a fileupload with a long
> component path the header size gets too large and there is an error.
> In order to fix this, Wicket should be able to set the partHeaderSizeMax in
> {color:#000000}MultipartServletWebRequest{color} or other appropirate
> Classes.
>
> I am not sure how the setting should be configured (Application Settings,
> just read the connector properties if that is even possible), maybe use an
> opinionated, higher default value for Wicket?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
