GitHub user victorsosa opened a pull request: https://github.com/apache/struts/pull/104
WW-4620 ParametersInterceptor should check collection index to against DOS ParametersInterceptor should check collection index to against DOS Check the parameters map to have only 255 objects to avoid DOS. https://dzone.com/articles/spring-initbinder-for-handling-large-list-of-java You can merge this pull request into a Git repository by running: $ git pull https://github.com/victorsosa/struts WW-4620 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/struts/pull/104.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #104 ---- commit d93bcf9ff5c643cd3c64074085dc81ba6785385a Author: victorsosa <victor.s...@peopleware.do> Date: 2016-06-26T23:01:43Z WW-4620 ParametersInterceptor should check collection index to against DOS commit cacb3a62c6f3efa416e30a85a3a5a320cb63d6b3 Author: victorsosa <victor.s...@peopleware.do> Date: 2016-06-26T23:27:17Z small fix set parameter AutoGrowCollectionLimit commit 31a788d7b19fe8a7e4ee16bcc2f42111baeed93b Author: victorsosa <victor.s...@peopleware.do> Date: 2016-06-27T00:36:01Z add test cases ---- --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org