This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 71ed8cd98d Update meaning of maxParameterCount to include uploaded
files
71ed8cd98d is described below
commit 71ed8cd98d4152aa15fe210d51c40f8a83c9c700
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Mar 9 09:48:04 2023 +0000
Update meaning of maxParameterCount to include uploaded files
---
webapps/docs/security-howto.xml | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/webapps/docs/security-howto.xml b/webapps/docs/security-howto.xml
index b0278e40cf..0a8f4fa6b6 100644
--- a/webapps/docs/security-howto.xml
+++ b/webapps/docs/security-howto.xml
@@ -287,10 +287,12 @@
duration of the authentication (which may be many minutes) so this is
limited to 4KB by default to reduce exposure to a DOS attack.</p>
- <p>The <strong>maxParameterCount</strong> attribute controls the
- maximum number of parameter and value pairs (GET plus POST) that can
- be parsed and stored in the request. Excessive parameters are ignored.
- If you want to reject such requests, configure a
+ <p>The <strong>maxParameterCount</strong> attribute controls the maximum
+ total number of request parameters (including uploaded files) obtained
+ from the query string and, for POST requests, the request body if the
+ content type is <code>application/x-www-form-urlencoded</code> or
+ <code>multipart/form-data</code>. Excessive parameters are ignored. If
you
+ want to reject such requests, configure a
<a href="config/filter.html">FailedRequestFilter</a>.</p>
<p>The <strong>xpoweredBy</strong> attribute controls whether or not the
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
