(tomcat) branch 10.1.x updated: Document processorCache disable

Mon, 10 Jun 2024 03:18:39 -0700 

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.1.x by this push:
     new b9e04c9323 Document processorCache disable
b9e04c9323 is described below

commit b9e04c93235ee62d819f00a8ae1008601d1c90e1
Author: remm <r...@apache.org>
AuthorDate: Mon Jun 10 12:14:31 2024 +0200

    Document processorCache disable
    
    This avoids object reuse so could be good for some additional level of
    security, at a very significant performance cost in many cases.
---
 webapps/docs/config/http.xml | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index d11f51c893..4303a28f8b 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -609,11 +609,16 @@
     <attribute name="processorCache" required="false">
       <p>The protocol handler caches Processor objects to speed up performance.
       This setting dictates how many of these objects get cached.
-      <code>-1</code> means unlimited, default is <code>200</code>. If not 
using
-      Servlet 3.0 asynchronous processing, a good default is to use the same as
-      the maxThreads setting. If using Servlet 3.0 asynchronous processing, a
-      good default is to use the larger of maxThreads and the maximum number of
-      expected concurrent requests (synchronous and asynchronous).</p>
+      <code>-1</code> means unlimited, default is <code>200</code>.
+      <code>0</code> means no request processor reuse. This has a very
+      significant impact on performance depending on the workload, but gives
+      additional security guarantees by avoidoing reuse of all request
+      processing objects.
+      If not using Servlet 3.0 asynchronous processing, an appropriate value
+      is to use the same as the maxThreads setting. If using Servlet 3.0
+      asynchronous processing, an appropriate value is to use the larger
+      of maxThreads and the maximum number of expected concurrent requests
+      (synchronous and asynchronous).</p>
     </attribute>
 
     <attribute name="rejectIllegalHeader" required="false">


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to