https://bz.apache.org/bugzilla/show_bug.cgi?id=69710
--- Comment #21 from Remy Maucherat <r...@apache.org> --- We're really sorry for the trouble, but that's basically how CVEs work these days. They have to be secured by default regardless of the immediate consequences. There are plenty of examples out there of very disruptive security exploits, or fixes to these exploits. Really bad luck if you're hovering between 10 and 11 parts, this indeed makes the issue harder to understand. Once everyone is aware of this (and we will likely adjust the default for maxPartCount up slightly, although it will remain way way below the previous 1000), it becomes just another parameter to set in the configuration. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
