[ https://issues.apache.org/jira/browse/NIFI-7001?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David Handermann resolved NIFI-7001. ------------------------------------ Fix Version/s: 1.13.0 Resolution: Fixed > Guard against loading/operating on/serializing large files in EC toolkit > ------------------------------------------------------------------------ > > Key: NIFI-7001 > URL: https://issues.apache.org/jira/browse/NIFI-7001 > Project: Apache NiFi > Issue Type: Sub-task > Components: Tools and Build > Affects Versions: 1.10.0 > Reporter: Andy LoPresto > Priority: Major > Labels: documentation, security, toolkit, validation > Fix For: 1.13.0 > > > The EC toolkit did not anticipate the possibility of a {{flow.xml.gz}} on the > order of magnitude of 700 MB. Many serialization/deserialization and string > manipulation operations occur assuming that the content is of manageable > size. Users have demonstrated that this is not a safe assumption. > We should introduce the following protections: > # log debug/info statements at file load, encrypt replacement and file write > for the size of the content for visibility > # simple conditional checks at file load to ensure the heap is properly sized > and the file content size is reasonable > # if the size is too large, print a helpful message and direct users to the > Toolkit Guide for further information -- This message was sent by Atlassian Jira (v8.3.4#803005)