Thanks Mark. I had trouble breaking down where to set the param. My customer may want it lower just for their own internal requirements.
On Tue, Feb 28, 2023 at 12:10 PM Mark Thomas <[email protected]> wrote: > The default (limit of 10,000 for combined total of query parameters and > upload parts) should be sufficient to mitigate the issue. > > You can, of course, set the limit lower if you like (maxParameterCount > on the Connector(s) in server.xml). > > Mark > > > On 28/02/2023 16:24, A Name wrote: > > Just to confirm - I saw you incorporated fixes for that CVE into recent > > Tomcats. > > > > Is there a setting in Server or Web.xml for these or do they need to be > set > > programmatically within an application using the functions in > > Commons-FileUpload? > > > > Abt > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
