Hrvoje,
On 7/11/25 7:51 PM, Hrvoje Lončar wrote:
I did a bit radical step and upgraded to 11.0.9.
Now waiting to see what happens.
I'm interested to see what happens. My expectation is that is will
behave exactly the same.
The major differences between Tomcat 9, 10.1, and 11 are their support
for the various specification versions. Where their (Tomcats') features
overlap, they should be implemented identically.
-chris
On Thu, Jul 10, 2025 at 1:54 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:
Hrvoje,
On 7/10/25 6:52 AM, Hrvoje Lončar wrote:
Currently it's 10.1.39 as I wanted to avoid 10.1.42 but I get the same
unpredictable behaviour from both.
Oh, that's interesting. Of course, upon your first report I had assumed
it was the "maxPartCount" but then you posted your configuration which
included an explicit maxPartCount set to 1000 (which seems high).
But the reduced limit on "parts" was not added until 10.1.42 so things
should have been working just fine before that. Note that adding
maxPartCount before 10.1.42 won't actually do anything other than issue
a warning.
I had 10.1.39 for some time before upgrading to 10.1.42 but no one
reported
that form is not working which is not a proof that it was working
correctly.
So are you able to reproduce the missing _csrf parameters before 10.1.42?
Does this only happen with POST? Does it only happen with this page?
Have you configured the FailedRequestFilter[1] to catch and throw errors
when the request has errors (e.g. too many parameters)?
-chris
[1]
https://tomcat.apache.org/tomcat-10.0-doc/config/filter.html#Failed_Request_Filter
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
