Hi Christopher!

Just to inform you about Tomcat 11 behaviour regarding my issues with POST
parameters - so far it didn't happen, starting from 2025-07-11 until now.
That is not guarantee it won't happen ever but at least I was free of
exceptions for 6 days.

BR,
Hrvoje


On Mon, Jul 14, 2025 at 2:48 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> Hrvoje,
>
> On 7/11/25 7:51 PM, Hrvoje Lončar wrote:
> > I did a bit radical step and upgraded to 11.0.9.
> > Now waiting to see what happens.
>
> I'm interested to see what happens. My expectation is that is will
> behave exactly the same.
>
> The major differences between Tomcat 9, 10.1, and 11 are their support
> for the various specification versions. Where their (Tomcats') features
> overlap, they should be implemented identically.
>
> -chris
>
> > On Thu, Jul 10, 2025 at 1:54 PM Christopher Schultz <
> > ch...@christopherschultz.net> wrote:
> >
> >> Hrvoje,
> >>
> >> On 7/10/25 6:52 AM, Hrvoje Lončar wrote:
> >>> Currently it's 10.1.39 as I wanted to avoid 10.1.42 but I get the same
> >>> unpredictable behaviour from both.
> >>
> >> Oh, that's interesting. Of course, upon your first report I had assumed
> >> it was the "maxPartCount" but then you posted your configuration which
> >> included an explicit maxPartCount set to 1000 (which seems high).
> >>
> >> But the reduced limit on "parts" was not added until 10.1.42 so things
> >> should have been working just fine before that. Note that adding
> >> maxPartCount before 10.1.42 won't actually do anything other than issue
> >> a warning.
> >>
> >>> I had 10.1.39 for some time before upgrading to 10.1.42 but no one
> >> reported
> >>> that form is not working which is not a proof that it was working
> >> correctly.
> >>
> >> So are you able to reproduce the missing _csrf parameters before
> 10.1.42?
> >>
> >> Does this only happen with POST? Does it only happen with this page?
> >>
> >> Have you configured the FailedRequestFilter[1] to catch and throw errors
> >> when the request has errors (e.g. too many parameters)?
> >>
> >> -chris
> >>
> >> [1]
> >>
> >>
> https://tomcat.apache.org/tomcat-10.0-doc/config/filter.html#Failed_Request_Filter
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> >> For additional commands, e-mail: users-h...@tomcat.apache.org
> >>
> >>
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-- 
*TheVegCat.com <https://thevegcat.com/>*
*VegCook.net <https://vegcook.net/>*
*horvoje.net <https://horvoje.net/>*

Reply via email to