Johannes Renoth created WICKET-7169:
---------------------------------------
Summary: Make partHeaderSizeMax in AbstractFileUpload configurable
Key: WICKET-7169
URL: https://issues.apache.org/jira/browse/WICKET-7169
Project: Wicket
Issue Type: New Feature
Components: wicket-core
Affects Versions: 10.6.0
Reporter: Johannes Renoth
Commons Fileupload introduced a setting for partHeaderSizeMax in 2.0.0-M4 but
failed to make the default Value configurable by callers, the PR
[https://github.com/apache/commons-fileupload/pull/429] fixes that, but is not
yet released.
We had to revert Wicket to Version 10.5.0 even though it is still vulnerable to
the CVE commons fileupload was fixing by creating the setting. Most of the time
the default value is enough, but when there is a fileupload with a long
component path the header size gets too large and there is an error.
In order to fix this, Wicket should be able to set the partHeaderSizeMax in
{color:#000000}MultipartServletWebRequest{color} or other appropirate Classes.
I am not sure how the setting should be configured (Application Settings, just
read the connector properties if that is even possible), maybe use an
opinionated, higher default value for Wicket?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
