GitHub user victorsosa opened a pull request:
https://github.com/apache/struts/pull/104
WW-4620 ParametersInterceptor should check collection index to against DOS
ParametersInterceptor should check collection index to against DOS
Check the parameters map to have only 255 objects to avoid DOS.
https://dzone.com/articles/spring-initbinder-for-handling-large-list-of-java
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/victorsosa/struts WW-4620
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/struts/pull/104.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #104
----
commit d93bcf9ff5c643cd3c64074085dc81ba6785385a
Author: victorsosa <[email protected]>
Date: 2016-06-26T23:01:43Z
WW-4620
ParametersInterceptor should check collection index to against DOS
commit cacb3a62c6f3efa416e30a85a3a5a320cb63d6b3
Author: victorsosa <[email protected]>
Date: 2016-06-26T23:27:17Z
small fix set parameter AutoGrowCollectionLimit
commit 31a788d7b19fe8a7e4ee16bcc2f42111baeed93b
Author: victorsosa <[email protected]>
Date: 2016-06-27T00:36:01Z
add test cases
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
