[Bug 63746] New: Add global post size limit

bugzilla Thu, 12 Sep 2019 03:29:32 -0700

https://bz.apache.org/bugzilla/show_bug.cgi?id=63746


            Bug ID: 63746
           Summary: Add global post size limit
           Product: Tomcat 9
           Version: 9.0.24
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Catalina
          Assignee: dev@tomcat.apache.org
          Reporter: ir...@irfanhabib.com
  Target Milestone: -----

Tomcat does not enforce the maximum POST size limit for requests that are not
of `application/x-www-form-urlencoded`. See
https://github.com/apache/tomcat/blob/2050f1a04ad6254df492049c14bd12f39ab1120e/java/org/apache/catalina/connector/Request.java#L3206

This means that POST requests that are posting JSON documents with content type
`application/json` can post arbitrarily sized content to a tomcat hosted
servlet.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 63746] New: Add global post size limit

Reply via email to