This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new c88552bb1b Change how the reduced default for maxParameterCount is
implemented
c88552bb1b is described below
commit c88552bb1beab14a62842f8aa6a36f5b2d92d29e
Author: Mark Thomas <[email protected]>
AuthorDate: Wed Mar 29 10:31:58 2023 +0100
Change how the reduced default for maxParameterCount is implemented
The hard-coded limit remains at 10,000. A lower default of 1,000 is set
in server.xml. The expectation is the new users will get the new
default. Upgrading users will retain the existing default but see the
change when they check configuration changes and will adjust their
default appropriately for their system.
---
conf/server.xml | 16 ++++++++++++----
java/org/apache/catalina/connector/Connector.java | 6 +++---
.../org/apache/catalina/connector/mbeans-descriptors.xml | 2 +-
.../apache/catalina/startup/TestTomcatStandalone.java | 4 +++-
webapps/docs/changelog.xml | 5 +++--
webapps/docs/ssl-howto.xml | 8 ++++++--
6 files changed, 28 insertions(+), 13 deletions(-)
diff --git a/conf/server.xml b/conf/server.xml
index 72bda52c93..fc720ce70b 100644
--- a/conf/server.xml
+++ b/conf/server.xml
@@ -67,13 +67,17 @@
-->
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
- redirectPort="8443" />
+ redirectPort="8443"
+ maxParameterCount="1000"
+ />
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
- redirectPort="8443" />
+ redirectPort="8443"
+ maxParameterCount="1000"
+ />
-->
<!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
This connector uses the NIO implementation. The default
@@ -84,7 +88,9 @@
-->
<!--
<Connector port="8443"
protocol="org.apache.coyote.http11.Http11NioProtocol"
- maxThreads="150" SSLEnabled="true">
+ maxThreads="150" SSLEnabled="true"
+ maxParameterCount="1000"
+ >
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig>
<Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
@@ -98,7 +104,9 @@
<Connector protocol="AJP/1.3"
address="::1"
port="8009"
- redirectPort="8443" />
+ redirectPort="8443"
+ maxParameterCount="1000"
+ />
-->
<!-- An Engine represents the entry point (within Catalina) that processes
diff --git a/java/org/apache/catalina/connector/Connector.java
b/java/org/apache/catalina/connector/Connector.java
index 96d5b7af34..f9893b992e 100644
--- a/java/org/apache/catalina/connector/Connector.java
+++ b/java/org/apache/catalina/connector/Connector.java
@@ -203,10 +203,10 @@ public class Connector extends LifecycleMBeanBase {
private int maxCookieCount = 200;
/**
- * The maximum number of parameters (GET plus POST) which will be
automatically parsed by the container. 1000 by
- * default. A value of less than 0 means no limit.
+ * The maximum number of parameters (GET plus POST) which will be
automatically parsed by the container. 10000 by
+ * default. The default Tomcat server.xml configures a lower default of
1000. A value of less than 0 means no limit.
*/
- protected int maxParameterCount = 1000;
+ protected int maxParameterCount = 10000;
/**
* Maximum size of a POST which will be automatically parsed by the
container. 2MB by default.
diff --git a/java/org/apache/catalina/connector/mbeans-descriptors.xml
b/java/org/apache/catalina/connector/mbeans-descriptors.xml
index 263de6085f..fb55170c3a 100644
--- a/java/org/apache/catalina/connector/mbeans-descriptors.xml
+++ b/java/org/apache/catalina/connector/mbeans-descriptors.xml
@@ -107,7 +107,7 @@
type="int"/>
<attribute name="maxParameterCount"
- description="The maximum number of parameters (GET plus POST) which
will be automatically parsed by the container. 1000 by default. A value of less
than 0 means no limit."
+ description="The maximum number of parameters (GET plus POST) which
will be automatically parsed by the container. 10000 by default. The default
Tomcat server.xml configures a lower default of 1000. A value of less than 0
means no limit."
type="int"/>
<attribute name="maxPostSize"
diff --git a/test/org/apache/catalina/startup/TestTomcatStandalone.java
b/test/org/apache/catalina/startup/TestTomcatStandalone.java
index 796bc63f0a..ebb763ad6f 100644
--- a/test/org/apache/catalina/startup/TestTomcatStandalone.java
+++ b/test/org/apache/catalina/startup/TestTomcatStandalone.java
@@ -53,7 +53,9 @@ public class TestTomcatStandalone extends LoggingBaseTest {
+ " <Service name=\"Catalina\">\n" + "\n"
+ " <Connector port=\"0\" protocol=\"HTTP/1.1\"\n"
+ " connectionTimeout=\"20000\"\n"
- + " redirectPort=\"8443\" />\n"
+ + " redirectPort=\"8443\"\n"
+ + " maxParameterCount=\"1000\"\n"
+ + " />\n"
+ " <Engine name=\"Catalina\" defaultHost=\"localhost\">\n"
+ "\n"
+ " <Realm
className=\"org.apache.catalina.realm.LockOutRealm\">\n"
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index d55fd750b6..f184d60526 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -133,8 +133,9 @@
by LRU as intended. (schultz)
</fix>
<update>
- Reduce the default value of <code>maxParameterCount</code> from 10,000
- to 1,000. (markt)
+ Use server.xml to reduce the default value of
+ <code>maxParameterCount</code> from 10,000 to 1,000. If not configured
+ in server.xml, the default remains 10,000. (markt)
</update>
<add>
Update Digest authentication support to align with RFC 7616. This adds
a
diff --git a/webapps/docs/ssl-howto.xml b/webapps/docs/ssl-howto.xml
index bf04446e2f..ec274dca99 100644
--- a/webapps/docs/ssl-howto.xml
+++ b/webapps/docs/ssl-howto.xml
@@ -326,7 +326,9 @@ so it looks something like this:</p>
protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443"
maxThreads="150"
- SSLEnabled="true">
+ SSLEnabled="true"
+ maxParameterCount="1000"
+ >
<SSLHostConfig>
<Certificate
certificateKeystoreFile="${user.home}/.keystore"
@@ -347,7 +349,9 @@ so it looks something like this:</p>
protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443"
maxThreads="150"
- SSLEnabled="true" >
+ SSLEnabled="true"
+ maxParameterCount="1000"
+ >
<SSLHostConfig>
<Certificate
certificateKeyFile="conf/localhost-rsa-key.pem"
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
