Frank, I know PostParametersLimit is a different issue than the security fix, if thats what you were trying to imply. I meant that since the security fix is CUMULATIVE fix, we saw it for the first time after applying security fix(because we had not patched up our servers with earlier hotfixes/patches).
So PostParametersLimit = No. of form fields, where as postSizeLimit = sizein MB of how big the post Size (form) can get. Thanks, <Ajas Mohammed /> iUseDropbox(http://db.tt/63Lvone9) http://ajashadi.blogspot.com We cannot become what we need to be, remaining what we are. No matter what, find a way. Because thats what winners do. You can't improve what you don't measure. Quality is never an accident; it is always the result of high intention, sincere effort, intelligent direction and skillful execution; it represents the wise choice of many alternatives. On Mon, Jan 21, 2013 at 4:57 PM, Mike Staver <sta...@fimble.com> wrote: > Yeah, I hated that parameter and a lack of GUI to change it. When you > have many servers to patch, it's annoying to have to edit this value in an > XML file over and over again. I understand it's value, and I think it's a > good thing - but they could have taken a few extra hours of dev time to > mimic the behavior of 10 instead of just going half way. > > On 1/21/2013 1:51 PM, Dawn Hoagland wrote: > > It was introduced in APSB12-06 released March of 2012. They introduced > the setting, defaulted it to 100, but didn't update the Administrator to > allow editing from the GUI so it must be added directly in the XML. > > http://www.adobe.com/support/security/bulletins/apsb12-06.html > > > On Mon, Jan 21, 2013 at 3:42 PM, Ajas Mohammed <ajash...@gmail.com>wrote: > >> Thanks Charlie for the detailed email. Yes, we are on 9.0 and we didnt >> upgrade to 9.0.1. We used hotfix jar for 9.0 as advised on the adobe page. It >> makes sense to protect those CFIDE folders you mentioned. >> >> One thing we did notice is that after the applying security hotfix, we >> started to get this error >> "*coldfusion.filter.FormScope$PostParametersLimitExceededException: >> POST parameters exceeds the maximum limit specified in the server*". >> Quick google search led >> <http://www.cutterscrossing.com/index.cfm/2012/3/27/ColdFusion-Security-Hotfix-and-Big-Forms>me >> to this >> post<http://www.cutterscrossing.com/index.cfm/2012/3/27/ColdFusion-Security-Hotfix-and-Big-Forms>. >> I ended up adding <var >> name='postParametersLimit'><number>500.0</number></var> >> to the {ColdFusion-Home}/lib/neo-runtime.xml for Server installation. I am >> guessing that we might have missed an earlier patch/hotfix in which >> Adobe introduced this postParametersLimit setting. We were surprised by >> error message in the beginning but since we had recently applied the security >> fix, we knew it had to do with fix. >> >> Thanks, >> >> <Ajas Mohammed /> >> http://ajashadi.blogspot.com >> We cannot become what we need to be, remaining what we are. >> No matter what, find a way. Because thats what winners do. >> You can't improve what you don't measure. >> Quality is never an accident; it is always the result of high intention, >> sincere effort, intelligent direction and skillful execution; it represents >> the wise choice of many alternatives. >> >> >> On Fri, Jan 18, 2013 at 7:07 PM, Charlie Arehart <char...@carehart.org>wrote: >> >>> :-) >>> >>> Thanks. I will note that they did just yesterday kindly add me to the >>> acknowledgements section of the security advisory, a first for me. :-) >>> Various issues caused the delay. Nothing nefarious. I got a call from >>> someone on PSIRT explaining the situation. I was just happy to get the >>> mention. >>> >>> The good news is that I’ve gotten “payment” by a burst of new business >>> from people needing help with this. Of course, I posted the first two >>> entries making no mention of my services. That really wasn’t my motivation. >>> But come, the work has. And some of those have then realized I could help >>> with other things, which has led to still more work, so it’s been all the >>> more beneficial. >>> >>> Of course, it’s a bit like being a roofer after a tornado blows through. >>> You don’t want to say you’re “glad for the work”, as you feel for people >>> who were affected. >>> >>> I have a part 4/post mortem in the works, but sadly too busy to get time >>> to write it up. Perhaps over the weekend. >>> >>> /charlie >>> >>> *From:* ad...@acfug.org [mailto:ad...@acfug.org] *On Behalf Of *Steve >>> Ross >>> *Sent:* Friday, January 18, 2013 10:17 AM >>> *To:* ACFUG ColdFusion Discussion >>> *Subject:* Re: [ACFUG Discuss] New CF Vulnerability - Check your servers >>> >>> >>> >>> Adobe should be paying you Charlie... >>> >>> >>> >>> On Wed, Jan 16, 2013 at 9:39 AM, Ajas Mohammed <ajash...@gmail.com> >>> wrote: >>> >>> Thanks Charlie, Cameron for keeping us updated with the latest. >>> >>> Charlie, thanks for those blog entries. Really appreciate all your help. >>> >>> <Ajas Mohammed /> >>> >>> >>> ------------------------------------------------------------- >>> To unsubscribe from this list, manage your profile @ >>> http://www.acfug.org?fa=login.edituserform >>> >>> For more info, see http://www.acfug.org/mailinglists >>> Archive @ http://www.mail-archive.com/discussion%40acfug.org/ >>> List hosted by FusionLink <http://www.fusionlink.com> >>> ------------------------------------------------------------- >>> >> >> > > > -- > Dawn > > > > ------------------------------------------------------------- > To unsubscribe from this list, manage your profile @ > http://www.acfug.org?fa=login.edituserform > > For more info, see http://www.acfug.org/mailinglists > Archive @ http://www.mail-archive.com/discussion%40acfug.org/ > List hosted by FusionLink <http://www.fusionlink.com> > ------------------------------------------------------------- >
