ASF subversion and git services commented on NIFI-7153:

Commit 483f23a8aac7af780feda4b0193401366172b119 in nifi's branch 
refs/heads/master from Troy Melhase
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=483f23a ]

NIFI-7153 Adds ContentLengthFilter to enforce configurable maximum length on 
incoming HTTP requests.
Adds DoSFilter to enforce configurable maximum on incoming HTTP requests per 
Redirected log messages for ContentLengthFilter to nifi-app.log in logback.xml.

This closes #4125.

Signed-off-by: Andy LoPresto <alopre...@apache.org>

> Limit length of component property values
> -----------------------------------------
>                 Key: NIFI-7153
>                 URL: https://issues.apache.org/jira/browse/NIFI-7153
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Core Framework, Core UI
>    Affects Versions: 1.11.1
>            Reporter: Andy LoPresto
>            Assignee: Troy Melhase
>            Priority: Major
>              Labels: security
>          Time Spent: 11h 20m
>  Remaining Estimate: 0h
> Component properties can vary wildly in their use - some are integers or 
> booleans, while others are simple names, and some can accept arbitrary schema 
> definitions, code and config blocks, etc. There is no universal length limit 
> that can be applied, so the general classes of property should have 
> reasonable limits to avoid denial of service attacks through malicious 
> setting of arbitrary property values. 

This message was sent by Atlassian Jira

Reply via email to