[
https://issues.apache.org/jira/browse/NIFI-7153?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17067252#comment-17067252
]
ASF subversion and git services commented on NIFI-7153:
-------------------------------------------------------
Commit 483f23a8aac7af780feda4b0193401366172b119 in nifi's branch
refs/heads/master from Troy Melhase
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=483f23a ]
NIFI-7153 Adds ContentLengthFilter to enforce configurable maximum length on
incoming HTTP requests.
Adds DoSFilter to enforce configurable maximum on incoming HTTP requests per
second.
Redirected log messages for ContentLengthFilter to nifi-app.log in logback.xml.
This closes #4125.
Signed-off-by: Andy LoPresto <alopre...@apache.org>
> Limit length of component property values
> -----------------------------------------
>
> Key: NIFI-7153
> URL: https://issues.apache.org/jira/browse/NIFI-7153
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core Framework, Core UI
> Affects Versions: 1.11.1
> Reporter: Andy LoPresto
> Assignee: Troy Melhase
> Priority: Major
> Labels: security
> Time Spent: 11h 20m
> Remaining Estimate: 0h
>
> Component properties can vary wildly in their use - some are integers or
> booleans, while others are simple names, and some can accept arbitrary schema
> definitions, code and config blocks, etc. There is no universal length limit
> that can be applied, so the general classes of property should have
> reasonable limits to avoid denial of service attacks through malicious
> setting of arbitrary property values.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
