Re: FileUpload 1.5 question

Tue, 28 Feb 2023 08:47:21 -0800

Please note that Apache Tomcat has a default behavior (contrary to Apache Commone FileUpload), and already limits the maximum parameter/files to 10000. 

On 28/02/2023 17:40, A Name wrote:

Thanks Oliver.  I do use Apache Tomcat and was just unclear on how the
settings are applied. I was really hoping not to have to submit a code
change to address this fix.  Upgrading Tomcat and adding the parameter to
the connector is a much more efficient solution.

On Tue, Feb 28, 2023 at 11:33 AM Olivier Jaquemet <
olivier.jaque...@jalios.com> wrote:


Hi,

If you are a user of the Apache Common FileUpload library, you must set
them manually, there are no limits in the default values for all those
settings :

https://github.com/apache/commons-fileupload/blob/commons-fileupload-1.5/src/main/java/org/apache/commons/fileupload/FileUploadBase.java#L156

If you are a user of Apache Tomcat, which uses a fork of Apache Common
FileUpload library, you can configure the maximum number of parameters
and files through "maxParameterCount".
https://tomcat.apache.org/tomcat-9.0-doc/config/http.html
Make sure you use the latest Tomcat version to benefit from
CVE-2023-24998 fix.

Olivier

On 28/02/2023 17:22, A Name wrote:

Just to confirm the various individual settings (individual file size,
total upload size, number of files) are to be set programmatically or is
there a configuration setting for them in an xml file?

Thanks!

Abt
EXTERNAL SENDER: Do not click any links or open any attachments unless

you trust the sender and know the content is safe.

EXPÉDITEUR EXTERNE: Ne cliquez sur aucun lien et n’ouvrez aucune pièce

jointe à moins qu’ils ne proviennent d’un expéditeur fiable, ou que vous
ayez l'assurance que le contenu provient d'une source sûre.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@commons.apache.org
For additional commands, e-mail: user-h...@commons.apache.org



EXTERNAL SENDER: Do not click any links or open any attachments unless you 
trust the sender and know the content is safe.
EXPÉDITEUR EXTERNE: Ne cliquez sur aucun lien et n’ouvrez aucune pièce jointe à 
moins qu’ils ne proviennent d’un expéditeur fiable, ou que vous ayez 
l'assurance que le contenu provient d'une source sûre.



---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@commons.apache.org
For additional commands, e-mail: user-h...@commons.apache.org

Reply via email to