We have a number of API components that include a textBody as part of the multipart request. In 2.5.12, these requests are being kicked out (while in 2.5.10 they were fine. changing the constant:
<constant name="struts.multipart.validationRegex" value="(.*)"/> to allow anything (as in the example) seems to fix the issue, but this seems imprudent. This is the code that's making the API call, which seems harmless enough: // using the org.apache.http.entity.mime.MultipartEntityBuilder MultipartEntityBuilder builder = MultipartEntityBuilder.create(); builder.addTextBody("record", docXml, ContentType.create( "application/xml", Consts.UTF_8)); builder.addTextBody(ACCOUNT_ID, accountId.toString()); HttpPost post = new HttpPost(baseUrl + API_INGEST_UPDATE_FILES); post.setEntity(builder.build()); CloseableHttpResponse response = getHttpClient().execute(post); In looking deeper, (with the http requests on trace, we see multipart boundaries of: Content-Type: multipart/form-data; boundary=BRKIypZ3Stvuclu7C*-* CTbP2fNljGAOVk[\r][\n] It looks like the RFC does include hyphens in the boundaries too: https://www.w3.org/Protocols/rfc1341/7_2_Multipart.html though I'm less sure about other characters. I worry this default regex will likely trip up lots of uploads silently, -- _________________________________________________________ Adam Brin Director of Technology, Digital Antiquity 480.965.1278