The default (limit of 10,000 for combined total of query parameters and upload parts) should be sufficient to mitigate the issue.

You can, of course, set the limit lower if you like (maxParameterCount on the Connector(s) in server.xml).

Mark


On 28/02/2023 16:24, A Name wrote:
Just to confirm - I saw you incorporated fixes for that CVE into recent
Tomcats.

Is there a setting in Server or Web.xml for these or do they need to be set
programmatically within an application using the functions in
Commons-FileUpload?

Abt


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to