Op di 9 apr 2024 om 17:16 schreef Mihir Chhaya <mihir.chh...@gmail.com>:
> Thank you, Emond for sharing this. We had our JBoss Server patched up > recently which broke the system. It was working fine before the server > update. > The change came as a fix for CVE-2023-3171: WFCORE-6578 WildFly heap exhaustion via deserialization You can find more information here: https://issues.redhat.com/browse/WFCORE-6578 or JBEAP-24964 (which I don't have access to) In the actual change (see the pull request), you can see the filter being set to maxbytes=10485760;maxdepth=128;maxarray=100000;maxrefs=300000 Best regards, Emond
