Announcement

Collapse
No announcement yet.

Release 6.20.1: Limit the number of accepted parameters for HTTP request and JSON data respectively

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Release 6.20.1: Limit the number of accepted parameters for HTTP request and JSON data respectively

    This change suppresses a possible DoS attack by transferring vast number of request parameters or JSON data to OX server. OX servlet container thereby adapts to already implemented behavior of other popular servlet containers /Tomcat, Jetty, etc.).

    The file 'ajp.properties' is enhanced by the property AJP_MAX_REQUEST_PARAMETER_COUNT with default value set to 30:
    # Specify the max. number of allowed request parameters
    AJP_MAX_REQUEST_PARAMETER_COUNT: 30

    The file 'server.properties' is enhanced by the property com.openexchange.json.maxSize with default value set to 1000:
    # Specify the max. number of allowed attributes for a JSON object
    com.openexchange.json.maxSize=1000
Working...
X