Comments (13)
weavejester
commented on May 27, 2024
3
Thanks for the report. I'll upgrade commons-fileupload to 1.5, and add :max-file-count, :max-file-size and :max-body-size options to the multipart middleware.
If any of the limits are hit, the middleware will return a customizable 413 Content Too Large response.
from ring.
svdm
commented on May 27, 2024
2
Besides bumping commons-fileupload to 1.5 this needs a code change to use the new FileUpload.setFileCountMax API to actually configure a reasonable limit, because there is no default. What's reasonable is going to differ, so this in turn may need a config option on the multipart-params middleware.
from ring.
weavejester
commented on May 27, 2024
2
Released 1.10.0. Took a little longer to find time than I expected due to unforeseen circumstances.
from ring.
weavejester
commented on May 27, 2024
1
Yes. It will be "fixed" in 1.10.0, insofar that an option will be allowed that limits the maximum number of files allowed in a request.
from ring.
weavejester
commented on May 27, 2024
1
Is there a link I haven't seen to version 1.10.0, perhaps I'm looking in the wrong place: https://mvnrepository.com/artifact/ring/ring-core?
https://clojars.org/ring/ring-core
from ring.
jefimm
commented on May 27, 2024
https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy
from ring.
weavejester
commented on May 27, 2024
It looks like using the setFileCountMax method isn't possible as it requires a RequestContext, so I'll need to put together some custom checks.
from ring.
svdm
commented on May 27, 2024
Oh, you're right, setFileCountMax is only used in parseRequest. To do the checks in the middleware will require tracking some state while building a seq from the FileItemIterator (probably simplest to just reduce over it, the current laziness is consumed eagerly in parse-multipart-params AFAICT).
from ring.
weavejester
commented on May 27, 2024
The laziness in the seq is important, because it's wrapping an iterator of an input stream. We don't know how many files there are until the body input stream has been consumed.
from ring.
eudoroolivares2016
commented on May 27, 2024
This is an issue on previous versions prior to 1.9.6 as well as 1.9.6 correct?
from ring.
TahmurasAbdurashidovTR
commented on May 27, 2024
Is there any release date for 1.10.0?
from ring.
weavejester
commented on May 27, 2024
Is there any release date for 1.10.0?
It should be within a few days. I've updated the multipart middleware and it passes all the tests. I decided not to include a :max-body-size option as that could be a separate middleware.
from ring.
eudoroolivares2016
commented on May 27, 2024
Is there a link I haven't seen to version 1.10.0, perhaps I'm looking in the wrong place: https://mvnrepository.com/artifact/ring/ring-core?
from ring.
Related Issues (20)
- Release new version of ring-jetty-adapter to avoid CVE-2022-2191 HOT 1
- ring-jetty and timeouts HOT 5
- Can ring use the latest version of Jetty - 9.4.49.v20220914 HOT 1
- Websocket support HOT 1
- The AES / CBC algorithm used in the cookie session store _might_ be insecure HOT 3
- Attributes in the `Set-Cookie` header are formatted incorrectly HOT 1
- How to measure time that it takes to complete a request? HOT 2
- Documentation for cookies HOT 2
- How to change UriCompliance mode HOT 2
- Streaming body issue with a synchronous ring handler HOT 4
- Add support for Partitioned cookies (CHIPS) HOT 1
- JettyWebSocketServerContainer can not implement WebSocketPolicy because it is not an interface HOT 4
- Reflection warnings HOT 2
- ring hangs when attempting to use websockets with :async? true HOT 3
- Catch up rename of `websocket-request?` to `upgrade-request?` in Wiki HOT 1
- How do I specify an optional field when accepting multipart-params for a request? HOT 1
- wrap-multipart-params creates an empty file when an empty file input is submitted HOT 4
- ring and ring-jetty-adapter 1.12.1 fails to work with simple example from wiki HOT 2
- cleaning up after a websocket goes aways is not clear HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ring.