You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@struts.apache.org by victorsosa <gi...@git.apache.org> on 2016/06/27 00:51:45 UTC
[GitHub] struts pull request #104: WW-4620 ParametersInterceptor should check collect...
GitHub user victorsosa opened a pull request:
https://github.com/apache/struts/pull/104
WW-4620 ParametersInterceptor should check collection index to against DOS
ParametersInterceptor should check collection index to against DOS
Check the parameters map to have only 255 objects to avoid DOS.
https://dzone.com/articles/spring-initbinder-for-handling-large-list-of-java
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/victorsosa/struts WW-4620
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/struts/pull/104.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #104
----
commit d93bcf9ff5c643cd3c64074085dc81ba6785385a
Author: victorsosa <vi...@peopleware.do>
Date: 2016-06-26T23:01:43Z
WW-4620
ParametersInterceptor should check collection index to against DOS
commit cacb3a62c6f3efa416e30a85a3a5a320cb63d6b3
Author: victorsosa <vi...@peopleware.do>
Date: 2016-06-26T23:27:17Z
small fix set parameter AutoGrowCollectionLimit
commit 31a788d7b19fe8a7e4ee16bcc2f42111baeed93b
Author: victorsosa <vi...@peopleware.do>
Date: 2016-06-27T00:36:01Z
add test cases
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
[GitHub] struts pull request #104: WW-4620 ParametersInterceptor should check collect...
Posted by victorsosa <gi...@git.apache.org>.
Github user victorsosa closed the pull request at:
https://github.com/apache/struts/pull/104
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
[GitHub] struts issue #104: WW-4620 ParametersInterceptor should check collection ind...
Posted by victorsosa <gi...@git.apache.org>.
Github user victorsosa commented on the issue:
https://github.com/apache/struts/pull/104
A second thought max of 512 could be a better number.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
[GitHub] struts issue #104: WW-4620 ParametersInterceptor should check collection ind...
Posted by victorsosa <gi...@git.apache.org>.
Github user victorsosa commented on the issue:
https://github.com/apache/struts/pull/104
this fix doesn't make sense
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org