Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Critical
Fix Version/s: None
Affects Version/s: 8.0 Update 12
Component/s: Undertow
Labels:
None

Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

7.backlog.GA
Git Pull Request:
https://github.com/undertow-io/undertow/pull/1865, https://github.com/undertow-io/undertow/pull/1866
Intelligence Requested:
Market:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

MultipartParserDefinition.create applies the default MULTIPART_MAX_ENTITY_SIZE in a way that overrides a size already applied from either a listener max-post-size or an application servlet's multipart config. So larger multipart requests now fail at the 2 mb limit unexpectedly despite other proper settings to allow:

Caused by: io.undertow.server.RequestTooBigException: UT000020: Connection terminated as request was larger than 2097152
	at io.undertow.core@2.3.20.SP4-redhat-00001//io.undertow.conduits.FixedLengthStreamSourceConduit.checkMaxSize(FixedLengthStreamSourceConduit.java:173)
	at io.undertow.core@2.3.20.SP4-redhat-00001//io.undertow.conduits.FixedLengthStreamSourceConduit.read(FixedLengthStreamSourceConduit.java:236)
	at org.jboss.xnio@3.8.16.Final-redhat-00001//org.xnio.conduits.ConduitStreamSourceChannel.read(ConduitStreamSourceChannel.java:127)
	at io.undertow.core@2.3.20.SP4-redhat-00001//io.undertow.channels.DetachableStreamSourceChannel.read(DetachableStreamSourceChannel.java:206)
	at io.undertow.core@2.3.20.SP4-redhat-00001//io.undertow.server.HttpServerExchange$ReadDispatchChannel.read(HttpServerExchange.java:2484)
	at org.jboss.xnio@3.8.16.Final-redhat-00001//org.xnio.channels.Channels.readBlocking(Channels.java:344)
	at io.undertow.servlet@2.3.20.SP4-redhat-00001//io.undertow.servlet.spec.ServletInputStreamImpl.readIntoBuffer(ServletInputStreamImpl.java:201)
	at io.undertow.servlet@2.3.20.SP4-redhat-00001//io.undertow.servlet.spec.ServletInputStreamImpl.read(ServletInputStreamImpl.java:176)
	at io.undertow.core@2.3.20.SP4-redhat-00001//io.undertow.server.handlers.form.MultiPartParserDefinition$MultiPartUploadHandler.parseBlocking(MultiPartParserDefinition.java:244)
	at io.undertow.servlet@2.3.20.SP4-redhat-00001//io.undertow.servlet.spec.HttpServletRequestImpl.parseFormData(HttpServletRequestImpl.java:878)

clones

UNDERTOW-2677 MultipartParserDefinition overrides max entity size already set and configured from other sources

Resolved

depends on

JBEAP-31823 [GSS](8.1.z) UNDERTOW-2677 - MultipartParserDefinition overrides max entity size already set and configured from other sources

Resolved

is caused by

UNDERTOW-2377 CVE-2024-3884 CVE-2024-4027 OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded

Resolved

UNDERTOW-2573 MultiParseParserDefinition can overwrite entity size in exchange request

Closed

is depended on by

JBEAP-31825 [GSS](7.4.z) UNDERTOW-2677 - MultipartParserDefinition overrides max entity size already set and configured from other sources

Resolved

Assignee:: Aaron Ogburn

Reporter:: Aaron Ogburn

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2026/01/14 7:56 PM

Updated:: 2026/01/29 4:02 PM

Resolved:: 2026/01/29 4:02 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates