Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP5:Update
rabbitmq-server.31584
fix-CVE-2023-46118-1.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File fix-CVE-2023-46118-1.patch of Package rabbitmq-server.31584
From 6d8a4ead2cbddfba33e178b3cafa1d550819d589 Mon Sep 17 00:00:00 2001 From: Michael Klishin <klishinm@vmware.com> Date: Mon, 16 Oct 2023 06:48:23 -0400 Subject: [PATCH] Reduce default HTTP API request body size limit to 10 MiB per discussion with the team. It should be enough to accomodate a definition file with about 100K queues. (cherry picked from commit c6d0382be4d9b6f4d0ab9466b397e353adfa92e0) --- deps/rabbitmq_management/BUILD.bazel | 2 +- deps/rabbitmq_management/Makefile | 2 +- .../priv/schema/rabbitmq_management.schema | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) Index: rabbitmq-server-3.8.11/deps/rabbitmq_management/Makefile =================================================================== --- rabbitmq-server-3.8.11.orig/deps/rabbitmq_management/Makefile +++ rabbitmq-server-3.8.11/deps/rabbitmq_management/Makefile @@ -13,7 +13,7 @@ define PROJECT_ENV {cors_allow_origins, []}, {cors_max_age, 1800}, {content_security_policy, "script-src 'self' 'unsafe-eval' 'unsafe-inline'; object-src 'self'"}, - {max_http_body_size, 20000000} + {max_http_body_size, 10000000} ] endef Index: rabbitmq-server-3.8.11/deps/rabbitmq_management/priv/schema/rabbitmq_management.schema =================================================================== --- rabbitmq-server-3.8.11.orig/deps/rabbitmq_management/priv/schema/rabbitmq_management.schema +++ rabbitmq-server-3.8.11/deps/rabbitmq_management/priv/schema/rabbitmq_management.schema @@ -28,9 +28,9 @@ {translation, "rabbitmq_management.max_http_body_size", fun(Conf) -> case cuttlefish:conf_get("management.http.max_body_size", Conf, undefined) of - %% 20 MiB allows for about 200K queues across a small (single digit) number of virtual hosts with + %% 10 MiB allows for about 100K queues with short names across a small (single digit) number of virtual hosts with %% an equally small number of users. MK. - undefined -> 20000000; + undefined -> 10000000; Val when is_integer(Val) -> Val; Other -> cuttlefish:invalid("management.http.max_body_size must be set to a positive integer") end
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor