axum-v0.5.16
版本发布时间: 2022-09-10 16:01:25
tokio-rs/axum最新发布版本:axum-v0.7.5(2024-03-25 03:19:08)
Security
-
breaking: Added default limit to how much data
Bytes::from_request
will consume. Previously it would attempt to consume the entire request body without checking its length. This meant if a malicious peer sent an large (or infinite) request body your server might run out of memory and crash.The default limit is at 2 MB and can be disabled by adding the new
DefaultBodyLimit::disable()
middleware. See its documentation for more details.This also applies to these extractors which used
Bytes::from_request
internally:-
Form
-
Json
-
String
Thanks to Shachar Menashe for reporting this vulnerability.
(#1346)
-