Uploaded image for project: 'Confluence Server'
  1. Confluence Server
  2. CONFSERVER-24323

Investigate file size restriction enforcement for /wiki/rpc/soap-axis/confluenceservice-v1 / addAttachment API


    • Feedback Policy:
      Thanks for taking the time to raise a Suggestion for Confluence, Atlassian values your input.

      We receive feedback from a number of different sources and evaluate those when we plan our product roadmap. If you would like to know more about how the Atlassian Product Management team uses your input in our planning process, please see our post on Atlassian Answers.

      Before creating a new Suggestion, please search the existing issues to see if your suggestion already exists.

      The Confluence Product Management Team
    • Last commented by user?:


      NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion.

      The cause for HOP-314 was the usage of the /wiki/rpc/soap-axis/confluenceservice-v1 / addAttachment API with relatively large files (~82mb). If I recall right, our attachment file size in OnDemand is set to 100mb (CONFDEV-3606), but I've got no idea if it is enforced if using this API and if so it's probably after the deserialisation. The limit wouldn't have mattered anyway in the above mentioned case.

      Please investigate if a limit of 100mb is still feasible (imo it's way too high, I would even suggest reducing it to ~10-15mb) as the production max heap size is 512mb. Please also ensure that the limit is enforced when using the above mentioned API before it's getting deserialised since it'll cause a memory footprint of at least double the size.

      Maybe we should enforce the setting of the Content-length header via a filter for these requests, and enforce the limit via that (even if it's not accurate). We could also experiment with just setting the maxPostSize on the container.


          Issue Links



              • Votes:
                0 Vote for this issue
                2 Start watching this issue


                • Created:
                  Last commented:
                  3 years, 31 weeks, 1 day ago