Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-23544

adding large attachments with the SOAP api causes OOMEs

    XMLWordPrintable

Details

    Description

      Using the SOAP API to add attachments to issues can cause JIRA to throw an OutOfMemoryError. This can cause JIRA to become unresponsive and could be used in a denial of service attack, which is especially bad in a multi tenant world.

      This happens when using the addAttachmentsToIssue (now deprecated) with small files (~1MB), and also when using addBase64EncodedAttachmentsToIssue with large files (~100MB).

      The SOAP API implementation should detect attachments that are larger than a certain size and reject the request if the size is exceeded.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. JRASERVER-27316 OutOfMemoryError in JiraAxisSoapLog when calling addAttachmentsToIssue()

          • Medium - Medium priority issues
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. JRASERVER-11693 SOAP: addAttachmentsToIssue runs out of memory when adding attachments of 1.5 MB or larger

          • High - High priority issues
          • Closed

          Activity

            People

              Unassigned Unassigned
              shaldane Sam Haldane (Inactive)
              Votes:
              4 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: