Project

General

Profile

Actions
Copy link

Defect #43733

closed

If you have a lot of statuses and try to save when open the workflow with all statuses showing you get at a 404

Added by Jimmy Westberg about 1 month ago. Updated 27 days ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Rails support
Target version:
-
Resolution:
Wont fix
Affected version:
6.0.1

Description

It's easy to fix.

config/boot.rb

# frozen_string_literal: true

# Set up gems listed in the Gemfile.
ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__)

require 'bundler/setup' if File.exist?(ENV['BUNDLE_GEMFILE'])

# CHANGES BELOW
# Rack::QueryParser accept limit (default = 4096 ?)
ENV["RACK_QUERY_PARSER_PARAMS_LIMIT"]   ||= "200000" 

# Also added a larger body size limit (default around 4MB ?)
ENV["RACK_QUERY_PARSER_BYTESIZE_LIMIT"] ||= "52428800" # 50 MB

I don't suggest that the default values should change but at least make the error descriptive and not just a quiet 404 on the /update endpoint.

Related issues

Related to Redmine - Defect #42875: "Page not found" error when saving workflows with many statuses on Rack >= 3.1.14ClosedGo MAEDAActions
Actions
Copy link
 #1

Updated by Holger Just about 1 month ago

  • Related to Defect #42875: "Page not found" error when saving workflows with many statuses on Rack >= 3.1.14 added
Actions
Copy link
 #2

Updated by Holger Just about 1 month ago

These limits were introduced in Rack to mitigate a resource-exhaustion security issue (CVE-2025-46727). See #42875 for a description of how we handle this in Redmine.

In any case, the default limits in Redmine are chosen for reasonable numbers of trackers and statuses. If you have many of these, the limits may have to be increased in fact. The preferred way for this is to set the RACK_QUERY_PARSER_PARAMS_LIMIT and/or RACK_QUERY_PARSER_BYTESIZE_LIMIT environment variables. How this can be set depends on your chosen application server and its hosting environment. Please refer to the documentation of your application server.

I think, this issue here is thus a duplicate of #42875.

Actions
Copy link
 #3

Updated by Jimmy Westberg about 1 month ago

Holger Just wrote in #note-2:

I think, this issue here is thus a duplicate of #42875.

I'm asking for a clear error message and not just a blank 404 page.

Actions
Copy link
 #4

Updated by Go MAEDA about 1 month ago

Jimmy Westberg wrote in #note-3:

I'm asking for a clear error message and not just a blank 404 page.

Unfortunately, the content of the 404 error page cannot be modified on the Redmine side, as it is handled by Rack middleware.

Actions
Copy link
 #5

Updated by Jimmy Westberg about 1 month ago

Ok, then i know. Thanks för the feedback.

Actions
Copy link
 #6

Updated by Go MAEDA 27 days ago

  • Status changed from New to Closed
  • Resolution set to Wont fix

I am closing this issue because the blank 404 error page cannot be modified, as explained in #note-4.

Actions
Copy link

Also available in: Atom PDF