Defect #43733
open
If you have a lot of statuses and try to save when open the workflow with all statuses showing you get at a 404
0%
Description
It's easy to fix.
config/boot.rb
# frozen_string_literal: true
# Set up gems listed in the Gemfile.
ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__)
require 'bundler/setup' if File.exist?(ENV['BUNDLE_GEMFILE'])
# CHANGES BELOW
# Rack::QueryParser accept limit (default = 4096 ?)
ENV["RACK_QUERY_PARSER_PARAMS_LIMIT"] ||= "200000"
# Also added a larger body size limit (default around 4MB ?)
ENV["RACK_QUERY_PARSER_BYTESIZE_LIMIT"] ||= "52428800" # 50 MB
I don't suggest that the default values should change but at least make the error descriptive and not just a quiet 404 on the /update endpoint.
Related issues
Updated by Holger Just about 9 hours ago
- Related to Defect #42875: "Page not found" error when saving workflows with many statuses on Rack >= 3.1.14 added
Updated by Holger Just about 9 hours ago
These limits were introduced in Rack to mitigate a resource-exhaustion security issue (CVE-2025-46727). See #42875 for a description of how we handle this in Redmine.
In any case, the default limits in Redmine are chosen for reasonable numbers of trackers and statuses. If you have many of these, the limits may have to be increased in fact. The preferred way for this is to set the RACK_QUERY_PARSER_PARAMS_LIMIT and/or RACK_QUERY_PARSER_BYTESIZE_LIMIT environment variables. How this can be set depends on your chosen application server and its hosting environment. Please refer to the documentation of your application server.
I think, this issue here is thus a duplicate of #42875.